diff -r 0fb1985a7cd5 -r 006be2060ead components/samba/samba36/patches/worm.patch --- a/components/samba/samba36/patches/worm.patch Sun Dec 20 20:44:41 2015 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,158 +0,0 @@ -Samba.org patch source is referenced below. -WiKi page is: -https://wiki.samba.org/index.php/VFS/vfs_worm -changes against the community version: - - removed support of grace time on file - - slightly modified to run on VFS rev.28 --- Jiri Sasek - -From 2004317c09d781a4ec1275aaa4a29289e798eff3 Mon Sep 17 00:00:00 2001 -From: Volker Lendecke -Date: Wed, 20 Nov 2013 12:09:47 +0100 -Subject: [PATCH] s3-modules: add new vfs_worm module - -VFS module to disallow writes for older files. - -Signed-off-by: Volker Lendecke -Reviewed-by: Stefan Metzmacher -Reviewed-by: Jeremy Allison ---- - source3/modules/vfs_worm.c | 97 ++++++++++++++++++++++++++++++++++++++++++++ - 1 files changed, 97 insertions(+), 0 deletions(-) - create mode 100644 source3/modules/vfs_worm.c - -diff --git a/source3/modules/vfs_worm.c b/source3/modules/vfs_worm.c -new file mode 100644 -index 0000000..77a18ca ---- /dev/null -+++ b/source3/modules/vfs_worm.c -@@ -0,0 +1,93 @@ -+/* -+ * VFS module to disallow writes for older files -+ * -+ * Copyright (C) 2013, Volker Lendecke -+ * -+ * This program is free software; you can redistribute it and/or modify -+ * it under the terms of the GNU General Public License as published by -+ * the Free Software Foundation; either version 3 of the License, or -+ * (at your option) any later version. -+ * -+ * This program is distributed in the hope that it will be useful, -+ * but WITHOUT ANY WARRANTY; without even the implied warranty of -+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -+ * GNU General Public License for more details. -+ * -+ * You should have received a copy of the GNU General Public License -+ * along with this program; if not, see . -+ */ -+ -+#include "includes.h" -+#include "smbd/smbd.h" -+#include "system/filesys.h" -+#include "libcli/security/security.h" -+ -+static NTSTATUS vfs_worm_create_file(vfs_handle_struct *handle, -+ struct smb_request *req, -+ uint16_t root_dir_fid, -+ struct smb_filename *smb_fname, -+ uint32_t access_mask, -+ uint32_t share_access, -+ uint32_t create_disposition, -+ uint32_t create_options, -+ uint32_t file_attributes, -+ uint32_t oplock_request, -+ uint64_t allocation_size, -+ uint32_t private_flags, -+ struct security_descriptor *sd, -+ struct ea_list *ea_list, -+ files_struct **result, -+ int *pinfo) -+{ -+ bool readonly = false; -+ const uint32_t write_access_flags = -+ FILE_WRITE_DATA | FILE_APPEND_DATA | -+ FILE_WRITE_ATTRIBUTES | DELETE_ACCESS | -+ WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS; -+ NTSTATUS status; -+ -+ if (VALID_STAT(smb_fname->st)) { -+ /* no grace_period supported */ -+ readonly = true; -+ } -+ -+ if (readonly && (access_mask & write_access_flags)) { -+ return NT_STATUS_ACCESS_DENIED; -+ } -+ -+ status = SMB_VFS_NEXT_CREATE_FILE( -+ handle, req, root_dir_fid, smb_fname, access_mask, -+ share_access, create_disposition, create_options, -+ file_attributes, oplock_request, allocation_size, -+ private_flags, sd, ea_list, result, pinfo); -+ if (!NT_STATUS_IS_OK(status)) { -+ return status; -+ } -+ -+ /* -+ * Access via MAXIMUM_ALLOWED_ACCESS? -+ */ -+ if (readonly && ((*result)->access_mask & write_access_flags)) { -+ close_file(req, *result, NORMAL_CLOSE); -+ return NT_STATUS_ACCESS_DENIED; -+ } -+ return NT_STATUS_OK; -+} -+ -+static struct vfs_fn_pointers vfs_worm_fns = { -+ .create_file = vfs_worm_create_file, -+}; -+ -+NTSTATUS vfs_worm_init(void); -+NTSTATUS vfs_worm_init(void) -+{ -+ NTSTATUS ret; -+ -+ ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "worm", -+ &vfs_worm_fns); -+ if (!NT_STATUS_IS_OK(ret)) { -+ return ret; -+ } -+ -+ return ret; -+} --- -1.7.0.4 - - Makefile.in and configure.in adds - ---- a/source3/configure.in 2013-01-17 15:54:47.194376100 -0800 -+++ b/source3/configure.in 2013-01-17 15:58:39.854303900 -0800 -@@ -6994,6 +6994,7 @@ - SMB_MODULE(vfs_preopen, \$(VFS_PREOPEN_OBJ), "bin/preopen.$SHLIBEXT", VFS) - SMB_MODULE(vfs_syncops, \$(VFS_SYNCOPS_OBJ), "bin/syncops.$SHLIBEXT", VFS) - SMB_MODULE(vfs_zfsacl, \$(VFS_ZFSACL_OBJ), "bin/zfsacl.$SHLIBEXT", VFS) -+SMB_MODULE(vfs_worm, \$(VFS_WORM_OBJ), "bin/worm.$SHLIBEXT", VFS) - AC_SUBST(SAMFS_LIBS) - SMB_MODULE(vfs_samfs, \$(VFS_SAMFS_OBJ), "bin/samfs.$SHLIBEXT", VFS) - SMB_MODULE(vfs_notify_fam, \$(VFS_NOTIFY_FAM_OBJ), "bin/notify_fam.$SHLIBEXT", VFS) ---- a/source3/Makefile.in 2013-01-17 15:55:00.777531900 -0800 -+++ b/source3/Makefile.in 2013-01-17 16:02:06.513093500 -0800 -@@ -813,6 +813,7 @@ - VFS_AIXACL2_OBJ = modules/vfs_aixacl2.o modules/vfs_aixacl_util.o modules/nfs4_acls.o - VFS_SOLARISACL_OBJ = modules/vfs_solarisacl.o - VFS_ZFSACL_OBJ = modules/vfs_zfsacl.o modules/nfs4_acls.o -+VFS_WORM_OBJ = modules/vfs_worm.o - VFS_SAMFS_OBJ = modules/vfs_samfs.o - VFS_HPUXACL_OBJ = modules/vfs_hpuxacl.o - VFS_IRIXACL_OBJ = modules/vfs_irixacl.o -@@ -2967,6 +2968,10 @@ - @echo "Building plugin $@" - @$(SHLD_MODULE) $(VFS_ZFSACL_OBJ) @ZFSACL_LIBS@ - -+bin/worm.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_WORM_OBJ) -+ @echo "Building plugin $@" -+ @$(SHLD_MODULE) $(VFS_WORM_OBJ) -+ - bin/samfs.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_SAMFS_OBJ) - @echo "Building plugin $@" - @$(SHLD_MODULE) $(VFS_SAMFS_OBJ) @SAMFS_LIBS@