diff options
| author | Jeremy Allison <jra@samba.org> | 2001-02-12 16:18:02 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2001-02-12 16:18:02 +0000 |
| commit | 94fc44a93c46cece9b9fa947bff62087dbcd89fa (patch) | |
| tree | 292e61a7af5427e683d483a7afd802933ced9b72 /source3/smbd | |
| parent | b4b387e31b241dcf4c8359c8515db689946654d5 (diff) | |
| download | samba-94fc44a93c46cece9b9fa947bff62087dbcd89fa.tar.gz samba-94fc44a93c46cece9b9fa947bff62087dbcd89fa.tar.bz2 samba-94fc44a93c46cece9b9fa947bff62087dbcd89fa.zip | |
Merge of JohnR's changes to appliance-head, JF's changes to 2.2,
updated the POSIX_ACL code to be in sync.
Jeremy.
(This used to be commit c0517d6f4e3079feca1309fd1ea7b21e83f0de02)
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/nttrans.c | 11 | ||||
| -rw-r--r-- | source3/smbd/posix_acls.c | 2 | ||||
| -rw-r--r-- | source3/smbd/process.c | 29 | ||||
| -rw-r--r-- | source3/smbd/reply.c | 10 | ||||
| -rw-r--r-- | source3/smbd/server.c | 17 |
5 files changed, 61 insertions, 8 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 19f5859abb..207786768b 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -291,7 +291,7 @@ static void get_filename_transact( char *fname, char *inbuf, int data_offset, in * the end here. */ - if((data_len - fname_len == 1) || (inbuf[data_offset] == '\0')) { + if((data_len == 1) || (inbuf[data_offset] == '\0')) { /* * Ensure that the data offset is aligned * on a 2 byte boundary - add one if not. @@ -1110,6 +1110,15 @@ static BOOL set_sd(files_struct *fsp, char *data, uint32 sd_len, uint security_i return False; } + if (psd->off_owner_sid==0) + security_info_sent &= ~OWNER_SECURITY_INFORMATION; + if (psd->off_grp_sid==0) + security_info_sent &= ~GROUP_SECURITY_INFORMATION; + if (psd->off_sacl==0) + security_info_sent &= ~DACL_SECURITY_INFORMATION; + if (psd->off_dacl==0) + security_info_sent &= ~SACL_SECURITY_INFORMATION; + ret = set_nt_acl( fsp, security_info_sent, psd); if (!ret) { diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index ed8c0a94c9..db2f933420 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -238,6 +238,8 @@ static BOOL unpack_nt_owners(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *pgrp, DEBUG(3,("unpack_nt_owners: unable to validate group sid.\n")); } + DEBUG(5,("unpack_nt_owners: owner_sids validated.\n")); + return True; } diff --git a/source3/smbd/process.c b/source3/smbd/process.c index eb18219992..461fa99f39 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -769,6 +769,30 @@ static int construct_reply(char *inbuf,char *outbuf,int size,int bufsize) return(outsize); } +/**************************************************************************** + Keep track of the number of running smbd's. This functionality is used to + 'hard' limit Samba overhead on resource constrained systems. +****************************************************************************/ +static BOOL smbd_process_limit(void) +{ + int total_smbds; + + if (lp_max_smbd_processes()) { + + /* Always add one to the smbd process count, as exit_server() always + * subtracts one. + */ + tdb_lock_bystring(conn_tdb_ctx(), "INFO/total_smbds"); + total_smbds = tdb_fetch_int(conn_tdb_ctx(), "INFO/total_smbds"); + total_smbds = total_smbds < 0 ? 1 : total_smbds + 1; + tdb_store_int(conn_tdb_ctx(), "INFO/total_smbds", total_smbds); + tdb_unlock_bystring(conn_tdb_ctx(), "INFO/total_smbds"); + + return total_smbds > lp_max_smbd_processes(); + } + else + return False; +} /**************************************************************************** process an smb from the client - split out from the process() code so @@ -792,8 +816,9 @@ void process_smb(char *inbuf, char *outbuf) deny parameters before doing any parsing of the packet passed to us by the client. This prevents attacks on our parsing code from hosts not in the hosts allow list */ - if (!check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1))) { - /* send a negative session response "not listining on calling + if (smbd_process_limit() || + !check_access(smbd_server_fd(), lp_hostsallow(-1), lp_hostsdeny(-1))) { + /* send a negative session response "not listening on calling name" */ static unsigned char buf[5] = {0x83, 0, 0, 1, 0x81}; DEBUG( 1, ( "Connection denied from %s\n", diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index b24ec7a944..2d205543fb 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -510,9 +510,9 @@ int smb_create_user(char *unix_user, char *homedir) pstrcpy(add_script, lp_adduser_script()); if (! *add_script) return -1; - pstring_sub(add_script, "%u", unix_user); + all_string_sub(add_script, "%u", unix_user, sizeof(pstring)); if (homedir) - pstring_sub(add_script, "%H", homedir); + all_string_sub(add_script, "%H", homedir, sizeof(pstring)); ret = smbrun(add_script,NULL,False); DEBUG(3,("smb_create_user: Running the command `%s' gave %d\n",add_script,ret)); return ret; @@ -529,7 +529,7 @@ static int smb_delete_user(char *unix_user) pstrcpy(del_script, lp_deluser_script()); if (! *del_script) return -1; - pstring_sub(del_script, "%u", unix_user); + all_string_sub(del_script, "%u", unix_user, sizeof(pstring)); ret = smbrun(del_script,NULL,False); DEBUG(3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret)); return ret; @@ -898,10 +898,10 @@ int reply_sesssetup_and_X(connection_struct *conn, char *inbuf,char *outbuf,int /* if the username exists as a domain/username pair on the unix system then use that */ - if (!getpwnam(user)) { + if (!sys_getpwnam(user)) { pstring user2; slprintf(user2,sizeof(user2),"%s%s%s", dos_to_unix(domain,False), lp_winbind_separator(), user); - if (getpwnam(user2)) { + if (sys_getpwnam(user2)) { DEBUG(3,("Using unix username %s\n", user2)); pstrcpy(user, user2); } diff --git a/source3/smbd/server.c b/source3/smbd/server.c index a13f34d506..8eacd4ed58 100644 --- a/source3/smbd/server.c +++ b/source3/smbd/server.c @@ -410,6 +410,22 @@ static BOOL dump_core(void) #endif /**************************************************************************** +update the current smbd process count +****************************************************************************/ +static void decrement_smbd_process_count(void) +{ + int total_smbds; + + if (lp_max_smbd_processes()) { + tdb_lock_bystring(conn_tdb_ctx(), "INFO/total_smbds"); + if ((total_smbds = tdb_fetch_int(conn_tdb_ctx(), "INFO/total_smbds")) > 0) + tdb_store_int(conn_tdb_ctx(), "INFO/total_smbds", total_smbds - 1); + + tdb_unlock_bystring(conn_tdb_ctx(), "INFO/total_smbds"); + } +} + +/**************************************************************************** exit the server ****************************************************************************/ void exit_server(char *reason) @@ -432,6 +448,7 @@ void exit_server(char *reason) } respond_to_all_remaining_local_messages(); + decrement_smbd_process_count(); #ifdef WITH_DFS if (dcelogin_atmost_once) { |