[PATCH] Fix GPOs by fixing 'vfs objects' handling in loadparm (this time for sure...)
Michael Adam
obnox at samba.org
Fri Nov 16 02:32:22 MST 2012
pushed to master,
with minor comment fixes as discussed on irc,
Cheers - Michael
On 2012-11-16 at 10:34 +1100, Andrew Bartlett wrote:
> On Thu, 2012-11-15 at 23:39 +0100, Michael Adam wrote:
> > Hi Andrew,
> >
> > as noted, on irc, I am reviewing this patchset.
> > I hope that this fixes it for good!
>
> The attached patch only handles per-share settings in init_locals,
> because if we don't have shares we won't run init_locals, which would
> have implications for the other settings like "client plaintext auth"
> that I also moved.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Authentication Developer, Samba Team http://samba.org
>
> >From 4b43ff93b85a788109b678fc01f88b0dab2af75e Mon Sep 17 00:00:00 2001
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Fri, 16 Nov 2012 10:30:44 +1100
> Subject: [PATCH] s3-param: Handle setting default AD DC per-share settings in
> init_locals()
>
> This function is helpfully called between when we finish processing
> the globals and when we start processing the individual shares. This
> means that the "vfs objects" and other per-share settings we specify
> here become the defaults for (eg) [netlogon] and [sysvol] but the
> admin can override these on a per-share basis or (as we must in make
> test) for the whole server.
>
> This broke setting and fetching of group policy objects from Windows
> clients, since this setting was moved from fileserver.conf in
> 8518dd6406c0132dfd8c44e084c2b39792974f2c, and wasn't found in 'make
> test' because we have to override the vfs objects to insert the
> xattr_tdb and fake_acl modules.
>
> Andrew Bartlett
> ---
> source3/param/loadparm.c | 56 ++++++++++++++++++++++++++++++++----------------
> 1 file changed, 37 insertions(+), 19 deletions(-)
>
> diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
> index 12cb8db..6bc2fdd 100644
> --- a/source3/param/loadparm.c
> +++ b/source3/param/loadparm.c
> @@ -3469,12 +3469,41 @@ static bool equal_parameter(parm_type type, void *ptr1, void *ptr2)
> }
>
> /***************************************************************************
> - Initialize any local varients in the sDefault table.
> + Initialize any local varients in the sDefault table, after parsing a
> + [globals] section
> ***************************************************************************/
>
> void init_locals(void)
> {
> - /* None as yet. */
> + /*
> + * We run this check once the [globals] is parsed, to force
> + * the VFS objects and other per-share settings we need for
> + * the standard way a AD DC is operated. We may changed these
> + * as our code evolves, which is why we force these settings.
> + *
> + * We can't do this at the end of lp_load_ex(), as by that
> + * point the services have been loaded and they will already
> + * have "" as their vfs objects.
> + */
> + if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
> + const char **vfs_objects = lp_vfs_objects(-1);
> + if (!vfs_objects || !vfs_objects[0]) {
> + if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
> + lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
> + } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
> + lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
> + } else {
> + lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
> + }
> + }
> +
> + lp_do_parameter(-1, "map hidden", "no");
> + lp_do_parameter(-1, "map system", "no");
> + lp_do_parameter(-1, "map readonly", "no");
> + lp_do_parameter(-1, "store dos attributes", "yes");
> + lp_do_parameter(-1, "create mask", "0777");
> + lp_do_parameter(-1, "directory mask", "0777");
> + }
> }
>
> /***************************************************************************
> @@ -4887,17 +4916,13 @@ static bool lp_load_ex(const char *pszFname,
>
> fault_configure(smb_panic_s3);
>
> + /*
> + * We run this check once the whole smb.conf is parsed, to
> + * force some settings for the standard way a AD DC is
> + * operated. We may changed these as our code evolves, which
> + * is why we force these settings.
> + */
> if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
> - const char **vfs_objects = lp_vfs_objects(-1);
> - if (!vfs_objects || !vfs_objects[0]) {
> - if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
> - lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
> - } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
> - lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
> - } else {
> - lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
> - }
> - }
> lp_do_parameter(-1, "passdb backend", "samba_dsdb");
>
> lp_do_parameter(-1, "rpc_server:default", "external");
> @@ -4909,13 +4934,6 @@ static bool lp_load_ex(const char *pszFname,
> lp_do_parameter(-1, "rpc_server:spoolss", "embedded");
> lp_do_parameter(-1, "rpc_daemon:spoolssd", "embedded");
> lp_do_parameter(-1, "rpc_server:tcpip", "no");
> -
> - lp_do_parameter(-1, "map hidden", "no");
> - lp_do_parameter(-1, "map system", "no");
> - lp_do_parameter(-1, "map readonly", "no");
> - lp_do_parameter(-1, "store dos attributes", "yes");
> - lp_do_parameter(-1, "create mask", "0777");
> - lp_do_parameter(-1, "directory mask", "0777");
> }
>
> bAllowIncludeRegistry = true;
> --
> 1.7.11.7
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20121116/937578e2/attachment.pgp>
More information about the samba-technical
mailing list