summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2010-02-17Fix bug #6557 - Do not work VFS full_auditJeremy Allison1-51/+34
Re-arrange the operations order so SMB_VFS_CONNECT is done first as root (to allow modules to correctly initialize themselves). Reviewed modules to check if they needed CONNECT invoked as a user (which we previously did) and it turns out any of them that cared needed root permissions anyway. Jeremy.
2010-02-17s3: Fix bug 7139Volker Lendecke1-2/+32
To provide the user with the same SID when doing Kerberos logins, attempt to do a make_server_info_sam instead of a make_server_info_pw.
2010-02-14s3-smbd: convert lanman and notify code to TYPESAFE_QSORT()Andrew Tridgell2-12/+4
2010-02-13s3: Fix a C++ warningVolker Lendecke1-1/+1
2010-02-12Use sec_initial_uid() in the places where being root doesn't matter,Jeremy Allison1-1/+1
and 0 in the places where it does. Jeremy
2010-02-12Simplify the logic in make_connection_snum(), and make it match Windows ↵Jeremy Allison1-41/+63
behavior. Cause all exit paths to go through one place, where all cleanup is done. change_to_root_user() for pathname operations that should succeed if the path exists, even if the connecting user has no access. For example, a share can now be defined with a path of /root/only/access (where /root/only/access is a directory path with all components only accessible to root e.g. root owned, permissions 700 on every component). Non-root users will now correctly connect, but get ACCESS_DENIED on all activities (which matches Windows behavior). Previously, non-root users would get NT_STATUS_BAD_NETWORK_NAME on doing a TConX to this share, even though it's a perfectly valid share path (just not accessible to them). This change was inspired by the research I did for bug #7126, which was reported by bepi@adria.it. As this is a change in a core function, I'm proposing to leave this only in master for 3.6.0, not back-port to any existing releases. This should give us enough time to decide if this is the way we want this to behave (as Windows) or if we prefer the previous behavior. Jeremy.
2010-02-12s3/smbd: change locking behavior when "lock spin time = 0".Steven Danneman2-7/+16
The "lock spin time" parameter mimics the following Windows setting which by default is 250ms in Windows and 200ms in Samba. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\LockViolationDelay When a client sends repeated, non-blocking, contending BRL requests to a Windows server, after the first Windows starts treating these requests as timed blocking locks with the above timeout. As an efficiency, I've changed the behavior when this setting is 0, to skip this logic and treat all requests as non-blocking locks. This gives the smbd server behavior similar to the 3.0 release with the do_spin_lock() implementation. I've also changed the blocking lock parameter in the call from push_blocking_lock_request() to true as all requests made in this path are blocking by definition.
2010-02-12Remove #if SOFTLINK_OPTIMIZATION code.Jeremy Allison1-17/+0
This hasn't been turned on or been capable of doing so for many years now. Makes this jumbo function smaller... Jeremy.
2010-02-12Revert "Fix bug #7126 - [SMBD] With access denied error smbd return wrong ↵Jeremy Allison1-16/+9
NT_STATUS_OBJECT_PATH_INVALID error" This reverts commit 2fdd8b10c6abadd27c579e772c0482214d2363a5. This fix is incorrect. The original code works as desired, I made a mistake here. Jeremy.
2010-02-12Fix bug #7126 - [SMBD] With access denied error smbd return wrong ↵Jeremy Allison1-9/+16
NT_STATUS_OBJECT_PATH_INVALID error As tridge's comment says, we should be ignoring ACCESS_DENIED on the share path in a TconX call, instead allowing the mount and having individual SMB calls fail (as Windows does). The original code erroneously caught SMB_VFS_STAT != 0 and errored out on that. Jeremy.
2010-02-12s3: notify_onelevel does not use seqnums, so don't open asking for itVolker Lendecke1-1/+1
2010-02-11Remove the code replaced by widelinks warning.Jeremy Allison1-7/+0
Jeremy.
2010-02-11Remove lp_safe_widelinks() -> convert to just lp_widelinks. Suggestion from ↵Jeremy Allison3-6/+7
Volker. Create widelinks_warning(int snum) to cover the message needed in make_connection. Jeremy.
2010-02-11Final part of jumbo patch for bug #7104 - "wide links" and "unix extensions" ↵Jeremy Allison1-0/+12
are incompatible. Volker pointed out that the preexec scripts get passed the conn->connectpath as a parameter, so call canonicalize_connect_path() both *before* and after the preexec scripts. Ignore errors on the call before the preexec scripts, as the path may not exist until created by the preexec scripts. Jeremy.
2010-02-11Introduce lp_safe_widelinks()Simo Sorce3-5/+7
This way we avoid any chance that a configuration reload may turn back on wide links when unix extensions are enabled.
2010-02-11Fine changes to previous fix for bug #7104 - "wide links" and "unix ↵Jeremy Allison1-20/+18
extensions" are incompatible. Make sure we match the previous allow widelinks behavior, in that non-root preexec scripts can create share directories for a share definition. Jeremy
2010-02-11Suplementary patch for bug #7104 - "wide links" and "unix extensions" are ↵Jeremy Allison1-27/+28
incompatible. Bug reported by Ralf Zimmermann <r.zimmermann@siegnetz.de>. Reproduced by jra. If the target directory of a share doesn't exist, but is designed to be created by a "root preexec" script call, then the widelinks check is done too early - thus preventing the user from connecting to the share. Fix is to re-arrange the order of checks in make_connection_snum() to always do the following order of operations: (1). Turn off wide links if unix extensions = yes. (2). Call any root preexec scripts. (3). Canonicalize the share path to remove any symlinks (ie. end up with the realpath in the connection_struct). Jeremy.
2010-02-10s3-smbd: update to use new DLIST macrosAndrew Tridgell2-6/+5
(cherry picked from commit 365b408c458c848a818637d9b36a0423aeb1ba54)
2010-02-09Fix bug #7122 - Reading a large browselist fails (server returns invalid ↵Jeremy Allison2-3/+6
values in subsequent SMBtrans replies) There are two problems: 1). The server is off-by-one in the end of buffer space test. 2). The server returns 0 in the totaldata (smb_vwv1) and totalparams (smb_vwv0) fields in the second and subsequent SMBtrans replies. This patch fixes both. Jeremy.
2010-02-09s3:smbd: use StrCaseCmp() instead of strcasecmpStefan Metzmacher1-4/+3
metze
2010-02-09s3:smbd: Fix really ugly bool vs. int bug!!!Stefan Metzmacher1-2/+2
A comparison function for qsort needs to return an 'int'! Otherwise you'll get random results depending on the compiler and the architecture... metze
2010-02-08s3:smbd: implement api_RNetServerEnum3Stefan Metzmacher1-1/+212
This is needed to support large browse lists. metze
2010-02-08s3:smbd: add/improve some DEBUG messages in api_RNetServerEnum2()Stefan Metzmacher1-4/+6
metze
2010-02-08s3:smbd: rename api_RNetServerEnum => api_RNetServerEnum2Stefan Metzmacher1-3/+3
metze
2010-02-05Fix trailing whitespace errors I added (sorry).Jeremy Allison2-5/+5
Jeremy.
2010-02-05s3-smbd: add a rate limited cleanup of brl, connections and locking dbAndrew Tridgell1-6/+42
On unclean shutdown we can end up with stale entries in the brlock, connections and locking db. Previously we would do the cleanup on every unclean exit, but that can cause smbd to be completely unavailable for several minutes when a large number of child smbd processes exit. This adds a rate limited cleanup of the databases, with the default that cleanup happens at most every 20s
2010-02-05s3-brlock: we don't need these MSG_SMB_UNLOCK calls nowAndrew Tridgell1-2/+0
These have been replaced with the min timeout in blocking.c
2010-02-05s3-brlock: add a minimim retry time for pending blocking locksAndrew Tridgell1-0/+20
When we are waiting on a pending byte range lock, another smbd might exit uncleanly, and therefore not notify us of the removal of the lock, and thus not trigger the lock to be retried. We coped with this up to now by adding a message_send_all() in the SIGCHLD and cluster reconfigure handlers to send a MSG_SMB_UNLOCK to all smbd processes. That would generate O(N^2) work when a large number of clients disconnected at once (such as on a network outage), which could leave the whole system unusable for a very long time (many minutes, or even longer). By adding a minimum re-check time for pending byte range locks we avoid this problem by ensuring that pending locks are retried at a more regular interval.
2010-02-05Remove now unused variable.Jeremy Allison1-1/+0
Jeremy.
2010-02-05Fix bug 7104 - "wide links" and "unix extensions" are incompatible.Jeremy Allison3-37/+9
Change parameter "wide links" to default to "no". Ensure "wide links = no" if "unix extensions = yes" on a share. Fix man pages to refect this. Remove "within share" checks for a UNIX symlink set - even if widelinks = no. The server will not follow that link anyway. Correct DEBUG message in check_reduced_name() to add missing "\n" so it's really clear when a path is being denied as it's outside the enclosing share path. Jeremy.
2010-02-01Add debug to make it clear when EA dosmode set is invoked.Jeremy Allison1-0/+5
Jeremy.
2010-02-01Fix bug #7084 - Create time on directories not stored properly in an EA in ↵Jeremy Allison1-7/+0
new create time code. Remove erroneous optimisation that caused no EA to be set if calculated btime matched st_ex btime, and calculated DOS attribute matched existing file attribute. Jeremy.
2010-02-01Arg. Got the sense of the test reversed to fix bug #7080 - Quota only shown ↵Jeremy Allison1-1/+1
when logged as root.. Doh ! Jeremy.
2010-02-01Fix bug #7080 - Quota only shown when logged as root.Jeremy Allison1-1/+1
conn->server_info->utok.uid == 0 isn't the correct check to see if we're root anymore. As rpc_samr_nt.c does, the correct check is : geteuid() == sec_initial_uid() Jeremy.
2010-01-30s3/smbd: Fix string buffer overflow causing heap corruptionSteven Danneman1-1/+2
The destname malloc size was not taking into account the 1 extra byte needed if a string without a leading '/' was passed in and that slash was added. This would cause the '\0' byte to be written past the end of the malloced destname string and corrupt whatever heap memory was there. This problem would be hit if a share name was given in smb.conf without a leading '/' and if it was the exact size of the allocated STRDUP memory which in some implementations of malloc is a power of 2.
2010-01-26Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to ↵Jeremy Allison1-0/+8
respond to a read or write. Only works on Linux kernels 2.6.26 and above. Grants CAP_KILL capability to allow Linux threads under different euids to send signals to each other. Jeremy.
2010-01-25Correct fix for unused variable return from ndr_decode. Use it :-).Jeremy Allison1-0/+8
Jeremy.
2010-01-25Revert "s3: remove unused Variable"Jeremy Allison1-0/+4
This reverts commit 9536d94d5478b63fc05047964b40d8786a7246c4. Bjorn, your change removed the ndr_decoding of the dos attribute. Not a good idea :-). Jeremy.
2010-01-26s3: remove unused VariableBjörn Jacke1-4/+0
Jeremy, please check!
2010-01-23s3: Fix some nonempty blank linesVolker Lendecke1-3/+3
2010-01-21s3: Initialize the seqnum in "init_smb_request"Volker Lendecke1-4/+4
This makes it a bit more obvious for me that the signing sequence number is tied to the SMB request.
2010-01-21s3: Make "init_smb_request" static to process.cVolker Lendecke1-4/+2
2010-01-19s3: Fix a typoVolker Lendecke1-1/+1
2010-01-19s3: Remove a comment from ancient times that no longer appliesVolker Lendecke1-1/+0
2010-01-17s3: Protect against an invalid bcc in SMBsendtxtVolker Lendecke1-1/+1
2010-01-12Make file access control decisions a lot easier to debug (at level 10).Jeremy Allison1-0/+11
Jeremy.
2010-01-12Fix bug #7033 - SMBrmdir call always returns true, even on failure to delete ↵Jeremy Allison1-2/+6
a directory. Argh. Missed the second (and essential) part of the fix for the above :-(. Jeremy
2010-01-12Fix bug #7033 - SMBrmdir call always returns true, even on failure to delete ↵Jeremy Allison1-2/+6
a directory. There is a codepath missing to propagate back error returns from the rmdir POSIX call inside close_directory when delete on close is set. This means doing an rmdir on a Windows command line will always report success, even when the directory was not deleted. This fix adds that codepath back into Samba. Jeremy.
2010-01-12Fix bug #6876 - Delete of an object whose parent folder does not have delete ↵Jeremy Allison2-3/+7
rights fails even if the delete right is set on the object. Final fix for the vfs_acl_xattr and vfs_acl_tdb code. Ensure we can delete a file even if the underlying POSIX permissions don't allow it, if the Windows permissions do. Jeremy.
2010-01-12Remove the global char *LastDir.Jeremy Allison3-22/+1
This is no longer used for anything.