[SCM] Samba Shared Repository - branch master updated

Ralph Böhme slow at samba.org
Sat Feb 3 22:43:02 UTC 2018 

The branch, master has been updated
       via  84f07a8 s3/smbd: fix handling of delete-on-close on directories
       via  4c857e0 selftest: run deltest20 against s3 as well
      from  b367382 WHATSNEW: Mention new option "apply group policies"

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 84f07a8dcb8ee3a27be96f3baea5313bd0eaa084
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Jan 11 17:52:06 2018 +0100

    s3/smbd: fix handling of delete-on-close on directories
    
    This implements a check to test the delete-on-close flag of a directory
    for requests to create files in this directory.
    
    Windows server implement this check, Samba doesn't as it has performance
    implications.
    
    This commit implements the check and a new option to control it. By
    default the check is skipped, setting "check parent directory delete on
    close = yes" enables it.
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Sat Feb  3 23:42:16 CET 2018 on sn-devel-144

commit 4c857e08a019174b16155fc9311ad788cdafd4cc
Author: Ralph Boehme <slow at samba.org>
Date:   Fri Jan 12 17:32:44 2018 +0100

    selftest: run deltest20 against s3 as well
    
    This marks the test as knownfail, the next commit fixes it.
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 .../tuning/checkparentdirectorydeleteonclose.xml   | 13 +++++++
 lib/param/loadparm.c                               |  2 +
 selftest/target/Samba3.pm                          |  1 +
 selftest/target/Samba4.pm                          |  1 +
 source3/param/loadparm.c                           |  1 +
 source3/smbd/open.c                                | 45 +++++++++++++++++++++-
 source4/torture/basic/delete.c                     |  4 --
 7 files changed, 62 insertions(+), 5 deletions(-)
 create mode 100644 docs-xml/smbdotconf/tuning/checkparentdirectorydeleteonclose.xml


Changeset truncated at 500 lines:

diff --git a/docs-xml/smbdotconf/tuning/checkparentdirectorydeleteonclose.xml b/docs-xml/smbdotconf/tuning/checkparentdirectorydeleteonclose.xml
new file mode 100644
index 0000000..1de0609
--- /dev/null
+++ b/docs-xml/smbdotconf/tuning/checkparentdirectorydeleteonclose.xml
@@ -0,0 +1,13 @@
+<samba:parameter name="check parent directory delete on close"
+                 context="S"
+		 type="boolean"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+<description>
+    <para>A Windows SMB server prevents the client from creating files in a
+    directory that has the delete-on-close flag set. By default Samba doesn't
+    perform this check as this check is a quite expensive operation in Samba.
+    </para>
+</description>
+
+<value type="default">no</value>
+</samba:parameter>
diff --git a/lib/param/loadparm.c b/lib/param/loadparm.c
index 7854f57..efad4a1 100644
--- a/lib/param/loadparm.c
+++ b/lib/param/loadparm.c
@@ -2998,6 +2998,8 @@ struct loadparm_context *loadparm_init(TALLOC_CTX *mem_ctx)
 
 	lpcfg_do_global_parameter(lp_ctx, "prefork children", "1");
 
+	lpcfg_do_global_parameter(lp_ctx, "check parent directory delete on close", "no");
+
 	for (i = 0; parm_table[i].label; i++) {
 		if (!(lp_ctx->flags[i] & FLAG_CMDLINE)) {
 			lp_ctx->flags[i] |= FLAG_DEFAULT;
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index f2dcdd1..ee7c3be 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -231,6 +231,7 @@ sub setup_nt4_dc($$)
 	rpc_daemon:lsasd = fork
 	rpc_daemon:fssd = fork
 	fss: sequence timeout = 1
+	check parent directory delete on close = yes
 ";
 
 	my $vars = $self->provision($path, "SAMBA-TEST",
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index c161ee0..123bf6c 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1815,6 +1815,7 @@ sub provision_ad_dc($$$$$$)
 	smbd:writetimeupdatedelay = 500000
 	create mask = 755
 	dos filemode = yes
+	check parent directory delete on close = yes
 
         dcerpc endpoint servers = -winreg -srvsvc
 
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 096c23f..b1b502c 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -244,6 +244,7 @@ static const struct loadparm_service _sDefault =
 	.smb_encrypt = SMB_SIGNING_DEFAULT,
 	.kernel_share_modes = true,
 	.durable_handles = true,
+	.check_parent_directory_delete_on_close = false,
 	.param_opt = NULL,
 	.dummy = ""
 };
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index e55c394..5817bdb 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -253,6 +253,11 @@ NTSTATUS check_parent_access(struct connection_struct *conn,
 	struct security_descriptor *parent_sd = NULL;
 	uint32_t access_granted = 0;
 	struct smb_filename *parent_smb_fname = NULL;
+	struct share_mode_lock *lck = NULL;
+	struct file_id id = {0};
+	uint32_t name_hash;
+	bool delete_on_close_set;
+	int ret;
 
 	if (!parent_dirname(talloc_tos(),
 				smb_fname->base_name,
@@ -320,7 +325,45 @@ NTSTATUS check_parent_access(struct connection_struct *conn,
 		return status;
 	}
 
-	return NT_STATUS_OK;
+	if (!(access_mask & (SEC_DIR_ADD_FILE | SEC_DIR_ADD_SUBDIR))) {
+		return NT_STATUS_OK;
+	}
+	if (!lp_check_parent_directory_delete_on_close(SNUM(conn))) {
+		return NT_STATUS_OK;
+	}
+
+	/* Check if the directory has delete-on-close set */
+	ret = SMB_VFS_STAT(conn, parent_smb_fname);
+	if (ret != 0) {
+		status = map_nt_error_from_unix(errno);
+		goto out;
+	}
+
+	id = SMB_VFS_FILE_ID_CREATE(conn, &parent_smb_fname->st);
+
+	status = file_name_hash(conn, parent_smb_fname->base_name, &name_hash);
+	if (!NT_STATUS_IS_OK(status)) {
+		goto out;
+	}
+
+	lck = get_existing_share_mode_lock(talloc_tos(), id);
+	if (lck == NULL) {
+		status = NT_STATUS_OK;
+		goto out;
+	}
+
+	delete_on_close_set = is_delete_on_close_set(lck, name_hash);
+	if (delete_on_close_set) {
+		status = NT_STATUS_DELETE_PENDING;
+		goto out;
+	}
+
+	status = NT_STATUS_OK;
+
+out:
+	TALLOC_FREE(lck);
+	TALLOC_FREE(parent_smb_fname);
+	return status;
 }
 
 /****************************************************************************
diff --git a/source4/torture/basic/delete.c b/source4/torture/basic/delete.c
index d74063c..54815b9 100644
--- a/source4/torture/basic/delete.c
+++ b/source4/torture/basic/delete.c
@@ -1766,10 +1766,6 @@ static bool deltest20(struct torture_context *tctx, struct smbcli_state *cli1, s
 
 	/* Test 20 -- non-empty directory hardest to get right... */
 
-	if (torture_setting_bool(tctx, "samba3", false)) {
-		return true;
-	}
-
 	smbcli_deltree(cli1->tree, dname);
 
 	dnum1 = smbcli_nt_create_full(cli1->tree, dname, 0,


-- 
Samba Shared Repository

More information about the samba-cvs mailing list