diff options
author | Andrew Tridgell <tridge@samba.org> | 1997-10-02 03:14:32 +0000 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 1997-10-02 03:14:32 +0000 |
commit | 85097a7c177977c3e0cb9b2ad41642dba5f917ac (patch) | |
tree | 04809ff5192c9bfa9c33f76d5a27b67c7790d024 | |
parent | c9cf77a6bb245145dce3cd96ff4267fe226a1019 (diff) | |
download | samba-85097a7c177977c3e0cb9b2ad41642dba5f917ac.tar.gz samba-85097a7c177977c3e0cb9b2ad41642dba5f917ac.tar.bz2 samba-85097a7c177977c3e0cb9b2ad41642dba5f917ac.zip |
change the semantics of hosts allow/hosts deny so that a global
setting applies to all shares regardless of any settings on other
shares. This allows us to immediately drop a connection if it does not
come from a allowed host, without even parsing the first SMB
packet. The next time we get a nasty security hole we can offer people
the option of just setting their hosts allow line.
If we drop a connection in this way we generate a "Not listening for
calling name" response and then exit.
add a per share "oplocks" option in smb.conf. I think its important to
be able to disable oplocks on a per-share basis as there are occasions
then they are definately not wanted, for example when sharing data
between a windows box and a unix application. This also allows us to
tell people "try disabling oplocks" when diagnosing problems.
fix a bug in process_smb(). It was taking the length of the packet
from outbuf, not inbuf (this bug was introduced with the oplocks
code). Jeremy, I assume this wasn't deliberate?
(This used to be commit 44bc9f239aa0b3cdf6cf9ad8d3911e397eba7335)
-rw-r--r-- | docs/manpages/smb.conf.5 | 9 | ||||
-rw-r--r-- | source3/include/proto.h | 1 | ||||
-rw-r--r-- | source3/param/loadparm.c | 6 | ||||
-rw-r--r-- | source3/smbd/server.c | 23 |
4 files changed, 31 insertions, 8 deletions
diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5 index 869dbf9ffd..989a395c15 100644 --- a/docs/manpages/smb.conf.5 +++ b/docs/manpages/smb.conf.5 @@ -724,10 +724,11 @@ then the "load printers" option is easier. A synonym for this parameter is 'hosts allow'. This parameter is a comma delimited set of hosts which are permitted to access -a services. If specified in the [global] section, matching hosts will be -allowed access to any service that does not specifically exclude them from -access. Specific services my have their own list, which override those -specified in the [global] section. +a service. + +If specified in the [global] section then it will apply to all +services, regardless of whether the individual service has a different +setting. You can specify the hosts by name or IP number. For example, you could restrict access to only the hosts on a Class C subnet with something like diff --git a/source3/include/proto.h b/source3/include/proto.h index ac81f8cb37..51433333c5 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -248,6 +248,7 @@ BOOL lp_map_archive(int ); BOOL lp_locking(int ); BOOL lp_strict_locking(int ); BOOL lp_share_modes(int ); +BOOL lp_oplocks(int ); BOOL lp_onlyuser(int ); BOOL lp_manglednames(int ); BOOL lp_widelinks(int ); diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 1a9771df22..fb656aa627 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -257,6 +257,7 @@ typedef struct BOOL bLocking; BOOL bStrictLocking; BOOL bShareModes; + BOOL bOpLocks; BOOL bOnlyUser; BOOL bMangledNames; BOOL bWidelinks; @@ -338,6 +339,7 @@ static service sDefault = True, /* bLocking */ False, /* bStrictLocking */ True, /* bShareModes */ + True, /* bOpLocks */ False, /* bOnlyUser */ True, /* bMangledNames */ True, /* bWidelinks */ @@ -541,6 +543,7 @@ struct parm_struct {"locking", P_BOOL, P_LOCAL, &sDefault.bLocking, NULL}, {"strict locking", P_BOOL, P_LOCAL, &sDefault.bStrictLocking, NULL}, {"share modes", P_BOOL, P_LOCAL, &sDefault.bShareModes, NULL}, + {"oplocks", P_BOOL, P_LOCAL, &sDefault.bOpLocks, NULL}, {"only user", P_BOOL, P_LOCAL, &sDefault.bOnlyUser, NULL}, {"wide links", P_BOOL, P_LOCAL, &sDefault.bWidelinks, NULL}, {"follow symlinks", P_BOOL, P_LOCAL, &sDefault.bSymlinks, NULL}, @@ -935,6 +938,7 @@ FN_LOCAL_BOOL(lp_map_archive,bMap_archive) FN_LOCAL_BOOL(lp_locking,bLocking) FN_LOCAL_BOOL(lp_strict_locking,bStrictLocking) FN_LOCAL_BOOL(lp_share_modes,bShareModes) +FN_LOCAL_BOOL(lp_oplocks,bOpLocks) FN_LOCAL_BOOL(lp_onlyuser,bOnlyUser) FN_LOCAL_BOOL(lp_manglednames,bMangledNames) FN_LOCAL_BOOL(lp_widelinks,bWidelinks) @@ -1138,6 +1142,8 @@ BOOL lp_add_printer(char *pszPrintername, int iDefaultService) iSERVICE(i).bRead_only = False; /* No share modes on printer services. */ iSERVICE(i).bShareModes = False; + /* No oplocks on printer services. */ + iSERVICE(i).bOpLocks = False; /* Printer services must be printable. */ iSERVICE(i).bPrint_ok = True; diff --git a/source3/smbd/server.c b/source3/smbd/server.c index b9bdbaa655..7b04d228c3 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -1841,7 +1841,7 @@ dev = %x, inode = %x\n", old_shares[i].op_type, fname, dev, inode)); be extended to level II oplocks (multiple reader oplocks). */ - if(oplock_request && (num_share_modes == 0)) + if(oplock_request && (num_share_modes == 0) && lp_oplocks(SNUM(cnum))) { fs_p->granted_oplock = True; global_oplocks_open++; @@ -2412,12 +2412,27 @@ static BOOL open_sockets(BOOL is_daemon,int port) static void process_smb(char *inbuf, char *outbuf) { extern int Client; - static int trans_num = 0; - + static int trans_num; int msg_type = CVAL(inbuf,0); - int32 len = smb_len(outbuf); + int32 len = smb_len(inbuf); int nread = len + 4; + if (trans_num == 0) { + /* on the first packet, check the global hosts allow/ hosts + deny parameters before doing any parsing of the packet + passed to us by the client. This prevents attacks on our + parsing code from hosts not in the hosts allow list */ + if (!check_access(-1)) { + /* send a negative session response "not listining on calling + name" */ + static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81}; + DEBUG(1,("%s Connection denied from %s\n", + timestring(),client_addr())); + send_smb(Client,buf); + exit_server("connection denied"); + } + } + DEBUG(6,("got message type 0x%x of len 0x%x\n",msg_type,len)); DEBUG(3,("%s Transaction %d of length %d\n",timestring(),trans_num,nread)); |