summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2010-03-22s3:smbd: add an option to skip signings checks srv_check_sign_mac for ↵Stefan Metzmacher2-2/+24
trusted channels metze
2010-03-22s3: Add "log writeable files on exit" parameterVolker Lendecke1-0/+31
This boolean option controls whether at exit time the server dumps a list of files with debug level 0 that were still open for write. This is an administrative aid to find the files that were potentially corrupt if the network connection died.
2010-03-22s3: file_walk_table -> files_forallVolker Lendecke1-1/+1
This is more in line with the rest of the Samba code, like connections_forall etc.
2010-03-22s3: Fix some nonempty blank linesVolker Lendecke2-7/+6
2010-03-15s3: Fix an uninitialized variable readVolker Lendecke1-1/+1
Found by Laurent Gaffie <laurent.gaffie@gmail.com> Thanks for that, Volker
2010-03-15Remove the bool admin_user from conn struct. We no longer look at this to ↵Jeremy Allison2-6/+5
make access decisions. Jeremy.
2010-03-15Fix bug #7188 - Logic error in check of total_data for call_trans2mkdir()Jeremy Allison1-16/+13
Make ea data checks identical for trans2open and trans2mkdir. Jeremy.
2010-03-15Remove reference to conn->admin_user in preparation for removal.Jeremy Allison1-9/+13
We use (uid_t)0 here not sec_initial_uid() as make test uses a single user context. I will revisit this when all the uid check changes are complete. Jeremy.
2010-03-15Simplify processing of "admin user". If a user is an admin_user ensure their ↵Jeremy Allison1-15/+14
conn token is uid 0. This simplifies change_to_user() and removes special processing of the assignments we pass to set_sec_ctx(). Jeremy.
2010-03-15Switch over to using get_currect_XXX() accessor functions.Jeremy Allison5-33/+38
Jeremy.
2010-03-15Pass "connection_struct *conn" into functions that currently use ↵Jeremy Allison1-18/+20
"current_user.XXX" Will allow me to replace them with accessor functions. Jeremy.
2010-03-15Add accessor functions for current uid, gid, unix token, NT token and vuid.Jeremy Allison1-0/+43
Jeremy.
2010-03-15Rever e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 "Remove more uses of "extern ↵Jeremy Allison7-122/+66
struct current_user current_user;"." As requested by Volker, split this into smaller commits. Jeremy.
2010-03-15s3:smbd: make sure we always have a valid talloc stackframeStefan Metzmacher1-0/+3
metze
2010-03-12Missed a couple more uses of conn->server_info->ptok that need to be ↵Jeremy Allison1-19/+22
get_current_nttok(conn) Centralize the root check into smb1_file_se_access_check() so this is used by modules/vfs_acl_common.c also. Jeremy.
2010-03-12Remove more uses of "extern struct current_user current_user;".Jeremy Allison7-67/+123
Use accessor functions to get to this value. Tidies up much of the user context code. Volker, please look at the changes in smbd/uid.c to familiarize yourself with these changes as I think they make the logic in there cleaner. Cause smbd/posix_acls.c code to look at current user context, not stored context on the conn struct - allows correct use of these function calls under a become_root()/unbecome_root() pair. Jeremy.
2010-03-11s3: Make init_smb_request return boolVolker Lendecke1-5/+10
Centralize the exit_server_cleanly()
2010-03-10Fix bug #7234 - Symlink delete fails but incorrectly reports success to client.Jeremy Allison1-1/+1
Typo called LSTAT instead of STAT in the unlink by pathname path. Jeremy.
2010-03-10s3: Fix a long-standing problem with recycled PIDsVolker Lendecke2-6/+37
When a samba server process dies hard, it has no chance to clean up its entries in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb. For locking.tdb and brlock.tdb Samba is robust by checking every time we read an entry from the database if the corresponding process still exists. If it does not exist anymore, the entry is deleted. This is not 100% failsafe though: On systems with a limited PID space there is a non-zero chance that between the smbd's death and the fresh access, the PID is recycled by another long-running process. This renders all files that had been locked by the killed smbd potentially unusable until the new process also dies. This patch is supposed to fix the problem the following way: Every process ID in every database is augmented by a random 64-bit number that is stored in a serverid.tdb. Whenever we need to check if a process still exists we know its PID and the 64-bit number. We look up the PID in serverid.tdb and compare the 64-bit number. If it's the same, the process still is a valid smbd holding the lock. If it is different, a new smbd has taken over. I believe this is safe against an smbd that has died hard and the PID has been taken over by a non-samba process. This process would not have registered itself with a fresh 64-bit number in serverid.tdb, so the old one still exists in serverid.tdb. We protect against this case by the parent smbd taking care of deregistering PIDs from serverid.tdb and the fact that serverid.tdb is CLEAR_IF_FIRST. CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not work when all smbds are restarted. For this, "net serverid wipe" has to be run before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up sessionid.tdb and connections.tdb. While there, this also cleans up overloading connections.tdb with all the process entries just for messaging_send_all(). Volker
2010-03-09s3: Fix a NULL pointer dereferenceVolker Lendecke1-1/+10
Found by Laurent Gaffie <laurent.gaffie@gmail.com>. Thanks! Volker
2010-03-08Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail ↵Karolin Seeger1-8/+0
to respond to a read or write." This reverts commit a6ae7a552f851a399991262377cc0e062e40ac20. This fixes bug #7222 (All users have full rigths on all shares) (CVE-2010-0728). (cherry picked from commit 1c9494c76cc9686c61e0966f38528d3318f3176f)
2010-03-05Fix for bug #7189 - Open txt files with notepad on samba shares creates problem.Jeremy Allison7-25/+71
Ensure we don't use any of the create_options for Samba private use. Add a new parameter to the VFS_CREATE call (private_flags) which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code). Rev. the VFS interface to version 28. Jeremy.
2010-03-01s3: Abstract access to sessionid.tdb, similar to conn_tdb.cVolker Lendecke4-72/+18
2010-03-01s3: Add connections_forall_read()Volker Lendecke1-3/+2
In a cluster, this makes a large difference: For r/w traverse, we have to do a fetch_locked on every record which for most users of connections_forall is just overkill.
2010-03-01s3: Remove unused "mypid" from count_current_connections() stateVolker Lendecke1-2/+0
2010-02-28s3: Use talloc_tos() in yield_connection()Volker Lendecke1-1/+2
2010-02-28s3: Remove unused count_all_current_connections()Volker Lendecke1-9/+0
2010-02-25Fix up debug info on smb2_rename code.Jeremy Allison1-9/+3
Jeremy.
2010-02-25Implement rename/move in SMB2 from Windows7.Jeremy Allison2-1/+111
Jeremy.
2010-02-24Make conn_close_all() safe to call from SMB2 sessions (fix crash bug).Jeremy Allison2-10/+23
Ensure we don't call close_cnum() with SMB2, also talloc_move the compat_conn pointer from the NULL context onto the tcon context in SMB2 as it's conceptually owned by that pointer. Jeremy.
2010-02-24Change the credential handling so that we start with maxmux creds,Jeremy Allison1-7/+10
and then return to the client the number of credits per operation that they asked for. This is a more sensible algorithm than just blindly returning "20" on every reply, although we will probably still need more changes to this going forward. Jeremy.
2010-02-23s3: Consolidate server_id_self into the equivalent procid_self()Volker Lendecke2-2/+2
2010-02-18Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised ↵Jeremy Allison1-0/+1
value(s) error when "mangling method = hash" The charset array allocated in init_chartest() is allocated by MALLOC, but only some elements of it being set after allocation. Fix is to memset to zero after allocation. Jeremy.
2010-02-18Fix bug #7154 - mangling method = hash can crash storing a name not ↵Jeremy Allison1-3/+5
containing a '.' Fix use of uninitialized variable. This can lead to crashes if mangling = hash processes names with no '.'. Jeremy.
2010-02-17Fix bug #6557 - Do not work VFS full_auditJeremy Allison1-51/+34
Re-arrange the operations order so SMB_VFS_CONNECT is done first as root (to allow modules to correctly initialize themselves). Reviewed modules to check if they needed CONNECT invoked as a user (which we previously did) and it turns out any of them that cared needed root permissions anyway. Jeremy.
2010-02-17s3: Fix bug 7139Volker Lendecke1-2/+32
To provide the user with the same SID when doing Kerberos logins, attempt to do a make_server_info_sam instead of a make_server_info_pw.
2010-02-14s3-smbd: convert lanman and notify code to TYPESAFE_QSORT()Andrew Tridgell2-12/+4
2010-02-13s3: Fix a C++ warningVolker Lendecke1-1/+1
2010-02-12Use sec_initial_uid() in the places where being root doesn't matter,Jeremy Allison1-1/+1
and 0 in the places where it does. Jeremy
2010-02-12Simplify the logic in make_connection_snum(), and make it match Windows ↵Jeremy Allison1-41/+63
behavior. Cause all exit paths to go through one place, where all cleanup is done. change_to_root_user() for pathname operations that should succeed if the path exists, even if the connecting user has no access. For example, a share can now be defined with a path of /root/only/access (where /root/only/access is a directory path with all components only accessible to root e.g. root owned, permissions 700 on every component). Non-root users will now correctly connect, but get ACCESS_DENIED on all activities (which matches Windows behavior). Previously, non-root users would get NT_STATUS_BAD_NETWORK_NAME on doing a TConX to this share, even though it's a perfectly valid share path (just not accessible to them). This change was inspired by the research I did for bug #7126, which was reported by bepi@adria.it. As this is a change in a core function, I'm proposing to leave this only in master for 3.6.0, not back-port to any existing releases. This should give us enough time to decide if this is the way we want this to behave (as Windows) or if we prefer the previous behavior. Jeremy.
2010-02-12s3/smbd: change locking behavior when "lock spin time = 0".Steven Danneman2-7/+16
The "lock spin time" parameter mimics the following Windows setting which by default is 250ms in Windows and 200ms in Samba. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\LockViolationDelay When a client sends repeated, non-blocking, contending BRL requests to a Windows server, after the first Windows starts treating these requests as timed blocking locks with the above timeout. As an efficiency, I've changed the behavior when this setting is 0, to skip this logic and treat all requests as non-blocking locks. This gives the smbd server behavior similar to the 3.0 release with the do_spin_lock() implementation. I've also changed the blocking lock parameter in the call from push_blocking_lock_request() to true as all requests made in this path are blocking by definition.
2010-02-12Remove #if SOFTLINK_OPTIMIZATION code.Jeremy Allison1-17/+0
This hasn't been turned on or been capable of doing so for many years now. Makes this jumbo function smaller... Jeremy.
2010-02-12Revert "Fix bug #7126 - [SMBD] With access denied error smbd return wrong ↵Jeremy Allison1-16/+9
NT_STATUS_OBJECT_PATH_INVALID error" This reverts commit 2fdd8b10c6abadd27c579e772c0482214d2363a5. This fix is incorrect. The original code works as desired, I made a mistake here. Jeremy.
2010-02-12Fix bug #7126 - [SMBD] With access denied error smbd return wrong ↵Jeremy Allison1-9/+16
NT_STATUS_OBJECT_PATH_INVALID error As tridge's comment says, we should be ignoring ACCESS_DENIED on the share path in a TconX call, instead allowing the mount and having individual SMB calls fail (as Windows does). The original code erroneously caught SMB_VFS_STAT != 0 and errored out on that. Jeremy.
2010-02-12s3: notify_onelevel does not use seqnums, so don't open asking for itVolker Lendecke1-1/+1
2010-02-11Remove the code replaced by widelinks warning.Jeremy Allison1-7/+0
Jeremy.
2010-02-11Remove lp_safe_widelinks() -> convert to just lp_widelinks. Suggestion from ↵Jeremy Allison3-6/+7
Volker. Create widelinks_warning(int snum) to cover the message needed in make_connection. Jeremy.
2010-02-11Final part of jumbo patch for bug #7104 - "wide links" and "unix extensions" ↵Jeremy Allison1-0/+12
are incompatible. Volker pointed out that the preexec scripts get passed the conn->connectpath as a parameter, so call canonicalize_connect_path() both *before* and after the preexec scripts. Ignore errors on the call before the preexec scripts, as the path may not exist until created by the preexec scripts. Jeremy.
2010-02-11Introduce lp_safe_widelinks()Simo Sorce3-5/+7
This way we avoid any chance that a configuration reload may turn back on wide links when unix extensions are enabled.
2010-02-11Fine changes to previous fix for bug #7104 - "wide links" and "unix ↵Jeremy Allison1-20/+18
extensions" are incompatible. Make sure we match the previous allow widelinks behavior, in that non-root preexec scripts can create share directories for a share definition. Jeremy