[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu Dec 4 16:35:05 MST 2014
The branch, master has been updated
via 8f4813f vfs_fruit: add AAPL options
via 9994f1f s4:torture:vfs_fruit: smb2/create context AAPL test
via b942d6b s4:libcli/raw: make short_name available in buffer
via 2236883 s3:smbd: add SMB_VFS_READDIR_ATTR() to marshall direntry
via 353acb6 vfs_fruit: AAPL support
via 5ff7282 s3:smbd: ignore dacls with MS NFS ACEs
via 2ab6b43 libcli/security: add a function that checks for MS NFS ACEs
via 549ee51 libcli/security: add NFS SID mappings
via 80849d3 s3:smbd: add SMB2 AAPL create context defines
via 142db40 s3:vfs: add create tags to SMB_VFS_CREATEFILE
via af84626 s3:smbd: allocate out_context_blobs with talloc
via b65e37d s3:vfs: add SMB_VFS_READDIR_ATTR()
from 46431e3 unix_msg: Fix unix_msg_test_drain
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8f4813ff3070858cfa7e7da6fb703294bdedabed
Author: Ralph Boehme <slow at samba.org>
Date: Fri Nov 28 22:44:29 2014 +0100
vfs_fruit: add AAPL options
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Dec 5 00:34:01 CET 2014 on sn-devel-104
commit 9994f1fed885ed6e413dffadf6ea93a97f57ac5a
Author: Ralph Boehme <rb at sernet.de>
Date: Sat Sep 27 17:21:12 2014 +0200
s4:torture:vfs_fruit: smb2/create context AAPL test
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b942d6b05f5eacfe33631534f559ab8b99369347
Author: Ralph Boehme <rb at sernet.de>
Date: Wed Oct 1 14:36:43 2014 +0200
s4:libcli/raw: make short_name available in buffer
This will be used in smb2/create AAPL context torture tests, where the
server returns an Mac OS X specific data blob in the short name
buffer. It's not a string, so the existing string extraction doesn't
cut it.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2236883cdeadab02f0ed367e13b41a32b1f85c34
Author: Ralph Boehme <slow at samba.org>
Date: Wed Nov 26 15:21:36 2014 +0100
s3:smbd: add SMB_VFS_READDIR_ATTR() to marshall direntry
SMB_VFS_READDIR_ATTR is a last minute hook to fetch additional metadata
for a directory entry when we're already marshalling the SMB reply buffer.
This would we used, when there's a need to repurpose some fields in the
the reply, like it's done with Apple's SMB2 extension "AAPL".
We then fetch AAPL metadata with the shiny new SMB_VFS_READDIR_ATTR()
VFS call and marshall appropiately.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 353acb6d294bd32fdaaf1e4d95c663cae30775a0
Author: Ralph Boehme <slow at samba.org>
Date: Wed Nov 26 18:11:17 2014 +0100
vfs_fruit: AAPL support
* readdir_attr VFS functions, used in trans2 when marshalling
metadata associated with a directory entry
* support for reading and writing UNIX mode via MS NFS ACEs in NT ACL
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5ff72827c3b74f28995b45250fe8efa79495e3b6
Author: Ralph Boehme <slow at samba.org>
Date: Wed Nov 26 18:01:37 2014 +0100
s3:smbd: ignore dacls with MS NFS ACEs
Ignore NFS ACEs in code the modifies
* default POSIX ACLs
* VFS: NFSv4 ACLs
* VFS: xattr and tdb ACLs
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2ab6b43da63715350db8675bd3804e64f4241bca
Author: Ralph Boehme <slow at samba.org>
Date: Tue Oct 14 13:54:05 2014 +0200
libcli/security: add a function that checks for MS NFS ACEs
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 549ee51674a3a50f866bcf37b3ae58f5e8a9080e
Author: Ralph Boehme <rb at sernet.de>
Date: Mon Sep 8 23:18:35 2014 +0200
libcli/security: add NFS SID mappings
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 80849d31a1be489c292a82b8abb95d843988154a
Author: Ralph Boehme <rb at sernet.de>
Date: Fri Aug 22 03:48:50 2014 +0200
s3:smbd: add SMB2 AAPL create context defines
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 142db4048f41f793d9b919a93877d547ff593c6d
Author: Ralph Boehme <slow at samba.org>
Date: Wed Nov 26 14:12:51 2014 +0100
s3:vfs: add create tags to SMB_VFS_CREATEFILE
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit af846264d89f21ac7db8d0cdf6e861ba9cc74151
Author: Ralph Boehme <slow at samba.org>
Date: Fri Nov 28 11:44:09 2014 +0100
s3:smbd: allocate out_context_blobs with talloc
By tallocing the out_context_blobs instead of using an automatic stack
variable, we can use out_context_blobs as talloc parent for individual
create tag that we add via smb2_create_blob_add().
This is in preperation of a SMB_VFS_CREATE_FILE modification where I add
the in and out_context_blobs as additional args. With this change in
place we can add create tags to out_context_blobs from there too.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b65e37dc01d7afa007768f7cadfcf3b7c1007664
Author: Ralph Boehme <slow at samba.org>
Date: Wed Nov 26 14:30:37 2014 +0100
s3:vfs: add SMB_VFS_READDIR_ATTR()
SMB_VFS_READDIR_ATTR is a last minute hook to fetch additional metadata
for a directory entry when we're already marshalling the SMB reply
buffer.
This would be used, when there's a need to repurpose some fields in the
the reply, like it's done with Apple's SMB2 extension "AAPL".
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/vfs_fruit.8.xml | 35 ++
examples/VFS/skel_opaque.c | 13 +-
examples/VFS/skel_transparent.c | 16 +-
libcli/security/dom_sid.h | 5 +
libcli/security/security_descriptor.c | 22 +
libcli/security/security_descriptor.h | 2 +
libcli/security/util_sid.c | 17 +
libcli/smb/smb2_constants.h | 1 +
libcli/smb/smb2_create_ctx.h | 46 ++
source3/include/smb.h | 1 +
source3/include/vfs.h | 19 +-
source3/include/vfs_macros.h | 17 +-
.../{utils/passwd_proto.h => lib/readdir_attr.h} | 29 +-
source3/modules/nfs4_acls.c | 3 +
source3/modules/vfs_acl_common.c | 9 +
source3/modules/vfs_default.c | 15 +-
source3/modules/vfs_fruit.c | 462 ++++++++++++++++++++-
source3/modules/vfs_full_audit.c | 25 +-
source3/modules/vfs_media_harmony.c | 12 +-
source3/modules/vfs_time_audit.c | 29 +-
source3/modules/vfs_worm.c | 7 +-
source3/printing/nt_printing.c | 9 +-
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 6 +-
source3/smbd/dosmode.c | 3 +-
source3/smbd/nttrans.c | 12 +-
source3/smbd/open.c | 10 +-
source3/smbd/posix_acls.c | 10 +
source3/smbd/proto.h | 6 +-
source3/smbd/reply.c | 30 +-
source3/smbd/smb2_create.c | 41 +-
source3/smbd/trans2.c | 82 +++-
source3/smbd/vfs.c | 15 +-
source4/libcli/raw/interfaces.h | 1 +
source4/libcli/raw/rawsearch.c | 1 +
source4/torture/vfs/fruit.c | 273 ++++++++++++
35 files changed, 1189 insertions(+), 95 deletions(-)
create mode 100644 libcli/smb/smb2_create_ctx.h
copy source3/{utils/passwd_proto.h => lib/readdir_attr.h} (60%)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/vfs_fruit.8.xml b/docs-xml/manpages/vfs_fruit.8.xml
index 47caeb0..a9e2e6d 100644
--- a/docs-xml/manpages/vfs_fruit.8.xml
+++ b/docs-xml/manpages/vfs_fruit.8.xml
@@ -153,6 +153,41 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>fruit:aapl = yes | no</term>
+ <listitem>
+ <para>A global option whether to enable Apple's SMB2+
+ extension codenamed AAPL. Default
+ <emphasis>yes</emphasis>. This extension enhances
+ several deficiencies when connecting from Macs:</para>
+
+ <itemizedlist>
+ <listitem><para>directory enumeration is enriched with
+ Mac relevant filesystem metadata (UNIX mode,
+ FinderInfo, resource fork size and effective
+ permission), as a result the Mac client doesn't need
+ to fetch this metadata individuallly per directory
+ entry resulting in an often tremendous performance
+ increase.</para></listitem>
+
+ <listitem><para>The ability to query and modify the
+ UNIX mode of directory entries.</para></listitem>
+ </itemizedlist>
+
+ <para>There's a set of per share options that can be
+ used to disable the computation of specific Mac metadata
+ in the directory enumeration context, all are enabled by
+ default:</para>
+
+ <itemizedlist>
+ <listitem><para>readdir_attr:aapl_rsize = true | false</para></listitem>
+ <listitem><para>readdir_attr:aapl_finder_info = true | false</para></listitem>
+ <listitem><para>readdir_attr:aapl_max_access = true | false</para></listitem>
+ </itemizedlist>
+
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c
index 47b46a4..b52c381 100644
--- a/examples/VFS/skel_opaque.c
+++ b/examples/VFS/skel_opaque.c
@@ -174,7 +174,9 @@ static NTSTATUS skel_create_file(struct vfs_handle_struct *handle,
uint32_t private_flags,
struct security_descriptor *sd,
struct ea_list *ea_list,
- files_struct **result, int *pinfo)
+ files_struct **result, int *pinfo,
+ const struct smb2_create_blobs *in_context_blobs,
+ struct smb2_create_blobs *out_context_blobs)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
@@ -633,6 +635,14 @@ static NTSTATUS skel_fsctl(struct vfs_handle_struct *handle,
return NT_STATUS_NOT_IMPLEMENTED;
}
+static NTSTATUS skel_readdir_attr(struct vfs_handle_struct *handle,
+ const struct smb_filename *fname,
+ TALLOC_CTX *mem_ctx,
+ struct readdir_attr_data **pattr_data)
+{
+ return NT_STATUS_NOT_IMPLEMENTED;
+}
+
static NTSTATUS skel_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info,
TALLOC_CTX *mem_ctx,
@@ -896,6 +906,7 @@ struct vfs_fn_pointers skel_opaque_fns = {
.strict_unlock_fn = skel_strict_unlock,
.translate_name_fn = skel_translate_name,
.fsctl_fn = skel_fsctl,
+ .readdir_attr_fn = skel_readdir_attr,
/* NT ACL operations. */
diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c
index fbb1323..925e520 100644
--- a/examples/VFS/skel_transparent.c
+++ b/examples/VFS/skel_transparent.c
@@ -169,7 +169,9 @@ static NTSTATUS skel_create_file(struct vfs_handle_struct *handle,
uint32_t private_flags,
struct security_descriptor *sd,
struct ea_list *ea_list,
- files_struct ** result, int *pinfo)
+ files_struct ** result, int *pinfo,
+ const struct smb2_create_blobs *in_context_blobs,
+ struct smb2_create_blobs *out_context_blobs)
{
return SMB_VFS_NEXT_CREATE_FILE(handle,
req,
@@ -184,7 +186,8 @@ static NTSTATUS skel_create_file(struct vfs_handle_struct *handle,
lease,
allocation_size,
private_flags,
- sd, ea_list, result, pinfo);
+ sd, ea_list, result, pinfo,
+ in_context_blobs, out_context_blobs);
}
static int skel_close_fn(vfs_handle_struct *handle, files_struct *fsp)
@@ -759,6 +762,14 @@ static NTSTATUS skel_fsctl(struct vfs_handle_struct *handle,
in_len, _out_data, max_out_len, out_len);
}
+static NTSTATUS skel_readdir_attr(struct vfs_handle_struct *handle,
+ const struct smb_filename *fname,
+ TALLOC_CTX *mem_ctx,
+ struct readdir_attr_data **pattr_data)
+{
+ return SMB_VFS_NEXT_READDIR_ATTR(handle, fname, mem_ctx, pattr_data);
+}
+
static NTSTATUS skel_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info,
TALLOC_CTX *mem_ctx,
@@ -1005,6 +1016,7 @@ struct vfs_fn_pointers skel_transparent_fns = {
.strict_unlock_fn = skel_strict_unlock,
.translate_name_fn = skel_translate_name,
.fsctl_fn = skel_fsctl,
+ .readdir_attr_fn = skel_readdir_attr,
/* NT ACL operations. */
diff --git a/libcli/security/dom_sid.h b/libcli/security/dom_sid.h
index c4a417b..cf3cedea 100644
--- a/libcli/security/dom_sid.h
+++ b/libcli/security/dom_sid.h
@@ -53,6 +53,11 @@ extern const struct dom_sid global_sid_Builtin_Replicator;
extern const struct dom_sid global_sid_Builtin_PreWin2kAccess;
extern const struct dom_sid global_sid_Unix_Users;
extern const struct dom_sid global_sid_Unix_Groups;
+extern const struct dom_sid global_sid_Unix_NFS;
+extern const struct dom_sid global_sid_Unix_NFS_Users;
+extern const struct dom_sid global_sid_Unix_NFS_Groups;
+extern const struct dom_sid global_sid_Unix_NFS_Mode;
+extern const struct dom_sid global_sid_Unix_NFS_Other;
int dom_sid_compare_auth(const struct dom_sid *sid1,
const struct dom_sid *sid2);
diff --git a/libcli/security/security_descriptor.c b/libcli/security/security_descriptor.c
index 8304b20..a75942c 100644
--- a/libcli/security/security_descriptor.c
+++ b/libcli/security/security_descriptor.c
@@ -595,3 +595,25 @@ struct security_ace *security_ace_create(TALLOC_CTX *mem_ctx,
return ace;
}
+
+/*******************************************************************
+ Check for MS NFS ACEs in a sd
+*******************************************************************/
+bool security_descriptor_with_ms_nfs(const struct security_descriptor *psd)
+{
+ int i;
+
+ if (psd->dacl == NULL) {
+ return false;
+ }
+
+ for (i = 0; i < psd->dacl->num_aces; i++) {
+ if (dom_sid_compare_domain(
+ &global_sid_Unix_NFS,
+ &psd->dacl->aces[i].trustee) == 0) {
+ return true;
+ }
+ }
+
+ return false;
+}
diff --git a/libcli/security/security_descriptor.h b/libcli/security/security_descriptor.h
index 1c7f893..87643bc 100644
--- a/libcli/security/security_descriptor.h
+++ b/libcli/security/security_descriptor.h
@@ -81,4 +81,6 @@ struct security_descriptor *create_security_descriptor(TALLOC_CTX *mem_ctx,
struct dom_sid *default_group, /* valid only for DS, NULL for the other RSs */
uint32_t (*generic_map)(uint32_t access_mask));
+bool security_descriptor_with_ms_nfs(const struct security_descriptor *psd);
+
#endif /* __SECURITY_DESCRIPTOR_H__ */
diff --git a/libcli/security/util_sid.c b/libcli/security/util_sid.c
index 8e42826..5127109 100644
--- a/libcli/security/util_sid.c
+++ b/libcli/security/util_sid.c
@@ -96,6 +96,23 @@ const struct dom_sid global_sid_Unix_Users = /* Unmapped Unix users */
const struct dom_sid global_sid_Unix_Groups = /* Unmapped Unix groups */
{ 1, 1, {0,0,0,0,0,22}, {2,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+/*
+ * http://technet.microsoft.com/en-us/library/hh509017(v=ws.10).aspx
+ */
+const struct dom_sid global_sid_Unix_NFS = /* MS NFS and Apple style */
+{ 1, 1, {0,0,0,0,0,5}, {88,0,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const struct dom_sid global_sid_Unix_NFS_Users = /* Unix uid, MS NFS and Apple style */
+{ 1, 2, {0,0,0,0,0,5}, {88,1,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const struct dom_sid global_sid_Unix_NFS_Groups = /* Unix gid, MS NFS and Apple style */
+{ 1, 2, {0,0,0,0,0,5}, {88,2,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+const struct dom_sid global_sid_Unix_NFS_Mode = /* Unix mode */
+{ 1, 2, {0,0,0,0,0,5}, {88,3,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+/* Unused, left here for documentary purposes */
+#if 0
+const struct dom_sid global_sid_Unix_NFS_Other = /* Unix other, MS NFS and Apple style */
+{ 1, 2, {0,0,0,0,0,5}, {88,4,0,0,0,0,0,0,0,0,0,0,0,0,0}};
+#endif
+
/* Unused, left here for documentary purposes */
#if 0
#define SECURITY_NULL_SID_AUTHORITY 0
diff --git a/libcli/smb/smb2_constants.h b/libcli/smb/smb2_constants.h
index 191de2b..1a6c5ad 100644
--- a/libcli/smb/smb2_constants.h
+++ b/libcli/smb/smb2_constants.h
@@ -222,6 +222,7 @@
#define SMB2_CREATE_TAG_RQLS "RqLs"
#define SMB2_CREATE_TAG_DH2Q "DH2Q"
#define SMB2_CREATE_TAG_DH2C "DH2C"
+#define SMB2_CREATE_TAG_AAPL "AAPL"
#define SMB2_CREATE_TAG_APP_INSTANCE_ID "\x45\xBC\xA6\x6A\xEF\xA7\xF7\x4A\x90\x08\xFA\x46\x2E\x14\x4D\x74"
/* SMB2 notify flags */
diff --git a/libcli/smb/smb2_create_ctx.h b/libcli/smb/smb2_create_ctx.h
new file mode 100644
index 0000000..cb194f5
--- /dev/null
+++ b/libcli/smb/smb2_create_ctx.h
@@ -0,0 +1,46 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ SMB2 create context specifc stuff
+
+ Copyright (C) Ralph Boehme 2014
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __LIBCLI_SMB2_CREATE_CTX_H__
+#define __LIBCLI_SMB2_CREATE_CTX_H__
+
+/* http://opensource.apple.com/source/smb/smb-697.1.1/kernel/netsmb/smb_2.h */
+
+/* "AAPL" Context Command Codes */
+#define SMB2_CRTCTX_AAPL_SERVER_QUERY 1
+#define SMB2_CRTCTX_AAPL_RESOLVE_ID 2
+
+/* "AAPL" Server Query request/response bitmap */
+#define SMB2_CRTCTX_AAPL_SERVER_CAPS 1
+#define SMB2_CRTCTX_AAPL_VOLUME_CAPS 2
+#define SMB2_CRTCTX_AAPL_MODEL_INFO 4
+
+/* "AAPL" Client/Server Capabilities bitmap */
+#define SMB2_CRTCTX_AAPL_SUPPORTS_READ_DIR_ATTR 1
+#define SMB2_CRTCTX_AAPL_SUPPORTS_OSX_COPYFILE 2
+#define SMB2_CRTCTX_AAPL_UNIX_BASED 4
+#define SMB2_CRTCTX_AAPL_SUPPORTS_NFS_ACE 8
+
+/* "AAPL" Volume Capabilities bitmap */
+#define SMB2_CRTCTX_AAPL_SUPPORT_RESOLVE_ID 1
+#define SMB2_CRTCTX_AAPL_CASE_SENSITIVE 2
+
+#endif
diff --git a/source3/include/smb.h b/source3/include/smb.h
index a6589db..46e05c0 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -152,6 +152,7 @@ struct sys_notify_context {
/* Include VFS stuff */
#include "smb_acls.h"
+#include "lib/readdir_attr.h"
#include "vfs.h"
struct current_user {
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index e7dc079..1843ef4 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -159,6 +159,8 @@
/* Bump to version 32 - Samba 4.2 will ship with that. */
/* Version 32 - Add "lease" to CREATE_FILE operation */
/* Version 32 - Add "lease" to struct files_struct */
+/* Version 32 - Add SMB_VFS_READDIR_ATTR() */
+/* Version 32 - Add in and our create context blobs to create_file */
#define SMB_VFS_INTERFACE_VERSION 32
@@ -552,7 +554,9 @@ struct vfs_fn_pointers {
struct security_descriptor *sd,
struct ea_list *ea_list,
files_struct **result,
- int *pinfo);
+ int *pinfo,
+ const struct smb2_create_blobs *in_context_blobs,
+ struct smb2_create_blobs *out_context_blobs);
int (*close_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp);
ssize_t (*read_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, void *data, size_t n);
ssize_t (*pread_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, void *data, size_t n, off_t offset);
@@ -789,6 +793,11 @@ struct vfs_fn_pointers {
TALLOC_CTX *mem_ctx,
struct files_struct **fsp,
DATA_BLOB *new_cookie);
+
+ NTSTATUS (*readdir_attr_fn)(struct vfs_handle_struct *handle,
+ const struct smb_filename *fname,
+ TALLOC_CTX *mem_ctx,
+ struct readdir_attr_data **attr_data);
};
/*
@@ -958,7 +967,9 @@ NTSTATUS smb_vfs_call_create_file(struct vfs_handle_struct *handle,
struct security_descriptor *sd,
struct ea_list *ea_list,
files_struct **result,
- int *pinfo);
+ int *pinfo,
+ const struct smb2_create_blobs *in_context_blobs,
+ struct smb2_create_blobs *out_context_blobs);
int smb_vfs_call_close(struct vfs_handle_struct *handle,
struct files_struct *fsp);
ssize_t smb_vfs_call_read(struct vfs_handle_struct *handle,
@@ -1234,6 +1245,10 @@ NTSTATUS smb_vfs_call_durable_reconnect(struct vfs_handle_struct *handle,
TALLOC_CTX *mem_ctx,
struct files_struct **fsp,
DATA_BLOB *new_cookie);
+NTSTATUS smb_vfs_call_readdir_attr(struct vfs_handle_struct *handle,
+ const struct smb_filename *fname,
+ TALLOC_CTX *mem_ctx,
+ struct readdir_attr_data **attr_data);
NTSTATUS smb_register_vfs(int version, const char *name,
const struct vfs_fn_pointers *fns);
diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h
index e2d494d..ef97b49 100644
--- a/source3/include/vfs_macros.h
+++ b/source3/include/vfs_macros.h
@@ -136,13 +136,15 @@
smb_vfs_call_open((handle)->next, (fname), (fsp), (flags), (mode))
#define SMB_VFS_CREATE_FILE(conn, req, root_dir_fid, smb_fname, access_mask, share_access, create_disposition, \
- create_options, file_attributes, oplock_request, lease, allocation_size, private_flags, sd, ea_list, result, pinfo) \
- smb_vfs_call_create_file((conn)->vfs_handles, (req), (root_dir_fid), (smb_fname), (access_mask), (share_access), (create_disposition), \
- (create_options), (file_attributes), (oplock_request), (lease), (allocation_size), (private_flags), (sd), (ea_list), (result), (pinfo))
+ create_options, file_attributes, oplock_request, lease, allocation_size, private_flags, sd, ea_list, result, pinfo, in_context_blobs, out_context_blobs) \
+ smb_vfs_call_create_file((conn)->vfs_handles, (req), (root_dir_fid), (smb_fname), (access_mask), (share_access), (create_disposition), \
+ (create_options), (file_attributes), (oplock_request), (lease), (allocation_size), (private_flags), (sd), (ea_list), (result), (pinfo), \
+ (in_context_blobs), (out_context_blobs))
#define SMB_VFS_NEXT_CREATE_FILE(handle, req, root_dir_fid, smb_fname, access_mask, share_access, create_disposition, \
- create_options, file_attributes, oplock_request, lease, allocation_size, private_flags, sd, ea_list, result, pinfo) \
+ create_options, file_attributes, oplock_request, lease, allocation_size, private_flags, sd, ea_list, result, pinfo, in_context_blobs, out_context_blobs) \
smb_vfs_call_create_file((handle)->next, (req), (root_dir_fid), (smb_fname), (access_mask), (share_access), (create_disposition), \
- (create_options), (file_attributes), (oplock_request), (lease), (allocation_size), (private_flags), (sd), (ea_list), (result), (pinfo))
+ (create_options), (file_attributes), (oplock_request), (lease), (allocation_size), (private_flags), (sd), (ea_list), (result), (pinfo), \
+ (in_context_blobs), (out_context_blobs))
#define SMB_VFS_CLOSE(fsp) \
smb_vfs_call_close((fsp)->conn->vfs_handles, (fsp))
@@ -565,4 +567,9 @@
(smb1req), (op), (old_cookie), \
(mem_ctx), (fsp), (new_cookie))
+#define SMB_VFS_READDIR_ATTR(conn, fname, mem_ctx, attr_data) \
+ smb_vfs_call_readdir_attr((conn)->vfs_handles, (fname), (mem_ctx), (attr_data))
+#define SMB_VFS_NEXT_READDIR_ATTR(conn, fname, mem_ctx, attr_data) \
+ smb_vfs_call_readdir_attr((handle)->next, (fname), (mem_ctx), (attr_data))
+
#endif /* _VFS_MACROS_H */
diff --git a/source3/utils/passwd_proto.h b/source3/lib/readdir_attr.h
similarity index 60%
copy from source3/utils/passwd_proto.h
copy to source3/lib/readdir_attr.h
index 104e00a..d2a814d 100644
--- a/source3/utils/passwd_proto.h
+++ b/source3/lib/readdir_attr.h
@@ -1,10 +1,7 @@
/*
- * Unix SMB/CIFS implementation.
- * collected prototypes header
+ * Fetch filesystem metadata in readdir/marshall context
*
- * frozen from "make proto" in May 2008
- *
- * Copyright (C) Michael Adam 2008
+ * Copyright (C) Ralph Boehme 2014
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -20,13 +17,21 @@
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef _PASSWD_PROTO_H_
-#define _PASSWD_PROTO_H_
-
+#ifndef _READDIR_ATTR_H
+#define _READDIR_ATTR_H
-/* The following definitions come from utils/passwd_util.c */
+enum readdir_attr_type {RDATTR_NONE, RDATTR_AAPL};
-char *stdin_new_passwd( void);
-char *get_pass( const char *prompt, bool stdin_get);
+struct readdir_attr_data {
+ enum readdir_attr_type type;
+ union attr_data {
+ struct aapl {
+ uint64_t rfork_size;
+ char finder_info[16];
+ uint32_t max_access;
+ mode_t unix_mode;
+ } aapl;
+ } attr_data;
+};
-#endif /* _PASSWD_PROTO_H_ */
+#endif /* _READDIR_ATTR_H */
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index cf61af9..1aa819a 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -778,6 +778,9 @@ static bool smbacl4_fill_ace4(
ace_v4->who.gid = gid;
} else if (sid_to_uid(&ace_nt->trustee, &uid)) {
ace_v4->who.uid = uid;
+ } else if (dom_sid_compare_domain(&ace_nt->trustee,
+ &global_sid_Unix_NFS) == 0) {
+ return false;
} else {
DEBUG(1, ("nfs4_acls.c: file [%s]: could not "
"convert %s to uid or gid\n",
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index b749157..920c811 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -775,6 +775,15 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
psd->group_sid = orig_psd->group_sid;
}
if (security_info_sent & SECINFO_DACL) {
+ if (security_descriptor_with_ms_nfs(orig_psd)) {
+ /*
+ * If the sd contains a MS NFS SID, do
+ * nothing, it's a chmod() request from OS X
+ * with AAPL context.
+ */
+ TALLOC_FREE(frame);
+ return NT_STATUS_OK;
+ }
psd->dacl = orig_psd->dacl;
psd->type |= SEC_DESC_DACL_PRESENT;
}
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 2ac7100..613101a 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -403,6 +403,14 @@ static struct dirent *vfswrap_readdir(vfs_handle_struct *handle,
return result;
}
+static NTSTATUS vfswrap_readdir_attr(struct vfs_handle_struct *handle,
+ const struct smb_filename *fname,
+ TALLOC_CTX *mem_ctx,
+ struct readdir_attr_data **attr_data)
+{
+ return NT_STATUS_NOT_SUPPORTED;
+}
+
static void vfswrap_seekdir(vfs_handle_struct *handle, DIR *dirp, long offset)
{
START_PROFILE(syscall_seekdir);
@@ -523,7 +531,9 @@ static NTSTATUS vfswrap_create_file(vfs_handle_struct *handle,
struct security_descriptor *sd,
struct ea_list *ea_list,
files_struct **result,
- int *pinfo)
+ int *pinfo,
+ const struct smb2_create_blobs *in_context_blobs,
+ struct smb2_create_blobs *out_context_blobs)
{
return create_file_default(handle->conn, req, root_dir_fid, smb_fname,
access_mask, share_access,
@@ -531,7 +541,7 @@ static NTSTATUS vfswrap_create_file(vfs_handle_struct *handle,
--
Samba Shared Repository
More information about the samba-cvs
mailing list