From: Ralph Boehme Date: Wed, 8 Nov 2023 16:49:19 +0000 (+0100) Subject: smbd: bring back "smb3 unix extensions" option X-Git-Tag: talloc-2.4.2~532 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=631e6aa0d02756d6ebbc9dff5c9d81fdbca58d7f;p=thirdparty%2Fsamba.git smbd: bring back "smb3 unix extensions" option This basically reverts commit b3cae8dcf192f65031f143e5bb9135c895611d98 with a few important differences: * SMB3 UNIX extensions are always built, but disabled by default at runtime. * They are globally enabled in the fileserver test environment. * It's now a per-share option, so admins can selectively disable them on a per-share basis. This allows clients to detect early that a share doesn't support user mount requested POSIX and fail appropiately, passing the failure to the requesting application (mount command). Signed-off-by: Ralph Boehme --- diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 2bd3f02e1dc..12dff08271c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -57,7 +57,7 @@ smb.conf changes Parameter Name Description Default -------------- ----------- ------- - smb3 unix extensions removed always offered + smb3 unix extensions Per share - KNOWN ISSUES diff --git a/docs-xml/smbdotconf/protocol/smb3unixextensions.xml b/docs-xml/smbdotconf/protocol/smb3unixextensions.xml new file mode 100644 index 00000000000..4c0319976a7 --- /dev/null +++ b/docs-xml/smbdotconf/protocol/smb3unixextensions.xml @@ -0,0 +1,9 @@ + + + Experimental SMB 3.1.1 Unix Extensions. + + no + diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm index d56f12ee57a..4218a54358b 100755 --- a/selftest/target/Samba3.pm +++ b/selftest/target/Samba3.pm @@ -1855,6 +1855,7 @@ sub setup_fileserver my $ip4 = Samba::get_ipv4_addr("FILESERVER"); my $fileserver_options = " + smb3 unix extensions = yes kernel change notify = yes spotlight backend = elasticsearch elasticsearch:address = $ip4 diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 6b2f23ce633..797baa66309 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -4680,6 +4680,12 @@ void widelinks_warning(int snum) "These parameters are incompatible. " "Wide links will be disabled for this share.\n", lp_const_servicename(snum)); + } else if (lp_smb3_unix_extensions(snum)) { + DBG_ERR("Share '%s' has wide links and SMB3 Unix " + "extensions enabled. " + "These parameters are incompatible. " + "Wide links will be disabled for this share.\n", + lp_const_servicename(snum)); } } } @@ -4687,7 +4693,7 @@ void widelinks_warning(int snum) bool lp_widelinks(int snum) { /* wide links is always incompatible with unix extensions */ - if (lp_smb1_unix_extensions()) { + if (lp_smb1_unix_extensions() || lp_smb3_unix_extensions(snum)) { /* * Unless we have "allow insecure widelinks" * turned on. diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c index abcce5afb4f..8a40717235c 100644 --- a/source3/smbd/smb2_create.c +++ b/source3/smbd/smb2_create.c @@ -736,7 +736,9 @@ static NTSTATUS smbd_smb2_create_fetch_create_ctx( state->svhdx = smb2_create_blob_find( in_context_blobs, SVHDX_OPEN_DEVICE_CONTEXT); } - if (xconn->smb2.server.posix_extensions_negotiated) { + if (xconn->smb2.server.posix_extensions_negotiated && + lp_smb3_unix_extensions(SNUM(state->smb1req->conn))) + { /* * Negprot only allowed this for proto>=3.11 */ diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c index ad40434e5f6..8f4167fc6a2 100644 --- a/source3/smbd/smb2_negprot.c +++ b/source3/smbd/smb2_negprot.c @@ -142,6 +142,10 @@ static NTSTATUS smb2_negotiate_context_process_posix( *posix = false; + if (!lp_smb3_unix_extensions(GLOBAL_SECTION_SNUM)) { + return NT_STATUS_OK; + } + in_posix = smb2_negotiate_context_find(in_c, SMB2_POSIX_EXTENSIONS_AVAILABLE); if (in_posix == NULL) {