Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
not reliable for winbindd users from foreign domains.
Jeremy.
|
|
owner (bug#2346)
The problem of bug #2346 remains for users exported by
winbindd, because create_token_from_username() just fakes
the token when the user is not in the local sam domain. This causes
user_in_group_sid() to give totally wrong results.
In uid_entry_in_group() we need to check if we already
have the full unix token in the current_user struct.
If so we should use the current_user unix token,
instead of doing a very complex user_in_group_sid()
which doesn't give reliable results anyway.
metze
|
|
It was too late... Thanks Metze for noticing.
Michael
|
|
Michael
|
|
It is a bad idea to just tell everyone that an account is disabled without
really having checked the password first.
Found by torture test.
Guenther
|
|
Guenther
|
|
Guenther
|
|
Often times before creating a file, a client will first query to see
if it already exists. Since some systems have a case-insensitive stat
that is called from unix_convert, we can definitively return
STATUS_NO_SUCH_FILE to the client without scanning the whole
directory.
This code path is taken from trans2querypathinfo, but trans2findfirst
still does a full directory scan even though the get_real_filename
(the case-insensitive stat vfs call) can prevent this.
This patch adds the get_real_filename call to the trans2find* path,
and also changes the vfs_default behavior for
SMB_VFS_GET_REAL_FILENAME. Previously, in the absence of a
get_real_filename implementation, we would fallback to the full
directory scan. The default behavior now returns -1 and sets errno to
EOPNOTSUPP. This allows SMB_VFS_GET_REALFILENAME to be called from
trans2* and unix_convert.
|
|
|
|
The underlying problem
is that once SMBulogoff is called, all server_info contexts associated with the
vuid should become invalid, even if that's the context being currently used by
the connection struct (tid). When the SMBtdis comes in it doesn't need a valid
vuid value, but the code called inside vfs_full_audit always assumes that there
is one (and hence a valid conn->server_info pointer) available.
This is actually a bug inside the vfs_full_audit and other code inside Samba,
which should only indirect conn->server_info on calls which require AS_USER to
be set in our process table. I could fix all these issues, but there's no
guarentee that someone might not add more code that fails this assumption, as
it's a hard assumption to break (it's usually true).
So what I've done is to ensure that on SMBulogoff the previously used
conn->server_info struct is kept around to be used for print debugging purposes
(it won't be used to change to an invalid user context, as such calls need
AS_USER set). This isn't strictly correct, as there's no association with the
(now invalid) context being freed and the call that causes conn->server_info to
be indirected, but it's good enough for most cases.
The hard part was to ensure that once a valid context is used again (via new
sessionsetupX calls, or new calls on a still valid vuid on this tid) that we
don't leak memory by simply replacing the stored conn->server_info pointer. We
would never actually leak the memory (as all conn->server_info pointers are
talloc children of conn), but with the previous patch a malicious client could
cause many server_info structs to be talloced by the right combination of SMB
calls. This new patch introduces free_conn_server_info_if_unused(), which
protects against the above.
Jeremy.
|
|
I don't think we should unconditionally send every refused connection attempt
to a share to syslog, that's where all debug level 0 messages end up.
|
|
We need to allow to set filesystem capabilities from the default vfs in
create_conn_struct() in order to find mixed-case filenames. Thanks Volker!
This one was hard to find, so a little longer explanation:
When a Windows client tries to upload e.g. the Xerox 4110 PS driver, the client
first uploads the driver files to the [print$] share. Some of them (in this case
the Windows Postscript drivers) are with uppercase filenames while some of them
(like the PPD file) are in lowercase. After the driver upload the client issues
the spoolss_AddPrinterDriverEx() call with level 6. There the client tries to
add the PPD file with an uppercase filename (while having stored it in lowercase
on the server). The internal spoolss add driver functions then could not find the
appropriate filename while trying to move them to the version subdirectory (in
this case W32X86/3) and fails then entire spoolss_AddPrinterDriverEx() call.
With this fix, the convert_unix_name() name finds the correct file and
the spoolss_AddPrinterDriverEx() succeeds.
Guenther
|
|
Thanks to Günther Deschner!
Volker
|
|
This is to be able to provide more specific error messages.
Michael
|
|
instead of reading the registry directly with tdb and activating the
configure options by hand.
This eliminates the need for repeating checks done in loadparm.
For instance it disables registry shares without path in the server
as is the case with text based shares.
Michael
|
|
This reverts commit b5b6ecb58aeba196c28370cde21a0826f81d8da6.
|
|
Always add back the real original owner of the directory in the ACE List after
we steal its ACE for the Administrators group.
|
|
When adding arbitrary aces to an nt_ace_list we need to make sure we
are not actually adding a duplicate.
add_or_replace_ace() takes care of doing the right thing.
|
|
Guenther
|
|
the system one is broken.
|
|
|
|
|
|
|
|
smbd to
access a freed structure.
Jeremy.
|
|
This optimizes non-recursive notifys. For non-recursive notifies we can use a
per-directory file-id indexed notify record. This matters for the Windows
Explorer and IIS cases which do not use recursive notifies. In these cases, we
do not have to shuffle around the whole notify record on every change.
For the cluster case, this improves correctness of the notifies, ctdb only
distributes the tdb seqnum once a second, so we can lose notifies.
|
|
|
|
What a difference a name makes... :-). Just because something is missnamed
SAMR_ACCESS_OPEN_DOMAIN, when it should actually be SAMR_ACCESS_LOOKUP_DOMAIN,
don't automatically use it for a security check in _samr_OpenDomain().
Jeremy.
|
|
This commit is mostly to cope with the removal of SamOemHash (replaced
by arcfour_crypt()) and other collisions (such as changed function
arguments compared to Samba3).
We still provide creds_hash3 until Samba3 uses the credentials code in
netlogon server
Andrew Bartlett
|
|
This removes calls to push_*_allocate() and pull_*_allocate(), as well
as convert_string_allocate, as they are not in the common API
To allow transition to a common charcnv in future, provide Samba4-like
strupper functions in source3/lib/charcnv.c
(the actual implementation remains distinct, but the API is now shared)
Andrew Bartlett
|
|
This renames push_string in Samba3 into push_string_base and
push_string_check for the two different use cases.
This should allow push_string to be imported from Samba4, using it's
calling conventions.
|
|
|
|
The second r/o opener of a file is supposed to get a level2 oplock. The first
opener due to the protection in process_oplock_break_message() has been forced
to break to no oplock. The second opener according to locking.tdb gets a level2
oplock. Further down in open_file_ntcreate we try to set this level2 oplock in
the kernel, and the non-clustered Linux kernel disallows this. The rules for
the kernel leases are a bit baroque, but the attempt to do the SETLEASE
correctly fails and we end up with no oplock for any client.
In the clustered case however the linux kernel on the second opening node has
not seen the open fd of the first node, it is only the cluster fs that has this
information. If the cluster fs does not have the very same notion of leases as
the local kernel has, we can end up with a WRLCK style kernel lease for the
second opener where locking.tdb only indicates a level2 oplock. Getting a
kernel oplock break signal with just a level2 oplock in locking.tdb is
something smbd is not prepared for. For example after sending out the break in
response to the kernel signal we set a timeout, waiting for a reply.
More work needs to be done to make level2 kernel oplocks real for us. This
patch addresses a real problem we have right now without them.
|
|
This is fun -- XP still does this :-)
netbios retarget : foo = 192.168.234.10:1139
and if you connect to port 139 name foo, XP will happily do SMB over 1139
|
|
|
|
|
|
|
|
|
|
|
|
|
|
parameter "msdfs root = yes"
This was broken by the refactoring around create_file().
MSDFS pathname processing must be done FIRST.
MSDFS pathnames containing IPv6 addresses can
be confused with NTFS stream names (they contain
":" characters.
Jeremy.
|
|
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
This removes all oplock dependence on locking.tdb
|
|
|
|
handle_trans() can talloc_free "conn" if the client requests
close_on_completion. "state" is a talloc_child of conn, so it will be gone when
we later free state->data et al.
|
|
|
|
|
|
if "hide dot files" is set. Thanks to Barry Kelly <bkelly.ie@gmail.com>
for pointing this one out.
Jeremy.
|
|
This fixes a "defined but not used" compile warning.
|