Age | Commit message (Collapse) | Author | Files | Lines |
|
The code to read the new V2 SAMBA_PAI entries had
two errors.
Jeremy.
|
|
BASE-DELAYWRITE and also RAW-CLOSE.
Jeremy.
|
|
the logic. This was incorrect (I'll revisit this tomorrow).
Jeremy.
|
|
set_close_write_time().
We were treating a file time set on close as a sticky write time set, and I don't
think it is. I will add a torture test later to RAW-CLOSE to confirm this.
Jeremy.
|
|
Jeremy.
|
|
"Normal" non truncate writes always cause the timestamp to
be set on close. Once a close is done on a handle this can
reset the sticky write time to current time also.
Updated smbtorture4 confirms this.
Jeremy.
|
|
|
|
We want to free the record early, not when talloc_tos() is free'ed.
|
|
Jeremy.
|
|
using older protocols (LANMAN2 or below).
Jeremy.
|
|
Jeremy.
|
|
Jeremy.
|
|
Jeremy.
|
|
not 4 byte aligned (levels 1 - 3).
Jeremy.
|
|
smbd just crashed on me: In a debug message I called a routine preparing a
string that itself used debug_ctx. The outer routine also used it after the
inner routine had returned. It was still referencing the talloc context
that the outer debug_ctx() had given us, which the inner DEBUG had already
freed.
|
|
directory with a lot of files.
Jeremy.
|
|
used to store the stream info in streams_depot.so is not
seen in when enumerating EAs.
Jeremy.
|
|
held outside of samba.
Fixes case where a connection with a pending lock can me marked "idle", and ensures
that the lock queue timeout is always recalculated.
Jeremy.
|
|
Jeremy.
|
|
Jeremy.
|
|
Jeremy.
|
|
|
|
symlinks instead of trans2:posix_unlink.
Jeremy.
|
|
Windows 7 is a bit more picky on our NT_STATUS_BUFFER_TOO_SMALL. Announce the
right buffer size, the same amount we later check for.
|
|
|
|
Jeremy.
|
|
Jeremy
|
|
recent versions of Samba.
Without this fix, renaming a directory ./a to ./b, whilst a directory ./aa was already open
would fail.
Jeremy.
|
|
|
|
function vfs_stat_fsp(). Stops code looking at fsp->posix_open
except for exceptional circumstances.
Jeremy.
|
|
Jeremy.
|
|
Jeremy.
|
|
===========================================================
== Subject: Misconfigured /etc/passwd file may share folders unexpectedly
==
== CVE ID#: CVE-2009-2813
==
== Versions: All versions of Samba later than 3.0.11
==
== Summary: If a user in /etc/passwd is misconfigured to have
== an empty home directory then connecting to the home
== share of this user will use the root of the filesystem
== as the home directory.
===========================================================
|
|
Summary:
Specially crafted SMB requests on
authenticated SMB connections can send smbd
into a 100% CPU loop, causing a DoS on the
Samba server.
|
|
|
|
Jeremy.
|
|
|
|
deferred open state.
Signed-off-by: Tim Prouty <tprouty@samba.org>
|
|
|
|
open.
Since the catia translation is implemented for open, it should not
also be done in createfile. By removing createfile from catia,
translation is now done correctly for the primary open path.
In order to support systems that have custom createfile
implementations that don't eventually call SMB_VFS_OPEN,
SMB_VFS_TRANSLATE_NAME has been expanded to take an additional
argument that specifies direction.
Signed-off-by: Tim Prouty <tprouty@samba.org>
|
|
This fixes smbd from crashing all the time.
Jeremy, Volker, please check.
Guenther
|
|
|
|
Jeremy.
|
|
Guenther
|
|
Lookup the EA and Stream status on CreateX.
Jeremy.
|
|
This is needed to support some special app I've just come across where I had to
set the SPARSE_FILES bit (0x40) to make it work against Samba at all. There
might be others to fake. This is definitely a "Don't touch if you don't know
what you're doing" thing, so I decided to make this an undocumented parametric
parameter.
I know this sucks, so feel free to beat me up on this. But I don't think it
will hurt.
|
|
Revert change from 3.3 -> 3.4 with read_socket_with_timeout changed
from sys_read() to sys_recv(). read_socket_with_timeout() is called
with non-fd's (with a pty in chgpasswd.c and with a disk file in
lib/dbwrap_file.c via read_data()). recv works for the disk file,
but not the pty. Change the name of read_socket_with_timeout() to
read_fd_with_timeout() to make this clear (and add comments).
Jeremy.
|
|
The kernel may return a short read, so we must use read_data() to make sure we
read off the full buffer. If somethign bad happens we also need to kill the
inotify watch because the filedescriptor will return out of sync structures if
we read only part of the data.
|
|
|
|
oplocks.
This one is subtle. There is a race condition where a signal can be
queued for oplock break, and then the file can be closed by the client
before the signal can be processed. Currently if this occurs we panic
(we can't match an incoming signal fd with a fsp pointer). Simply log
the error (at debug level 10 right now, might be too much) and then
return without processing the break request. It looks like there is
another race condition with this fix, but here's why it won't happen.
If the signal was pending (caused by a kernel oplock break from a
local file open), and the client closed the file and then re-opened
another file which happened to use the same file descriptor as the
file just closed, then theoretically the oplock break requests could
be processed on the wrong fd. Here's why this should be very rare..
Processing a pending signal always take precedence over an incoming
network request, so as long as the client close request is non-chained
then the break signal should always be harmlessly processed *before*
the open can be called. If the open is chained onto the close, and
the fd on the new open is the same as the old closed fd, then it's
possible this race will occur. However, all that will happen is that
we'll lose the oplock on this file. A shame, but not a fatal event.
Jeremy.
|