From 93a3522b6431bac0b666ed2f88890ca611d2e4dc Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 24 Nov 2015 08:43:14 -0800 Subject: [PATCH 1/2] s3: smbd: Change semantics of strict rename to search the file open db. Without strict rename just look in local process. POSIX renames are already dealt with above. Documentation change to follow. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11065 Signed-off-by: Jeremy Allison Reviewed-by: Michael Adam (cherry picked from commit 16f202871ca850bec87e0ec243644b2c20266c44) --- source3/smbd/dir.c | 2 +- source3/smbd/proto.h | 2 ++ source3/smbd/reply.c | 12 +++++++++++- 3 files changed, 14 insertions(+), 2 deletions(-) diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 99bfed3..6beb167 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -1965,7 +1965,7 @@ static int have_file_open_below_fn(struct file_id fid, return 1; } -static bool have_file_open_below(connection_struct *conn, +bool have_file_open_below(connection_struct *conn, const struct smb_filename *name) { struct have_file_open_below_state state = { diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 2eac3ec..f8cb2dd 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -229,6 +229,8 @@ long TellDir(struct smb_Dir *dirp); bool SearchDir(struct smb_Dir *dirp, const char *name, long *poffset); NTSTATUS can_delete_directory(struct connection_struct *conn, const char *dirname); +bool have_file_open_below(connection_struct *conn, + const struct smb_filename *name); /* The following definitions come from smbd/dmapi.c */ diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index c9d0d81..19f7e34 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -2676,7 +2676,17 @@ static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp, /* If no pathnames are open below this directory, allow the rename. */ - if (file_find_subpath(fsp)) { + if (lp_strict_rename(SNUM(conn))) { + /* + * Strict rename, check open file db. + */ + if (have_file_open_below(fsp->conn, fsp->fsp_name)) { + return NT_STATUS_ACCESS_DENIED; + } + } else if (file_find_subpath(fsp)) { + /* + * No strict rename, just look in local process. + */ return NT_STATUS_ACCESS_DENIED; } return NT_STATUS_OK; -- 2.5.0 From cf5717ddbcf0cc4e6832a1c75e5a5ba5fef02d26 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 24 Nov 2015 08:45:50 -0800 Subject: [PATCH 2/2] s3: docs: Fix "strict rename" doc to match code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11065 Signed-off-by: Jeremy Allison Reviewed-by: Michael Adam Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Nov 24 23:47:19 CET 2015 on sn-devel-104 (cherry picked from commit 2b0df3788aaadcf907de15a6b6a518244c59aa81) --- docs-xml/smbdotconf/tuning/strictrename.xml | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/docs-xml/smbdotconf/tuning/strictrename.xml b/docs-xml/smbdotconf/tuning/strictrename.xml index 5478863..91572f2 100644 --- a/docs-xml/smbdotconf/tuning/strictrename.xml +++ b/docs-xml/smbdotconf/tuning/strictrename.xml @@ -15,9 +15,18 @@ Samba system the cost is even greater than the non-clustered case. - For this reason the default is "no", and it is recommended - to be left that way unless a specific Windows application requires - it to be changed. + When set to "no" smbd only checks the local process + the client is attached to for open files below a directory + being renamed, instead of checking for open files across all + smbd processes. + + Because of the expense in fully searching the database, + the default is "no", and it is recommended to be left that way + unless a specific Windows application requires it to be changed. + + If the client has requested UNIX extensions (POSIX + pathnames) then renames are always allowed and this parameter + has no effect. -- 2.5.0