summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2009-02-01Add two new parameters to control how we verify kerberos tickets. Removes ↵Dan Sledz2-3/+3
lp_use_kerberos_keytab parameter. The first is "kerberos method" and replaces the "use kerberos keytab" with an enum. Valid options are: secrets only - use only the secrets for ticket verification (default) system keytab - use only the system keytab for ticket verification dedicated keytab - use a dedicated keytab for ticket verification. secrets and keytab - use the secrets.tdb first, then the system keytab For existing installs: "use kerberos keytab = yes" corresponds to secrets and keytab "use kerberos keytab = no" corresponds to secrets only The major difference between "system keytab" and "dedicated keytab" is that the latter method relies on kerberos to find the correct keytab entry instead of filtering based on expected principals. The second parameter is "dedicated keytab file", which is the keytab to use when in "dedicated keytab" mode. This keytab is only used in ads_verify_ticket.
2009-02-01Convert api_RNetUserEnum to use the srv_samr_nt.c directlyVolker Lendecke1-26/+77
This is a sample for other accesses to pdb to go via samr. The goal is to access passdb only via srv_samr_nt.c. If that is done, then we can easily swap in another samr implementation like for example samba4's via a unix domain socket.
2009-02-01Fix nonempty blank linesVolker Lendecke1-58/+57
2009-02-01Just for fun: Move some bytes from bss to textVolker Lendecke2-2/+2
2009-01-31Make reply_pipe_read_andx asyncVolker Lendecke1-13/+57
2009-01-31Make reply_pipe_write asyncVolker Lendecke1-13/+48
2009-01-31Make reply_pipe_write_and_X asyncVolker Lendecke1-20/+52
2009-01-31Make-np_write-handle-0-byte-writes-as-NT_STATUS_OKVolker Lendecke1-43/+27
2009-01-31Convert api_rpc_trans_reply to async np_*Volker Lendecke1-29/+119
2009-01-31make send_file_readbraw staticVolker Lendecke1-6/+6
2009-01-31Remove the global variable "chain_size"Volker Lendecke4-15/+31
2009-01-29Upgrade POSIX inheritance storage to a new format (version 2). StoresJeremy Allison1-200/+360
the Windows ACL type and flags if "map acl inherit" is set. Jeremy.
2009-01-29s3: Add a new SMB_VFS_GET_ALLOC_SIZE vfs operationTim Prouty3-43/+17
This allows module implementors to customize what allocation size is returned to the client.
2009-01-29s3:smbd: make smbd_open_one_socket() staticMichael Adam1-3/+3
Michael
2009-01-29s3:smbd: ignore open_socket_in() failuresStefan Metzmacher1-1/+4
This restores the pre e0232934fbf69a9e72de1d9844b14d70b34a2d6a behavior. metze
2009-01-27s3:smbd: wait for new connection via fd eventsStefan Metzmacher1-211/+227
metze
2009-01-27s3:smbd: make mdns registration event driven.Stefan Metzmacher2-125/+108
metze
2009-01-27s3:smbd: make inetd code path more clearStefan Metzmacher1-24/+20
metze
2009-01-27s3:smbd: make kernel oplocks event drivenStefan Metzmacher6-201/+33
And use signal events for Linux oplocks. metze
2009-01-27s3:smbd: remove pointless respond_to_all_remaining_local_messages() functionStefan Metzmacher2-27/+0
This the process_kernel_oplock() function never response to messages, it only generates messages to ourself. metze
2009-01-27s3:smbd: convert aio to use tevent_signalStefan Metzmacher3-104/+52
metze
2009-01-27s3:smbd: use signal events for SIGTERM, SIGHUP and SIGCHLDStefan Metzmacher4-96/+102
metze
2009-01-27s3:smbd: move all code that handles a client connection into smbd_process()Stefan Metzmacher2-218/+218
metze
2009-01-27s3:smbd: we should setup the client socket in the same way in all code pathesStefan Metzmacher1-21/+15
We should behave the same in inetd, interactive and deamon modes. metze
2009-01-27s3:namecache: remove unused namecache_shutdown() functionStefan Metzmacher1-2/+0
metze
2009-01-25Fix chain_reply for pipe readsVolker Lendecke1-1/+11
The caller might have over-allocated reply->outbuf. Deal with that. Sorry, Günther, for giving you so much pain ... Volker
2009-01-23Extend NTIMES to allow setting create_timetodd stecher4-69/+97
1) Add in smb_file_time struct to clarify code and make room for createtime. 2) Get and set create time from SMB messages. 3) Fixup existing VFS modules + examples Some OS'es allow for the setting of the birthtime through kernel interfaces. This value is generically used for Windows createtime, but is not settable in the code today.
2009-01-22Fix logic error in try_chown - we shouldn't arbitrarily chownJeremy Allison1-6/+9
to ourselves unless that was passed in. Jeremy.
2009-01-22Second part of the attemt to fix #4308 - Excel save operation corrupts file ↵Jeremy Allison1-131/+144
ACLs. If the chown succeeds then the ACL set should also. Ensure this is the case (refactor some of this code to make it simpler to read also). Jeremy.
2009-01-22Another attempt to fix bug #4308 - Excel save operation corrupts file ACLs.Jeremy Allison1-25/+4
Simo is completely correct. We should be doing the chown *first*, and fail the ACL set if this fails. The long standing assumption I made when writing the initial POSIX ACL code was that Windows didn't control who could chown a file in the same was as POSIX. In POSIX only root can do this whereas I wasn't sure who could do this in Windows at the time (I didn't understand the privilege model). So the assumption was that setting the ACL was more important (early tests showed many failed ACL set's due to inability to chown). But now we have privileges in smbd, and we must always fail an ACL set when we can't chown first. The key that Simo noticed is that the CREATOR_OWNER bits in the ACL incoming are relative to the *new* owner, not the old one. This is why the old user owner disappears on ACL set - their access was set via the USER_OBJ in the creator POSIX ACL and when the ownership changes they lose their access. Patch is simple - just ensure we do the chown first before evaluating the incoming ACL re-read the owners. We already have code to do this it just wasn't rigorously being applied. Jeremy.
2009-01-22s3:smbd: we don't need to call message_dispatch() anymore it's event ↵Stefan Metzmacher2-26/+2
triggered now metze
2009-01-22s3:smbd: restructure kernel oplocks codeStefan Metzmacher6-136/+117
This converts the irix oplocks code to use a fd event and removes the last special case for file descriptors for the main sys_select(). metze
2009-01-22s3: always call run_events() before and after sys_select()Stefan Metzmacher2-10/+12
And always setup the fd events. metze
2009-01-20"userdom_struct" does not need "full_name" anymore -- unusedVolker Lendecke2-3/+0
2009-01-20Remove some unused codeVolker Lendecke1-3/+0
2009-01-20Remove some smb fsp knowledge from rpc_server/Volker Lendecke3-8/+61
np_open/read/write don't have to know about files_struct
2009-01-20s3:smbd: call message_dispatch() before processing incoming PDUsStefan Metzmacher1-0/+6
This is a hack to fix races which happen with the RAW-RENAME and RAW-OPLOCK tests. We should try to remove it later. metze
2009-01-16s3:cluster: fix ctdb ipv6 supportStefan Metzmacher1-3/+1
We need to use CTDB_CONTROL_TCP_CLIENT instead of CTDB_CONTROL_TCP_ADD. CTDB_CONTROL_TCP_CLIENT has support for 2 modes in newer ctdb versions: - with struct ctdb_control_tcp it only supports ipv4. - with struct ctdb_control_tcp_addr it supports ipv4 and ipv6. You need new header files which defines struct ctdb_control_tcp_addr, but at runtime it should be fine to work against older ctdb versions (<= 1.0.68). metze
2009-01-16remove the old chain_reply codeVolker Lendecke1-214/+4
2009-01-16Correctly calculate the offset for read&xVolker Lendecke3-8/+36
2009-01-16Add a new implementation of chain_replyVolker Lendecke2-6/+217
This the global variable "orig_inbuf" in the old chain_reply code. This global variable was one of the reasons why we had the silly restriction to not allow async requests within a request chain.
2009-01-16s3:put the browse list into cache_dir, not lock_dir.Michael Adam1-2/+2
Michael
2009-01-15s3: make better use of ccache by not including version.h in every C-file.Michael Adam3-2/+3
version.h changes rather frequently. Since it is included via includes.h, this means each C file will be a cache miss. This applies to the following situations: * When building a new package with a new Samba version * building in a git branch after calling mkversion.sh after a new commit (i.e. virtually always) This patch improves the situation in the following way: * remove inlude "version.h" from includes.h * Use samba_version_string() instead of SAMBA_VERSION_STRING in files that use no other macro from version.h instead of SAMBA_VERSION_STRING. * explicitly include "version.h" in those files that use more macros from "version.h" than just SAMBA_VERSION_STRING. Michael
2009-01-13Only call sendfile_short_read() if we need it.Jeremy Allison1-2/+6
Jeremy.
2009-01-13Fix bug noticed by Volker - if sendfile returns zero thenJeremy Allison1-2/+66
we might have to handle a short send by filling with zeros. Jeremy.
2009-01-13Fix bug #6019 File corruption in Clustered SMB/NFS environment managed via CTDBJeremy Allison1-2/+2
Jeremy.
2009-01-11s3: Differentiate between posix files with colons and actual streamsTim Prouty1-2/+34
It is possible for a posix file created locally or over nfs to have a ":" in the name. Since ":" is a reserved character in windows, filenames containing a colon must be mangled in a directory listing. Right now files containing colons will not even be displayed in directory listings if streams modules are in use. During the directory listing the file will be detected as a stream because of the colon, but the streams module will fail to find the stream since it doesn't exist. This fix adds a step to is_ntfs_stream_name that stats the filename to differentiate between actual streams and files containing colons. While this is an improvement, it isn't perfect. Consider the case where there is a file on disk called "a.txt:s1" and also a file called "a.txt" that has a stream called "s1". This patch will always preference "a.txt:s1" over a.txt's s1 stream. The real issue is that at the vfs level, the vfs modules have no way to tell between a demangled name with a colon and an actual stream. A more invasive, but better, long-term fix would be to add all paths that come over the wire into a struct containing metadata about the path. This metadata could include a flag to indicate whether the path came over the wire with a colon ":" (guaranteeing that the client is requesting a stream). Passing this struct down to the lower levels, including all path-based vfs calls, would allow the above case to be handled correctly in all cases.
2009-01-10Fix a type-punned errorVolker Lendecke1-1/+1
2009-01-10Fix a C++ warningVolker Lendecke1-2/+2
2009-01-09s3: Fix open path to delete streams depending on the create dispositionTim Prouty1-0/+14
The new create disposition test in smbtorture RAW-STREAMS verifies this fix.