summaryrefslogtreecommitdiff
path: root/source3/smbd/service.c
AgeCommit message (Collapse)AuthorFilesLines
2010-02-17Fix bug #6557 - Do not work VFS full_auditJeremy Allison1-51/+34
Re-arrange the operations order so SMB_VFS_CONNECT is done first as root (to allow modules to correctly initialize themselves). Reviewed modules to check if they needed CONNECT invoked as a user (which we previously did) and it turns out any of them that cared needed root permissions anyway. Jeremy.
2010-02-13s3: Fix a C++ warningVolker Lendecke1-1/+1
2010-02-12Use sec_initial_uid() in the places where being root doesn't matter,Jeremy Allison1-1/+1
and 0 in the places where it does. Jeremy
2010-02-12Simplify the logic in make_connection_snum(), and make it match Windows ↵Jeremy Allison1-41/+63
behavior. Cause all exit paths to go through one place, where all cleanup is done. change_to_root_user() for pathname operations that should succeed if the path exists, even if the connecting user has no access. For example, a share can now be defined with a path of /root/only/access (where /root/only/access is a directory path with all components only accessible to root e.g. root owned, permissions 700 on every component). Non-root users will now correctly connect, but get ACCESS_DENIED on all activities (which matches Windows behavior). Previously, non-root users would get NT_STATUS_BAD_NETWORK_NAME on doing a TConX to this share, even though it's a perfectly valid share path (just not accessible to them). This change was inspired by the research I did for bug #7126, which was reported by bepi@adria.it. As this is a change in a core function, I'm proposing to leave this only in master for 3.6.0, not back-port to any existing releases. This should give us enough time to decide if this is the way we want this to behave (as Windows) or if we prefer the previous behavior. Jeremy.
2010-02-12Remove #if SOFTLINK_OPTIMIZATION code.Jeremy Allison1-17/+0
This hasn't been turned on or been capable of doing so for many years now. Makes this jumbo function smaller... Jeremy.
2010-02-12Revert "Fix bug #7126 - [SMBD] With access denied error smbd return wrong ↵Jeremy Allison1-16/+9
NT_STATUS_OBJECT_PATH_INVALID error" This reverts commit 2fdd8b10c6abadd27c579e772c0482214d2363a5. This fix is incorrect. The original code works as desired, I made a mistake here. Jeremy.
2010-02-12Fix bug #7126 - [SMBD] With access denied error smbd return wrong ↵Jeremy Allison1-9/+16
NT_STATUS_OBJECT_PATH_INVALID error As tridge's comment says, we should be ignoring ACCESS_DENIED on the share path in a TconX call, instead allowing the mount and having individual SMB calls fail (as Windows does). The original code erroneously caught SMB_VFS_STAT != 0 and errored out on that. Jeremy.
2010-02-11Remove the code replaced by widelinks warning.Jeremy Allison1-7/+0
Jeremy.
2010-02-11Remove lp_safe_widelinks() -> convert to just lp_widelinks. Suggestion from ↵Jeremy Allison1-4/+5
Volker. Create widelinks_warning(int snum) to cover the message needed in make_connection. Jeremy.
2010-02-11Final part of jumbo patch for bug #7104 - "wide links" and "unix extensions" ↵Jeremy Allison1-0/+12
are incompatible. Volker pointed out that the preexec scripts get passed the conn->connectpath as a parameter, so call canonicalize_connect_path() both *before* and after the preexec scripts. Ignore errors on the call before the preexec scripts, as the path may not exist until created by the preexec scripts. Jeremy.
2010-02-11Introduce lp_safe_widelinks()Simo Sorce1-3/+5
This way we avoid any chance that a configuration reload may turn back on wide links when unix extensions are enabled.
2010-02-11Fine changes to previous fix for bug #7104 - "wide links" and "unix ↵Jeremy Allison1-20/+18
extensions" are incompatible. Make sure we match the previous allow widelinks behavior, in that non-root preexec scripts can create share directories for a share definition. Jeremy
2010-02-11Suplementary patch for bug #7104 - "wide links" and "unix extensions" are ↵Jeremy Allison1-27/+28
incompatible. Bug reported by Ralf Zimmermann <r.zimmermann@siegnetz.de>. Reproduced by jra. If the target directory of a share doesn't exist, but is designed to be created by a "root preexec" script call, then the widelinks check is done too early - thus preventing the user from connecting to the share. Fix is to re-arrange the order of checks in make_connection_snum() to always do the following order of operations: (1). Turn off wide links if unix extensions = yes. (2). Call any root preexec scripts. (3). Canonicalize the share path to remove any symlinks (ie. end up with the realpath in the connection_struct). Jeremy.
2010-02-05Fix bug 7104 - "wide links" and "unix extensions" are incompatible.Jeremy Allison1-0/+8
Change parameter "wide links" to default to "no". Ensure "wide links = no" if "unix extensions = yes" on a share. Fix man pages to refect this. Remove "within share" checks for a UNIX symlink set - even if widelinks = no. The server will not follow that link anyway. Correct DEBUG message in check_reduced_name() to add missing "\n" so it's really clear when a path is being denied as it's outside the enclosing share path. Jeremy.
2010-01-30s3/smbd: Fix string buffer overflow causing heap corruptionSteven Danneman1-1/+2
The destname malloc size was not taking into account the 1 extra byte needed if a string without a leading '/' was passed in and that slash was added. This would cause the '\0' byte to be written past the end of the malloced destname string and corrupt whatever heap memory was there. This problem would be hit if a share name was given in smb.conf without a leading '/' and if it was the exact size of the allocated STRDUP memory which in some implementations of malloc is a power of 2.
2009-12-06streamline some log levels for invalid servicenamesChristian Ambach1-1/+1
I don't think we need to log the fact that a user gave a wrong sharename in Explorer with the highest log level. The level of this was not very consistent: service.c: DEBUG(3,("find_service() failed to find service %s\n", service)); service.c: DEBUG(0,("%s (%s) couldn't find service %s\n", smb2_tcon.c: DEBUG(1,("smbd_smb2_tree_connect: couldn't find service %s\n", This changes the last two to 3 as the first one. Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2009-10-01Fix for CVE-2009-2813.Jeremy Allison1-1/+5
=========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. ===========================================================
2009-08-24Second attempt at fix for bug 6529 - Offline files conflict with Vista and ↵Jeremy Allison1-18/+1
Office 2003. Confirmation from reporter that this fixes the issue in master on ext3/ext4. Back-ports to follow. Jeremy.
2009-08-21Log debug message when hires timestamps are available on theJeremy Allison1-0/+4
share. Jeremy.
2009-08-21Fix bug 6529 - Offline files conflict with Vista and Office 2003Jeremy Allison1-0/+13
On filesystems that can't store less than one second timestamps, round the incoming timestamp set requests so the client can't discover that a time set request has been truncated by the filesystem. Needs backporting to 3.4, 3.3, 3.2 and (even) 3.0. Jeremy
2009-08-07s3:smbd: remove dirptr and dirpath from connection_structStefan Metzmacher1-2/+0
They're both only used in the context of a function, so we can make them stack variables. metze
2009-08-07s3:smbd: add a smbd_server_connection pointer to connection_structStefan Metzmacher1-17/+16
This can be NULL for faked connection structs used in the rpc server or printing code. metze
2009-07-21do not log chdir with level 0 if reason is access deniedChristian Ambach1-2/+2
this changes the level of logs caused by users trying to access shares or subdirectories for which they do not have access to in the ACL this can fill up the samba log even with log level 0 and is more an expected kind of logs that IMHO should not be logged with such a high level. All other errors while chdir() will still be logged with level 0 Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2009-07-14Revert this commit :Jeremy Allison1-80/+0
s3: Make smbd aware of permission change of usershare. Since usershare are relatively volatile and non-previledge users must disconnect from smbd and reconnect to it to make share permission in effect. For now. This is a feature request and I think we need to design it a little differently so as not to touch core change_to_user() code. Jeremy.
2009-07-15s3: Make smbd aware of permission change of usershare. Since usershare are ↵Bo Yang1-0/+80
relatively volatile and non-previledge users must disconnect from smbd and reconnect to it to make share permission in effect.
2009-06-24s3: Plumb smb_filename through SMB_VFS_STAT and SMB_VFS_LSTATTim Prouty1-6/+12
This patch introduces two new temporary helper functions vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me to call the new smb_filename version of stat, while avoiding plumbing it through callers that are still too inconvenient. As the conversion moves along, I will be able to remove callers of this, with the goal being to remove all callers. There was also a bug in create_synthetic_smb_fname_split (also a temporary utility function) that caused it to incorrectly handle filenames with ':'s in them when in posix mode. This is now fixed.
2009-06-03s3:smbd: make make_connection_snum() non staticStefan Metzmacher1-2/+1
metze
2009-06-03s3:smbd: move tcon specific globals to struct smbd_server_connectionStefan Metzmacher1-18/+19
metze
2009-06-03s3:smbd: move more session specific globals to struct smbd_server_connectionStefan Metzmacher1-17/+25
metze
2009-05-26Introduce "struct stat_ex" as a replacement for SMB_STRUCT_STATVolker Lendecke1-2/+2
This patch introduces struct stat_ex { dev_t st_ex_dev; ino_t st_ex_ino; mode_t st_ex_mode; nlink_t st_ex_nlink; uid_t st_ex_uid; gid_t st_ex_gid; dev_t st_ex_rdev; off_t st_ex_size; struct timespec st_ex_atime; struct timespec st_ex_mtime; struct timespec st_ex_ctime; struct timespec st_ex_btime; /* birthtime */ blksize_t st_ex_blksize; blkcnt_t st_ex_blocks; }; typedef struct stat_ex SMB_STRUCT_STAT; It is really large because due to the friendly libc headers playing macro tricks with fields like st_ino, so I renamed them to st_ex_xxx. Why this change? To support birthtime, we already have quite a few #ifdef's at places where it does not really belong. With a stat struct that we control, we can consolidate the nanosecond timestamps and the birthtime deep in the VFS stat calls. At this moment it is triggered by a request to support the birthtime field for GPFS. GPFS does not extend the system level struct stat, but instead has a separate call that gets us the additional information beyond posix. Without being able to do that within the VFS stat calls, that support would have to be scattered around the main smbd code. It will very likely break all the onefs modules, but I think the changes will be reasonably easy to do.
2009-05-04Increase debug level of "create_connection_server_info failed" messageVolker Lendecke1-1/+1
I don't think we should unconditionally send every refused connection attempt to a share to syslog, that's where all debug level 0 messages end up.
2009-04-29s3:smbd/service: switch load_registry_service/shares to use loadparm routinesMichael Adam1-70/+3
instead of reading the registry directly with tdb and activating the configure options by hand. This eliminates the need for repeating checks done in loadparm. For instance it disables registry shares without path in the server as is the case with text based shares. Michael
2009-03-23s3:smbd: use new simplified snb_signing code in the serverStefan Metzmacher1-1/+1
We keep the seqnum/mid mapping in the smb_request structure. This also moves one global variable into the smbd_server_connection struct. metze
2009-03-03Fix bug #6155 - "force group" is no longer working as expected.Jeremy Allison1-0/+8
We need to store the "force group" uid separately from the conn->server_info token as we need to apply it separately also. Volker PLEASE CHECK ! Jeremy.
2009-01-08s3:smbd: move all globals and static variables in globals.[ch]Stefan Metzmacher1-2/+1
The goal is to move all this variables into a big context structure. metze
2009-01-05smbd: prevent access to root filesystem when connecting with empty service nameMichael Adam1-0/+4
This only applies to a setup with "registry shares = yes" Michael (cherry picked from commit 288fa94ac7cfdf7457b5098c33fc840bed3d5410) (cherry picked from commit e85526b184e66f86b7faa9d0a37288a09c12c19e)
2008-11-24Remove unused make_connection_with_chdir()Volker Lendecke1-32/+0
2008-10-13Remove smb_np_structVolker Lendecke1-4/+3
2008-06-26Fix a debug messageVolker Lendecke1-1/+1
(This used to be commit 8dd94d448bc5ad067024c56c6ef498bc88a396b2)
2008-06-19Wrap the unix token info in a unix_user_token in auth_serversupplied_infoVolker Lendecke1-6/+6
No functional change, this is a preparation for more current_user ref removal (This used to be commit dcaedf345e62ab74ea87f0a3fa1e3199c75c5445)
2008-05-26Re-enable the evil "aio write behind" parameter.Jeremy Allison1-0/+2
Jeremy. (This used to be commit 5d22ca00bcdf49dcb35468400ac8cc3c57808d0d)
2008-05-25Remove some references to get_current_username() and current_user_infoVolker Lendecke1-10/+10
(This used to be commit 344d69f95e217d16213eaa6b53141af6ab459708)
2008-05-25Remove the reference to current_user_info from share_access.cVolker Lendecke1-0/+1
This required to pass around the domain a bit (This used to be commit 17b0db20d28d1b737c5e86b78106657e8ca5ce9c)
2008-05-10Remove "user" from connection_structVolker Lendecke1-10/+15
(This used to be commit 368454a27cb53a408ec416cbf37235b304592fb5)
2008-05-10Remove the unix token info from connection_structVolker Lendecke1-7/+10
(This used to be commit 2834dacc8d49f77fe55fb5d7e3eb2dda431d1d3d)
2008-05-10Replace nt_user_token with server_info in connection_structVolker Lendecke1-24/+4
(This used to be commit a3738aef59e97d4533010b048534d937d36c0950)
2008-05-10find_forced_group can directly change the token in server_infoVolker Lendecke1-72/+16
Now that we have a token that is correctly set up with gids already, this saves manual translation of the SIDs to GIDs. (This used to be commit 6136a6d9d7301c65f37e2bf485681138cddd8bd2)
2008-05-10Add an error return in find_forced_group()Volker Lendecke1-0/+5
(This used to be commit 93ce0705c14f222bda3e6204f4b54ba1893f33e1)
2008-05-10Do not unnecessarily mess with the results in find_forced_group()Volker Lendecke1-3/+0
(This used to be commit 6d9860d09b54c61625f011c2d56d710aa59d7686)
2008-05-10Replace find_forced_user by a direct call to make_serverinfo_from_usernameVolker Lendecke1-37/+26
(This used to be commit 7991e6764b4187ba86802569dfdc5816e6137f78)