summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2009-05-26s3:smbd: return the correct security mode and capabilities in SMB2 NegotitateStefan Metzmacher1-5/+18
metze
2009-05-24TALLOC_FREE happily lives with a NULL ptr. Tim, please check!Volker Lendecke3-48/+16
Thanks, Volker
2009-05-22Ensure we return NT_STATUS_FILE_IS_A_DIRECTORY on a posix open on aJeremy Allison1-1/+1
directory name. Jeremy.
2009-05-22s3:smbd: implement SMB2 Tree DisconnectStefan Metzmacher3-1/+38
metze
2009-05-22s3:smbd: implement SMB2 Tree ConnectStefan Metzmacher4-1/+285
For now this only checks if the share is present or not. metze
2009-05-22s3:smbd: SMB2 session ids are 64bit...Stefan Metzmacher2-3/+3
We only grand ids up to 0x0000000000FFFFFF, because that's what our idtree implementation can handle. But also 16777215 sessions on one tcp connection should be enough:-) metze
2009-05-22s3:smbd: implement SMB2 LogoffStefan Metzmacher3-1/+47
metze
2009-05-21s3:smbd: we want to get the next command offset and not set it...Stefan Metzmacher1-1/+1
This should also fix the build on some hosts. metze
2009-05-20s3: Change unix_convert (and its callers) to use struct smb_filenameTim Prouty6-374/+537
This is the first of a series of patches that change path based operations to operate on a struct smb_filename instead of a char *. This same concept already exists in source4. My goals for this series of patches are to eventually: 1) Solve the stream vs. posix filename that contains a colon ambiguity that currently exists. 2) Make unix_convert the only function that parses the stream name. 3) Clean up the unix_convert API. 4) Change all path based vfs operation to take a struct smb_filename. 5) Make is_ntfs_stream_name() a constant operation that can simply check the state of struct smb_filename rather than re-parse the filename. 6) Eliminate the need for split_ntfs_stream_name() to exist. My strategy is to start from the inside at unix_convert() and work my way out through the vfs layer, call by call. This first patch does just that, by changing unix_convert and all of its callers to operate on struct smb_filename. Since this is such a large change, I plan on pushing the patches in phases, where each phase keeps full compatibility and passes make test. The API of unix_convert has been simplified from: NTSTATUS unix_convert(TALLOC_CTX *ctx, connection_struct *conn, const char *orig_path, bool allow_wcard_last_component, char **pp_conv_path, char **pp_saved_last_component, SMB_STRUCT_STAT *pst) to: NTSTATUS unix_convert(TALLOC_CTX *ctx, connection_struct *conn, const char *orig_path, struct smb_filename *smb_fname, uint32_t ucf_flags) Currently the smb_filename struct looks like: struct smb_filename { char *base_name; char *stream_name; char *original_lcomp; SMB_STRUCT_STAT st; }; One key point here is the decision to break up the base_name and stream_name. I have introduced a helper function called get_full_smb_filename() that takes an smb_filename struct and allocates the full_name. I changed the callers of unix_convert() to subsequently call get_full_smb_filename() for the time being, but I plan to eventually eliminate get_full_smb_filename().
2009-05-20s3:smbd: check the incoming session id for SMB2 requestsStefan Metzmacher3-2/+98
metze
2009-05-20s3:smbd: implement SMB2 Session Setup with raw NTLMSSPStefan Metzmacher3-1/+220
metze
2009-05-20s3:smbd: for now indicate raw NTLMSSP in the SMB2 Negotiate responseStefan Metzmacher1-0/+3
metze
2009-05-20s3:smbd: move the callback functions of smbd_smb2_request_reply() closer itselfStefan Metzmacher1-42/+42
metze
2009-05-20s3:smbd: add smbd_smb2_request_done_ex()Stefan Metzmacher2-5/+16
Some times we have to return a non-error response with status != NT_STATUS_OK. metze
2009-05-20s3:smbd: fix initialized memory in SMB2 responsesStefan Metzmacher1-4/+4
MESSAGE_ID and SESSION_ID are both 64bit. metze
2009-05-20s3:smbd: add support for SMB2 Keepalive (SMB2 Echo)Stefan Metzmacher3-0/+92
metze
2009-05-20s3:smbd: allow SMB 2.002 dialect in SMB1 negprotStefan Metzmacher3-0/+38
We create a dummy SMB2 Negotiate inbuf and pass the connection to the SMB2 engine. metze
2009-05-20s3:smbd: add support for SMB2 NegotiateStefan Metzmacher3-0/+131
This is not complete, but a start that makes the samba4 smb2 client happy. metze
2009-05-20s3:smbd: make negprot_spnego() non staticStefan Metzmacher2-1/+3
metze
2009-05-20s3:smbd: add infrastructure for SMB2 supportStefan Metzmacher3-0/+1049
This is disabled by default and activated by "max protocol = SMB2". metze
2009-05-18s3: Always allocate memory in dptr_ReadDirNameAravind Srinivasan2-17/+44
This is a follow up to 69d61453df6019caef4e7960fa78c6a3c51f3d2a to adjust the API to allow the lower layers allocate memory. Now the memory can explicitly be freed rather than relying on talloc_tos(). Signed-off-by: Tim Prouty <tprouty@samba.org>
2009-05-18s3 sendfile: Fix two bugs in sendfileTim Prouty1-3/+4
These were found interally via code inspection. 1) fake_sendfile was incorrectly writing zeros over real data on a short read. 2) sendfile_short_send was doing 4 byte writes instead of 1024 byte writes due to an incorrect sizeof usage. Jermey, Vl please check
2009-05-18Move down the become_root()/unbecome_root() calls into the VFS modulesVolker Lendecke1-6/+0
The aio_fork module does not need this, as it does not communicate via signals but with pipes. Watching a strace log with those become_root() calls in aio.c is absolutely awful, and it does affect performance.
2009-05-18Add "file_walk_table" to do stuff with all open filesVolker Lendecke1-0/+22
2009-05-14Make us pass SHORTNAME-TEST.Jeremy Allison1-3/+17
Jeremy
2009-05-14Remove one use of mangle_is_8_3(), not needed.Jeremy Allison1-4/+2
Jeremy.
2009-05-14Fix a type-punned warningVolker Lendecke1-1/+1
2009-05-12s3 onefs: Self-contend level2 oplocks on BRLZack Kirsch1-1/+0
2009-05-12s3: Fix strict locking with chained readsTim Prouty1-22/+24
Move the strict lock/unlock code down a level for reads to avoid calling chain_reply before the unlock.
2009-05-11Fix warning about unused label with no sendfile.Jeremy Allison1-1/+2
Jeremy.
2009-05-09Pass also sername to check password scriptSimo Sorce1-4/+12
2009-05-09Do not call SMB_VFS_GET_REAL_FILENAME if the name is mangledVolker Lendecke1-6/+11
The GPFS get_real_file name does not know about mangled names. Tim, if onefs does not either, you need this bugfix :-) In case onefs does 8.3 names, we need to pass the mangled flag down to SMB_VFS_GET_REAL_FILENAME to give GPFS a chance say ENOTSUPP and do the fallback.
2009-05-08s3: Fix chained sesssetupAndX/tconn messagesTim Prouty1-0/+7
A sesssetupAndX chained with a tconn will not correctly set the TID in the response header. I'm seeing an XP client send this chained sesssetup/tconn when samba has security = share. Samba's current behavior is to return a TID of 0 in the smb header rather than the actual TID. This patch also updates the UID in the header as well.
2009-05-08Fix bug #6330 - DFS doesn't work on AIX. Jeremy.Jeremy Allison1-0/+4
2009-05-08Expand the comment explaining why user_in_group_sid isJeremy Allison1-1/+6
not reliable for winbindd users from foreign domains. Jeremy.
2009-05-08s3:smbd: fix posix acls when setting an ACL without explicit ACE for the ↵Stefan Metzmacher1-3/+18
owner (bug#2346) The problem of bug #2346 remains for users exported by winbindd, because create_token_from_username() just fakes the token when the user is not in the local sam domain. This causes user_in_group_sid() to give totally wrong results. In uid_entry_in_group() we need to check if we already have the full unix token in the current_user struct. If so we should use the current_user unix token, instead of doing a very complex user_in_group_sid() which doesn't give reliable results anyway. metze
2009-05-08s3:smbd: fix the fix for mapped IPv4 address handling in release_ip().Michael Adam1-2/+2
It was too late... Thanks Metze for noticing. Michael
2009-05-08s3: make release_ip() call (ctdb) cope with IPv4 mapped addressesMichael Adam1-1/+8
Michael
2009-05-08s3-samr: disable check for ACB_DISABLED in check_oem_password().Günther Deschner1-1/+4
It is a bad idea to just tell everyone that an account is disabled without really having checked the password first. Found by torture test. Guenther
2009-05-08s3-samr: rework check_oem_password() to take a struct samu, not to return one.Günther Deschner1-39/+27
Guenther
2009-05-06s3-printing: simplify print_queue helper functions and return WERROR.Günther Deschner1-10/+7
Guenther
2009-05-05s3: Fix trans2 path to use case-insensitive stat optimizationtprouty2-6/+51
Often times before creating a file, a client will first query to see if it already exists. Since some systems have a case-insensitive stat that is called from unix_convert, we can definitively return STATUS_NO_SUCH_FILE to the client without scanning the whole directory. This code path is taken from trans2querypathinfo, but trans2findfirst still does a full directory scan even though the get_real_filename (the case-insensitive stat vfs call) can prevent this. This patch adds the get_real_filename call to the trans2find* path, and also changes the vfs_default behavior for SMB_VFS_GET_REAL_FILENAME. Previously, in the absence of a get_real_filename implementation, we would fallback to the full directory scan. The default behavior now returns -1 and sets errno to EOPNOTSUPP. This allows SMB_VFS_GET_REALFILENAME to be called from trans2* and unix_convert.
2009-05-05Fix bug 6302: Give the VFS a chance to read from 0-byte filesVolker Lendecke1-8/+9
2009-05-04Fix bug #6315 smbd crashes doing vfs_full_audit on IPC$ close event.Jeremy Allison1-3/+44
The underlying problem is that once SMBulogoff is called, all server_info contexts associated with the vuid should become invalid, even if that's the context being currently used by the connection struct (tid). When the SMBtdis comes in it doesn't need a valid vuid value, but the code called inside vfs_full_audit always assumes that there is one (and hence a valid conn->server_info pointer) available. This is actually a bug inside the vfs_full_audit and other code inside Samba, which should only indirect conn->server_info on calls which require AS_USER to be set in our process table. I could fix all these issues, but there's no guarentee that someone might not add more code that fails this assumption, as it's a hard assumption to break (it's usually true). So what I've done is to ensure that on SMBulogoff the previously used conn->server_info struct is kept around to be used for print debugging purposes (it won't be used to change to an invalid user context, as such calls need AS_USER set). This isn't strictly correct, as there's no association with the (now invalid) context being freed and the call that causes conn->server_info to be indirected, but it's good enough for most cases. The hard part was to ensure that once a valid context is used again (via new sessionsetupX calls, or new calls on a still valid vuid on this tid) that we don't leak memory by simply replacing the stored conn->server_info pointer. We would never actually leak the memory (as all conn->server_info pointers are talloc children of conn), but with the previous patch a malicious client could cause many server_info structs to be talloced by the right combination of SMB calls. This new patch introduces free_conn_server_info_if_unused(), which protects against the above. Jeremy.
2009-05-04Increase debug level of "create_connection_server_info failed" messageVolker Lendecke1-1/+1
I don't think we should unconditionally send every refused connection attempt to a share to syslog, that's where all debug level 0 messages end up.
2009-05-04s3-printing: Fix driver upload for Xerox 4110 PS printer driver.Günther Deschner1-0/+2
We need to allow to set filesystem capabilities from the default vfs in create_conn_struct() in order to find mixed-case filenames. Thanks Volker! This one was hard to find, so a little longer explanation: When a Windows client tries to upload e.g. the Xerox 4110 PS driver, the client first uploads the driver files to the [print$] share. Some of them (in this case the Windows Postscript drivers) are with uppercase filenames while some of them (like the PPD file) are in lowercase. After the driver upload the client issues the spoolss_AddPrinterDriverEx() call with level 6. There the client tries to add the PPD file with an uppercase filename (while having stored it in lowercase on the server). The internal spoolss add driver functions then could not find the appropriate filename while trying to move them to the version subdirectory (in this case W32X86/3) and fails then entire spoolss_AddPrinterDriverEx() call. With this fix, the convert_unix_name() name finds the correct file and the spoolss_AddPrinterDriverEx() succeeds. Guenther
2009-04-30Fix notify_onelevel: notify is not necessarily enabledVolker Lendecke1-0/+4
Thanks to Günther Deschner! Volker
2009-04-29s3:vfs: untangle logic for loading and probing modules in vfs_init_custom()Michael Adam1-11/+23
This is to be able to provide more specific error messages. Michael
2009-04-29s3:smbd/service: switch load_registry_service/shares to use loadparm routinesMichael Adam1-70/+3
instead of reading the registry directly with tdb and activating the configure options by hand. This eliminates the need for repeating checks done in loadparm. For instance it disables registry shares without path in the server as is the case with text based shares. Michael
2009-04-23Revert "Do not use the file system GET_REAL_FILENAME for mangled names"Volker Lendecke1-23/+7
This reverts commit b5b6ecb58aeba196c28370cde21a0826f81d8da6.