Questions about smbd option "strict rename"
Michael Adam
obnox at samba.org
Tue Nov 24 11:03:37 UTC 2015
On 2015-11-23 at 14:16 -0800, Jeremy Allison wrote:
> On Mon, Nov 23, 2015 at 01:33:44PM -0800, Jeremy Allison wrote:
> > On Mon, Nov 23, 2015 at 10:22:35PM +0100, Ralph Boehme wrote:
> > > On Mon, Nov 23, 2015 at 12:59:35PM +0100, Stefan Metzmacher wrote:
> > > > Am 22.11.2015 um 13:49 schrieb Ralph Boehme:
> > > > > On Fri, Nov 20, 2015 at 01:45:08PM -0800, Jeremy Allison wrote:
> > > > >> On Fri, Nov 20, 2015 at 10:01:46AM +0100, Ralph Boehme wrote:
> > > > >>> - "strict rename = no": doesn't work, opens are always checked,
> > > > >>> regardless of the setting of "strict rename". can_rename(), the
> > > > >>> function where we do this check when renaming a directory, is
> > > > >>> missing a check for lp_strict_rename() or similar.
> > > > >>
> > > > >> Yep. That's how it was supposed to work. The code in
> > > > >> can_rename() should probably be the same as the code in
> > > > >> source/smbd/dir.c which is:
> > > > >>
> > > > >> if (!lp_posix_pathnames() &&
> > > > >> lp_strict_rename(SNUM(conn)) &&
> > > > >> have_file_open_below(fsp->conn, fsp->fsp_name))
> > > > >> {
> > > > >> return NT_STATUS_ACCESS_DENIED;
> > > > >> }
> > > > >
> > > > > Ok, thanks for clarifying. Does everybody agree? Metze?
> > > >
> > > > I don't agree, sorry.
> > > >
> > > > We should provide the semantics the client asked for
> > > > and try to behave like a windows server.
> > > >
> > > > I think we should fix the manpage and use file_find_subpath()
> > > > if lp_strict_rename() is false.
> > >
> > > I'm leaning towards that interpretation of "strict rename" too.
> >
> > I have a patch in preparation that implements this. It's
> > found an existing bug in files_below_forall() I'll probably
> > log as a separate bug....
>
> And here is the patch that implements this interpretation of "strict rename"
> and updates the docs.
>
> Note it depends on the previous patch for bug:
>
> https://bugzilla.samba.org/show_bug.cgi?id=11615
>
> Bug 11615 - have_file_open_below() fails to enumerate files open under a directory correctly.
>
> in order to pass the tests and enumerate open
> files correctly.
>
> Please review !
See comments inline below.
> Thanks,
>
> Jeremy.
> From a7916f395305afb980fd5c15d2c60a89dab2ea1f Mon Sep 17 00:00:00 2001
> From: Jeremy Allison <jra at samba.org>
> Date: Mon, 23 Nov 2015 11:27:56 -0800
> Subject: [PATCH 1/2] s3: smbd: Change semantics of strict rename to search the
> file open db.
>
> Without strict rename just look in local process. POSIX renames are
> already dealt with above.
>
> Documentation change to follow.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11065
>
> Signed-off-by: Jeremy Allison <jra at samba.org>
> ---
> source3/smbd/dir.c | 2 +-
> source3/smbd/proto.h | 2 ++
> source3/smbd/reply.c | 12 +++++++++++-
> 3 files changed, 14 insertions(+), 2 deletions(-)
>
> diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
> index cfc1635..4c77559 100644
> --- a/source3/smbd/dir.c
> +++ b/source3/smbd/dir.c
> @@ -1963,7 +1963,7 @@ static int have_file_open_below_fn(struct file_id fid,
> return 1;
> }
>
> -static bool have_file_open_below(connection_struct *conn,
> +bool have_file_open_below(connection_struct *conn,
> const struct smb_filename *name)
> {
> struct have_file_open_below_state state = {};
> diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
> index be51182..55e8286 100644
> --- a/source3/smbd/proto.h
> +++ b/source3/smbd/proto.h
> @@ -232,6 +232,8 @@ long TellDir(struct smb_Dir *dirp);
> bool SearchDir(struct smb_Dir *dirp, const char *name, long *poffset);
> NTSTATUS can_delete_directory(struct connection_struct *conn,
> const char *dirname);
> +bool have_file_open_below(connection_struct *conn,
> + const struct smb_filename *name);
>
> /* The following definitions come from smbd/dmapi.c */
>
> diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
> index c437135..efef613 100644
> --- a/source3/smbd/reply.c
> +++ b/source3/smbd/reply.c
> @@ -2676,7 +2676,17 @@ static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
> /* If no pathnames are open below this
> directory, allow the rename. */
>
> - if (file_find_subpath(fsp)) {
> + if (lp_strict_rename(SNUM(conn))) {
> + /*
> + * Strict rename, check open file db.
> + */
> + if (have_file_open_below(fsp->conn, fsp->fsp_name)) {
> + return NT_STATUS_ACCESS_DENIED;
> + }
> + } else if (file_find_subpath(fsp)) {
> + /*
> + * No strict rename, just look in local process.
> + */
> return NT_STATUS_ACCESS_DENIED;
> }
> return NT_STATUS_OK;
> --
> 2.6.0.rc2.230.g3dd15c0
LGTM
> From 25a6ca7c3218c449272dae23c34ae0df06ee939f Mon Sep 17 00:00:00 2001
> From: Jeremy Allison <jra at samba.org>
> Date: Mon, 23 Nov 2015 11:32:48 -0800
> Subject: [PATCH 2/2] s3: docs: Fix "strict rename" doc to match code.
>
> BUG: https://bugzilla.samba.org/show_bug.cgi?id=11065
>
> Signed-off-by: Jeremy Allison <jra at samba.org>
> ---
> docs-xml/smbdotconf/tuning/strictrename.xml | 13 ++++++++++---
> 1 file changed, 10 insertions(+), 3 deletions(-)
>
> diff --git a/docs-xml/smbdotconf/tuning/strictrename.xml b/docs-xml/smbdotconf/tuning/strictrename.xml
> index 5478863..0fe3385 100644
> --- a/docs-xml/smbdotconf/tuning/strictrename.xml
> +++ b/docs-xml/smbdotconf/tuning/strictrename.xml
> @@ -15,10 +15,17 @@
> Samba system the cost is even greater than the non-clustered
> case.</para>
>
> - <para>For this reason the default is "no", and it is recommended
> - to be left that way unless a specific Windows application requires
> - it to be changed.</para>
> + <para>When set to "no" smbd only checks the local process
> + the client is attached to for open files below a directory
> + being renames, and doesn't search the open file database.</para>
s/renames/renamed/
Should we really mention the 'open file database' which is an
implementation detail? Alternative:
....below a directory being renamed, instead of checking for open
files across all smbd processes.
or similar...
> + <para>Because of the expense in fully searching the database,
similar here: Because of the expense in the full search, ...
?
> + the default is "no", and it is recommended to be left that way
> + unless a specific Windows application requires it to be changed.</para>
> +
> + <para>If the client has requested UNIX extensions (POSIX
> + pathnames) then renames are always allowed and this parameter
> + has no effect.</para>
> </description>
>
> <value type="default">no</value>
> --
> 2.6.0.rc2.230.g3dd15c0
LGTM apart from the comments above.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20151124/9dd7f21b/signature.sig>
More information about the samba-technical
mailing list