summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2009-04-22Avoid duplicate acesSimo Sorce1-7/+48
When adding arbitrary aces to an nt_ace_list we need to make sure we are not actually adding a duplicate. add_or_replace_ace() takes care of doing the right thing.
2009-04-21s3-secdesc: use SEC_FLAG_SYSTEM_SECURITY instead of SEC_RIGHT_SYSTEM_SECURITY.Günther Deschner1-4/+4
Guenther
2009-04-20Remove smb_mkstemp() - libreplace will now provide a secure mkstemp() ifJelmer Vernooij2-3/+3
the system one is broken.
2009-04-20Merge commit 'origin/master' into libcli-auth-merge-without-netlogondAndrew Bartlett7-20/+350
2009-04-20Do not use the file system GET_REAL_FILENAME for mangled namesVolker Lendecke1-7/+23
2009-04-19Make "struct policy" private to srv_lsa_hnd.cVolker Lendecke1-1/+1
2009-04-16Fix bug found by Tim Prouty, logging off and then re-using a vuid can cause ↵Jeremy Allison1-0/+11
smbd to access a freed structure. Jeremy.
2009-04-16Add notify_onelevel.tdbVolker Lendecke3-0/+300
This optimizes non-recursive notifys. For non-recursive notifies we can use a per-directory file-id indexed notify record. This matters for the Windows Explorer and IIS cases which do not use recursive notifies. In these cases, we do not have to shuffle around the whole notify record on every change. For the cluster case, this improves correctness of the notifies, ctdb only distributes the tdb seqnum once a second, so we can lose notifies.
2009-04-16Rename notify_context->db to db_recursiveVolker Lendecke1-9/+12
2009-04-15Fix bug #6089 - Winbind samr_OpenDomain not possible with Samba 3.2.6+Jeremy Allison1-3/+3
What a difference a name makes... :-). Just because something is missnamed SAMR_ACCESS_OPEN_DOMAIN, when it should actually be SAMR_ACCESS_LOOKUP_DOMAIN, don't automatically use it for a security check in _samr_OpenDomain(). Jeremy.
2009-04-14Rework Samba3 to use new libcli/auth code (partial)Andrew Bartlett2-3/+5
This commit is mostly to cope with the removal of SamOemHash (replaced by arcfour_crypt()) and other collisions (such as changed function arguments compared to Samba3). We still provide creds_hash3 until Samba3 uses the credentials code in netlogon server Andrew Bartlett
2009-04-14Convert Samba3 to use the common lib/util/charset APIAndrew Bartlett2-11/+11
This removes calls to push_*_allocate() and pull_*_allocate(), as well as convert_string_allocate, as they are not in the common API To allow transition to a common charcnv in future, provide Samba4-like strupper functions in source3/lib/charcnv.c (the actual implementation remains distinct, but the API is now shared) Andrew Bartlett
2009-04-14Solve some of the conflict between Samba3 and Samba4 push_stringAndrew Bartlett1-2/+2
This renames push_string in Samba3 into push_string_base and push_string_check for the two different use cases. This should allow push_string to be imported from Samba4, using it's calling conventions.
2009-04-13Use convert_string_talloc, thanks Andrew!Volker Lendecke1-1/+1
2009-04-12We have to deny a level 2 oplock if kernel oplocks are enabledVolker Lendecke1-0/+6
The second r/o opener of a file is supposed to get a level2 oplock. The first opener due to the protection in process_oplock_break_message() has been forced to break to no oplock. The second opener according to locking.tdb gets a level2 oplock. Further down in open_file_ntcreate we try to set this level2 oplock in the kernel, and the non-clustered Linux kernel disallows this. The rules for the kernel leases are a bit baroque, but the attempt to do the SETLEASE correctly fails and we end up with no oplock for any client. In the clustered case however the linux kernel on the second opening node has not seen the open fd of the first node, it is only the cluster fs that has this information. If the cluster fs does not have the very same notion of leases as the local kernel has, we can end up with a WRLCK style kernel lease for the second opener where locking.tdb only indicates a level2 oplock. Getting a kernel oplock break signal with just a level2 oplock in locking.tdb is something smbd is not prepared for. For example after sending out the break in response to the kernel signal we set a timeout, waiting for a reply. More work needs to be done to make level2 kernel oplocks real for us. This patch addresses a real problem we have right now without them.
2009-04-12Add "netbios retarget"Volker Lendecke1-0/+93
This is fun -- XP still does this :-) netbios retarget : foo = 192.168.234.10:1139 and if you connect to port 139 name foo, XP will happily do SMB over 1139
2009-04-12write_data already guarantees everything was writtenVolker Lendecke1-9/+6
2009-04-12Extract and print the server name type the client connects toVolker Lendecke1-7/+7
2009-04-11Fix some nonempty blank linesVolker Lendecke1-4/+4
2009-04-11Fix a memleak in an unlikely error path in change_notify_create()Volker Lendecke1-0/+1
2009-04-11Use talloc_tos() for a temp convert_string_allocate()Volker Lendecke1-3/+3
2009-04-09Merge branch 'master' of ssh://jra@git.samba.org/data/git/sambaJeremy Allison4-148/+74
2009-04-09Fix bug #6254 - PUT/GET produces an error in IPv6 to a smb-server(3.3) has ↵Jeremy Allison1-18/+23
parameter "msdfs root = yes" This was broken by the refactoring around create_file(). MSDFS pathname processing must be done FIRST. MSDFS pathnames containing IPv6 addresses can be confused with NTFS stream names (they contain ":" characters. Jeremy.
2009-04-07s3 oplocks: Add back procid_str to debug messageTim Prouty1-2/+3
2009-04-07s3:kerberos Rework smb_krb5_unparse_name() to take a talloc contextAndrew Bartlett1-8/+0
Signed-off-by: Günther Deschner <gd@samba.org>
2009-04-06s3 onefs: Simplify level 2 oplock self-contentionTim Prouty1-74/+5
This removes all oplock dependence on locking.tdb
2009-04-06s3 oplocks: Refactor level II oplock contentionTim Prouty1-57/+53
2009-04-05Fix smbd crash for close_on_completionVolker Lendecke1-0/+4
handle_trans() can talloc_free "conn" if the client requests close_on_completion. "state" is a talloc_child of conn, so it will be gone when we later free state->data et al.
2009-04-03Use cluster-aware procid_is_me instead of comparing pid'sVolker Lendecke1-2/+2
2009-04-03Use procid_str in debug messages for better cluster-debuggabilityVolker Lendecke1-11/+13
2009-03-30Ensure files starting with multiple dots are hiddenJeremy Allison1-4/+8
if "hide dot files" is set. Thanks to Barry Kelly <bkelly.ie@gmail.com> for pointing this one out. Jeremy.
2009-03-27s3: ifdef sendfile code that's only used in other ifdef'ed sendfile codeBjörn Jacke1-0/+2
This fixes a "defined but not used" compile warning.
2009-03-25Ensure we never enter VFS_CREATE without having initializedJeremy Allison3-0/+12
sbuf as invalid (if not already read via stat()). Still trying to find the build farm RAW-STREAM errors and it's happening in a openX call.... Jeremy.
2009-03-23Use avahi to register _smb._tcp in smbdVolker Lendecke2-0/+181
2009-03-23s3:smbd: use new simplified snb_signing code in the serverStefan Metzmacher17-105/+239
We keep the seqnum/mid mapping in the smb_request structure. This also moves one global variable into the smbd_server_connection struct. metze
2009-03-23s3:smbd: if we allow trans2 on the IPC$ share, then we have to allow transs2 ↵Stefan Metzmacher1-1/+1
too. Otherwise we'll confuse the client signing engine, when we reply an error to each transs2. metze
2009-03-18Fix bug #6196 - Unable to serve files with colons to Linux CIFS/VFS clientJeremy Allison1-2/+7
Looks like the pathname parsing for POSIX paths got broken when the code for doing Windows streams parsing got added. Jeremy.
2009-03-18s3:smbd: use tevent_loop_once() in the parent event loopStefan Metzmacher1-34/+5
metze
2009-03-18s3:smbd: don't exit the parent when we have no connectionsStefan Metzmacher1-7/+0
This code path can't really happen anymore, because launchd support was removed with commit e5a951325a6cac8567af3a66de6d2df577508ae4. But it's confusing to have that code there... metze
2009-03-17Convert np_read to tevent_reqVolker Lendecke2-18/+15
2009-03-17Convert np_write to tevent_reqVolker Lendecke2-26/+27
2009-03-13s3: Add strict lock/unlock calls to the vfs layer to replace is_lockedDave Richards1-63/+116
2009-03-12Fix bug #6186 - map readonly does not workJeremy Allison1-3/+25
Jeremy.
2009-03-06s3:signing: the seqnum should only be decremented by 1 for ntcancel requestsStefan Metzmacher2-5/+5
[MS-SMB] 3.3.5.1 Receiving Any Message says that the seqnum is incremented by only for ntcancel requests for any other request it's by incremented by 2, even if it doesn't expect a response. metze
2009-03-05Fix bug #6160 - Office 2007 fails saving files to a Samba mapped drive.Jeremy Allison1-0/+22
Confirmed by reporters. Jeremy.
2009-03-04s3: Change open_streams_for_delete to call through the vfs layerTim Prouty1-5/+7
This eliminates the last direct caller of create_file_unixpath
2009-03-04Second part of fix for #6154, ensure we return max accessJeremy Allison1-0/+9
if admin user. Jeremy.
2009-03-04Fix bug #6154 - zfs does not honor admin users.Jeremy Allison1-0/+5
Jeremy
2009-03-03Fix bug #6155 - "force group" is no longer working as expected.Jeremy Allison3-3/+17
We need to store the "force group" uid separately from the conn->server_info token as we need to apply it separately also. Volker PLEASE CHECK ! Jeremy.
2009-03-01Only copy sharename up from rap_to_pjobidVolker Lendecke1-2/+1
Why?? :-) Another one of the little micro-optimizations that I just came across: If you allocate a variable in a sub-block like the "fstring sharename" in write_file(), gcc even with -O3 will allocate this variable unconditionally on the stack at the beginning of the routine. So with eliminating this fstring we cut 256 bytes of stack in a very hot code path writing to a file. It might make us a bit more cache-friendly. This would probably not be worth a second look if it involved larger code changes, but this one was just too simple to let it pass :-)