The branch, v4-23-test has been updated
via 6d2cf012b41 smbd: only increment lease epoch if a lease was granted
via 1757b5ae5ae smbtorture: add test "smb2.lease.lease-epoch"
via 2dfa5168417 mdssvc: call mangle_reset_cache()
via 76257068f6e mdssvc: implement elasticsearch:default_fields
via 39d2fcb2401 mdssvc: fix filtering by share path prefix
via e554174d6b3 mdssvc: fix running test command manually
via fda3bc7f2ce vfs_fruit: ignore Set-ACL requests with zero ACEs
via d5d6d5f5bbe smbd: hang directory pattern matching case sensitivity
on the pathname
via 04d9de20394 smbd: hang posix brl per-handle check on the pathname
via 8fb5d5dde4c vfs_fruit: add option "fruit:posix_opens = yes|no"
(default: yes)
via 2ed0f530269 smbtorture: add test vfs.fruit.case_insensitive_find
via 2ad0cafc89d smbtorture: add test vfs.fruit.readonly-exclusive-lock
via aee9fcf8297 smbd: don't use sticky write times on POSIX handles
via 195499a86fc smbtorture: fix locking offset in
test_fruit_locking_conflict()
from 97002261e50 VERSION: Bump version up to Samba 4.23.3...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-23-test
- Log -----------------------------------------------------------------
commit 6d2cf012b41cddc53df63b1ca80a8b378c0bfadb
Author: Ralph Boehme <[email protected]>
Date: Tue Sep 23 14:14:22 2025 +0200
smbd: only increment lease epoch if a lease was granted
From MS-SMB2 3.3.5.9.11 "Handling the SMB2_CREATE_REQUEST_LEASE_V2 Create
Context":
If the object store succeeds this request, Lease.LeaseState MUST be set
to the
new caching state. The server MUST increment Lease.Epoch by 1.
try_lease_upgrade() already has the same logic when checking for a possible
upgrade of an exisiting lease.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15933
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Autobuild-User(master): Volker Lendecke <[email protected]>
Autobuild-Date(master): Fri Oct 10 17:02:26 UTC 2025 on atb-devel-224
(cherry picked from commit 9f45eae2928bd2cb46fc827a348531acb471a549)
Autobuild-User(v4-23-test): Jule Anger <[email protected]>
Autobuild-Date(v4-23-test): Wed Oct 15 15:10:19 UTC 2025 on atb-devel-224
commit 1757b5ae5ae96bb9b5fb444aa2efe0d752e940f4
Author: Ralph Boehme <[email protected]>
Date: Sat Sep 27 13:01:32 2025 +0200
smbtorture: add test "smb2.lease.lease-epoch"
Verifies the lease epoch is not incremented by the server (returns what the
client sent in the request) if a lease was not granted ie lease_level=NONE.
Test passes against Windows 2025.
From MS-SMB2 3.3.5.9.11 "Handling the SMB2_CREATE_REQUEST_LEASE_V2 Create
Context":
If the object store succeeds this request, Lease.LeaseState MUST be set
to the
new caching state. The server MUST increment Lease.Epoch by 1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15933
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(cherry picked from commit ca0363e5a7f53cde4ae7223c36f21c2ae12318f9)
commit 2dfa51684176faaef0a7af67e142fd4e076f89c6
Author: Ralph Boehme <[email protected]>
Date: Tue Oct 7 16:13:43 2025 +0200
mdssvc: call mangle_reset_cache()
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15931
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
Autobuild-User(master): Volker Lendecke <[email protected]>
Autobuild-Date(master): Wed Oct 8 07:54:48 UTC 2025 on atb-devel-224
(cherry picked from commit 708ae38a76a13a5b77373770149678233b4b3c37)
commit 76257068f6e64186114703f5337d0a70c94d942c
Author: Ralph Boehme <[email protected]>
Date: Mon Sep 1 14:55:04 2025 +0200
mdssvc: implement elasticsearch:default_fields
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15927
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(cherry picked from commit 2b5cbb955ab2cf278272aa8457a672aa27ff1020)
commit 39d2fcb240159521f8a88f2c112e752c798fa708
Author: Ralph Boehme <[email protected]>
Date: Thu Sep 4 17:41:44 2025 +0200
mdssvc: fix filtering by share path prefix
To correctly filter by share path, use a filter with a prefix match.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15927
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(cherry picked from commit 594eb4eb0eb4a6c87c5b136106afd05357b80e91)
commit e554174d6b38b968c31569536ef4f641fbd3b855
Author: Ralph Boehme <[email protected]>
Date: Thu Oct 2 17:08:55 2025 +0200
mdssvc: fix running test command manually
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15927
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(cherry picked from commit a8791c0cad4fb03606ea484c2da7ee69d9de5d48)
commit fda3bc7f2ce2c6105be1e42a14d885912196c7f8
Author: Ralph Boehme <[email protected]>
Date: Sat Sep 6 08:48:44 2025 +0200
vfs_fruit: ignore Set-ACL requests with zero ACEs
Workaround for a new behaviour in latest macOS versions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(backported from commit a112978ed1240c399eb90e4472d5c43d867c49d9)
[[email protected]: conflict due to option veto_localized present only in
master]
commit d5d6d5f5bbeb213d5fea930714523913fc0aa1e6
Author: Ralph Boehme <[email protected]>
Date: Thu Sep 18 20:35:22 2025 +0200
smbd: hang directory pattern matching case sensitivity on the pathname
For the SMB3 POSIX client both posix_open=true and (fsp->fsp_name->flags &
SMB_FILENAME_POSIX_PATH) will always be the case, so this is no change in
behaviour for that case.
However, for the macOS client fruit will carefully setup both flags as
posix_open=true but SMB_FILENAME_POSIX_PATH will not be set.
This is a deliberate hack to give the macOS client POSIX behaviour for some
operations, but not for others, while also allowing the POSIX-ified macOS
client
to continue to get case insensitive behavour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(cherry picked from commit b3132202cf787cc9fb061e39eaf1509157f53953)
commit 04d9de203947e45b8791e9b96ceb538a3a2467a5
Author: Ralph Boehme <[email protected]>
Date: Thu Sep 18 23:44:34 2025 +0200
smbd: hang posix brl per-handle check on the pathname
For the SMB3 POSIX client both posix_open=true and (fsp->fsp_name->flags &
SMB_FILENAME_POSIX_PATH) will always be the case, so this is no change in
behaviour for that case.
However, for the macOS client fruit will carefully setup both flags as
posix_open=true but SMB_FILENAME_POSIX_PATH will not be set.
This is a deliberate hack to give the macOS client POSIX behaviour for some
operations, but not for others, while also allowing the POSIX-ified macOS
client
to continue to get case insensitive behavour.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(cherry picked from commit 75fa416f911f1f30aae8bdf14b423140874acaa0)
commit 8fb5d5dde4c4a9c7edf36d89b4d7c5bb05be10b4
Author: Ralph Boehme <[email protected]>
Date: Mon Mar 10 15:01:42 2025 +0100
vfs_fruit: add option "fruit:posix_opens = yes|no" (default: yes)
Tags alls opens as POSIX by setting fsp_flags.posix_open to true.
POSIX handles have different behaviour compared to Windows:
Behaviour | POSIX | Windows | macOS
|fruit:posix_opens = yes
-----------------------------------+------------+----------------------------------------
Deleting files with open handles | yes | no | yes |
yes
Moving directories with open files | yes | no | yes |
yes
Byterange locks behaviour | POSIX-ish | Window-ish | POSIX-ish |
POSIX-ish
Sticky writetime | no | yes | no |
no
Case sensitive | no | yes | yes |
yes
Streams allowed | no | yes | yes |
yes
macOS follows POSIX for the first four, but needs case insensitive behaviour
and needs streams.
By carefully setting fsp_flags.posix_open to true *after* going through the
path
resolution logic, but before opens are added to locking.tdb, with
"fruit:posix_opens = yes" we get closest to macOS semantics.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(backported from commit e86f0c2de80e2409bfe3fc12df24e94470988e3c)
[[email protected]: conflict due to optino veto_localized only present in
master]
commit 2ed0f530269d5fe19c6a216fdf0a584616fecd95
Author: Ralph Boehme <[email protected]>
Date: Fri Sep 19 06:43:57 2025 +0200
smbtorture: add test vfs.fruit.case_insensitive_find
Verifies case insensitive directory scanning works.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(cherry picked from commit 68ed6279335cfac13a624ae8a7738dac3d9b0d1a)
commit 2ad0cafc89dd8fa3b34bb6a66d215a518519c26c
Author: Ralph Boehme <[email protected]>
Date: Fri Sep 19 00:20:43 2025 +0200
smbtorture: add test vfs.fruit.readonly-exclusive-lock
Verify macOS clients get Windows byterange lock behavour by trying to set an
exclusive lock on a file opened in read-only mode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(cherry picked from commit 777db5b50689d28c53d6b0116818601fd8e52aa8)
commit aee9fcf829724e560ee8571221355045760369f8
Author: Ralph Boehme <[email protected]>
Date: Fri Aug 1 17:28:04 2025 +0200
smbd: don't use sticky write times on POSIX handles
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(cherry picked from commit 795a8c0e84f2bf2b70c8070737183e33f4254a54)
commit 195499a86fc8d5beb4c453e85a758a069e881581
Author: Ralph Boehme <[email protected]>
Date: Wed Aug 13 17:02:16 2025 +0200
smbtorture: fix locking offset in test_fruit_locking_conflict()
AD_FILELOCK_RSRC_DENY_WR = AD_FILELOCK_BASE + 6
= (0x7FFFFFFFFFFFFFFF - 9) + 6
= 0x7FFFFFFFFFFFFFFC
No change in behaviour though, just stumpled across it.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15926
Signed-off-by: Ralph Boehme <[email protected]>
Reviewed-by: Volker Lendecke <[email protected]>
(cherry picked from commit 3052839636f185307edb8832de9bdba4b2e2c83c)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/vfs_fruit.8.xml | 33 ++++
.../smbdotconf/misc/elasticsearchdefaultfields.xml | 19 +++
python/samba/tests/blackbox/mdsearch.py | 18 ++-
python/samba/tests/dcerpc/mdssvc.py | 54 ++++++-
source3/include/vfs.h | 18 +++
source3/modules/vfs_fruit.c | 49 +++++-
source3/rpc_server/mdssvc/es_parser.y | 8 +-
source3/rpc_server/mdssvc/es_parser_test.c | 3 -
source3/rpc_server/mdssvc/mdssvc_es.c | 58 ++++---
source3/rpc_server/mdssvc/mdssvc_es.h | 1 +
source3/rpc_server/mdssvc/test_mdsparser_es.c | 115 ++++++-------
source3/rpc_server/rpcd_mdssvc.c | 3 +
source3/smbd/dir.c | 2 +-
source3/smbd/dosmode.c | 3 +
source3/smbd/open.c | 5 +-
source3/smbd/smb2_lock.c | 16 +-
source4/torture/smb2/lease.c | 99 ++++++++++++
source4/torture/vfs/fruit.c | 179 ++++++++++++++++++++-
18 files changed, 581 insertions(+), 102 deletions(-)
create mode 100644 docs-xml/smbdotconf/misc/elasticsearchdefaultfields.xml
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/vfs_fruit.8.xml
b/docs-xml/manpages/vfs_fruit.8.xml
index 9e27030b660..13748c110fb 100644
--- a/docs-xml/manpages/vfs_fruit.8.xml
+++ b/docs-xml/manpages/vfs_fruit.8.xml
@@ -426,6 +426,39 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>fruit:posix_opens = yes | no</term>
+ <listitem>
+
+ <para>When <parameter>fruit:posix_opens</parameter> is set to
+ <parameter>yes</parameter>, vfs_fruit will internally translate
+ all filesystem semantics to use POSIX behaviour instead of Windows
+ behaviour. As Macs are closer to POSIX than Windows with regard
+ to filesystem semantics, this improves access semantics for
+ a lot of corner cases.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fruit:ignore_zero_aces = yes | no</term>
+ <listitem>
+
+ <para>When <parameter>fruit:ignore_zero_aces</parameter> is
+ enabled, attempts to modify filesystem permissions fail if the ACL
+ sent over the wire contains no ACEs. This is completely valid
+ client behaviour, but it means subsequently no further access is
+ possible to the file, unless permissions get fixed by an
+ administrator.</para>
+ <para>This problematic behaviour has been reported for latest
+ macOS versions and this new option allows to work around
+ it.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
diff --git a/docs-xml/smbdotconf/misc/elasticsearchdefaultfields.xml
b/docs-xml/smbdotconf/misc/elasticsearchdefaultfields.xml
new file mode 100644
index 00000000000..9230e9280b7
--- /dev/null
+++ b/docs-xml/smbdotconf/misc/elasticsearchdefaultfields.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="elasticsearch:default_fields"
+ context="G"
+ type="string"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc";>
+ <description>
+ <para>
+ Default attributes in Elasticsearch to query when receiving a Spotlight
+ query that searches in the special attribute "*". This is the default
used
+ by macOS clients when searching from the Finder.
+ </para>
+ <para>
+ This option expects a list of Elasticsearch attributes separated by
+ comma where each attributes must be enclosed in double quotes.
+ </para>
+ </description>
+
+ <value type="default">"file.filename", "content"</value>
+ <value type="example">"foo", "bar"</value>
+</samba:parameter>
diff --git a/python/samba/tests/blackbox/mdsearch.py
b/python/samba/tests/blackbox/mdsearch.py
index 8d67090e182..a2e6eb09029 100644
--- a/python/samba/tests/blackbox/mdsearch.py
+++ b/python/samba/tests/blackbox/mdsearch.py
@@ -102,8 +102,22 @@ class MdfindBlackboxTests(BlackboxTestCase):
json_in = r'''{
"from": 0, "size": 50, "_source": ["path.real"],
"query": {
- "query_string": {
- "query": "(samba*) AND path.real.fulltext:\"%BASEPATH%\""
+ "bool": {
+ "filter": [
+ {
+ "prefix": {
+ "path.real": "%BASEPATH%/"
+ }
+ }
+ ],
+ "must": [
+ {
+ "query_string": {
+ "query": "samba*",
+ "fields": ["file.filename", "content"]
+ }
+ }
+ ]
}
}
}'''
diff --git a/python/samba/tests/dcerpc/mdssvc.py
b/python/samba/tests/dcerpc/mdssvc.py
index cd256548b91..40005ff1824 100644
--- a/python/samba/tests/dcerpc/mdssvc.py
+++ b/python/samba/tests/dcerpc/mdssvc.py
@@ -133,8 +133,22 @@ class MdssvcTests(RpcInterfaceTestCase):
exp_json_query = r'''{
"from": 0, "size": 50, "_source": ["path.real"],
"query": {
- "query_string": {
- "query": "(samba*) AND path.real.fulltext:\"%BASEPATH%\""
+ "bool": {
+ "filter": [
+ {
+ "prefix": {
+ "path.real": "%BASEPATH%/"
+ }
+ }
+ ],
+ "must": [
+ {
+ "query_string": {
+ "query": "samba*",
+ "fields": ["file.filename", "content"]
+ }
+ }
+ ]
}
}
}'''
@@ -165,8 +179,22 @@ class MdssvcTests(RpcInterfaceTestCase):
exp_json_query = r'''{
"from": 0, "size": 50, "_source": ["path.real"],
"query": {
- "query_string": {
- "query": "(file.filename:x\\+x OR file.filename:x\\*x OR
file.filename:x=x OR file.filename:x'x OR file.filename:x\\?x OR
file.filename:x\\ x OR file.filename:x\\(x OR file.filename:x\\\"x OR
file.filename:x\\\\x) AND path.real.fulltext:\"%BASEPATH%\""
+ "bool": {
+ "filter": [
+ {
+ "prefix": {
+ "path.real": "%BASEPATH%/"
+ }
+ }
+ ],
+ "must": [
+ {
+ "query_string": {
+ "query": "file.filename:x\\+x OR file.filename:x\\*x OR
file.filename:x=x OR file.filename:x'x OR file.filename:x\\?x OR
file.filename:x\\ x OR file.filename:x\\(x OR file.filename:x\\\"x OR
file.filename:x\\\\x",
+ "fields": ["file.filename", "content"]
+ }
+ }
+ ]
}
}
}'''
@@ -207,8 +235,22 @@ class MdssvcTests(RpcInterfaceTestCase):
exp_json_query = r'''{
"from": 0, "size": 50, "_source": ["path.real"],
"query": {
- "query_string": {
- "query": "(*samba*) AND path.real.fulltext:\"%BASEPATH%\""
+ "bool": {
+ "filter": [
+ {
+ "prefix": {
+ "path.real": "%BASEPATH%/"
+ }
+ }
+ ],
+ "must": [
+ {
+ "query_string": {
+ "query": "*samba*",
+ "fields": ["file.filename", "content"]
+ }
+ }
+ ]
}
}
}'''
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index 75b81648108..e87a0d923e5 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -462,6 +462,15 @@ typedef struct files_struct {
bool lock_failure_seen : 1;
bool encryption_required : 1;
bool fstat_before_close : 1;
+ /*
+ * For POSIX clients struct files_struct.fsp_flags.posix_open
+ * and struct smb_filename.flags SMB_FILENAME_POSIX_PATH will
+ * always be set to the same value.
+ *
+ * For macOS clients vfs_fruit with fruit:posix_open=yes, we
+ * deliberately set both flags to fsp_flags.posix_open=true
+ * while SMB_FILENAME_POSIX_PATH will not be set.
+ */
bool posix_open : 1;
bool posix_append : 1;
bool ntcreatex_deny_dos : 1;
@@ -889,6 +898,15 @@ struct smb_filename {
struct fsp_smb_fname_link *fsp_link;
};
+/*
+ * For POSIX clients struct files_struct.fsp_flags.posix_open
+ * and struct smb_filename.flags SMB_FILENAME_POSIX_PATH will
+ * always be set to the same value.
+ *
+ * For macOS clients vfs_fruit with fruit:posix_open=yes, we
+ * deliberately set both flags to fsp_flags.posix_open=true
+ * while SMB_FILENAME_POSIX_PATH will not be set.
+ */
#define SMB_FILENAME_POSIX_PATH 0x01
enum vfs_translate_direction {
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 1b72eeec534..302d90ce997 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -125,6 +125,7 @@ struct fruit_config_data {
bool use_aapl; /* config from smb.conf */
bool use_copyfile;
bool readdir_attr_enabled;
+ bool posix_opens;
bool unix_info_enabled;
bool copyfile_enabled;
bool veto_appledouble;
@@ -136,6 +137,7 @@ struct fruit_config_data {
bool wipe_intentionally_left_blank_rfork;
bool delete_empty_adfiles;
bool validate_afpinfo;
+ bool ignore_zero_aces;
/*
* Additional options, all enabled by default,
@@ -339,6 +341,14 @@ static int init_fruit_config(vfs_handle_struct *handle)
config->use_copyfile = lp_parm_bool(-1, FRUIT_PARAM_TYPE_NAME,
"copyfile", false);
+ config->posix_opens = lp_parm_bool(
+ SNUM(handle->conn), FRUIT_PARAM_TYPE_NAME, "posix_opens", true);
+
+ config->ignore_zero_aces = lp_parm_bool(SNUM(handle->conn),
+ FRUIT_PARAM_TYPE_NAME,
+ "ignore_zero_aces",
+ true);
+
config->aapl_zero_file_id =
lp_parm_bool(SNUM(handle->conn), FRUIT_PARAM_TYPE_NAME,
"zero_file_id", true);
@@ -1754,16 +1764,27 @@ static int fruit_openat(vfs_handle_struct *handle,
files_struct *fsp,
const struct vfs_open_how *how)
{
+ struct fruit_config_data *config = NULL;
int fd;
+ SMB_VFS_HANDLE_GET_DATA(handle, config,
+ struct fruit_config_data, return -1);
+
DBG_DEBUG("Path [%s]\n", smb_fname_str_dbg(smb_fname));
if (!is_named_stream(smb_fname)) {
- return SMB_VFS_NEXT_OPENAT(handle,
- dirfsp,
- smb_fname,
- fsp,
- how);
+ fd = SMB_VFS_NEXT_OPENAT(handle,
+ dirfsp,
+ smb_fname,
+ fsp,
+ how);
+ if (fd == -1) {
+ return -1;
+ }
+ if (config->posix_opens && global_fruit_config.nego_aapl) {
+ fsp->fsp_flags.posix_open = true;
+ }
+ return fd;
}
if ((how->resolve & ~VFS_OPEN_HOW_WITH_BACKUP_INTENT) != 0) {
@@ -1798,7 +1819,13 @@ static int fruit_openat(vfs_handle_struct *handle,
DBG_DEBUG("Path [%s] fd [%d]\n", smb_fname_str_dbg(smb_fname), fd);
/* Prevent reopen optimisation */
+ if (fd == -1) {
+ return -1;
+ }
fsp->fsp_flags.have_proc_fds = false;
+ if (config->posix_opens && global_fruit_config.nego_aapl) {
+ fsp->fsp_flags.posix_open = true;
+ }
return fd;
}
@@ -4605,6 +4632,7 @@ static NTSTATUS fruit_fset_nt_acl(vfs_handle_struct
*handle,
uint32_t security_info_sent,
const struct security_descriptor *orig_psd)
{
+ struct fruit_config_data *config = NULL;
NTSTATUS status;
bool do_chmod;
mode_t ms_nfs_mode = 0;
@@ -4612,6 +4640,10 @@ static NTSTATUS fruit_fset_nt_acl(vfs_handle_struct
*handle,
struct security_descriptor *psd = NULL;
uint32_t orig_num_aces = 0;
+ SMB_VFS_HANDLE_GET_DATA(handle, config,
+ struct fruit_config_data,
+ return NT_STATUS_UNSUCCESSFUL);
+
if (orig_psd->dacl != NULL) {
orig_num_aces = orig_psd->dacl->num_aces;
}
@@ -4623,6 +4655,13 @@ static NTSTATUS fruit_fset_nt_acl(vfs_handle_struct
*handle,
DBG_DEBUG("%s\n", fsp_str_dbg(fsp));
+ if (config->ignore_zero_aces && (psd->dacl->num_aces == 0)) {
+ /*
+ * Just ignore Set-ACL requests with zero ACEs.
+ */
+ return NT_STATUS_OK;
+ }
+
status = check_ms_nfs(handle, fsp, psd, &ms_nfs_mode, &do_chmod);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("fruit_fset_nt_acl: check_ms_nfs failed%s\n",
fsp_str_dbg(fsp)));
diff --git a/source3/rpc_server/mdssvc/es_parser.y
b/source3/rpc_server/mdssvc/es_parser.y
index 7f3275d3d92..62ca63d90f2 100644
--- a/source3/rpc_server/mdssvc/es_parser.y
+++ b/source3/rpc_server/mdssvc/es_parser.y
@@ -85,7 +85,6 @@
int mdsyylwrap(void);
bool map_spotlight_to_es_query(TALLOC_CTX *mem_ctx,
json_t *mappings,
- const char *path_scope,
const char *query_string,
char **_es_query);
}
@@ -640,7 +639,6 @@ int mdsyylwrap(void)
**/
bool map_spotlight_to_es_query(TALLOC_CTX *mem_ctx,
json_t *mappings,
- const char *path_scope,
const char *query_string,
char **_es_query)
{
@@ -691,13 +689,11 @@ bool map_spotlight_to_es_query(TALLOC_CTX *mem_ctx,
return false;
}
- es_query = talloc_asprintf(mem_ctx,
- "(%s) AND path.real.fulltext:\\\"%s\\\"",
- s.result, path_scope);
- TALLOC_FREE(s.frame);
+ es_query = talloc_strdup(mem_ctx, s.result);
if (es_query == NULL) {
return false;
}
+ TALLOC_FREE(s.frame);
*_es_query = es_query;
return true;
diff --git a/source3/rpc_server/mdssvc/es_parser_test.c
b/source3/rpc_server/mdssvc/es_parser_test.c
index 7d88c67abff..dfce8601911 100644
--- a/source3/rpc_server/mdssvc/es_parser_test.c
+++ b/source3/rpc_server/mdssvc/es_parser_test.c
@@ -41,7 +41,6 @@ int main(int argc, char **argv)
char *default_path = NULL;
const char *path = NULL;
const char *query_string = NULL;
- const char *path_scope = NULL;
char *es_query = NULL;
bool ok;
@@ -50,7 +49,6 @@ int main(int argc, char **argv)
return 1;
}
query_string = argv[1];
- path_scope = "/foo/bar";
lp_load_global(get_dyn_CONFIGFILE());
@@ -86,7 +84,6 @@ int main(int argc, char **argv)
ok = map_spotlight_to_es_query(mem_ctx,
mappings,
- path_scope,
query_string,
&es_query);
printf("%s\n", ok ? es_query : "*mapping failed*");
diff --git a/source3/rpc_server/mdssvc/mdssvc_es.c
b/source3/rpc_server/mdssvc/mdssvc_es.c
index d51441092b4..eb19d5fdc4a 100644
--- a/source3/rpc_server/mdssvc/mdssvc_es.c
+++ b/source3/rpc_server/mdssvc/mdssvc_es.c
@@ -36,17 +36,27 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_RPC_SRV
-#define MDSSVC_ELASTIC_QUERY_TEMPLATE \
- "{" \
- " \"from\": %zu," \
- " \"size\": %zu," \
- " \"_source\": [%s]," \
- " \"query\": {" \
- " \"query_string\": {" \
- " \"query\": \"%s\"" \
- " }" \
- " }" \
- "}"
+#define MDSSVC_ELASTIC_QUERY_TEMPLATE \
+ "{\n" \
+ " \"from\": %zu,\n" \
+ " \"size\": %zu,\n" \
+ " \"_source\": [%s],\n" \
+ " \"query\": {\n" \
+ " \"bool\": {\n" \
+ " \"filter\": [ {\n" \
+ " \"prefix\": {\n" \
+ " \"path.real\": \"%s/\"\n" \
+ " }\n" \
+ " } ],\n" \
+ " \"must\": [ {\n" \
+ " \"query_string\": {\n" \
+ " \"query\": \"%s\",\n" \
+ " \"fields\": [%s]\n" \
+ " }\n" \
+ " } ]\n" \
+ " }\n" \
+ " }\n" \
+ "}\n"
#define MDSSVC_ELASTIC_SOURCES \
"\"path.real\""
@@ -57,6 +67,7 @@ static bool mdssvc_es_init(struct mdssvc_ctx *mdssvc_ctx)
json_error_t json_error;
char *default_path = NULL;
const char *path = NULL;
+ const char *default_fields = "\"file.filename\", \"content\"";
mdssvc_es_ctx = talloc_zero(mdssvc_ctx, struct mdssvc_es_ctx);
if (mdssvc_es_ctx == NULL) {
@@ -97,6 +108,15 @@ static bool mdssvc_es_init(struct mdssvc_ctx *mdssvc_ctx)
}
TALLOC_FREE(default_path);
+ mdssvc_es_ctx->default_fields =
lp_parm_const_string(GLOBAL_SECTION_SNUM,
+ "elasticsearch",
+ "default_fields",
+ default_fields);
+ if (mdssvc_es_ctx->default_fields == NULL) {
+ TALLOC_FREE(mdssvc_es_ctx);
+ return false;
+ }
+
mdssvc_ctx->backend_private = mdssvc_es_ctx;
return true;
}
@@ -413,7 +433,6 @@ static bool mds_es_search(struct sl_query *slq)
ok = map_spotlight_to_es_query(
s,
mds_es_ctx->mdssvc_es_ctx->mappings,
- slq->path_scope,
slq->query_string,
&s->es_query);
if (!ok) {
@@ -616,12 +635,15 @@ static struct tevent_req *mds_es_search_send(TALLOC_CTX
*mem_ctx,
return tevent_req_post(req, ev);
}
- elastic_query = talloc_asprintf(state,
- MDSSVC_ELASTIC_QUERY_TEMPLATE,
- s->from,
- s->size,
- MDSSVC_ELASTIC_SOURCES,
- s->es_query);
+ elastic_query = talloc_asprintf(
+ state,
+ MDSSVC_ELASTIC_QUERY_TEMPLATE,
+ s->from,
+ s->size,
+ MDSSVC_ELASTIC_SOURCES,
+ s->slq->path_scope,
+ s->es_query,
+ s->mds_es_ctx->mdssvc_es_ctx->default_fields);
if (tevent_req_nomem(elastic_query, req)) {
return tevent_req_post(req, ev);
}
diff --git a/source3/rpc_server/mdssvc/mdssvc_es.h
b/source3/rpc_server/mdssvc/mdssvc_es.h
index 19797fa24f3..154b0b4667a 100644
--- a/source3/rpc_server/mdssvc/mdssvc_es.h
+++ b/source3/rpc_server/mdssvc/mdssvc_es.h
@@ -30,6 +30,7 @@ struct mdssvc_es_ctx {
struct mdssvc_ctx *mdssvc_ctx;
struct cli_credentials *creds;
json_t *mappings;
+ const char *default_fields;
};
--
Samba Shared Repository
