summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2010-09-23Fix bug 7694 - Crash bug with invalid SPNEGO token.Jeremy Allison1-1/+2
Found by the CodeNomicon test suites at the SNIA plugfest. http://www.codenomicon.com/ If an invalid SPNEGO packet contains no OIDs we crash in the SMB1/SMB2 server as we indirect the first returned value OIDs[0], which is returned as NULL. Jeremy.
2010-09-22Thank goodness for code reviews. Volker caught - this should be ↵Jeremy Allison1-1/+1
lp_posix_pathnames() not lp_unix_extensions(). Jeremy.
2010-09-22Fix bug #7693 - smbd changing mode of files on renameJeremy Allison2-8/+10
When using "map archive", don't change the archive bit on renames or writes with UNIX extensions turned on. Jeremy.
2010-09-21s3:registry: move prototype from reg_init_full.c to its own header.Michael Adam1-0/+1
2010-09-20s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner1-17/+18
Guenther
2010-09-20s3-build: only include ctdbd_conn.h where needed.Günther Deschner2-0/+2
Guenther
2010-09-20s3-build: only include async headers where needed.Günther Deschner1-0/+1
Guenther
2010-09-16libcli/auth/ntlmssp Be clear about talloc parents for session keysAndrew Bartlett1-0/+1
The previous API was not clear as to who owned the returned session key. This fixes a valgrind-found use-after-free in the NTLMSSP key derivation code, and avoids making allocations - we steal and zero instead. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-15Fix all sid_parse returns to be checked. Tidy up some checks and errorJeremy Allison1-5/+12
messages. Jeremy.
2010-09-16s3-smbd: prevent call_nt_transact_ioctl() crash in FSCTL_FIND_FILES_BY_SID case.Günther Deschner1-1/+4
Jeremy, please check. Guenther
2010-09-15Add check for invalid data size.Jeremy Allison1-1/+8
Jeremy.
2010-09-15s3-rpc_server: Moved ncacn_np declarations in common header file.Simo Sorce2-0/+2
Signed-off-by: Andreas Schneider <asn@samba.org>
2010-09-15s3-rpc_server: Convert rpc_connect_spoolss_pipe into a generic interface.Simo Sorce2-10/+60
This way we have one common way to open internal pipes whether they are shortcircuited or piped to an external process.
2010-09-13Fix bug 7409 - Thousands of reduce_name: couldn't get realpath.Jeremy Allison1-1/+1
Don't log this at level 1 - every EACCES will generate one. Thanks to muehlfeld@medizinische-genetik.de for pointing this out. Jeremy.
2010-09-11s3-privs Convert from user_has_privileges() -> security_token_has_privilege()Andrew Bartlett1-4/+2
This new call is available in the merged privileges code, and takes an enum as the parameter, rather than a bitmask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3:auth Remove NT_USER_TOKENAndrew Bartlett4-4/+4
The all UPPER case typedef is no longer the preferred Samba style and this makes it easier to see that this is the IDL-derivied structure Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11s3-auth Change struct nt_user_token -> struct security_tokenAndrew Bartlett1-4/+4
This common structure is defined in security.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-10Add check missing from previous patch after talloc_strdup().Jeremy Allison1-0/+3
Jeremy.
2010-09-10Factor out the recent changes into a function - check_parent_exists().Jeremy Allison1-77/+103
Fix this to ensure that if "start" is manipulated, then "dirpath" is changed also. Ensures that when the path: /a/long/file/name/path.txt is processed, we first stat: /a/long/file/name/path.txt and if this fails, we try to stat: /a/long/file/name if this path exists (the normal case when creating a new entry in a directory) then we no longer do the individual path name walk, but only do case insensitive lookup on the last component. If the stat fails we do the full pathname walk as normal in 3.5.x and below. Metze, examine this change for your back-port. Jeremy.
2010-09-10s3-spoolss: Don't leak memory on the session counter list.Andreas Schneider1-1/+8
Thanks Günther, please check.
2010-09-09More paranoia to ensure SD's can't be set on read-only shares.Jeremy Allison1-0/+4
Jeremy.
2010-09-09s3-msdfs: Make auth_serversupplied_info const.Andreas Schneider1-1/+1
2010-09-08Don't rely on the underlying ACL modules to enforce share levelJeremy Allison2-0/+10
security when setting ACLs, check at the call level as well. Jeremy.
2010-09-08Optimization suggested by Metze. Without this patch,Jeremy Allison1-1/+97
FindFirst with 'path\to\some\dir\with\files\*' triggers the following stat calls path\to\some\dir\with\files\* => ENOENT path\ path\to\ path\to\some\ path\to\some\dir\ path\to\some\dir\with\ path\to\some\dir\with\files\ path\to\some\dir\with\files\* => ENOENT With this patch we get : path\to\some\dir\with\files\* => ENOENT path\to\some\dir\with\files = OK Jeremy.
2010-09-07s3: use monotonic clock for aio timeoutBjörn Jacke1-2/+2
2010-09-05s3: On Solaris, iov_len is an intVolker Lendecke1-1/+3
We can't use &iov.iov_len passing it to a size_t *
2010-08-31s3: messaging_ctdbd_connection() was only called with procid_self()Volker Lendecke2-3/+2
Eventually we'll get this right...
2010-08-31s3: use fine grained time in netprot responseBjörn Jacke1-3/+4
2010-08-31s3-auth Rename NT_USER_TOKEN user_sids -> sidsAndrew Bartlett3-6/+6
This is closer to the struct security_token from security.idl
2010-08-30s3: Fix a segfault in the printer code using create_conn_structVolker Lendecke1-1/+7
2010-08-30s3: Fix some uninitialized variable warningsVolker Lendecke2-6/+6
2010-08-30s3-smbd: use make_server_info_krb5() in smb2 too.Simo Sorce1-75/+8
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30s3-smbd: use make_server_info_krb5()Simo Sorce1-79/+11
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30s3-smbd: User helper function to resolve kerberos user for smb2Simo Sorce1-125/+30
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-30s3-smbd: Use helper function to resolve kerberos userSimo Sorce1-123/+27
Signed-off-by: Günther Deschner <gd@samba.org>
2010-08-29s3: Fix an uninitialized variableVolker Lendecke1-1/+1
2010-08-29s3: Fix the build without clusterVolker Lendecke1-0/+4
2010-08-29s3: Remove smbd_server_fd()Volker Lendecke2-8/+1
This breaks the perfcol_onefs() build. Tim, Steve, this use of smbd_server_fd is replacable by calls into substitute.c. I don't have a onefs environment around to build a fix, so I've decided to insert an #error, making it not compile. The fix should be pretty obvious, you can get the socket data via "%I" and "%i" substitutions.
2010-08-29s3: Remove two uses of smbd_server_fd()Volker Lendecke2-2/+2
Actually, this is a bit cheating. But those two files depend on smbd_server_conn anyway, it does not make things worse.
2010-08-29s3: Remove smbd_server_fd() from smbd_register_ipsVolker Lendecke1-3/+4
2010-08-29s3: Lift smbd_server_fd() from msg_release_ip()Volker Lendecke1-4/+4
2010-08-29s3: Lift smbd_server_fd() from release_ip()Volker Lendecke1-11/+27
2010-08-29s3: Remove a use of smbd_server_fd() in smbd main()Volker Lendecke1-2/+1
The effect this might have is that we set the socket options a bit later in inetd mode.
2010-08-29s3: Pass sconn to check_reloadVolker Lendecke1-4/+4
This removes a use of smbd_server_fd()
2010-08-29s3: Pass sconn instead of msg_ctx to housekeeping_fnVolker Lendecke1-6/+5
2010-08-29s3: Set the client_id in substitute.c onceVolker Lendecke1-0/+5
This never changes during a client connection's life, so we can set it once.
2010-08-28s3: Remove some references to smbd_server_fd()Volker Lendecke1-5/+7
2010-08-28s3: Remove smbd_server_fd() from set_local_machine_name()Volker Lendecke1-0/+9
2010-08-28s3:smbd: s/sa_len/sa_socklen , because sa_len is a macro on IRIXStefan Metzmacher1-7/+7
metze
2010-08-27Fix bug #7653 - When SMB2 is on, Windows 7 clients can not connect as guest ↵Jeremy Allison1-0/+8
to a share. Fix "security = share" with SMB2 by mapping internally to "security = user" and "map to guest = Bad User". Jeremy.