summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2013-01-16smb2_ioctl: split ioctl handler code on device typeDavid Disseldorp6-355/+676
Add per device type ioctl handler source files for FSCTL_DFS, FSCTL_FILESYSTEM, FSCTL_NAMED_PIPE and FSCTL_NETWORK_FILESYSTEM. Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-16smb2_ioctl: split ioctl handlers into separate funtionsDavid Disseldorp1-154/+173
Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-09Use the new directory_create_or_exist_strict() function.Andreas Schneider1-1/+1
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09s3:smb2_negprot: set the 'remote_proto' valueStefan Metzmacher1-0/+8
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Fixup the change_to_user_by_session() case as called from ↵Jeremy Allison1-0/+22
become_user_by_session() Use inside source3/printing/nt_printing.c:get_correct_cversion(). Allow check_user_ok() to be called with vuid==UID_FIELD_INVALID. All this should do is throw away one entry in the vuid cache. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd: Remove some ()Volker Lendecke1-3/+3
Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd: Simplify an if-expressionVolker Lendecke1-10/+7
Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd: Fix a typoVolker Lendecke1-1/+1
Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Move create_share_access_mask() from smbd/service.c to smbd/uid.c.Jeremy Allison3-41/+38
Make it static. Only called from uid.c now. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Fix bug #9518 - conn->share_access appears not be be reset between users.Jeremy Allison1-20/+8
Ensure make_connection_snum() uses the same logic as check_user_ok() to decide if a user can access a share. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Factor code out of check_user_ok() into a call to check_user_share_access().Jeremy Allison1-34/+7
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Initialize stack variables. Prelude to factoring out calls to ↵Jeremy Allison1-2/+2
check_user_share_access(). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Add check_user_share_access() which factors out the share security and ↵Jeremy Allison2-0/+60
read_only flag setting code. Allows this to be called from both make_connection_snum() as well as check_user_ok(). Gives a consistent share security check function. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Correctly setup the conn->share_access based on the current user token.Jeremy Allison1-12/+22
Also use this to set conn->read_only. Cache the share_access in the struct vuid_cache_entry struct so we only evaluate this once per new user access on this share. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Change API for create_share_access_mask() - remove conn struct.Jeremy Allison2-7/+7
Eventually this will be indepentent of conn, just pass in the readonly flag. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Change API for create_share_access_mask() to pass in the token.Jeremy Allison2-4/+9
Don't automatically use the one from conn->session_info->security_token. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Fix API for create_share_access_mask().Jeremy Allison2-9/+12
Return the uint32_t share_access rather than directly changing the conn struct. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove static from create_share_access_mask().Jeremy Allison2-1/+2
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Add uint32_t share_access to vuid_cache_entry.Jeremy Allison1-0/+1
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Clean up struct connection_struct, make struct vuid_cache a pointer not inline.Jeremy Allison2-6/+7
Change VFS ABI to 31 for 4.1.0. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove unneeded variable "const struct auth_session_info *session_info"Jeremy Allison1-3/+1
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove dead code now vuser can no longer be NULL.Jeremy Allison1-8/+0
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Remove the second set of {} braces, no longer needed.Jeremy Allison1-20/+18
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2013-01-09Remove one set of enclosing {} braces, no longer needed.Jeremy Allison1-9/+7
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Move the definition of struct vuid_cache_entry *ent outside blocks.Jeremy Allison1-4/+2
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Start to tidy-up check_user_ok().Jeremy Allison1-3/+2
Now we have removed "security=share" we cannot be called with vuid == UID_FIELD_INVALID. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09source3/smbd/pysmbd.c: Always use create_conn_struct(). Don't hand create ↵Jeremy Allison1-24/+10
connection structs. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd/posix_acls.c: Use create_conn_struct(). Don't hand-create connection ↵Jeremy Allison1-19/+11
structs. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09Allow create_conn_struct() to be called with snum == -1.Jeremy Allison1-4/+9
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09smbd: Rework create_conn_struct to use conn_new()Andrew Bartlett1-22/+18
This avoids issues with required structure elements not being initialised. In particular, once conn->vuid_cache becomes a pointer, this ensures that it is initalised in all cases. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org>
2013-01-08smbd: Fix bug 9549 -- Memleak in the async echo handlerVolker Lendecke1-1/+1
Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jan 8 23:30:41 CET 2013 on sn-devel-104
2013-01-07pysmbd: Change to keyword based argumentsAndrew Bartlett1-23/+43
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-01-07pysmbd: Convert pysmbd to take an optional service to connect toAndrew Bartlett2-127/+159
This uses create_conn_struct to correctly call VFS_CONNECT(), but only if a service has been specified. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2013-01-07smbd: Fix calls to create_conn_struct_cwd to be correctly indented.Andrew Bartlett1-16/+16
These are whitespace changes only, left out of the previous commit to preserve clarity. Andrew Bartlett. Reviewed-by: Jeremy Allison <jra@samba.org>
2013-01-07smbd: Split create_conn_struct into a fn that does not change the working dirAndrew Bartlett2-16/+53
The python bindings do not want the current working directory changed during operations, so we provide two functions, one providing the original behaviour, and other providing the python bindings with just the memory allocation and initilisation stuff. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2012-12-21s3-smbd: Check return code of SMB_VFS_{L}STAT.Andreas Schneider1-2/+7
Found by Coverity. Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2012-12-18Fix bug #9196 - defer_open is triggered multiple times on the same request.Jeremy Allison1-3/+3
get_deferred_open_message_state_smb2() is buggy in that it is checking the wrong things to determine if an open is in the deferred state. It checks if (smb2req->async_te == NULL) which is incorrect, as we're not always async in a deferred open - remove this. It should check instead state->open_was_deferred as this is explicity set to 'true' when an open is going deferred, so add this check. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue Dec 18 14:19:13 CET 2012 on sn-devel-104
2012-12-07s3: Fix clear_if_first for the async echo handlerVolker Lendecke1-1/+1
A worker smbd is as not long-lived as the main smbd, but as the async echo handler exits when the worker smbd does, passing "true" here is the right thing to do and fixes our clear_if_first handling when the async echo handler is active. Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Fri Dec 7 11:29:36 CET 2012 on sn-devel-104
2012-12-05s3:smbd: fix a cut and paste error in a debug messageMichael Adam1-2/+2
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed by: Jeremy Allison <jra@samba.org>
2012-12-05s3:smbd: don't apply create/directory mask and modes in apply_default_perms()Michael Adam1-77/+11
The mask/mode parameters should only apply to a situation with only pure posix permissions. Once we are dealing with ACLs and inheritance, we need to do it correctly. This fixes bug #9462: Users can not be given write permissions any more by default Signed-off-by: Michael Adam <obnox@samba.org> Reviewed by: Jeremy Allison <jra@samba.org>
2012-12-06Fix bug #9460 - Samba 3.6.x and Master respond incorrectly to ↵Richard Sharpe1-1/+22
FILE_STREAM_INFO requests. Ensure we check the buffer size correctly. Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Dec 6 01:31:08 CET 2012 on sn-devel-104
2012-12-04Remove unused append_parent_acl().Jeremy Allison2-204/+0
Get rid of a large chunk of unused code. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Tue Dec 4 11:59:30 CET 2012 on sn-devel-104
2012-12-02s3:smbd/open: fall back to Builtin_Administrators if SYSTEM doesn't map to a ↵Stefan Metzmacher1-0/+54
group Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-02s3:smbd/open: try the primary sid (user) as group_sid if the token has just ↵Stefan Metzmacher1-1/+5
one sid Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-02s3:smbd/open: use Builtin_Administrators as owner of files (if possible)Stefan Metzmacher1-4/+41
We do this if the idmap layer resolves Builtin_Administrators as ID_TYPE_BOTH and if the current token has the Builtin_Administrators SID or it's SYSTEM. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-30Fix Bug 9422 - large read requests cause server to issue malformed replyVolker Lendecke1-1/+1
Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Nov 30 03:27:07 CET 2012 on sn-devel-104
2012-11-28s4:smbd/open: add missing TALLOC_FREE(frame) to inherit_new_acl()Stefan Metzmacher1-0/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-20s3:smbd/aio do not mark file modified during readsChristian Ambach1-2/+0
this causes each file that is potentially just opened for reading to be marked as modified and lots of file change notifications will be send Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Tue Nov 20 21:02:34 CET 2012 on sn-devel-104
2012-11-20More for #9374 - Allow smb2.acls torture test to pass against smbd with a ↵Jeremy Allison2-7/+10
POSIX ACLs backend. Change can_delete_directory() to can_delete_directory_fsp(), as we only ever call this from an open directory file handle. This allows us to use OpenDir_fsp() instead of OpenDir(). OpenDir() re-checks the ACL on the directory, which may refuse DIR_LIST permissions. OpenDir_fsp() does not. As this is a file-server internal check to see if the directory actually contains any files before setting delete on close, we can ignore the ACL here (Windows does). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Nov 20 01:46:28 CET 2012 on sn-devel-104
2012-11-19Add comments explaining exactly *why* we don't check FILE_READ_ATTRIBUTES ↵Jeremy Allison1-3/+21
when evaluating file/directory ACE's. If we can access the path to this file, by default we have FILE_READ_ATTRIBUTES from the containing directory. See the section. "Algorithm to Check Access to an Existing File" in MS-FSA.pdf. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
generated by cgit (git 2.34.1) at 2024-07-01 06:13:18 +0000