Age | Commit message (Collapse) | Author | Files | Lines |
|
Volker.
Create widelinks_warning(int snum) to cover the message needed in make_connection.
Jeremy.
|
|
are incompatible.
Volker pointed out that the preexec scripts get passed the conn->connectpath
as a parameter, so call canonicalize_connect_path() both *before* and after
the preexec scripts. Ignore errors on the call before the preexec scripts,
as the path may not exist until created by the preexec scripts.
Jeremy.
|
|
This way we avoid any chance that a configuration reload may turn
back on wide links when unix extensions are enabled.
|
|
extensions" are incompatible.
Make sure we match the previous allow widelinks behavior, in that
non-root preexec scripts can create share directories for a share
definition.
Jeremy
|
|
incompatible.
Bug reported by Ralf Zimmermann <r.zimmermann@siegnetz.de>. Reproduced by jra.
If the target directory of a share doesn't exist, but is designed to
be created by a "root preexec" script call, then the widelinks check
is done too early - thus preventing the user from connecting to the
share.
Fix is to re-arrange the order of checks in make_connection_snum()
to always do the following order of operations:
(1). Turn off wide links if unix extensions = yes.
(2). Call any root preexec scripts.
(3). Canonicalize the share path to remove any symlinks (ie. end
up with the realpath in the connection_struct).
Jeremy.
|
|
Change parameter "wide links" to default to "no".
Ensure "wide links = no" if "unix extensions = yes" on a share.
Fix man pages to refect this.
Remove "within share" checks for a UNIX symlink set - even if
widelinks = no. The server will not follow that link anyway.
Correct DEBUG message in check_reduced_name() to add missing "\n"
so it's really clear when a path is being denied as it's outside
the enclosing share path.
Jeremy.
|
|
The destname malloc size was not taking into account the 1 extra byte
needed if a string without a leading '/' was passed in and that slash
was added.
This would cause the '\0' byte to be written past the end of the
malloced destname string and corrupt whatever heap memory was there.
This problem would be hit if a share name was given in smb.conf without
a leading '/' and if it was the exact size of the allocated STRDUP memory
which in some implementations of malloc is a power of 2.
|
|
I don't think we need to log the fact that a user gave a wrong sharename in Explorer with the highest log level.
The level of this was not very consistent:
service.c: DEBUG(3,("find_service() failed to find service %s\n", service));
service.c: DEBUG(0,("%s (%s) couldn't find service %s\n",
smb2_tcon.c: DEBUG(1,("smbd_smb2_tree_connect: couldn't find service %s\n",
This changes the last two to 3 as the first one.
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
|
|
===========================================================
== Subject: Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#: CVE-2009-2813
==
== Versions: All versions of Samba later than 3.0.11
==
== Summary: If a user in /etc/passwd is misconfigured to have
== an empty home directory then connecting to the home
== share of this user will use the root of the filesystem
== as the home directory.
===========================================================
|
|
Office 2003.
Confirmation from reporter that this fixes the issue in master on ext3/ext4.
Back-ports to follow.
Jeremy.
|
|
share.
Jeremy.
|
|
On filesystems that can't store less than one second timestamps,
round the incoming timestamp set requests so the client can't discover
that a time set request has been truncated by the filesystem.
Needs backporting to 3.4, 3.3, 3.2 and (even) 3.0.
Jeremy
|
|
They're both only used in the context of a function,
so we can make them stack variables.
metze
|
|
This can be NULL for faked connection structs used in the rpc server
or printing code.
metze
|
|
this changes the level of logs caused by users trying to access shares
or subdirectories for which they do not have access to in the ACL
this can fill up the samba log even with log level 0 and is more an
expected kind of logs that IMHO should not be logged with such a high
level.
All other errors while chdir() will still be logged with level 0
Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
|
|
s3: Make smbd aware of permission change of usershare. Since usershare are relatively volatile and
non-previledge users must disconnect from smbd and reconnect to it to make share permission in effect.
For now. This is a feature request and I think we need
to design it a little differently so as not to touch
core change_to_user() code.
Jeremy.
|
|
relatively volatile and non-previledge users must disconnect from smbd and reconnect to it to make share permission in effect.
|
|
This patch introduces two new temporary helper functions
vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me
to call the new smb_filename version of stat, while avoiding plumbing
it through callers that are still too inconvenient. As the conversion
moves along, I will be able to remove callers of this, with the goal
being to remove all callers.
There was also a bug in create_synthetic_smb_fname_split (also a
temporary utility function) that caused it to incorrectly handle
filenames with ':'s in them when in posix mode. This is now fixed.
|
|
metze
|
|
metze
|
|
metze
|
|
This patch introduces
struct stat_ex {
dev_t st_ex_dev;
ino_t st_ex_ino;
mode_t st_ex_mode;
nlink_t st_ex_nlink;
uid_t st_ex_uid;
gid_t st_ex_gid;
dev_t st_ex_rdev;
off_t st_ex_size;
struct timespec st_ex_atime;
struct timespec st_ex_mtime;
struct timespec st_ex_ctime;
struct timespec st_ex_btime; /* birthtime */
blksize_t st_ex_blksize;
blkcnt_t st_ex_blocks;
};
typedef struct stat_ex SMB_STRUCT_STAT;
It is really large because due to the friendly libc headers playing macro
tricks with fields like st_ino, so I renamed them to st_ex_xxx.
Why this change? To support birthtime, we already have quite a few #ifdef's at
places where it does not really belong. With a stat struct that we control, we
can consolidate the nanosecond timestamps and the birthtime deep in the VFS
stat calls.
At this moment it is triggered by a request to support the birthtime field for
GPFS. GPFS does not extend the system level struct stat, but instead has a
separate call that gets us the additional information beyond posix. Without
being able to do that within the VFS stat calls, that support would have to be
scattered around the main smbd code.
It will very likely break all the onefs modules, but I think the changes will
be reasonably easy to do.
|
|
I don't think we should unconditionally send every refused connection attempt
to a share to syslog, that's where all debug level 0 messages end up.
|
|
instead of reading the registry directly with tdb and activating the
configure options by hand.
This eliminates the need for repeating checks done in loadparm.
For instance it disables registry shares without path in the server
as is the case with text based shares.
Michael
|
|
We keep the seqnum/mid mapping in the smb_request structure.
This also moves one global variable into the
smbd_server_connection struct.
metze
|
|
We need to store the "force group" uid separately from the
conn->server_info token as we need to apply it separately also.
Volker PLEASE CHECK !
Jeremy.
|
|
The goal is to move all this variables into a big context structure.
metze
|
|
This only applies to a setup with "registry shares = yes"
Michael
(cherry picked from commit 288fa94ac7cfdf7457b5098c33fc840bed3d5410)
(cherry picked from commit e85526b184e66f86b7faa9d0a37288a09c12c19e)
|
|
|
|
|
|
(This used to be commit 8dd94d448bc5ad067024c56c6ef498bc88a396b2)
|
|
No functional change, this is a preparation for more current_user ref removal
(This used to be commit dcaedf345e62ab74ea87f0a3fa1e3199c75c5445)
|
|
Jeremy.
(This used to be commit 5d22ca00bcdf49dcb35468400ac8cc3c57808d0d)
|
|
(This used to be commit 344d69f95e217d16213eaa6b53141af6ab459708)
|
|
This required to pass around the domain a bit
(This used to be commit 17b0db20d28d1b737c5e86b78106657e8ca5ce9c)
|
|
(This used to be commit 368454a27cb53a408ec416cbf37235b304592fb5)
|
|
(This used to be commit 2834dacc8d49f77fe55fb5d7e3eb2dda431d1d3d)
|
|
(This used to be commit a3738aef59e97d4533010b048534d937d36c0950)
|
|
Now that we have a token that is correctly set up with gids already, this saves
manual translation of the SIDs to GIDs.
(This used to be commit 6136a6d9d7301c65f37e2bf485681138cddd8bd2)
|
|
(This used to be commit 93ce0705c14f222bda3e6204f4b54ba1893f33e1)
|
|
(This used to be commit 6d9860d09b54c61625f011c2d56d710aa59d7686)
|
|
(This used to be commit 7991e6764b4187ba86802569dfdc5816e6137f78)
|
|
(This used to be commit 5aa3cdf355c179d89c2703f528919194ab084337)
|
|
This will replace all the user identity stuff in connection_struct, for now it
is just a source where the other fields in connection_struct are filled from.
(This used to be commit 0f53f9e7db9f99f239c4d0950452d0e2cde2ae8b)
|
|
(This used to be commit 03944f8d8934cff74e19fc036f7611c1491e0d57)
|
|
(This used to be commit 3ce395e61e931a77c5d2f52f39c7e3f71a9605a9)
|
|
(This used to be commit 50bf075f7556fd09e0081175c31a5020a8eaf4d6)
|
|
(This used to be commit 1843ea64ab1df5ced5926aedbeb27c8320b0c70b)
|
|
(This used to be commit 27a9bbc645416265eebdfc866925855021bd407c)
|
|
(This used to be commit 420de035237bb08bc470c9eb820f3da2edaa6805)
|