Ralph Boehme [Mon, 10 Mar 2025 15:31:13 +0000 (16:31 +0100)]
smbd: implement modern write time update logic
The gist of this is:
1. A write or other modifications as per MS-FSA "2.1.4.17 Algorithm for Noting
that a File Has Been Modified" immediately update the file times, there's no
delayed update.
2. Setting a timestamp on a handle only disables further timestamp updates via
that handle. Modifications via other handles must still update the timestamps.
This can not be implemented by storing the sticky writetime in the
share_mode_data record for performance reasons, as from 2 it follows that the
record would have to be checked and updated for every write on all handles.
Instead, writes on handles with sticky writetime in effect, record the current
timestamp before the modification and reset the filesystem timestamp to the
recorded value after doing the modification.
For reference, these are the relevant pieces from MS-FSA:
2.1.1.6 Abstract Date Model: Per Open
- UserSetModificationTime: A Boolean that is TRUE if a user has explicitly set
File.LastModificationTime through this Open.
- UserSetChangeTime: A Boolean that is TRUE if a user has explicitly set
File.LastChangeTime through this Open.
- UserSetAccessTime: A Boolean that is TRUE if a user has explicitly set
File.LastAccessTime through this Open.
2.1.4.17 Algorithm for Noting That a File Has Been Modified
The inputs for this algorithm are as follows:
- Open: The Open through which the file was modified.
The pseudocode for the algorithm is as follows:
The object store SHOULD<43>:
- If Open.UserSetModificationTime is FALSE, set Open.File.LastModificationTime
to the current system time.
- If Open.UserSetChangeTime is FALSE, set Open.File.LastChangeTime to the
current system time.
- If Open.UserSetAccessTime is FALSE, set Open.File.LastAccessTime to the
current system time.
- Set Open.File.FileAttributes.FILE_ATTRIBUTE_ARCHIVE to TRUE.
This then gets used for eg writes:
2.1.5.4 Server Requests a Write
...
- The object store MUST note that the file has been modified as specified in
section 2.1.4.17 with Open equal to Open.
...
Note the following differences between Windows behaviour and current
MS-FSA, these are documentation bugs that will be fixed in later
releases as discussed here:
* When processing FileEndOfFileInformation timestamps must be updated
if new size equals current size
* When processing FileAllocationInformation timestamps must be updated
if new size equals current size
* When processing FileAllocationInformation,
If (the new allocation size is less than the existing allocation)
Set the modification time (which will also updates the change time)
Else
Update the LastChangeTime
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Mar 27 06:37:31 UTC 2025 on atb-devel-224
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Mar 26 01:51:40 UTC 2025 on atb-devel-224
Signed-off-by: Björn Jacke <bjacke@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Signed-off-by: Thomas Karlsson <thomas.karlsson@relea.se> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue Mar 25 05:21:49 UTC 2025 on atb-devel-224
Douglas Bagnall [Fri, 14 Mar 2025 04:45:18 +0000 (17:45 +1300)]
samba-tool gpo: better entities check copes with new lines
Per https://www.w3.org/TR/xml/#sec-entity-decl (and MS references)
there is always some whitespace between '<!ENTITY' and the name, and
between the name and whatever is next. Also, it is valid XML to have
newlines inside entity declarations, like this:
<!ENTITY
bubble
"*S-1-5-113"
>
We used to create such files, so we should allow them.
There is a kind of entity that has '%' before the name, and there are
non-ascii names, which we continue not to support.
This meant we were testing nothing because the assertions are all that
the files are the same -- though the only affected check is one in
test_backup_restore_generalize().
Andreas Hasenack [Tue, 18 Feb 2025 15:43:46 +0000 (12:43 -0300)]
python:netcmd:gpo: fix crash when updating an MOTD GPO
When the policy exists already, there is no exception and the code
tries to use the "data" variable, but it doesn't exist because it was
only defined in the exception handling.
Signed-off-by: Andreas Hasenack <andreas.hasenack@canonical.com> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Douglas Bagnall [Fri, 14 Mar 2025 06:47:53 +0000 (19:47 +1300)]
samba-tool gpo: close opened files
It is almost certain that we are not going to run out of files, as
they get garbage collected anyway, but in some circumstances these can
fill your screen with "ResourceWarning: unclosed file" messages, which
hides the real messages.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Mar 19 15:56:38 UTC 2025 on atb-devel-224
Before that commit we included only SEC_ACE_TYPE_ACCESS_ALLOWED(0)
as 'not type & SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT' filtered out
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT(5), but also
SEC_ACE_TYPE_ACCESS_DENIED and SEC_ACE_TYPE_ACCESS_DENIED_OBJECT.
After that commit we started to include
SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT, which is wrong.
It was also always wrong to exclude SEC_ACE_TYPE_ACCESS_DENIED(1).
So now we make it explicit that we only include
SEC_ACE_TYPE_ACCESS_ALLOWED and SEC_ACE_TYPE_ACCESS_DENIED.
Signed-off-by: Anoop C S <anoopcs@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Mar 17 20:48:55 UTC 2025 on atb-devel-224
John Mulligan [Mon, 10 Mar 2025 20:47:10 +0000 (16:47 -0400)]
ctdb/doc: document the newly added option to not register the helper
Add the newly established -R (no-register) option to allow skipping the
registration of the helper as a ceph service.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Fri Mar 14 09:42:02 UTC 2025 on atb-devel-224
John Mulligan [Tue, 4 Mar 2025 20:43:52 +0000 (15:43 -0500)]
ctdb/ceph: add option to not register mutex rados helper as a service
Add a new `-R` option (no-register) that will skip the step of
registering the lock helper as a ceph service. Ceph will treat the lock
helper more like a typical rados client. The `ceph -s` output will not
have ctdb listed under the services section (previous output):
```
cluster:
id: 5b81295a-fdec-11ef-a18f-525400220000
health: HEALTH_WARN
1 stray daemon(s) not managed by cephadm
services:
mon: 3 daemons, quorum ceph0,ceph1,ceph2 (age 6m)
mgr: ceph0.mkodry(active, since 85s)
mds: 1/1 daemons up
osd: 6 osds: 6 up (since 52m), 6 in (since 52m)
ctdb: 1 daemon active (1 hosts)
```
Most importantly, this will avoid triggering health warnings from ceph
when cephadm discovers services that it did not create (or directly
manage) listed in the cluster. Something we looked into hiding on the
cephadm side but proved quite tricky so it's better off not to try this
registration on cephadm managed clusters in the first place.
In addition, the `1 daemon active` bit is somewhat confusing when you
have a N (N>1) node ctdb cluster managed by cephadm. The fact that the
mutex helper only runs on one of those nodes at once is a low level
implementation detail that most users do not need and I assume could
confuse.
Signed-off-by: John Mulligan <jmulligan@redhat.com> Reviewed-by: Guenther Deschner <gd@samba.org> Reviewed-by: Anoop C S <anoopcs@samba.org>
Douglas Bagnall [Wed, 5 Mar 2025 00:20:26 +0000 (13:20 +1300)]
manpages:samba-tool: sort 'service-account' into place alphabetically
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Mar 12 20:55:01 UTC 2025 on atb-devel-224
Douglas Bagnall [Thu, 27 Feb 2025 04:42:08 +0000 (17:42 +1300)]
python:getopt: hack to generate docbook stubs from --help
We have many many samba-tool subcommands that are not documented in
the manpage. Often the --help text is a good place to start, but doing
it entirely manually is VERY tedious.
This automates some of the process.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Rowland Penny <rpenny@samba.org>
Dmitry Antipov [Wed, 8 Feb 2023 08:59:59 +0000 (11:59 +0300)]
pylibsmb: do not use obsolete PyEval_InitThreads() for Python > 3.6
Do not use obsolete PyEval_InitThreads() for Python > 3.6:
../../source3/libsmb/pylibsmb.c: In function ‘py_cli_state_setup_mt_ev’:
../../source3/libsmb/pylibsmb.c:271:9: warning: ‘PyEval_InitThreads’ is
deprecated [-Wdeprecated-declarations]
271 | PyEval_InitThreads();
| ^~~~~~~~~~~~~~~~~~
In file included from /usr/include/python3.11/Python.h:95,
from ../../source3/libsmb/pylibsmb.c:48:
/usr/include/python3.11/ceval.h:132:37: note: declared here
132 | Py_DEPRECATED(3.9) PyAPI_FUNC(void) PyEval_InitThreads(void);
Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Mar 12 04:36:21 UTC 2025 on atb-devel-224
Douglas Bagnall [Thu, 28 Nov 2024 03:06:10 +0000 (16:06 +1300)]
librpc/wsp: use unsigned char for high byte comparison
../../librpc/wsp/wsp_util.c:244:28: warning: result of comparison of constant 160 with expression of type 'char' is always false [-Wtautological-constant-out-of-range-compare]
244 | if (strlen(t) == 1 && *t == 0xa0) {
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Björn Jacke <bjacke@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Mar 12 01:32:30 UTC 2025 on atb-devel-224
Xavi Hernandez [Tue, 4 Mar 2025 11:48:41 +0000 (12:48 +0100)]
vfs_ceph_new: detect case sensitivity in CephFS
CephFS has recently added support for case insensitive access to the
file system. This modification detects whether the shared volume is case
sensitive or not and reports the FILE_CASE_SENSITIVE_SEARCH capability
accordingly.
s3:utils: Remove call of ads_startup() from net_ads_keytab_create()
Calling ads_startup() is not needed in net_ads_keytab_create. Keytab
creation code in sync_pw2keytabs() decides if it needs to talk to DC or
not and connects to AD accordingly.
Fixing this, makes the bug below easier to reproduce using
'net ads keytab create'.
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Mar 10 11:09:29 UTC 2025 on atb-devel-224
s3:libads: Make sure that REALM is always added to keytab principals
The code responsible for adding SPNs to keytab should always set the
REALM part. Current code is not adding it for e.g. SPNs synced from AD.
If REALM is missing, krb5_parse_name() will succeed (and add the REALM)
only if the krb5.conf contains libdefaults section with
default_realm set and will fail otherwise. E.g.:
Pair-Programmed-With: Noel Power <noel.power@suse.com>
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Sun Mar 9 00:25:08 UTC 2025 on atb-devel-224
Ralph Boehme [Wed, 5 Mar 2025 17:02:39 +0000 (18:02 +0100)]
docs-xml: enable SMB3 Unix Extensions by default
Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 7 20:06:31 UTC 2025 on atb-devel-224
projects / thirdparty / samba.git / log
