From: Ralph Boehme Date: Wed, 7 Feb 2024 09:18:13 +0000 (+0100) Subject: smbd: maintain veto_list and hide_list in the vuid cache X-Git-Tag: tdb-1.4.11~64 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8ab29157b9b52bccbcec041a2acc90cac1fc10f1;p=thirdparty%2Fsamba.git smbd: maintain veto_list and hide_list in the vuid cache Prepares for adding per-user support to both options. I don't think it makes sense also adding per-user support to "veto oplock files" and "aio write behind" so I'm ignoring those. Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher --- diff --git a/source3/include/vfs.h b/source3/include/vfs.h index a0974a49d49..374d7e03c33 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -692,6 +692,8 @@ typedef struct files_struct { struct vuid_cache_entry { struct auth_session_info *session_info; + struct name_compare_entry *hide_list; + struct name_compare_entry *veto_list; uint64_t vuid; /* SMB2 compat */ bool read_only; uint32_t share_access; diff --git a/source3/smbd/conn.c b/source3/smbd/conn.c index cb3c798084d..4e7e1ce0127 100644 --- a/source3/smbd/conn.c +++ b/source3/smbd/conn.c @@ -208,6 +208,8 @@ static void conn_clear_vuid_cache(connection_struct *conn, uint64_t vuid) } ent->read_only = False; ent->share_access = 0; + TALLOC_FREE(ent->veto_list); + TALLOC_FREE(ent->hide_list); } /**************************************************************************** diff --git a/source3/smbd/smb2_service.c b/source3/smbd/smb2_service.c index f832008a698..9e0065ea900 100644 --- a/source3/smbd/smb2_service.c +++ b/source3/smbd/smb2_service.c @@ -759,12 +759,6 @@ NTSTATUS make_connection_snum(struct smbXsrv_connection *xconn, set_namearray(conn, lp_aio_write_behind(talloc_tos(), lp_sub, snum), &conn->aio_write_behind_list); - set_namearray(conn, - lp_veto_oplock_files(talloc_tos(), lp_sub, snum), - &conn->veto_oplock_list); - set_namearray(conn, - lp_aio_write_behind(talloc_tos(), lp_sub, snum), - &conn->aio_write_behind_list); } smb_fname_cpath = synthetic_smb_fname(talloc_tos(), conn->connectpath, diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c index a759ad02226..b93818e02d4 100644 --- a/source3/smbd/uid.c +++ b/source3/smbd/uid.c @@ -186,6 +186,8 @@ static bool check_user_ok(connection_struct *conn, const struct auth_session_info *session_info, int snum) { + const struct loadparm_substitution *lp_sub = + loadparm_s3_global_substitution(); unsigned int i; bool readonly_share = false; bool admin_user = false; @@ -208,6 +210,8 @@ static bool check_user_ok(connection_struct *conn, conn->read_only = ent->read_only; conn->share_access = ent->share_access; conn->vuid = ent->vuid; + conn->veto_list = ent->veto_list; + conn->hide_list = ent->hide_list; return(True); } } @@ -231,6 +235,8 @@ static bool check_user_ok(connection_struct *conn, (conn->vuid_cache->next_entry + 1) % VUID_CACHE_SIZE; TALLOC_FREE(ent->session_info); + TALLOC_FREE(ent->veto_list); + TALLOC_FREE(ent->hide_list); /* * If force_user was set, all session_info's are based on the same @@ -262,8 +268,21 @@ static bool check_user_ok(connection_struct *conn, ent->vuid = vuid; ent->read_only = readonly_share; ent->share_access = share_access; + + /* Add veto/hide lists */ + if (!IS_IPC(conn) && !IS_PRINT(conn)) { + set_namearray(conn, + lp_veto_files(talloc_tos(), lp_sub, snum), + &ent->veto_list); + set_namearray(conn, + lp_hide_files(talloc_tos(), lp_sub, snum), + &ent->hide_list); + } + free_conn_state_if_unused(conn); conn->session_info = ent->session_info; + conn->veto_list = ent->veto_list; + conn->hide_list = ent->hide_list; conn->vuid = ent->vuid; if (vuid == UID_FIELD_INVALID) { /*