summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2012-12-02s3:smbd/open: fall back to Builtin_Administrators if SYSTEM doesn't map to a ↵Stefan Metzmacher1-0/+54
group Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-02s3:smbd/open: try the primary sid (user) as group_sid if the token has just ↵Stefan Metzmacher1-1/+5
one sid Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-02s3:smbd/open: use Builtin_Administrators as owner of files (if possible)Stefan Metzmacher1-4/+41
We do this if the idmap layer resolves Builtin_Administrators as ID_TYPE_BOTH and if the current token has the Builtin_Administrators SID or it's SYSTEM. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30Fix Bug 9422 - large read requests cause server to issue malformed replyVolker Lendecke1-1/+1
Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Nov 30 03:27:07 CET 2012 on sn-devel-104
2012-11-28s4:smbd/open: add missing TALLOC_FREE(frame) to inherit_new_acl()Stefan Metzmacher1-0/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-20s3:smbd/aio do not mark file modified during readsChristian Ambach1-2/+0
this causes each file that is potentially just opened for reading to be marked as modified and lots of file change notifications will be send Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Tue Nov 20 21:02:34 CET 2012 on sn-devel-104
2012-11-20More for #9374 - Allow smb2.acls torture test to pass against smbd with a ↵Jeremy Allison2-7/+10
POSIX ACLs backend. Change can_delete_directory() to can_delete_directory_fsp(), as we only ever call this from an open directory file handle. This allows us to use OpenDir_fsp() instead of OpenDir(). OpenDir() re-checks the ACL on the directory, which may refuse DIR_LIST permissions. OpenDir_fsp() does not. As this is a file-server internal check to see if the directory actually contains any files before setting delete on close, we can ignore the ACL here (Windows does). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Nov 20 01:46:28 CET 2012 on sn-devel-104
2012-11-19Add comments explaining exactly *why* we don't check FILE_READ_ATTRIBUTES ↵Jeremy Allison1-3/+21
when evaluating file/directory ACE's. If we can access the path to this file, by default we have FILE_READ_ATTRIBUTES from the containing directory. See the section. "Algorithm to Check Access to an Existing File" in MS-FSA.pdf. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-15Another fix needed for bug #9236 - ACL masks incorrectly applied when ↵Jeremy Allison1-7/+10
setting ACLs. Not caught by make test as it's an extreme edge case for strange incoming ACLs. I only found this as I'm making raw.acls and smb2.acls pass against 3.6.x and 4.0.0 with acl_xattr mapped onto a POSIX backend. An incoming inheritable ACE entry containing only one permission, WRITE_DATA maps into a POSIX owner perm of "-w-", which violates the principle that the owner of a file/directory can always read. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Nov 15 19:52:52 CET 2012 on sn-devel-104
2012-11-14smbd_open_one_socket does not use the messaging_context variable so why pass ↵Richard Sharpe1-3/+0
it in? Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Nov 14 02:19:46 CET 2012 on sn-devel-104
2012-11-14A small error message fix in source3/smbd/server.cRichard Sharpe1-1/+1
Removes some incorrect info from an error message (probably from its old place when it was copied). Reviewed by: Jeremy Allison <jra@samba.org>
2012-11-13smbd: Remove NT4 compatability handling in posix -> NT ACL conversionAndrew Bartlett2-108/+1
NT4 is long dead, and we should not change which ACL we return based on what we think the client is. The reason we should not do this, is that if we are using vfs_acl_xattr then the hash will break if we do. Additionally, it would require that the python VFS interface set the global remote_arch to fake up being a modern client. This instead seems cleaner and removes untested code (the tests are updated to then handle the results of the modern codepath). The supporting 'acl compatability' parameter is also removed. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org>
2012-11-13Change get_nt_acl_no_snum() to return an NTSTATUS, not a struct ↵Andrew Bartlett3-42/+27
security_descriptor *. Internally change the implementation to use SMB_VFS_GET_NT_ACL() instead of SMB_VFS_FGET_NT_ACL() with a faked-up file struct. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org>
2012-11-13smbd: Correctly set fsp->is_directory before dealing with ACLsAndrew Bartlett1-1/+24
Change set_nt_acl_no_snum() to correctly set up the fsp. This does a stat on a real fsp in set_nt_acl_no_snum. Reviewed by: Jeremy Allison <jra@samba.org>
2012-11-12pysmbd: Add SMB_ACL_EXECUTE to the mask set by make_simple_acl()Andrew Bartlett1-1/+1
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jelmer Vernooij <jelmer@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-11-10s3:smbd: Fix typo in got_duplicate_group checkArvid Requate1-1/+1
Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Nov 10 20:25:48 CET 2012 on sn-devel-104
2012-11-07Remove two unused variablesVolker Lendecke1-1/+0
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Wed Nov 7 17:18:06 CET 2012 on sn-devel-104
2012-11-05s3:smbd: pass the current time to make_connection[_smb1]()Stefan Metzmacher3-6/+9
Otherwise smbstatus reports the wrong time for tree connects. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Mon Nov 5 20:43:23 CET 2012 on sn-devel-104
2012-11-02smb2_server: Fix typo in comment.Karolin Seeger1-1/+1
Karolin Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri Nov 2 15:40:22 CET 2012 on sn-devel-104
2012-11-02s3:smbd:smb2: fix a comment typo in the crediting code.Michael Adam1-1/+1
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Nov 2 10:09:36 CET 2012 on sn-devel-104
2012-10-30s3:smb2_read: fix SMBD_SMB2_NUM_IOV_PER_REQ check for sendfile() support ↵Stefan Metzmacher1-1/+1
(bug #9341) Reported-by: Sebastien LAVEZE <sebastien.laveze@mindspeed.com> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Tested-by: Sebastien LAVEZE <sebastien.laveze@mindspeed.com> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Oct 30 16:49:26 CET 2012 on sn-devel-104
2012-10-29s3:smbd:durable: remove a TODO comment about write time updatesMichael Adam1-2/+0
This has been done. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Mon Oct 29 20:12:18 CET 2012 on sn-devel-104
2012-10-29Fix bug #9329 - Directory listing with SeBackup can crash smbd.Jeremy Allison3-1/+37
When we do a become_root()/unbecome_root() pair to temporarily raise privilege, this NULLs out the NT token. If we're within a become_root()/unbecome_root() pair then return the previous token on the stack as our NT token. This is what we should be using to check against NT ACLs in the file server. This copes with security context changing when removing a file on close under the context of another user (when 2 users have a file open, one sets delete on close and then the other user has to actually do the delete). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Oct 29 16:26:20 CET 2012 on sn-devel-104
2012-10-26pysmbd: Set umask to 0 during smbd operationsAndrew Bartlett1-9/+34
2012-10-26pysmbd: Remember to close files after setting the NT ACLAndrew Bartlett1-0/+5
2012-10-26pysmbd: Add hook for unlink() so python scripts can remove xattr.tdb entriesAndrew Bartlett1-0/+68
If we do not provide a way to remove files from xattr.tdb, we can re-use the inode. Andrew Bartlett
2012-10-25s3:smbd:durable: factor stat checks out into ↵Michael Adam1-392/+261
vfs_default_durable_reconnect_check_stat() This makes vfs_default_durable_reconnect() simpler to read and it reduces code duplication in the failure case handling. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Oct 25 23:03:13 CEST 2012 on sn-devel-104
2012-10-25pysmbd: Fix pysmbd octal mode handlingAndrew Bartlett1-2/+2
It is clearly too long since Computer Science 101... ;-) Andrew Bartlett
2012-10-20s3: Fix some blank line endingsVolker Lendecke1-5/+5
Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sat Oct 20 09:06:12 CEST 2012 on sn-devel-104
2012-10-20s3: Use talloc_stackframe in token_contains_name_in_listVolker Lendecke1-13/+8
2012-10-19s3:smbd:durable: store stat info for disconnected durables and check at ↵Michael Adam1-0/+456
reconnect. At durable reconnect, we check the stat info stored in the cookie against the current stat data from the file we just opened. If any detail differs, we deny the durable reconnect, because in that case it is very likely that someone opened the file while the handle was disconnected, which has to be interpreted as an oplock break. Pair-programmed-with: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Oct 19 18:56:19 CEST 2012 on sn-devel-104
2012-10-19s3:smbd/durable: remove an extra blank line from vfs_default_durable_reconnect()Michael Adam1-1/+0
Pair-programmed-with: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-10-19s3:smbd/durable: add write_time specific stuff to vfs_default_durable_cookieStefan Metzmacher1-0/+12
metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Oct 19 17:12:29 CEST 2012 on sn-devel-104
2012-10-19s3:smbd/durable: update the low level write_time before disconnecting the file.Stefan Metzmacher1-0/+19
If we close the low level FD, we should better update the write_time if needed. It's not unlikely that the client doesn't reclaim the durable handle, in that case we may not close the after the durable timeout. In such a case we should make sure that we at least update the write time on disconnect, this makes sure backup applications notice that the file was changed. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbd/durable: trigger pending write_time updates before disconnecting the ↵Stefan Metzmacher1-0/+8
file We need to call the pending write time update handler immediately. Which means we don't wait exactly 2 seconds before updating the write time after the first write. metze Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbd: remove unused claim_connection/yield_connectionStefan Metzmacher2-88/+0
metze Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbd: don't call claim/yield_connection() in ↵Stefan Metzmacher2-19/+0
make_connection_snum/close_cnum() This was used to maintain the connections.tdb database which is being removed. We use info from the smbXsrv_tcon instead. Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbd: fill tcon->global->session_global_idStefan Metzmacher2-0/+4
metze Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:lib: remove unused sessionid_*() functionsGregor Beck1-3/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbd: don't use (fill) sessionid.tdb in session_claim/yield any more.Gregor Beck1-99/+33
We use data from new smbXsrv_session instead. Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbd/connection: use smbXsrv_tcon_traverse to count connectionsGregor Beck1-18/+8
Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbd:setup_new_vc_session: traverse sessions instead of connections to ↵Gregor Beck1-10/+17
shutdown other smbds Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbXsrv_tcon: add smbXsrv_tcon_global_traverse()Gregor Beck2-0/+74
Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbXsrv_session: add smbXsrv_session_global_traverse()Gregor Beck2-0/+75
Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbd: use session_global_id as session number for pam and utmpGregor Beck2-77/+15
Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-10-19s3:smbd: initialize session->global before calling session_claimGregor Beck2-27/+27
Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbd: remove smbd_server_connection argument from session_claim()Gregor Beck4-6/+7
retrieve the server connection from the smbXsrv_session argument instead. Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbd: pass smbXsrv_session instead of user_struct to session_claim() and ↵Gregor Beck5-8/+11
session_yield() Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:count_current_connections: do not clear orphaned entries from connections.tdbGregor Beck2-21/+9
This removes one of the last callers of connetions_forall. Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbd/utmp: remove ip address from utmp recordStefan Metzmacher3-38/+8
1. This was broken since Samba 3.2. when ipv6 support was added, it only worked for ipv6 addresses. 2. userspace tools only display the hostname field. 3. This is not really portable metze Signed-off-by: Michael Adam <obnox@samba.org>