[SCM] Samba Shared Repository - branch master updated - release-4-0-0alpha8-337-g73e9693

boyang boyang at samba.org
Tue Jul 14 11:59:32 MDT 2009


Jeremy Allison wrote:
> On Wed, Jul 15, 2009 at 01:35:44AM +0800, boyang wrote:
>   
>> Jeremy Allison wrote:
>>     
>>> On Tue, Jul 14, 2009 at 12:09:34PM -0500, Bo Yang wrote:
>>>
>>>   
>>>       
>>>> commit 9ef6af73b319048fc6f3891573f0e10066dffee6
>>>> Author: Bo Yang <boyang at samba.org>
>>>> Date:   Wed Jul 15 15:34:10 2009 +0800
>>>>
>>>>     s3: Make smbd aware of permission change of usershare. Since usershare are relatively volatile and non-previledge users must disconnect from smbd and reconnect to it to make share permission in effect.
>>>>     
>>>>         
>>> Hi Bo,
>>>
>>> 	This looks like a fairly invasive
>>> change we need to look at closely. Can you
>>> post an explaination of what the code is
>>> doing here please ?
>>>   
>>>       
>> When a tconx connect to a usershare, child smbd watch on directory
>> lp_usershare_path() for any changes that might affect the share's
>> permission. If a usershare is not connected, there is no need to watch
>> it.  when the share's permission is changed, including deleted(by
>> command net usershare xxxx), a event is generated by inotify and a flag
>> in conn structure is set. Then we force recheck the permission to figure
>> out if connected user can read/write it.
>>
>> It is used to dynamically check the permission change for a connection,
>> but without endless polling. The share permission is check only when
>> lp_usershare_path() is changed.
>>
>> Is there any better way to do it?
>>     
>
> I don't think we should be doing this at all, at least not
> in the way it's coded here.
>
> Once a connection is made, it's made with the permissions
> that were existing at the time of connection. Any changes
> made affect *new* connections, but not existing ones. This
> is the only sane way to do things. Otherwise you end up with
> an endless series of "polling" checks to ensure things are
> still "safe" This way lies madness. I know you're using inotify,
> but even so - this makes core code that should be simple,
> much more complex than it should be. Some of the code (the
> change_to_user()) code has *recently* had some crappy bugs.
> This stuff is *complex*.
>   
it does is. :-)
> I would like to revert
> 99c7ee3c9145b6187113ff29500b55a32320a9bc..9ef6af73b319048fc6f3891573f0e10066dffee6
> until we've had some discussions on what we want to do here.
>
> If that ok with you ?
>   
yep.
> Jeremy.
>
>   


-- 
Bo Yang, Software Engineer, Suse Labs
GPG-key-ID   538C4C1A
Samba Team   boyang at samba.org    http://www.samba.org/
SUSE Linux   boyang at suse.de      http://www.novell.com/



More information about the samba-technical mailing list