[PATCH] Fix GPOs by fixing 'vfs objects' handling in loadparm (this time for sure...)

Michael Adam obnox at samba.org
Fri Nov 16 02:32:22 MST 2012 

pushed to master,
with minor  comment fixes as discussed on irc,

Cheers - Michael

On 2012-11-16 at 10:34 +1100, Andrew Bartlett wrote:
> On Thu, 2012-11-15 at 23:39 +0100, Michael Adam wrote:
> > Hi Andrew,
> > 
> > as noted, on irc, I am reviewing this patchset.
> > I hope that this fixes it for good!
> 
> The attached patch only handles per-share settings in init_locals,
> because if we don't have shares we won't run init_locals, which would
> have implications for the other settings like "client plaintext auth"
> that I also moved.
> 
> Andrew Bartlett
> 
> -- 
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> 

> >From 4b43ff93b85a788109b678fc01f88b0dab2af75e Mon Sep 17 00:00:00 2001
> From: Andrew Bartlett <abartlet at samba.org>
> Date: Fri, 16 Nov 2012 10:30:44 +1100
> Subject: [PATCH] s3-param: Handle setting default AD DC per-share settings in
>  init_locals()
> 
> This function is helpfully called between when we finish processing
> the globals and when we start processing the individual shares.  This
> means that the "vfs objects" and other per-share settings we specify
> here become the defaults for (eg) [netlogon] and [sysvol] but the
> admin can override these on a per-share basis or (as we must in make
> test) for the whole server.
> 
> This broke setting and fetching of group policy objects from Windows
> clients, since this setting was moved from fileserver.conf in
> 8518dd6406c0132dfd8c44e084c2b39792974f2c, and wasn't found in 'make
> test' because we have to override the vfs objects to insert the
> xattr_tdb and fake_acl modules.
> 
> Andrew Bartlett
> ---
>  source3/param/loadparm.c | 56 ++++++++++++++++++++++++++++++++----------------
>  1 file changed, 37 insertions(+), 19 deletions(-)
> 
> diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
> index 12cb8db..6bc2fdd 100644
> --- a/source3/param/loadparm.c
> +++ b/source3/param/loadparm.c
> @@ -3469,12 +3469,41 @@ static bool equal_parameter(parm_type type, void *ptr1, void *ptr2)
>  }
>  
>  /***************************************************************************
> - Initialize any local varients in the sDefault table.
> + Initialize any local varients in the sDefault table, after parsing a
> + [globals] section
>  ***************************************************************************/
>  
>  void init_locals(void)
>  {
> -	/* None as yet. */
> +	/*
> +	 * We run this check once the [globals] is parsed, to force
> +	 * the VFS objects and other per-share settings we need for
> +	 * the standard way a AD DC is operated.  We may changed these
> +	 * as our code evolves, which is why we force these settings.
> +	 *
> +	 * We can't do this at the end of lp_load_ex(), as by that
> +	 * point the services have been loaded and they will already
> +	 * have "" as their vfs objects.
> +	 */
> +	if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
> +		const char **vfs_objects = lp_vfs_objects(-1);
> +		if (!vfs_objects || !vfs_objects[0]) {
> +			if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
> +				lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
> +			} else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
> +				lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
> +			} else {
> +				lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
> +			}
> +		}
> +
> +		lp_do_parameter(-1, "map hidden", "no");
> +		lp_do_parameter(-1, "map system", "no");
> +		lp_do_parameter(-1, "map readonly", "no");
> +		lp_do_parameter(-1, "store dos attributes", "yes");
> +		lp_do_parameter(-1, "create mask", "0777");
> +		lp_do_parameter(-1, "directory mask", "0777");
> +	}
>  }
>  
>  /***************************************************************************
> @@ -4887,17 +4916,13 @@ static bool lp_load_ex(const char *pszFname,
>  
>  	fault_configure(smb_panic_s3);
>  
> +	/*
> +	 * We run this check once the whole smb.conf is parsed, to
> +	 * force some settings for the standard way a AD DC is
> +	 * operated.  We may changed these as our code evolves, which
> +	 * is why we force these settings.
> +	 */
>  	if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) {
> -		const char **vfs_objects = lp_vfs_objects(-1);
> -		if (!vfs_objects || !vfs_objects[0]) {
> -			if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) {
> -				lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb");
> -			} else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) {
> -				lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr posix_eadb");
> -			} else {
> -				lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr");
> -			}
> -		}
>  		lp_do_parameter(-1, "passdb backend", "samba_dsdb");
>  
>  		lp_do_parameter(-1, "rpc_server:default", "external");
> @@ -4909,13 +4934,6 @@ static bool lp_load_ex(const char *pszFname,
>  		lp_do_parameter(-1, "rpc_server:spoolss", "embedded");
>  		lp_do_parameter(-1, "rpc_daemon:spoolssd", "embedded");
>  		lp_do_parameter(-1, "rpc_server:tcpip", "no");
> -
> -		lp_do_parameter(-1, "map hidden", "no");
> -		lp_do_parameter(-1, "map system", "no");
> -		lp_do_parameter(-1, "map readonly", "no");
> -		lp_do_parameter(-1, "store dos attributes", "yes");
> -		lp_do_parameter(-1, "create mask", "0777");
> -		lp_do_parameter(-1, "directory mask", "0777");
>  	}
>  
>  	bAllowIncludeRegistry = true;
> -- 
> 1.7.11.7
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 206 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20121116/937578e2/attachment.pgp>

More information about the samba-technical mailing list