summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2012-02-03Ensure when setting a POSIX ACL, that the uid for aJeremy Allison1-0/+60
SMB_ACL_USER_OBJ ACE (the owner ACE entry) has a duplicate permission entry as an SMB_ACL_USER, and a gid for a SMB_ACL_GROUP_OBJ ACE (the primary group ACE entry) also has a duplicate permission entry as an SMB_ACL_GROUP. If not, then if the ownership or group ownership of this file or directory gets changed, the user or group can lose their access.
2012-02-03Fix mistaken assignment of gid to uid field.Jeremy Allison1-1/+1
2012-02-03Replace bool flags inside ensure_canon_entry_valid() with pointers.Jeremy Allison1-11/+12
This will make the second tweak to the ACL mapping on set easier.
2012-02-03Replace all malloc/free with talloc on tos.Jeremy Allison1-41/+41
2012-02-01s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used()Michael Adam1-1/+1
Accidential "=" instead of "==". Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Wed Feb 1 17:10:15 CET 2012 on sn-devel-104
2012-01-31s3: Delete streams on directoriesVolker Lendecke1-0/+11
2012-01-31s3: Simplify an if-statementVolker Lendecke1-1/+1
is_ntfs_default_stream_smb_fname already contains all checks that the variable "stream_name" gives us here.
2012-01-31s3:smbd: inline code in reply_sesssetup_and_X_spnego()Stefan Metzmacher1-102/+71
This makes the logic much easier to follow. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jan 31 21:52:45 CET 2012 on sn-devel-104
2012-01-31s3:smbd: the spnego session setup don't need to copy the in blobStefan Metzmacher1-10/+5
metze
2012-01-31s3:smbd: rework reply_spnego_ntlmssp to reply_spnego_genericStefan Metzmacher1-27/+5
This removes the unused spnego_gen_auth_response() wrapping. metze
2012-01-31s3:smbd: remove unused code from sesssetup.cStefan Metzmacher2-549/+0
metze
2012-01-31s3:smbd: remove pending_auth_data logicStefan Metzmacher2-269/+0
This is handled by the gensec_spnego module. metze
2012-01-31s3:smbd: always use the gensec code path in sesssetup.cStefan Metzmacher1-67/+32
The other code pathes are unused, because we always have the spnego gensec module. metze
2012-01-31s3:smbd: rework smbd_smb2_*_ntlmssp_auth* to smbd_smb2_auth_generic*Stefan Metzmacher1-22/+28
metze
2012-01-31s3:smbd: always use the gensec code path in smb2_sesssetup.cStefan Metzmacher1-460/+7
The other code pathes are unused, because we always have the spnego gensec module. metze
2012-01-31libcli/smb: Convert struct smb_trans_enc_state to tallocAndrew Bartlett1-34/+11
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-31s3-smbd: Use gensec_spnego in smb seal serverAndrew Bartlett1-304/+29
This is instead of the inline, manual spnego code currently in use. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-31s3: Unify stream testing in open_directoryVolker Lendecke1-9/+5
The second if-statement could never have kicked in, assuming the SMB_ASSERT above was right. Jeremy, please check! Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Jan 31 20:15:36 CET 2012 on sn-devel-104
2012-01-31s3: Re-indent an && sequence for better understandingVolker Lendecke1-2/+2
2012-01-31s3: Fix "smbcontrol smbd close-share"Volker Lendecke1-0/+11
2012-01-25s3:smb2_sessetup: call set_current_user_info() and reload_services() on successStefan Metzmacher1-0/+11
This matches the smb1 code. metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Wed Jan 25 08:39:35 CET 2012 on sn-devel-104
2012-01-24Another fix for bug #8556 - ACL permissions ignored when SMBsetatr is requested.Jeremy Allison1-5/+0
Remove erroneous check on FILE_WRITE_ATTRIBUTES when changing POSIX permissions - this isn't an attribute set call (unless you're storing attributes in POSIX permissions, which is not recommended). Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Jan 24 00:44:24 CET 2012 on sn-devel-104
2012-01-23Another fix for bug #8556 - ACL permissions ignored when SMBsetatr is requested.Richard Sharpe1-0/+1
Prevent systems with "store dos attributes = yes" from overriding FILE_WRITE_ATTRIBUITES.
2012-01-20s3-libsmb: use struct gensec_security directlyAndrew Bartlett1-9/+9
This is rather than via a now one-element union. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-20s3-libcli Change krb5 smb sealing to call via gensec and gensec_gseAndrew Bartlett1-189/+32
This also fixes the support for smb sealing with krb5 in make test, as this now relies on secrets.tdb rather than /etc/krb5.keytab. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-20s3:smbd/proto.h: remove unused do_map_to_guest() prototypeStefan Metzmacher1-4/+0
metze
2012-01-19Now make_connection_snum() is a static function that takes aJeremy Allison1-33/+26
connection_struct as a parameter, fix the interface to allow it to return an NTSTATUS. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Jan 19 07:25:49 CET 2012 on sn-devel-104
2012-01-18Fix bug 8710 - connections.tdb - major leak with SMB2.Jeremy Allison3-22/+78
Ensure the cnum used to claim the connection for SMB2 is the id that will be used for the SMB2 tcon. Based on code from Ira Cooper <ira@wakeful.net>. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Jan 18 23:14:32 CET 2012 on sn-devel-104
2012-01-18Revert "Fix bug #8175 - smbd deadlock."Volker Lendecke1-68/+26
This reverts commit 5a2b5b6cfed74e0e9c2965525995f64cdad7b7c9.
2012-01-18s3: Change locking order between brlock and lockingVolker Lendecke1-8/+58
But 8175 was fixed in a way that brlock.tdb was always locked before locking.tdb. This patch fixes the bug in a different way. locking.tdb is the central tdb for files and should always be locked first. This patch solves the problem by postponing the level2 break messages, which are async anyway.
2012-01-18s3: Add a "lock_order" argument to db_openVolker Lendecke1-2/+4
This will be used to enforce a lock hierarchy between the databases. We have seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb. These should be fixed by refusing a dbwrap_fetch_locked that does not follow a defined lock hierarchy.
2012-01-12s3: Put an indirection layer into share_mode_lockVolker Lendecke5-36/+36
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-12s3: Introduce get_share_mode_lock_fresh()Volker Lendecke5-26/+14
This slightly simplifies the code path for all callers which assume that a share mode exists already. Only the callers in open_file_ntcreate and open_directory will ever create new share modes. Signed-off-by: Jeremy Allison <jra@samba.org>
2012-01-12s3:smbd: explicitly ask for GENSEC_FEATURE_UNIX_TOKENStefan Metzmacher2-0/+6
metze Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 12 11:22:53 CET 2012 on sn-devel-104
2012-01-12Ensure we always free aio_ex on all error paths by moving the TALLOC_FREEJeremy Allison1-2/+1
call out of smbd_aio_complete_aio_ex() and into the caller. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Jan 12 03:10:52 CET 2012 on sn-devel-104
2012-01-06s3-auth Rename make_auth_ntlmssp() -> make_auth_gensec()Andrew Bartlett1-5/+5
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth remove outdated commentAndrew Bartlett1-3/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Thu Jan 5 18:51:47 CET 2012 on sn-devel-104
2012-01-05s3-auth remove unused ntlmssp.hAndrew Bartlett1-1/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Remove ntlmssp_wrap.h which is no longer requiredAndrew Bartlett4-4/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth use gensec directly rather than via auth_generic_stateAndrew Bartlett6-63/+62
This is possible because the s3 gensec modules are started as normal gensec modules, so we do not need a wrapper any more. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3-auth Add TALLOC_CTX * to auth_generic_prepare()Andrew Bartlett4-15/+9
This makes the long term owner of this memory more clear. So far only the clear cases have been moved from NULL however. Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-01-05s3: Move basic SMB checking to a much earlier pointVolker Lendecke1-19/+19
2012-01-05s3: Add a suicide mode to smbdVolker Lendecke1-0/+11
To test our cleanup code paths properly, we need a way to make smbd exit hard without cleaning up
2012-01-04s3: Check for the packet size before accessing itVolker Lendecke1-2/+1
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Jan 4 15:16:20 CET 2012 on sn-devel-104
2012-01-03s3: Remove the unused "file_existed" parameter from smbd_calculate_access_maskVolker Lendecke4-10/+2
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Tue Jan 3 15:16:50 CET 2012 on sn-devel-104
2012-01-03s3: Avoid "file_existed" in smbd_calculate_maximum_allowed_accessVolker Lendecke1-36/+35
We access the file by name anyway, so we can just try to access it. The file system will for sure tell us if the file does not exist.
2012-01-03s3: Remove some else{} branches in smbd_calculate_maximum_allowed_accessVolker Lendecke1-3/+7
2012-01-03s3: Directly use *p_access_mask in smbd_calculate_maximum_allowed_accessVolker Lendecke1-6/+4
2012-01-03s3: Factor out smbd_calculate_maximum_allowed_accessVolker Lendecke1-40/+59
2011-12-31Final part of fix for bug #8679 - recvfile code path using splice() on Linux ↵Jeremy Allison1-5/+0
leaves data in the pipe on short write. The code to set a DOS error on short writeX return is amazingly legacy code, and also breaks the reply as fixup_chain_error_packet() enforces a 2-byte wct on any reply where smb_rcls != 0. Found in testing by Andrew Bartlett. Thanks Andrew ! Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Dec 31 08:05:35 CET 2011 on sn-devel-104