summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2013-01-09Fixup the change_to_user_by_session() case as called from ↵Jeremy Allison1-0/+22
become_user_by_session() Use inside source3/printing/nt_printing.c:get_correct_cversion(). Allow check_user_ok() to be called with vuid==UID_FIELD_INVALID. All this should do is throw away one entry in the vuid cache. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd: Remove some ()Volker Lendecke1-3/+3
Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd: Simplify an if-expressionVolker Lendecke1-10/+7
Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd: Fix a typoVolker Lendecke1-1/+1
Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Move create_share_access_mask() from smbd/service.c to smbd/uid.c.Jeremy Allison3-41/+38
Make it static. Only called from uid.c now. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Fix bug #9518 - conn->share_access appears not be be reset between users.Jeremy Allison1-20/+8
Ensure make_connection_snum() uses the same logic as check_user_ok() to decide if a user can access a share. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Factor code out of check_user_ok() into a call to check_user_share_access().Jeremy Allison1-34/+7
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Initialize stack variables. Prelude to factoring out calls to ↵Jeremy Allison1-2/+2
check_user_share_access(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Add check_user_share_access() which factors out the share security and ↵Jeremy Allison2-0/+60
read_only flag setting code. Allows this to be called from both make_connection_snum() as well as check_user_ok(). Gives a consistent share security check function. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Correctly setup the conn->share_access based on the current user token.Jeremy Allison1-12/+22
Also use this to set conn->read_only. Cache the share_access in the struct vuid_cache_entry struct so we only evaluate this once per new user access on this share. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Change API for create_share_access_mask() - remove conn struct.Jeremy Allison2-7/+7
Eventually this will be indepentent of conn, just pass in the readonly flag. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Change API for create_share_access_mask() to pass in the token.Jeremy Allison2-4/+9
Don't automatically use the one from conn->session_info->security_token. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Fix API for create_share_access_mask().Jeremy Allison2-9/+12
Return the uint32_t share_access rather than directly changing the conn struct. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove static from create_share_access_mask().Jeremy Allison2-1/+2
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Add uint32_t share_access to vuid_cache_entry.Jeremy Allison1-0/+1
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Clean up struct connection_struct, make struct vuid_cache a pointer not inline.Jeremy Allison2-6/+7
Change VFS ABI to 31 for 4.1.0. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove unneeded variable "const struct auth_session_info *session_info"Jeremy Allison1-3/+1
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove dead code now vuser can no longer be NULL.Jeremy Allison1-8/+0
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove the second set of {} braces, no longer needed.Jeremy Allison1-20/+18
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-09Remove one set of enclosing {} braces, no longer needed.Jeremy Allison1-9/+7
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Move the definition of struct vuid_cache_entry *ent outside blocks.Jeremy Allison1-4/+2
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Start to tidy-up check_user_ok().Jeremy Allison1-3/+2
Now we have removed "security=share" we cannot be called with vuid == UID_FIELD_INVALID. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09source3/smbd/pysmbd.c: Always use create_conn_struct(). Don't hand create ↵Jeremy Allison1-24/+10
connection structs. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd/posix_acls.c: Use create_conn_struct(). Don't hand-create connection ↵Jeremy Allison1-19/+11
structs. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Allow create_conn_struct() to be called with snum == -1.Jeremy Allison1-4/+9
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd: Rework create_conn_struct to use conn_new()Andrew Bartlett1-22/+18
This avoids issues with required structure elements not being initialised. In particular, once conn->vuid_cache becomes a pointer, this ensures that it is initalised in all cases. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-08smbd: Fix bug 9549 -- Memleak in the async echo handlerVolker Lendecke1-1/+1
Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jan 8 23:30:41 CET 2013 on sn-devel-104
2013-01-07pysmbd: Change to keyword based argumentsAndrew Bartlett1-23/+43
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-01-07pysmbd: Convert pysmbd to take an optional service to connect toAndrew Bartlett2-127/+159
This uses create_conn_struct to correctly call VFS_CONNECT(), but only if a service has been specified. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2013-01-07smbd: Fix calls to create_conn_struct_cwd to be correctly indented.Andrew Bartlett1-16/+16
These are whitespace changes only, left out of the previous commit to preserve clarity. Andrew Bartlett. Reviewed-by: Jeremy Allison <jra@samba.org>
2013-01-07smbd: Split create_conn_struct into a fn that does not change the working dirAndrew Bartlett2-16/+53
The python bindings do not want the current working directory changed during operations, so we provide two functions, one providing the original behaviour, and other providing the python bindings with just the memory allocation and initilisation stuff. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2012-12-21s3-smbd: Check return code of SMB_VFS_{L}STAT.Andreas Schneider1-2/+7
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-18Fix bug #9196 - defer_open is triggered multiple times on the same request.Jeremy Allison1-3/+3
get_deferred_open_message_state_smb2() is buggy in that it is checking the wrong things to determine if an open is in the deferred state. It checks if (smb2req->async_te == NULL) which is incorrect, as we're not always async in a deferred open - remove this. It should check instead state->open_was_deferred as this is explicity set to 'true' when an open is going deferred, so add this check. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Dec 18 14:19:13 CET 2012 on sn-devel-104
2012-12-07s3: Fix clear_if_first for the async echo handlerVolker Lendecke1-1/+1
A worker smbd is as not long-lived as the main smbd, but as the async echo handler exits when the worker smbd does, passing "true" here is the right thing to do and fixes our clear_if_first handling when the async echo handler is active. Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Fri Dec 7 11:29:36 CET 2012 on sn-devel-104
2012-12-05s3:smbd: fix a cut and paste error in a debug messageMichael Adam1-2/+2
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed by: Jeremy Allison <jra@samba.org>
2012-12-05s3:smbd: don't apply create/directory mask and modes in apply_default_perms()Michael Adam1-77/+11
The mask/mode parameters should only apply to a situation with only pure posix permissions. Once we are dealing with ACLs and inheritance, we need to do it correctly. This fixes bug #9462: Users can not be given write permissions any more by default Signed-off-by: Michael Adam <obnox@samba.org> Reviewed by: Jeremy Allison <jra@samba.org>
2012-12-06Fix bug #9460 - Samba 3.6.x and Master respond incorrectly to ↵Richard Sharpe1-1/+22
FILE_STREAM_INFO requests. Ensure we check the buffer size correctly. Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Dec 6 01:31:08 CET 2012 on sn-devel-104
2012-12-04Remove unused append_parent_acl().Jeremy Allison2-204/+0
Get rid of a large chunk of unused code. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Tue Dec 4 11:59:30 CET 2012 on sn-devel-104
2012-12-02s3:smbd/open: fall back to Builtin_Administrators if SYSTEM doesn't map to a ↵Stefan Metzmacher1-0/+54
group Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-02s3:smbd/open: try the primary sid (user) as group_sid if the token has just ↵Stefan Metzmacher1-1/+5
one sid Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-02s3:smbd/open: use Builtin_Administrators as owner of files (if possible)Stefan Metzmacher1-4/+41
We do this if the idmap layer resolves Builtin_Administrators as ID_TYPE_BOTH and if the current token has the Builtin_Administrators SID or it's SYSTEM. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30Fix Bug 9422 - large read requests cause server to issue malformed replyVolker Lendecke1-1/+1
Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Nov 30 03:27:07 CET 2012 on sn-devel-104
2012-11-28s4:smbd/open: add missing TALLOC_FREE(frame) to inherit_new_acl()Stefan Metzmacher1-0/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-20s3:smbd/aio do not mark file modified during readsChristian Ambach1-2/+0
this causes each file that is potentially just opened for reading to be marked as modified and lots of file change notifications will be send Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Tue Nov 20 21:02:34 CET 2012 on sn-devel-104
2012-11-20More for #9374 - Allow smb2.acls torture test to pass against smbd with a ↵Jeremy Allison2-7/+10
POSIX ACLs backend. Change can_delete_directory() to can_delete_directory_fsp(), as we only ever call this from an open directory file handle. This allows us to use OpenDir_fsp() instead of OpenDir(). OpenDir() re-checks the ACL on the directory, which may refuse DIR_LIST permissions. OpenDir_fsp() does not. As this is a file-server internal check to see if the directory actually contains any files before setting delete on close, we can ignore the ACL here (Windows does). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Nov 20 01:46:28 CET 2012 on sn-devel-104
2012-11-19Add comments explaining exactly *why* we don't check FILE_READ_ATTRIBUTES ↵Jeremy Allison1-3/+21
when evaluating file/directory ACE's. If we can access the path to this file, by default we have FILE_READ_ATTRIBUTES from the containing directory. See the section. "Algorithm to Check Access to an Existing File" in MS-FSA.pdf. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-15Another fix needed for bug #9236 - ACL masks incorrectly applied when ↵Jeremy Allison1-7/+10
setting ACLs. Not caught by make test as it's an extreme edge case for strange incoming ACLs. I only found this as I'm making raw.acls and smb2.acls pass against 3.6.x and 4.0.0 with acl_xattr mapped onto a POSIX backend. An incoming inheritable ACE entry containing only one permission, WRITE_DATA maps into a POSIX owner perm of "-w-", which violates the principle that the owner of a file/directory can always read. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Nov 15 19:52:52 CET 2012 on sn-devel-104
2012-11-14smbd_open_one_socket does not use the messaging_context variable so why pass ↵Richard Sharpe1-3/+0
it in? Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Nov 14 02:19:46 CET 2012 on sn-devel-104
2012-11-14A small error message fix in source3/smbd/server.cRichard Sharpe1-1/+1
Removes some incorrect info from an error message (probably from its old place when it was copied). Reviewed by: Jeremy Allison <jra@samba.org>
2012-11-13smbd: Remove NT4 compatability handling in posix -> NT ACL conversionAndrew Bartlett2-108/+1
NT4 is long dead, and we should not change which ACL we return based on what we think the client is. The reason we should not do this, is that if we are using vfs_acl_xattr then the hash will break if we do. Additionally, it would require that the python VFS interface set the global remote_arch to fake up being a modern client. This instead seems cleaner and removes untested code (the tests are updated to then handle the results of the modern codepath). The supporting 'acl compatability' parameter is also removed. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org>