summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2013-01-30smbd: Fix a typoVolker Lendecke1-1/+1
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Wed Jan 30 18:21:19 CET 2013 on sn-devel-104
2013-01-28Fix bug #9571 - Unlink after open causes smbd to panic.Pavel Shilovsky1-3/+3
s3:smbd: fix wrong lock order in posix unlink Signed-off-by: Pavel Shilovsky <piastry@etersoft.ru> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-28Fix bug #9588 - ACLs are not inherited to directories for DFS shares.Jeremy Allison1-0/+13
We can return with NT_STATUS_OK in an error code path. This has a really strange effect in that it prevents the ACL editor in Windows XP from recursively changing ACE entries on sub-directories after a change in a DFS-root share (we end up returning a path that looks like: \\IPV4\share1\xptest/testdir with a mixture of Windows and POSIX pathname separators). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Mon Jan 28 13:48:13 CET 2013 on sn-devel-104
2013-01-25Fix bug #9587 - archive flag is always set on directories.Jeremy Allison1-1/+2
Creating a directory to a Samba share sets the attributes to 'D' only (correct) - only when creating a new file should the 'A' attribute be set. However, doing a rename of that directory sets the 'A' attribute in error. This should only be done on a file rename. smbclient regression test to follow. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-24Fix bug #9572 - File corruption during SMB1 read by Mac OSX 10.8.2 clients.Jeremy Allison1-2/+30
Accept a large read if we told the client we have UNIX extensions and the client sent a non-zero upper 16-bit size. Do the non-zero upper 16-bit size check first to save a function call in what is a hot path. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jan 24 21:01:51 CET 2013 on sn-devel-104
2013-01-24Revert "s3:smbd: SMB ReadX with size > 0xffff should only possible for samba ↵Jeremy Allison1-10/+1
clients." Part of fix for bug #9572 - File corruption during SMB1 read by Mac OSX 10.8.2 clients This reverts commit f8c26c16b82989e002b839fc9eba6386fc036f6a. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-23smbd: Fix a NULL vs false return errorVolker Lendecke1-1/+1
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-19Fix warnings with mismatched sizes in arguments to DEBUG statements.Jeremy Allison1-8/+8
This can cause compile errors on 32-bit systems. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Jan 19 12:14:13 CET 2013 on sn-devel-104
2013-01-18Remove locking across the lifetime of the copychunk call.Jeremy Allison1-116/+1
Previous commit handles this around each read/write call. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Fri Jan 18 01:47:01 CET 2013 on sn-devel-104
2013-01-18Add additional copychunk checks.Jeremy Allison1-0/+22
For printer, ipc$ connections, and directory handles. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-18Move handle checking code to copychunk_check_handles().Jeremy Allison1-21/+37
Planning to add extra checks to ensure we don't attempt copychunk on printer or IPC$ handles. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-17smb2_ioctl: copychunk request max output validationDavid Disseldorp1-0/+12
Check that the copychunk ioctl request maximum output specified by the client is large enough to hold copychunk response data. Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jan 17 00:59:44 CET 2013 on sn-devel-104
2013-01-16smb2_ioctl: track copychunk response output stateDavid Disseldorp1-16/+38
Treat the response data independent to the status. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: copychunk CHECK_READ and CHECK_WRITEDavid Disseldorp1-0/+25
[MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request, specifies that the copychunk destination file handle be granted FILE_WRITE_DATA and FILE_READ_DATA access. FILE_READ_DATA access must also be granted on the copychunk source file, which may be done implicitly with execute permission. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: only pass through to VFS on a valid fspDavid Disseldorp1-13/+17
A null fsp is dereferenced on VFS call. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: perform locking around copychunk requestsDavid Disseldorp1-17/+137
For each chunk in a copychunk request, take a read and write lock on the source and destination files respectively. Also change the resume key format to use a combination of the persistent and volatile handles. Thanks to Metze for his help on this. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smbd: split out file_fsp_get from file_fsp_smb2David Disseldorp2-10/+27
Obtain the files_struct from smb2req, persistent_id and volatile_id. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: remove ioctl error response assumptionsDavid Disseldorp1-17/+57
MS-SMB2 3.3.4.4 documents cases where a ntstatus indicating an error should not be considered a failure. In such a case the output data buffer should be sent to the client rather than an error response packet. Add a new fsctl copy_chunk test to confirm field limits are sent back in response to an oversize chunk request. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: add support for FSCTL_SRV_COPYCHUNKDavid Disseldorp1-4/+231
SMB2 clients can issue FSCTL_SRV_COPYCHUNK requests in order to copy data between files on the server side only, rather than reading data then writing back from the client. FSCTL_SRV_COPYCHUNK is used by default for Explorer SMB2 file copies on Windows Server 2012. 2.2.32.1 SRV_COPYCHUNK_RESPONSE in [MS-SMB2] describes the requirement for the server to provide maximum copychunk request size limits in ioctl responses carrying STATUS_INVALID_PARAMETER. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16s3-vfs: add copy_chunk vfs hooksDavid Disseldorp1-2/+24
copy_chunk copies n bytes from a source file at a specific offset to a destination file at a given offset. This interface will be used in handling smb2 FSCTL_SRV_COPYCHUNK ioctl requests. Use a pread/pwrite loop in vfs_default, so that requests referring to the same src and dest file are possible. Provide send and receive hooks for copy chunk VFS interface, allowing asynchronous behaviour. Check whether the request source offset + length exceeds the current size. Return STATUS_INVALID_VIEW_SIZE under such a condition, matching Windows server behaviour. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: add FSCTL_SRV_REQUEST_RESUME_KEY supportDavid Disseldorp1-2/+47
Use existing ioctl IDL infrastructure for marshalling. Support for this ioctl is a prerequisite for FSCTL_SRV_COPYCHUNK handling. The client-opaque resume key is constructed using the server side dev/inode file identifier. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: split ioctl handler code on device typeDavid Disseldorp6-355/+676
Add per device type ioctl handler source files for FSCTL_DFS, FSCTL_FILESYSTEM, FSCTL_NAMED_PIPE and FSCTL_NETWORK_FILESYSTEM. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: split ioctl handlers into separate funtionsDavid Disseldorp1-154/+173
Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-09Use the new directory_create_or_exist_strict() function.Andreas Schneider1-1/+1
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09s3:smb2_negprot: set the 'remote_proto' valueStefan Metzmacher1-0/+8
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Fixup the change_to_user_by_session() case as called from ↵Jeremy Allison1-0/+22
become_user_by_session() Use inside source3/printing/nt_printing.c:get_correct_cversion(). Allow check_user_ok() to be called with vuid==UID_FIELD_INVALID. All this should do is throw away one entry in the vuid cache. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd: Remove some ()Volker Lendecke1-3/+3
Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd: Simplify an if-expressionVolker Lendecke1-10/+7
Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd: Fix a typoVolker Lendecke1-1/+1
Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Move create_share_access_mask() from smbd/service.c to smbd/uid.c.Jeremy Allison3-41/+38
Make it static. Only called from uid.c now. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Fix bug #9518 - conn->share_access appears not be be reset between users.Jeremy Allison1-20/+8
Ensure make_connection_snum() uses the same logic as check_user_ok() to decide if a user can access a share. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Factor code out of check_user_ok() into a call to check_user_share_access().Jeremy Allison1-34/+7
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Initialize stack variables. Prelude to factoring out calls to ↵Jeremy Allison1-2/+2
check_user_share_access(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Add check_user_share_access() which factors out the share security and ↵Jeremy Allison2-0/+60
read_only flag setting code. Allows this to be called from both make_connection_snum() as well as check_user_ok(). Gives a consistent share security check function. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Correctly setup the conn->share_access based on the current user token.Jeremy Allison1-12/+22
Also use this to set conn->read_only. Cache the share_access in the struct vuid_cache_entry struct so we only evaluate this once per new user access on this share. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Change API for create_share_access_mask() - remove conn struct.Jeremy Allison2-7/+7
Eventually this will be indepentent of conn, just pass in the readonly flag. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Change API for create_share_access_mask() to pass in the token.Jeremy Allison2-4/+9
Don't automatically use the one from conn->session_info->security_token. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Fix API for create_share_access_mask().Jeremy Allison2-9/+12
Return the uint32_t share_access rather than directly changing the conn struct. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove static from create_share_access_mask().Jeremy Allison2-1/+2
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Add uint32_t share_access to vuid_cache_entry.Jeremy Allison1-0/+1
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Clean up struct connection_struct, make struct vuid_cache a pointer not inline.Jeremy Allison2-6/+7
Change VFS ABI to 31 for 4.1.0. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove unneeded variable "const struct auth_session_info *session_info"Jeremy Allison1-3/+1
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove dead code now vuser can no longer be NULL.Jeremy Allison1-8/+0
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove the second set of {} braces, no longer needed.Jeremy Allison1-20/+18
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-09Remove one set of enclosing {} braces, no longer needed.Jeremy Allison1-9/+7
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Move the definition of struct vuid_cache_entry *ent outside blocks.Jeremy Allison1-4/+2
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Start to tidy-up check_user_ok().Jeremy Allison1-3/+2
Now we have removed "security=share" we cannot be called with vuid == UID_FIELD_INVALID. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09source3/smbd/pysmbd.c: Always use create_conn_struct(). Don't hand create ↵Jeremy Allison1-24/+10
connection structs. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd/posix_acls.c: Use create_conn_struct(). Don't hand-create connection ↵Jeremy Allison1-19/+11
structs. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Allow create_conn_struct() to be called with snum == -1.Jeremy Allison1-4/+9
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>