summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2013-01-18Add additional copychunk checks.Jeremy Allison1-0/+22
For printer, ipc$ connections, and directory handles. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-18Move handle checking code to copychunk_check_handles().Jeremy Allison1-21/+37
Planning to add extra checks to ensure we don't attempt copychunk on printer or IPC$ handles. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
2013-01-17smb2_ioctl: copychunk request max output validationDavid Disseldorp1-0/+12
Check that the copychunk ioctl request maximum output specified by the client is large enough to hold copychunk response data. Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jan 17 00:59:44 CET 2013 on sn-devel-104
2013-01-16smb2_ioctl: track copychunk response output stateDavid Disseldorp1-16/+38
Treat the response data independent to the status. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: copychunk CHECK_READ and CHECK_WRITEDavid Disseldorp1-0/+25
[MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request, specifies that the copychunk destination file handle be granted FILE_WRITE_DATA and FILE_READ_DATA access. FILE_READ_DATA access must also be granted on the copychunk source file, which may be done implicitly with execute permission. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: only pass through to VFS on a valid fspDavid Disseldorp1-13/+17
A null fsp is dereferenced on VFS call. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: perform locking around copychunk requestsDavid Disseldorp1-17/+137
For each chunk in a copychunk request, take a read and write lock on the source and destination files respectively. Also change the resume key format to use a combination of the persistent and volatile handles. Thanks to Metze for his help on this. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smbd: split out file_fsp_get from file_fsp_smb2David Disseldorp2-10/+27
Obtain the files_struct from smb2req, persistent_id and volatile_id. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: remove ioctl error response assumptionsDavid Disseldorp1-17/+57
MS-SMB2 3.3.4.4 documents cases where a ntstatus indicating an error should not be considered a failure. In such a case the output data buffer should be sent to the client rather than an error response packet. Add a new fsctl copy_chunk test to confirm field limits are sent back in response to an oversize chunk request. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: add support for FSCTL_SRV_COPYCHUNKDavid Disseldorp1-4/+231
SMB2 clients can issue FSCTL_SRV_COPYCHUNK requests in order to copy data between files on the server side only, rather than reading data then writing back from the client. FSCTL_SRV_COPYCHUNK is used by default for Explorer SMB2 file copies on Windows Server 2012. 2.2.32.1 SRV_COPYCHUNK_RESPONSE in [MS-SMB2] describes the requirement for the server to provide maximum copychunk request size limits in ioctl responses carrying STATUS_INVALID_PARAMETER. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16s3-vfs: add copy_chunk vfs hooksDavid Disseldorp1-2/+24
copy_chunk copies n bytes from a source file at a specific offset to a destination file at a given offset. This interface will be used in handling smb2 FSCTL_SRV_COPYCHUNK ioctl requests. Use a pread/pwrite loop in vfs_default, so that requests referring to the same src and dest file are possible. Provide send and receive hooks for copy chunk VFS interface, allowing asynchronous behaviour. Check whether the request source offset + length exceeds the current size. Return STATUS_INVALID_VIEW_SIZE under such a condition, matching Windows server behaviour. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: add FSCTL_SRV_REQUEST_RESUME_KEY supportDavid Disseldorp1-2/+47
Use existing ioctl IDL infrastructure for marshalling. Support for this ioctl is a prerequisite for FSCTL_SRV_COPYCHUNK handling. The client-opaque resume key is constructed using the server side dev/inode file identifier. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: split ioctl handler code on device typeDavid Disseldorp6-355/+676
Add per device type ioctl handler source files for FSCTL_DFS, FSCTL_FILESYSTEM, FSCTL_NAMED_PIPE and FSCTL_NETWORK_FILESYSTEM. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: split ioctl handlers into separate funtionsDavid Disseldorp1-154/+173
Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-09Use the new directory_create_or_exist_strict() function.Andreas Schneider1-1/+1
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09s3:smb2_negprot: set the 'remote_proto' valueStefan Metzmacher1-0/+8
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Fixup the change_to_user_by_session() case as called from ↵Jeremy Allison1-0/+22
become_user_by_session() Use inside source3/printing/nt_printing.c:get_correct_cversion(). Allow check_user_ok() to be called with vuid==UID_FIELD_INVALID. All this should do is throw away one entry in the vuid cache. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd: Remove some ()Volker Lendecke1-3/+3
Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd: Simplify an if-expressionVolker Lendecke1-10/+7
Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd: Fix a typoVolker Lendecke1-1/+1
Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Move create_share_access_mask() from smbd/service.c to smbd/uid.c.Jeremy Allison3-41/+38
Make it static. Only called from uid.c now. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Fix bug #9518 - conn->share_access appears not be be reset between users.Jeremy Allison1-20/+8
Ensure make_connection_snum() uses the same logic as check_user_ok() to decide if a user can access a share. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Factor code out of check_user_ok() into a call to check_user_share_access().Jeremy Allison1-34/+7
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Initialize stack variables. Prelude to factoring out calls to ↵Jeremy Allison1-2/+2
check_user_share_access(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Add check_user_share_access() which factors out the share security and ↵Jeremy Allison2-0/+60
read_only flag setting code. Allows this to be called from both make_connection_snum() as well as check_user_ok(). Gives a consistent share security check function. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Correctly setup the conn->share_access based on the current user token.Jeremy Allison1-12/+22
Also use this to set conn->read_only. Cache the share_access in the struct vuid_cache_entry struct so we only evaluate this once per new user access on this share. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Change API for create_share_access_mask() - remove conn struct.Jeremy Allison2-7/+7
Eventually this will be indepentent of conn, just pass in the readonly flag. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Change API for create_share_access_mask() to pass in the token.Jeremy Allison2-4/+9
Don't automatically use the one from conn->session_info->security_token. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Fix API for create_share_access_mask().Jeremy Allison2-9/+12
Return the uint32_t share_access rather than directly changing the conn struct. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove static from create_share_access_mask().Jeremy Allison2-1/+2
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Add uint32_t share_access to vuid_cache_entry.Jeremy Allison1-0/+1
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Clean up struct connection_struct, make struct vuid_cache a pointer not inline.Jeremy Allison2-6/+7
Change VFS ABI to 31 for 4.1.0. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove unneeded variable "const struct auth_session_info *session_info"Jeremy Allison1-3/+1
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove dead code now vuser can no longer be NULL.Jeremy Allison1-8/+0
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove the second set of {} braces, no longer needed.Jeremy Allison1-20/+18
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-09Remove one set of enclosing {} braces, no longer needed.Jeremy Allison1-9/+7
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Move the definition of struct vuid_cache_entry *ent outside blocks.Jeremy Allison1-4/+2
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Start to tidy-up check_user_ok().Jeremy Allison1-3/+2
Now we have removed "security=share" we cannot be called with vuid == UID_FIELD_INVALID. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09source3/smbd/pysmbd.c: Always use create_conn_struct(). Don't hand create ↵Jeremy Allison1-24/+10
connection structs. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd/posix_acls.c: Use create_conn_struct(). Don't hand-create connection ↵Jeremy Allison1-19/+11
structs. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Allow create_conn_struct() to be called with snum == -1.Jeremy Allison1-4/+9
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd: Rework create_conn_struct to use conn_new()Andrew Bartlett1-22/+18
This avoids issues with required structure elements not being initialised. In particular, once conn->vuid_cache becomes a pointer, this ensures that it is initalised in all cases. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-08smbd: Fix bug 9549 -- Memleak in the async echo handlerVolker Lendecke1-1/+1
Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jan 8 23:30:41 CET 2013 on sn-devel-104
2013-01-07pysmbd: Change to keyword based argumentsAndrew Bartlett1-23/+43
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-01-07pysmbd: Convert pysmbd to take an optional service to connect toAndrew Bartlett2-127/+159
This uses create_conn_struct to correctly call VFS_CONNECT(), but only if a service has been specified. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2013-01-07smbd: Fix calls to create_conn_struct_cwd to be correctly indented.Andrew Bartlett1-16/+16
These are whitespace changes only, left out of the previous commit to preserve clarity. Andrew Bartlett. Reviewed-by: Jeremy Allison <jra@samba.org>
2013-01-07smbd: Split create_conn_struct into a fn that does not change the working dirAndrew Bartlett2-16/+53
The python bindings do not want the current working directory changed during operations, so we provide two functions, one providing the original behaviour, and other providing the python bindings with just the memory allocation and initilisation stuff. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2012-12-21s3-smbd: Check return code of SMB_VFS_{L}STAT.Andreas Schneider1-2/+7
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-18Fix bug #9196 - defer_open is triggered multiple times on the same request.Jeremy Allison1-3/+3
get_deferred_open_message_state_smb2() is buggy in that it is checking the wrong things to determine if an open is in the deferred state. It checks if (smb2req->async_te == NULL) which is incorrect, as we're not always async in a deferred open - remove this. It should check instead state->open_was_deferred as this is explicity set to 'true' when an open is going deferred, so add this check. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Dec 18 14:19:13 CET 2012 on sn-devel-104
2012-12-07s3: Fix clear_if_first for the async echo handlerVolker Lendecke1-1/+1
A worker smbd is as not long-lived as the main smbd, but as the async echo handler exits when the worker smbd does, passing "true" here is the right thing to do and fixes our clear_if_first handling when the async echo handler is active. Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Fri Dec 7 11:29:36 CET 2012 on sn-devel-104