[PATCH] vfs_retention: add this module to make a share read only with a special time period.

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] vfs_retention: add this module to make a share read only with a special time period.

Samba - samba-technical mailing list
Hi,

I create a pull request for the previous discussion about a new module to implement the worm feature with a special time period.

Please review and maybe push it...
Thanks very much!

https://github.com/samba-team/samba/pull/98

----------------------------------------
以上、よろしくお願いします
李 丹(LI DAN)
Dept. III of Technology and DevelopmentNanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST) No. 6 Wenzhu Road, Nanjing, 210012, China
T: +86-25-86630566-9488
Mail: [hidden email]
----------------------------------------





98.patch (15K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] vfs_retention: add this module to make a share read only with a special time period.

Samba - samba-technical mailing list
On Tue, Oct 10, 2017 at 01:24:05AM +0000, Li, Dan via samba-technical wrote:
> I create a pull request for the previous discussion about a new
> module to implement the worm feature with a special time period.
>
> Please review and maybe push it...
> Thanks very much!

Looks interesting, thanks!

A few comments:

Can you take a look at README.Coding in the Samba source directory?
There's a lot of formatting issues with the code.

Then in the manpage you mention

> The original Samba software and related utilities
> were created by Li Dan.

I'd say this is not entriely true :-)

Then in your second patch: This should not be necessary. What fails
exactly?

Thanks, Volker

--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:[hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: [PATCH] vfs_retention: add this module to make a share read only with a special time period.

Samba - samba-technical mailing list
Hi, Volker

Thanks for your comments!

> Can you take a look at README.Coding in the Samba source directory?
> There's a lot of formatting issues with the code.
OK. I deal with the format issues, please check the attachments.
Should I squash all the 3 patches together?

> Then in the manpage you mention
>
> > The original Samba software and related utilities were created by Li
> > Dan.
>
> I'd say this is not entriely true :-)
I am sorry for this replace miss when created this page...

> Then in your second patch: This should not be necessary. What fails exactly?
It failed when build the samba-static task. Pls check details from the following link:
https://travis-ci.org/samba-team/samba/jobs/264593495

Regards,

Li Dan

> -----Original Message-----
> From: Volker Lendecke [mailto:[hidden email]]
> Sent: Tuesday, October 10, 2017 5:43 PM
> To: Li, Dan/李 丹 <[hidden email]>
> Cc: [hidden email]
> Subject: Re: [PATCH] vfs_retention: add this module to make a share read
> only with a special time period.
>
> On Tue, Oct 10, 2017 at 01:24:05AM +0000, Li, Dan via samba-technical wrote:
> > I create a pull request for the previous discussion about a new module
> > to implement the worm feature with a special time period.
> >
> > Please review and maybe push it...
> > Thanks very much!
>
> Looks interesting, thanks!
>
> A few comments:
>
> Can you take a look at README.Coding in the Samba source directory?
> There's a lot of formatting issues with the code.
>
> Then in the manpage you mention
>
> > The original Samba software and related utilities were created by Li
> > Dan.
>
> I'd say this is not entriely true :-)
>
> Then in your second patch: This should not be necessary. What fails exactly?
>
> Thanks, Volker
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF:
> Dr. Johannes Loxen http://www.sernet.de, mailto:[hidden email]
>



0001-vfs_retention-add-this-module-to-make-a-share-read-o.patch (13K) Download Attachment
0002-modify-autobuild-TASK-samba-static-failed.patch (2K) Download Attachment
0003-vfs_retention-modify-format-and-careless-miss.patch (7K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] vfs_retention: add this module to make a share read only with a special time period.

Samba - samba-technical mailing list
On Tue, Oct 10, 2017 at 11:46:06AM +0000, Li, Dan wrote:
> Hi, Volker
>
> Thanks for your comments!
>
> > Can you take a look at README.Coding in the Samba source directory?
> > There's a lot of formatting issues with the code.
> OK. I deal with the format issues, please check the attachments.
> Should I squash all the 3 patches together?

Maybe. At least the first and third one belong together.

> > Then in your second patch: This should not be necessary. What fails exactly?
> It failed when build the samba-static task. Pls check details from the following link:
> https://travis-ci.org/samba-team/samba/jobs/264593495

I guess the right way to solve this would be to make getdate a
subsystem or library on its own.

Volker

--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:[hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] vfs_retention: add this module to make a share read only with a special time period.

Samba - samba-technical mailing list
In reply to this post by Samba - samba-technical mailing list
On Tue, Oct 10, 2017 at 01:24:05AM +0000, Li, Dan via samba-technical wrote:
> Hi,
>
> I create a pull request for the previous discussion about a new module to implement the worm feature with a special time period.
>
> Please review and maybe push it...
> Thanks very much!
>
> https://github.com/samba-team/samba/pull/98

In order to truely prevent *all* share modification
you need to also trap and deny SMB_VFS_LINK, SMB_VFS_MKNOD,
SMB_VFS_NTIMES, and SMB_VFS_SYMLINK calls.

With all these trapped I don't think any client can modify the
filesystem.

Reply | Threaded
Open this post in threaded view
|

RE: [PATCH] vfs_retention: add this module to make a share read only with a special time period.

Samba - samba-technical mailing list
In reply to this post by Samba - samba-technical mailing list
Hi, Volker

> I guess the right way to solve this would be to make getdate a subsystem
> or library on its own.
I dealed with this issue and updated the patch.
Pls check them...
Thank you!

Regards,
Li Dan

> -----Original Message-----
> From: Volker Lendecke [mailto:[hidden email]]
> Sent: Tuesday, October 10, 2017 8:12 PM
> To: Li, Dan/李 丹 <[hidden email]>
> Cc: [hidden email]
> Subject: Re: [PATCH] vfs_retention: add this module to make a share read
> only with a special time period.
>
> On Tue, Oct 10, 2017 at 11:46:06AM +0000, Li, Dan wrote:
> > Hi, Volker
> >
> > Thanks for your comments!
> >
> > > Can you take a look at README.Coding in the Samba source directory?
> > > There's a lot of formatting issues with the code.
> > OK. I deal with the format issues, please check the attachments.
> > Should I squash all the 3 patches together?
>
> Maybe. At least the first and third one belong together.
>
> > > Then in your second patch: This should not be necessary. What fails
> exactly?
> > It failed when build the samba-static task. Pls check details from the
> following link:
> > https://travis-ci.org/samba-team/samba/jobs/264593495
>
> I guess the right way to solve this would be to make getdate a subsystem
> or library on its own.
>
> Volker
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF:
> Dr. Johannes Loxen http://www.sernet.de, mailto:[hidden email]
>



0001-vfs_retention-add-this-module-to-make-a-share-read-o.patch (13K) Download Attachment
0002-modify-autobuild-TASK-samba-static-failed.patch (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

RE: [PATCH] vfs_retention: add this module to make a share read only with a special time period.

Samba - samba-technical mailing list
In reply to this post by Samba - samba-technical mailing list
Hi, Jeremy

> In order to truely prevent *all* share modification you need to also trap
> and deny SMB_VFS_LINK, SMB_VFS_MKNOD, SMB_VFS_NTIMES, and SMB_VFS_SYMLINK
> calls.
What should I do to trap these macros?
I am sorry I cannot get your point...
I think this module is an individual module which has nothing to modify with all above macros...


Regards,
Li Dan


> -----Original Message-----
> From: Jeremy Allison [mailto:[hidden email]]
> Sent: Wednesday, October 11, 2017 1:25 AM
> To: Li, Dan/李 丹 <[hidden email]>
> Cc: [hidden email]
> Subject: Re: [PATCH] vfs_retention: add this module to make a share read
> only with a special time period.
>
> On Tue, Oct 10, 2017 at 01:24:05AM +0000, Li, Dan via samba-technical wrote:
> > Hi,
> >
> > I create a pull request for the previous discussion about a new module
> to implement the worm feature with a special time period.
> >
> > Please review and maybe push it...
> > Thanks very much!
> >
> > https://github.com/samba-team/samba/pull/98
>
> In order to truely prevent *all* share modification you need to also trap
> and deny SMB_VFS_LINK, SMB_VFS_MKNOD, SMB_VFS_NTIMES, and SMB_VFS_SYMLINK
> calls.
>
> With all these trapped I don't think any client can modify the filesystem.
>




Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] vfs_retention: add this module to make a share read only with a special time period.

Samba - samba-technical mailing list
On Wed, Oct 11, 2017 at 06:07:44AM +0000, Li, Dan via samba-technical wrote:
> > In order to truely prevent *all* share modification you need to also trap
> > and deny SMB_VFS_LINK, SMB_VFS_MKNOD, SMB_VFS_NTIMES, and SMB_VFS_SYMLINK
> > calls.
>
> What should I do to trap these macros?  I am sorry I cannot get your point...
> I think this module is an individual module which has nothing to modify with
> all above macros...

not the macros, implement the the corresponding functions from vfs_fn_pointers.

Cheerio!
-slow

Reply | Threaded
Open this post in threaded view
|

RE: [PATCH] vfs_retention: add this module to make a share read only with a special time period.

Samba - samba-technical mailing list
Hi, Slow and Jeremy

> not the macros, implement the the corresponding functions from
> vfs_fn_pointers.
Thanks for the explanation, I understand the meaning finally...
In fact I referenced the vfs_fn_pointers from vfs_worm and I think that is enough...

static struct vfs_fn_pointers vfs_worm_fns = {
        .create_file_fn = vfs_worm_create_file,
};


----------------------------------------
以上、よろしくお願いします
李 丹(LI DAN)
Dept. III of Technology and DevelopmentNanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST) No. 6 Wenzhu Road, Nanjing, 210012, China
T: +86-25-86630566-9488
Mail: [hidden email]
----------------------------------------


> -----Original Message-----
> From: Ralph Böhme [mailto:[hidden email]]
> Sent: Wednesday, October 11, 2017 3:03 PM
> To: Li, Dan/李 丹 <[hidden email]>
> Cc: Jeremy Allison <[hidden email]>; [hidden email]
> Subject: Re: [PATCH] vfs_retention: add this module to make a share read
> only with a special time period.
>
> On Wed, Oct 11, 2017 at 06:07:44AM +0000, Li, Dan via samba-technical wrote:
> > > In order to truely prevent *all* share modification you need to also
> > > trap and deny SMB_VFS_LINK, SMB_VFS_MKNOD, SMB_VFS_NTIMES, and
> > > SMB_VFS_SYMLINK calls.
> >
> > What should I do to trap these macros?  I am sorry I cannot get your point...
> > I think this module is an individual module which has nothing to
> > modify with all above macros...
>
> not the macros, implement the the corresponding functions from
> vfs_fn_pointers.
>
> Cheerio!
> -slow
>



Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] vfs_retention: add this module to make a share read only with a special time period.

Samba - samba-technical mailing list
In reply to this post by Samba - samba-technical mailing list
On Wed, Oct 11, 2017 at 06:07:10AM +0000, Li, Dan wrote:
> Hi, Volker
>
> > I guess the right way to solve this would be to make getdate a subsystem
> > or library on its own.
> I dealed with this issue and updated the patch.
> Pls check them...

I just remembered the vfs_worm module that does pretty much the same
with a different strategy to decide upon whether to allow r/w access.
Does it make sense to merge those two?

Volker

--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:[hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] vfs_retention: add this module to make a share read only with a special time period.

Samba - samba-technical mailing list
In reply to this post by Samba - samba-technical mailing list
On Wed, Oct 11, 2017 at 06:07:44AM +0000, Li, Dan via samba-technical wrote:
> Hi, Jeremy
>
> > In order to truely prevent *all* share modification you need to also trap
> > and deny SMB_VFS_LINK, SMB_VFS_MKNOD, SMB_VFS_NTIMES, and SMB_VFS_SYMLINK
> > calls.
> What should I do to trap these macros?
> I am sorry I cannot get your point...
> I think this module is an individual module which has nothing to modify with all above macros...

All those entry points make modifications to the share possible. To be
safe, they should obey the same restrictions as create_file does. With
SMB2, it might not be an issue, but with SMB1 it definitely is.

Volker

--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:[hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: [PATCH] vfs_retention: add this module to make a share read only with a special time period.

Samba - samba-technical mailing list
In reply to this post by Samba - samba-technical mailing list
Yes, it is familiar with the vfs_worm module.
But the conclusion of former discussion decided to create a new module for this:)

----------------------------------------
以上、よろしくお願いします
李 丹(LI DAN)
Dept. III of Technology and DevelopmentNanjing Fujitsu Nanda Software Tech. Co., Ltd.(FNST) No. 6 Wenzhu Road, Nanjing, 210012, China
T: +86-25-86630566-9488
Mail: [hidden email]
----------------------------------------


> -----Original Message-----
> From: Volker Lendecke [mailto:[hidden email]]
> Sent: Wednesday, October 11, 2017 5:21 PM
> To: Li, Dan/李 丹 <[hidden email]>
> Cc: [hidden email]
> Subject: Re: [PATCH] vfs_retention: add this module to make a share read
> only with a special time period.
>
> On Wed, Oct 11, 2017 at 06:07:10AM +0000, Li, Dan wrote:
> > Hi, Volker
> >
> > > I guess the right way to solve this would be to make getdate a
> > > subsystem or library on its own.
> > I dealed with this issue and updated the patch.
> > Pls check them...
>
> I just remembered the vfs_worm module that does pretty much the same with
> a different strategy to decide upon whether to allow r/w access.
> Does it make sense to merge those two?
>
> Volker
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF:
> Dr. Johannes Loxen http://www.sernet.de, mailto:[hidden email]
>



Hi

On Thu, Aug 03, 2017 at 05:19:52AM +0000, Li, Dan via samba-technical wrote:
> Thanks for your suggestion!

fwiw, I agree with Ronnie, this should go into a new module.

> I can add a new module named "worml" for short of "worm limit" which has the retention period.
> I'd like to implement it based on the code of vfs_worm and vfs_readonly.

worml sounds awkward, why not just vfs_retention?

> I know that 'worm' has a common meaning in storage for ages,
> but I think the meaning is changing because the evolution of the media of storage.
> For example, Glusterfs and NetApp has its worm feature with the retention period.
>
> http://blog.gluster.org/2016/07/worm-write-once-read-multiple-retention-and-compliance-2/
> http://www.netapp.com/us/products/backup-recovery/snaplock-compliance.aspx
>
> Anyway, can I just contribute my patch and how should I do that?

<https://wiki.samba.org/index.php/Contribute>

The initial section "How to contribute to Samba?" covers the most important
things, namely copyright policy, signed-off-by tags and git format patches. :)

-slow



I think your should create a new module for this. Even if would be
based on or share a large amount of code
with vfs_worm.

The reason I think so is because 'worm' has a common meaning for
storage and it would be
confusing with a 'worm' module that does similar to but not quite 'worm'.



On Thu, Aug 3, 2017 at 12:40 PM, Li, Dan via samba-technical
<[hidden email]> wrote:

> Hi, all
>
> I'd like to use vfs_worm modules to make a backup share for our storage system.
> Except the grace period, I think it is better to add a retention period.
> A retention period means that during this period files are protected and immutable,
> but over the period the files can be modified or deleted.
>
> How about add this idea to add the options?
> Or should I create a new vfs module to implement this?
>
>
> Regards,
> Li Dan
>
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] vfs_retention: add this module to make a share read only with a special time period.

Samba - samba-technical mailing list
On Wed, Oct 11, 2017 at 09:45:26AM +0000, Li, Dan wrote:
> Yes, it is familiar with the vfs_worm module.
> But the conclusion of former discussion decided to create a new module for this:)

Can you give some arguments pro and con and the reason for your
decision?

Thanks, Volker

--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:[hidden email]

Reply | Threaded
Open this post in threaded view
|

RE: [PATCH] vfs_retention: add this module to make a share read only with a special time period.

Samba - samba-technical mailing list
Hi, Volker

I just email to this mail list and two of them suggested me to create a module for this.
I also believe it is not a good idea to modify the existing module so I create a new one.
Besides, the worm means write once and read many which does not mention a limited period in following page,
https://en.wikipedia.org/wiki/Write_once_read_many

Regards,
Li Dan

> -----Original Message-----
> From: Volker Lendecke [mailto:[hidden email]]
> Sent: Wednesday, October 11, 2017 5:50 PM
> To: Li, Dan/李 丹 <[hidden email]>
> Cc: [hidden email]
> Subject: Re: [PATCH] vfs_retention: add this module to make a share read
> only with a special time period.
>
> On Wed, Oct 11, 2017 at 09:45:26AM +0000, Li, Dan wrote:
> > Yes, it is familiar with the vfs_worm module.
> > But the conclusion of former discussion decided to create a new module
> > for this:)
>
> Can you give some arguments pro and con and the reason for your decision?
>
> Thanks, Volker
>
> --
> SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
> phone: +49-551-370000-0, fax: +49-551-370000-9 AG Göttingen, HRB 2816, GF:
> Dr. Johannes Loxen http://www.sernet.de, mailto:[hidden email]
>