Age | Commit message (Collapse) | Author | Files | Lines |
|
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Aug 4 14:28:04 CEST 2012 on sn-devel-104
|
|
Look for Server.Session.SessionKeyState in [MS-SMB].
The first SMBtconX sets the state to available, which makes it possible
to protect the session key at that stage, if client and server
support TREE_CONNECT_ANDX_EXTENDED_SIGNATURE.
metze
|
|
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Aug 1 18:25:26 CEST 2012 on sn-devel-104
|
|
metze
|
|
|
|
|
|
Thanks to Jeremy for this simple idea
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
They use talloc_tos() internally: hoist that up to the callers, some
of whom don't want to us talloc_tos().
A simple patch, but hits a lot of files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
Pair-Programmed-With: Michael Adam <obnox@samba.org>
metze
|
|
Pair-Programmed-With: Michael Adam <obnox@samba.org>
metze
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
|
|
metze
|
|
metze
|
|
We don't support security = share anymore, so we should always have
a valid session.
Found by the raw.context test.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed May 23 12:47:37 CEST 2012 on sn-devel-104
|
|
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May 22 16:42:22 CEST 2012 on sn-devel-104
|
|
Found by the raw.context test.
metze
|
|
Now that we always require a 64 bit off_t, we no longer need SMB_OFF_T.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Fri Apr 6 01:47:43 CEST 2012 on sn-devel-104
|
|
|
|
and veto files are enabled.
Store the 'struct security_token' as well as the 'struct security_unix_token'
inside the locking db when setting a delete on close.
|
|
This is fixed up in construct_reply_chain
|
|
<insert your favourite tombstone ascii art here>
|
|
Normally chain_reply took care of this. This will go away soon.
|
|
That's the only case where this can happen, so we should not clutter the main
code path.
|
|
|
|
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
when doing backup requests.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Mar 1 03:50:40 CET 2012 on sn-devel-104
|
|
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Feb 18 06:22:40 CET 2012 on sn-devel-104
|
|
Replaced the undescriptive SMB_PORT1 and SMB_PORT2 defined constants
with the slightly more descriptive names NBT_SMB_PORT and TCP_SMB_PORT.
Also replaced several hard-coded references to the well-known port
numbers (139 and 445, respectively) as appropriate.
Small changes to clarify some comments regarding the two transport
types.
Signed-off-by: Simo Sorce <idra@samba.org>
Autobuild-User: Simo Sorce <idra@samba.org>
Autobuild-Date: Thu Feb 16 08:29:41 CET 2012 on sn-devel-104
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
This slightly simplifies the code path for all callers which assume
that a share mode exists already. Only the callers in open_file_ntcreate
and open_directory will ever create new share modes.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
leaves data in the pipe on short write.
The code to set a DOS error on short writeX return is amazingly
legacy code, and also breaks the reply as fixup_chain_error_packet()
enforces a 2-byte wct on any reply where smb_rcls != 0.
Found in testing by Andrew Bartlett. Thanks Andrew !
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Dec 31 08:05:35 CET 2011 on sn-devel-104
|
|
the share.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Dec 16 23:32:26 CET 2011 on sn-devel-104
|
|
reload_services()
metze
|
|
|
|
SMBsetatr is requested.
This now plumbs access checks through all setattr calls.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 16 04:20:04 CET 2011 on sn-devel-104
|
|
is called from places like fileio.c that need to update the write time
on a file handle only open for write, without neccessarily having
FILE_WRITE_ATTRIBUTES permission. Move all checks to before the
smb_set_file_time() callers.
|
|
|
|
Windows 2008 R2 (and others) ignore the high bits for the read size.
Unless we're using the unix extentions and the client
uses CIFS_UNIX_LARGE_READ_CAP, we should also ignore
the high bits.
But we still need to support old "smbclient" binaries
and have to check if the client is "Samba".
metze
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Samba share with SMB2.
|
|
|
|
|
|
|
|
|
|
This brings this structure one step closer to the struct auth_session_info.
A few SMB_ASSERT calls are added in some key places to ensure that
this pointer is initialised, to make tracing any bugs here easier in
future.
NOTE: Many of the users of this structure should be reviewed, as unix
and NT access checks are mixed in a way that should just be done using
the NT ACL. This patch has not changed this behaviour however.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
metze
|
|
metze
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|