The Samba-Bugzilla – Attachment 9894 Details for
Bug 10560
explicit AD DC "vfs objects" definitions result in permissions issues
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
warn if AD DC required "vfs objects" are not present in explicit config definitions
0001-loadparm-check-for-AD-DC-required-VFS-modules.patch (text/plain), 2.71 KB, created by
David Disseldorp
on 2014-05-02 16:50:29 UTC
(
hide
)
Description:
warn if AD DC required "vfs objects" are not present in explicit config definitions
Filename:
MIME Type:
Creator:
David Disseldorp
Created:
2014-05-02 16:50:29 UTC
Size:
2.71 KB
patch
obsolete
>From f3b274a38eaa6deb2139400aa3c7775717e26971 Mon Sep 17 00:00:00 2001 >From: David Disseldorp <ddiss@samba.org> >Date: Wed, 30 Apr 2014 15:15:57 +0200 >Subject: [PATCH] loadparm: check for AD DC required VFS modules > >When Samba is running as a domain controller and the "vfs objects" >parameter is not set, then the dfs_samba4 and acl_xattr modules are >automatically enabled. >However, if the "vfs objects" is defined, then the setting is left >as-is. This means that attempts to us other VFS modules have the side >effect of disabling the dfs_samba4 and acl_xattr modules, causing >unexpected behaviour, which is then blamed on the VFS modules that were >explicitly defined. > >This change ensures that when running as a domain controller, Samba logs >an error if the required VFS modules are not enabled by an explicit >"vfs objects" definition. > >Bug: https://bugzilla.samba.org/show_bug.cgi?id=10560 > >Signed-off-by: David Disseldorp <ddiss@samba.org> >--- > source3/param/loadparm.c | 35 ++++++++++++++++++++++++++++++++++- > 1 file changed, 34 insertions(+), 1 deletion(-) > >diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c >index 8006167..2961e85 100644 >--- a/source3/param/loadparm.c >+++ b/source3/param/loadparm.c >@@ -3327,6 +3327,36 @@ bool lp_set_option(const char *option) > return ret; > } > >+static const char *ad_dc_req_vfs_mods[] = {"dfs_samba4", "acl_xattr", NULL}; >+ >+/* >+ * check that @vfs_objects includes all vfs modules required by an AD DC. >+ */ >+static bool check_ad_dc_required_mods(const char **vfs_objects) >+{ >+ int i; >+ int j; >+ int got_req; >+ >+ for (i = 0; ad_dc_req_vfs_mods[i] != NULL; i++) { >+ got_req = false; >+ for (j = 0; vfs_objects[j] != NULL; j++) { >+ if (!strwicmp(ad_dc_req_vfs_mods[i], vfs_objects[j])) { >+ got_req = true; >+ break; >+ } >+ } >+ if (!got_req) { >+ DEBUG(0, ("vfs objects specified without required AD " >+ "DC module: %s\n", ad_dc_req_vfs_mods[i])); >+ return false; >+ } >+ } >+ >+ DEBUG(6, ("vfs objects specified with all required AD DC modules\n")); >+ return true; >+} >+ > /*************************************************************************** > Initialize any local variables in the sDefault table, after parsing a > [globals] section. >@@ -3346,7 +3376,10 @@ static void init_locals(void) > */ > if (lp_server_role() == ROLE_ACTIVE_DIRECTORY_DC) { > const char **vfs_objects = lp_vfs_objects(-1); >- if (!vfs_objects || !vfs_objects[0]) { >+ if (vfs_objects != NULL) { >+ /* ignore return, only warn if modules are missing */ >+ check_ad_dc_required_mods(vfs_objects); >+ } else { > if (lp_parm_const_string(-1, "xattr_tdb", "file", NULL)) { > lp_do_parameter(-1, "vfs objects", "dfs_samba4 acl_xattr xattr_tdb"); > } else if (lp_parm_const_string(-1, "posix", "eadb", NULL)) { >-- >1.8.4.5 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=9894">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
ddiss
:
review?
(
abartlet
)
asn
:
review?
(
metze
)
Actions:
View
Attachments on
bug 10560
:
9865
| 9894