Age | Commit message (Collapse) | Author | Files | Lines |
|
Summary:
Specially crafted SMB requests on
authenticated SMB connections can send smbd
into a 100% CPU loop, causing a DoS on the
Samba server.
|
|
deferred open state.
Signed-off-by: Tim Prouty <tprouty@samba.org>
|
|
Revert change from 3.3 -> 3.4 with read_socket_with_timeout changed
from sys_read() to sys_recv(). read_socket_with_timeout() is called
with non-fd's (with a pty in chgpasswd.c and with a disk file in
lib/dbwrap_file.c via read_data()). recv works for the disk file,
but not the pty. Change the name of read_socket_with_timeout() to
read_fd_with_timeout() to make this clear (and add comments).
Jeremy.
|
|
metze
|
|
construct_reply() references the request after chain_reply has freed it.
|
|
|
|
after the accept and fork, to smbd_init_globals(), so it's
done immediately on server startup. This is needed as some
messages are sent to all active smbd processes (including
the master listening daemon). If it gets a message that
forces it to scan it's current connections (ie. conn_find())
then it discovers that sconn->smb1.tcons.Connections dereferences
null (as sconn == NULL in the parent) and crashes. Yes,
I could fix all cases where sconn is used and explicitly
check for NULL but this fix is easier. It means that
the smbd_event_context() is initialized in the master
daemon and then re-initialized after fork, but that
should be being done correctly in every fork call anyway.
Without this change the previous fix 6a9e0039100b57f9626e87defec6720c476b9789
still panics in the reproducible test case for bug
6564, as this is one case where such a message
(MSG_SMB_CONF_UPDATED) is sent to the parent. Metze
please check. This change passes valgrind.
Jeremy.
|
|
s3: Make smbd aware of permission change of usershare. Since usershare are relatively volatile and
non-previledge users must disconnect from smbd and reconnect to it to make share permission in effect.
For now. This is a feature request and I think we need
to design it a little differently so as not to touch
core change_to_user() code.
Jeremy.
|
|
relatively volatile and non-previledge users must disconnect from smbd and reconnect to it to make share permission in effect.
|
|
Before 3.3, an smbcontrol debug message sent to the target "smbd" would
actually be sent to all running processes including nmbd and winbindd.
This behavior was changed in 3.3 so that the "smbd" target would only
send a message to the process found in smbd.pid, while the "all" target
would send a message to all processes.
The ability to set the debug level of all processes within a single
daemon, without specifying each pid is quite useful. This was implemented
in winbindd in 065760ed. This patch does the same thing for smbd.
Upon receiving a MSG_DEBUG the parent smbd will rebroadcast it to all of
its children.
The printing process has been added to the list of smbd child processes,
and we now always track the number of smbd children regardless of the
"max smbd processes" setting.
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
This is disabled by default and activated by
"max protocol = SMB2".
metze
|
|
A sesssetupAndX chained with a tconn will not correctly set the TID in
the response header. I'm seeing an XP client send this chained
sesssetup/tconn when samba has security = share. Samba's current
behavior is to return a TID of 0 in the smb header rather than the
actual TID. This patch also updates the UID in the header as well.
|
|
It was too late... Thanks Metze for noticing.
Michael
|
|
Michael
|
|
|
|
We keep the seqnum/mid mapping in the smb_request structure.
This also moves one global variable into the
smbd_server_connection struct.
metze
|
|
too.
Otherwise we'll confuse the client signing engine, when we reply an error to each transs2.
metze
|
|
|
|
Jeremy.
|
|
This changelist allows for the addition of custom performance
monitoring modules through smb.conf. Entrypoints in the main message
processing code have been added to capture the command, subop, ioctl,
identity and message size statistics.
|
|
|
|
|
|
And use signal events for Linux oplocks.
metze
|
|
This the process_kernel_oplock() function never response to messages,
it only generates messages to ourself.
metze
|
|
metze
|
|
metze
|
|
The caller might have over-allocated reply->outbuf. Deal with that.
Sorry, Günther, for giving you so much pain ...
Volker
|
|
triggered now
metze
|
|
This converts the irix oplocks code to use a fd event
and removes the last special case for file descriptors
for the main sys_select().
metze
|
|
And always setup the fd events.
metze
|
|
|
|
This is a hack to fix races which happen with the RAW-RENAME and RAW-OPLOCK
tests. We should try to remove it later.
metze
|
|
|
|
|
|
This the global variable "orig_inbuf" in the old chain_reply code. This global
variable was one of the reasons why we had the silly restriction to not allow
async requests within a request chain.
|
|
|
|
|
|
We use a fd event and receive incoming smb requests
when the fd becomes readable. It's not completely
nonblocking yet, but it should behave like the old code.
We use timed events to trigger retries for deferred open calls.
metze
|
|
The goal is to move all this variables into a big context structure.
metze
|
|
metze
|
|
Jeremy.
|
|
This gives lower-level routines the chance to indicate a retry condition
|
|
|