smbd: bring back "smb3 unix extensions" option

This basically reverts commit b3cae8dcf192f65031f143e5bb9135c895611d98
with a few important differences:

* SMB3 UNIX extensions are always built, but disabled by default at runtime.

* They are globally enabled in the fileserver test environment.

* It's now a per-share option, so admins can selectively disable them
  on a per-share basis. This allows clients to detect early that a share
  doesn't support user mount requested POSIX and fail appropiately, passing
  the failure to the requesting application (mount command).

Signed-off-by: Ralph Boehme <slow@samba.org>

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 2bd3f02e1dc9311d334aa8682e081461494c92a7..12dff08271cc53b337302743425a92a39ee28cb6 100644 (file)
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -57,7 +57,7 @@ smb.conf changes
 
   Parameter Name                          Description     Default
   --------------                          -----------     -------
-  smb3 unix extensions                    removed         always offered
+  smb3 unix extensions                    Per share       -
 
 
 KNOWN ISSUES

diff --git a/docs-xml/smbdotconf/protocol/smb3unixextensions.xml b/docs-xml/smbdotconf/protocol/smb3unixextensions.xml
new file mode 100644 (file)
index 0000000..4c03199
--- /dev/null
+++ b/docs-xml/smbdotconf/protocol/smb3unixextensions.xml
@@ -0,0 +1,9 @@
+<samba:parameter name="smb3 unix extensions"
+                 context="S"
+                 type="boolean"
+                 xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
+  <description>
+    <para>Experimental SMB 3.1.1 Unix Extensions.</para>
+  </description>
+  <value type="default">no</value>
+</samba:parameter>

diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index d56f12ee57a6b5119214c4135365c3e9d6ca6bd5..4218a54358b64ddabfdd59b1075e7a896ff079f0 100755 (executable)
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1855,6 +1855,7 @@ sub setup_fileserver
 
        my $ip4 = Samba::get_ipv4_addr("FILESERVER");
        my $fileserver_options = "
+        smb3 unix extensions = yes
        kernel change notify = yes
        spotlight backend = elasticsearch
        elasticsearch:address = $ip4

diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 6b2f23ce633a371295b0b24f47b3afa4799fd4fb..797baa66309f22354c7b4fe98b2b15f5fb3ad797 100644 (file)
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -4680,6 +4680,12 @@ void widelinks_warning(int snum)
                        "These parameters are incompatible. "
                        "Wide links will be disabled for this share.\n",
                         lp_const_servicename(snum));
+               } else if (lp_smb3_unix_extensions(snum)) {
+                       DBG_ERR("Share '%s' has wide links and SMB3 Unix "
+                               "extensions enabled. "
+                               "These parameters are incompatible. "
+                               "Wide links will be disabled for this share.\n",
+                               lp_const_servicename(snum));
                }
        }
 }
@@ -4687,7 +4693,7 @@ void widelinks_warning(int snum)
 bool lp_widelinks(int snum)
 {
        /* wide links is always incompatible with unix extensions */
-       if (lp_smb1_unix_extensions()) {
+       if (lp_smb1_unix_extensions() || lp_smb3_unix_extensions(snum)) {
                /*
                 * Unless we have "allow insecure widelinks"
                 * turned on.

diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index abcce5afb4fd388b57ff65e4e4fcceb351e03dd7..8a40717235c4ef61b16abc3ef07cfb05b9b5a2c6 100644 (file)
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -736,7 +736,9 @@ static NTSTATUS smbd_smb2_create_fetch_create_ctx(
                state->svhdx = smb2_create_blob_find(
                        in_context_blobs, SVHDX_OPEN_DEVICE_CONTEXT);
        }
-       if (xconn->smb2.server.posix_extensions_negotiated) {
+       if (xconn->smb2.server.posix_extensions_negotiated &&
+           lp_smb3_unix_extensions(SNUM(state->smb1req->conn)))
+       {
                /*
                 * Negprot only allowed this for proto>=3.11
                 */

diff --git a/source3/smbd/smb2_negprot.c b/source3/smbd/smb2_negprot.c
index ad40434e5f6dc51b2d3dd25141b25e827157708a..8f4167fc6a2e962b9d57a9909e67ff8ef253b504 100644 (file)
--- a/source3/smbd/smb2_negprot.c
+++ b/source3/smbd/smb2_negprot.c
@@ -142,6 +142,10 @@ static NTSTATUS smb2_negotiate_context_process_posix(
 
        *posix = false;
 
+       if (!lp_smb3_unix_extensions(GLOBAL_SECTION_SNUM)) {
+               return NT_STATUS_OK;
+       }
+
        in_posix = smb2_negotiate_context_find(in_c,
                                               SMB2_POSIX_EXTENSIONS_AVAILABLE);
        if (in_posix == NULL) {