[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Fri Aug 21 05:18:02 UTC 2015
The branch, master has been updated
via 59e955b vfs_scannedonly: Remove vfs_scannedonly from samba source tree.
from ba4c9bd script/autobuild.py: make sure --nonshared-binary=smbtorture,smbd/smbd keeps working
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 59e955bfd136cbe798d155a4930f6ce4bfe00020
Author: Robin Hack <hack.robin at gmail.com>
Date: Fri Aug 21 13:54:03 2015 +1200
vfs_scannedonly: Remove vfs_scannedonly from samba source tree.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11459
Signed-off-by: Robin Hack <hack.robin at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Aug 21 07:17:35 CEST 2015 on sn-devel-104
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/vfs_scannedonly.8.xml | 243 -------
docs-xml/wscript_build | 1 -
packaging/RHEL-CTDB/samba.spec.tmpl | 1 -
source3/modules/vfs_scannedonly.c | 1044 -------------------------------
source3/modules/wscript_build | 8 -
source3/wscript | 2 +-
6 files changed, 1 insertion(+), 1298 deletions(-)
delete mode 100644 docs-xml/manpages/vfs_scannedonly.8.xml
delete mode 100644 source3/modules/vfs_scannedonly.c
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/vfs_scannedonly.8.xml b/docs-xml/manpages/vfs_scannedonly.8.xml
deleted file mode 100644
index 5f569b7..0000000
--- a/docs-xml/manpages/vfs_scannedonly.8.xml
+++ /dev/null
@@ -1,243 +0,0 @@
-<?xml version="1.0" encoding="iso-8859-1"?>
-<!DOCTYPE refentry PUBLIC "-//Samba-Team//DTD DocBook V4.2-Based Variant V1.0//EN" "http://www.samba.org/samba/DTD/samba-doc">
-<refentry id="vfs_scannedonly.8">
-
-<refmeta>
- <refentrytitle>vfs_scannedonly</refentrytitle>
- <manvolnum>8</manvolnum>
- <refmiscinfo class="source">Samba</refmiscinfo>
- <refmiscinfo class="manual">System Administration tools</refmiscinfo>
- <refmiscinfo class="version">4.3</refmiscinfo>
-</refmeta>
-
-
-<refnamediv>
- <refname>vfs_scannedonly</refname>
- <refpurpose>Ensures that only files that have been scanned for viruses are
- visible and accessible to the end user.</refpurpose>
-</refnamediv>
-
-<refsynopsisdiv>
- <cmdsynopsis>
- <command>vfs objects = scannedonly</command>
- </cmdsynopsis>
-</refsynopsisdiv>
-
-<refsect1>
- <title>DESCRIPTION</title>
-
- <para>This VFS module is part of the
- <citerefentry><refentrytitle>samba</refentrytitle>
- <manvolnum>8</manvolnum></citerefentry> suite.</para>
-
- <para>The <command>vfs_scannedonly</command> VFS module ensures that
- only files that have been scanned for viruses are visible and accessible
- to the end user. If non-scanned files are found an anti-virus scanning
- daemon is notified. The anti-virus scanning daemon is not part of the
- Samba suite.
- </para>
-
- <para>Scannedonly comes in two parts: a samba vfs module and (one or
- more) daemons. The daemon scans files. If a certain file is clean,
- a second file is created with prefix <filename>.scanned:</filename>.
- The Samba module simply looks if such a <filename>.scanned:</filename>
- file exists, and is newer than the pertinent file. If this is the case,
- the file is shown to the user. If this is not the case, the file is not
- returned in a directory listing (configurable), and cannot be opened
- (configurable). The Samba vfs module will notify the daemon to scan
- this file.
- </para>
-
- <para>So what happens for the user in the default configuration. The
- first time a directory is listed, it shows files as 'file is being
- scanned for viruses, but after the first time all files are shown.
- There is a utility scannedonly_prescan that can help you to prescan
- all directories. When new files are written the daemon is notified
- immediately after the file is complete.
- </para>
-
- <para>If a virus is found by the daemon, a file with a warning message
- is created in the directory of the user, a warning is sent to the logs,
- and the file is renamed to have prefix <filename>.virus:</filename>.
- Files with the <filename>.virus:</filename> prefix are never shown to
- the user and all access is denied.
- </para>
-
- <para>This module is stackable.</para>
-
-</refsect1>
-
-<refsect1>
- <title>CONFIGURATION</title>
-
- <para><command>vfs_scannedonly</command> relies on a anti-virus scanning
- daemon that listens on the scannedonly socket (unix domain socket or UDP
- socket).
- </para>
-</refsect1>
-
-<refsect1>
- <title>OPTIONS</title>
-
- <variablelist>
- <varlistentry>
- <term>scannedonly:domain_socket = True </term>
- <listitem>
- <para>Whether to use a unix domain socket or not (false reverts
- to use udp)
- </para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>scannedonly:socketname = /var/lib/scannedonly/scan</term>
- <listitem>
- <para>The location of the unix domain socket to connect to</para>
- </listitem>
- </varlistentry>
-
- <varlistentry>
- <term>scannedonly:portnum = 2020</term>
- <listitem>
- <para>The udp port number to connect to
- </para>
- </listitem>
- </varlistentry>
- <varlistentry><term>scannedonly:scanhost = localhost</term>
- <listitem>
- <para>
- When using UDP the host that runs the scanning daemon (this host
- needs access to the files!)
- </para>
- </listitem>
- </varlistentry>
- <varlistentry><term>scannedonly:show_special_files = True</term>
- <listitem>
- <para>
- Whether sockets, devices and fifo's (all not scanned for
- viruses) should be visible to the user
- </para>
- </listitem>
- </varlistentry>
- <varlistentry><term>scannedonly:rm_hidden_files_on_rmdir = True</term>
- <listitem>
- <para>
- Whether files that are not visible (<filename>.scanned:</filename>
- files, <filename>.failed:</filename> files and <filename>.virus:
- </filename> files) should be deleted if the user tries to remove
- the directory. If false, the user will get the "directory is not
- empty" error.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry><term>scannedonly:hide_nonscanned_files = True</term>
- <listitem>
- <para>
- If false, all non-scanned files are visible in directory listings.
- If such files are found in a directory listing the scanning daemon
- is notified that scanning is required. Access to non-scanned files
- is still denied (see scannedonly:allow_nonscanned_files).
- </para>
- </listitem>
- </varlistentry>
- <varlistentry><term>scannedonly:scanning_message = is being scanned for
- viruses</term>
- <listitem>
- <para>
- If non-scanned files are hidden
- (if scannedonly:hide_nonscanned_files = True), a fake 0 byte file
- is shown. The filename is the original filename with the message
- as suffix.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry><term>scannedonly:recheck_time_open = 50</term>
- <listitem>
- <para>
- If a non-scanned file is opened, the vfs module will wait
- recheck_tries_open times for recheck_time_open milliseconds for
- the scanning daemon to create a <filename>.scanned:</filename>
- file. For small files that are scanned by the daemon within the
- time (tries * time) the behavior will be just like on-access
- scanning.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry><term>scannedonly:recheck_tries_open = 100</term>
- <listitem>
- <para>
- See recheck_time_open.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry><term>scannedonly:recheck_time_readdir = 50</term>
- <listitem>
- <para>
- If a non-scanned file is in a directory listing the vfs module
- notifies the daemon (once for all files that need scanning in
- that directory), and waits recheck_tries_readdir times for
- recheck_time_readdir milliseconds. Only used when
- hide_nonscanned_files is false.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry><term>scannedonly:recheck_tries_readdir = 20</term>
- <listitem>
- <para>
- See recheck_time_readdir.
- </para>
- </listitem>
- </varlistentry>
- <varlistentry><term>scannedonly:allow_nonscanned_files = False</term>
- <listitem>
- <para>
- Allow access to non-scanned files. The daemon is notified,
- however, and special files such as <filename>.scanned:</filename>
- files. <filename>.virus:</filename> files and
- <filename>.failed:</filename> files are not listed.
- </para>
- </listitem>
- </varlistentry>
-
- </variablelist>
-</refsect1>
-
-<refsect1>
- <title>EXAMPLES</title>
-
- <para>Enable anti-virus scanning:</para>
-<programlisting>
- <smbconfsection name="[homes]"/>
- <smbconfoption name="vfs objects">scannedonly</smbconfoption>
- <smbconfoption name="scannedonly:hide_nonscanned_files">False</smbconfoption>
-</programlisting>
-
-</refsect1>
-
-<refsect1>
- <title>CAVEATS</title>
-
- <para>This is not true on-access scanning. However, it is very fast
- for files that have been scanned already.
- </para>
-</refsect1>
-
-<refsect1>
- <title>VERSION</title>
-
- <para>This man page is correct for version 4.0.0 of the Samba suite.
- </para>
-</refsect1>
-
-<refsect1>
- <title>AUTHOR</title>
-
- <para>The original Samba software and related utilities
- were created by Andrew Tridgell. Scannedonly was
- developed for Samba by Olivier Sessink. Samba is now developed
- by the Samba Team as an Open Source project similar
- to the way the Linux kernel is developed.</para>
-
-</refsect1>
-
-</refentry>
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index 5c42a31..5157460 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -73,7 +73,6 @@ manpages='''
manpages/vfs_readahead.8
manpages/vfs_readonly.8
manpages/vfs_recycle.8
- manpages/vfs_scannedonly.8
manpages/vfs_shadow_copy.8
manpages/vfs_shadow_copy2.8
manpages/vfs_shell_snap.8
diff --git a/packaging/RHEL-CTDB/samba.spec.tmpl b/packaging/RHEL-CTDB/samba.spec.tmpl
index ad18826..7522806 100644
--- a/packaging/RHEL-CTDB/samba.spec.tmpl
+++ b/packaging/RHEL-CTDB/samba.spec.tmpl
@@ -419,7 +419,6 @@ exit 0
%{_libarchdir}/samba/vfs/readahead.so
%{_libarchdir}/samba/vfs/readonly.so
%{_libarchdir}/samba/vfs/recycle.so
-%{_libarchdir}/samba/vfs/scannedonly.so
%{_libarchdir}/samba/vfs/shadow_copy.so
%{_libarchdir}/samba/vfs/shadow_copy2.so
%{_libarchdir}/samba/vfs/smb_traffic_analyzer.so
diff --git a/source3/modules/vfs_scannedonly.c b/source3/modules/vfs_scannedonly.c
deleted file mode 100644
index 128374a..0000000
--- a/source3/modules/vfs_scannedonly.c
+++ /dev/null
@@ -1,1044 +0,0 @@
-/*
- * scannedonly VFS module for Samba 3.5 and beyond
- *
- * Copyright 2007,2008,2009,2010,2011 (C) Olivier Sessink
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
- *
- * ABOUT SCANNEDONLY
- *
- * scannedonly implements a 'filter' like vfs module that talks over a
- * unix domain socket or over UDP to a anti-virus engine.
- *
- * files that are clean have a corresponding .scanned:{filename} file
- * in the same directory. So why the .scanned: files? They take up
- * only an inode, because they are 0 bytes. To test if the file is
- * scanned only a stat() call on the filesystem is needed which is
- * very quick compared to a database lookup. All modern filesystems
- * use database technology such as balanced trees for lookups anyway.
- * The number of inodes in modern filesystems is also not limiting
- * anymore. The .scanned: files are also easy scriptable. You can
- * remove them with a simple find command or create them with a
- * simple touch command. Extended filesystem attributes have similar
- * properties, but are not supported on all filesystems, so that
- * would limit the usage of the module (and attributes are not as
- * easily scriptable)
- *
- * files that are not clean are sent to the AV-engine. Only the
- * filename is sent over the socket. The protocol is very simple:
- * a newline separated list of filenames inside each datagram.
- *
- * a file AV-scan may be requested multiple times, the AV-engine
- * should also check if the file has been scanned already. Requests
- * can also be dropped by the AV-engine (and we thus don't need the
- * reliability of TCP).
- *
- */
-
-#include "includes.h"
-#include "smbd/smbd.h"
-#include "system/filesys.h"
-
-#include "config.h"
-
-#define SENDBUFFERSIZE 1450
-
-#ifndef SUN_LEN
-#define SUN_LEN(sunp) ((size_t)((struct sockaddr_un *)0)->sun_path \
- + strlen((sunp)->sun_path))
-#endif
-
-
-struct Tscannedonly {
- int socket;
- int domain_socket;
- int portnum;
- int scanning_message_len;
- int recheck_time_open;
- int recheck_tries_open;
- int recheck_size_open;
- int recheck_time_readdir;
- int recheck_tries_readdir;
- bool show_special_files;
- bool rm_hidden_files_on_rmdir;
- bool hide_nonscanned_files;
- bool allow_nonscanned_files;
- const char *socketname;
- const char *scanhost;
- const char *scanning_message;
- const char *p_scanned; /* prefix for scanned files */
- const char *p_virus; /* prefix for virus containing files */
- const char *p_failed; /* prefix for failed to scan files */
- char gsendbuffer[SENDBUFFERSIZE + 1];
-};
-
-#define STRUCTSCANO(var) ((struct Tscannedonly *)var)
-
-struct scannedonly_DIR {
- char *base;
- int recheck_tries_done; /* if 0 the directory listing has not yet
- been checked for files that need to be scanned. */
- DIR *DIR;
-};
-#define SCANNEDONLY_DEBUG 9
-/*********************/
-/* utility functions */
-/*********************/
-
-static char *real_path_from_notify_path(TALLOC_CTX *ctx,
- struct Tscannedonly *so,
- const char *path)
-{
- char *name;
- int len, pathlen;
-
- name = strrchr(path, '/');
- if (!name) {
- return NULL;
- }
- pathlen = name - path;
- name++;
- len = strlen(name);
- if (len <= so->scanning_message_len) {
- return NULL;
- }
-
- if (strcmp(name + (len - so->scanning_message_len),
- so->scanning_message) != 0) {
- return NULL;
- }
-
- return talloc_strndup(ctx,path,
- pathlen + len - so->scanning_message_len);
-}
-
-static char *cachefile_name(TALLOC_CTX *ctx,
- const char *shortname,
- const char *base,
- const char *p_scanned)
-{
- return talloc_asprintf(ctx, "%s%s%s", base, p_scanned, shortname);
-}
-
-static char *name_w_ending_slash(TALLOC_CTX *ctx, const char *name)
-{
- int len = strlen(name);
- if (name[len - 1] == '/') {
- return talloc_strdup(ctx,name);
- } else {
- return talloc_asprintf(ctx, "%s/", name);
- }
-}
-
-static char *cachefile_name_f_fullpath(TALLOC_CTX *ctx,
- const char *fullpath,
- const char *p_scanned)
-{
- const char *base;
- char *tmp, *cachefile;
- const char *shortname;
- tmp = strrchr(fullpath, '/');
- if (tmp) {
- base = talloc_strndup(ctx, fullpath, (tmp - fullpath) + 1);
- shortname = tmp + 1;
- } else {
- base = "";
- shortname = (const char *)fullpath;
- }
- cachefile = cachefile_name(ctx, shortname, base, p_scanned);
- DEBUG(SCANNEDONLY_DEBUG,
- ("cachefile_name_f_fullpath cachefile=%s\n", cachefile));
- return cachefile;
-}
-
-static char *construct_full_path(TALLOC_CTX *ctx, vfs_handle_struct * handle,
- const char *somepath, bool ending_slash)
-{
- const char *tmp;
-
- if (!somepath) {
- return NULL;
- }
- if (somepath[0] == '/') {
- if (ending_slash) {
- return name_w_ending_slash(ctx,somepath);
- }
- return talloc_strdup(ctx,somepath);
- }
- tmp = somepath;
- if (tmp[0]=='.'&&tmp[1]=='/') {
- tmp+=2;
- }
- /* vfs_GetWd() seems to return a path with a slash */
- if (ending_slash) {
- return talloc_asprintf(ctx, "%s/%s/",
- vfs_GetWd(ctx, handle->conn),tmp);
- }
- return talloc_asprintf(ctx, "%s/%s",
- vfs_GetWd(ctx, handle->conn),tmp);
-}
-
-static int connect_to_scanner(vfs_handle_struct * handle)
-{
- struct Tscannedonly *so = (struct Tscannedonly *)handle->data;
-
- if (so->domain_socket) {
- struct sockaddr_un saun;
- DEBUG(SCANNEDONLY_DEBUG, ("socket=%s\n", so->socketname));
- if ((so->socket = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0) {
- DEBUG(2, ("failed to create socket %s\n",
- so->socketname));
- return -1;
- }
- saun.sun_family = AF_UNIX;
- strncpy(saun.sun_path, so->socketname,
- sizeof(saun.sun_path) - 1);
- if (connect(so->socket, (struct sockaddr *)(void *)&saun,
- SUN_LEN(&saun)) < 0) {
- DEBUG(2, ("failed to connect to socket %s\n",
- so->socketname));
- return -1;
- }
- DEBUG(SCANNEDONLY_DEBUG,("bound %s to socket %d\n",
- saun.sun_path, so->socket));
-
- } else {
- so->socket = open_udp_socket(so->scanhost, so->portnum);
- if (so->socket < 0) {
- DEBUG(2,("failed to open UDP socket to %s:%d\n",
- so->scanhost,so->portnum));
--
Samba Shared Repository
More information about the samba-cvs
mailing list