summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2010-01-19s3: Remove a comment from ancient times that no longer appliesVolker Lendecke1-1/+0
2010-01-17s3: Protect against an invalid bcc in SMBsendtxtVolker Lendecke1-1/+1
2010-01-12Make file access control decisions a lot easier to debug (at level 10).Jeremy Allison1-0/+11
Jeremy.
2010-01-12Fix bug #7033 - SMBrmdir call always returns true, even on failure to delete ↵Jeremy Allison1-2/+6
a directory. Argh. Missed the second (and essential) part of the fix for the above :-(. Jeremy
2010-01-12Fix bug #7033 - SMBrmdir call always returns true, even on failure to delete ↵Jeremy Allison1-2/+6
a directory. There is a codepath missing to propagate back error returns from the rmdir POSIX call inside close_directory when delete on close is set. This means doing an rmdir on a Windows command line will always report success, even when the directory was not deleted. This fix adds that codepath back into Samba. Jeremy.
2010-01-12Fix bug #6876 - Delete of an object whose parent folder does not have delete ↵Jeremy Allison2-3/+7
rights fails even if the delete right is set on the object. Final fix for the vfs_acl_xattr and vfs_acl_tdb code. Ensure we can delete a file even if the underlying POSIX permissions don't allow it, if the Windows permissions do. Jeremy.
2010-01-12Remove the global char *LastDir.Jeremy Allison3-22/+1
This is no longer used for anything.
2010-01-11s3-lanman: Allow a level2 descriptor for a level1 NetShareGetInfoGiovanni Bajo1-1/+3
Windows seems to allow this http://lists.samba.org/archive/samba-technical/2009-November/068116.html has a dump of this.
2010-01-10s3: Remove the typedef for "auth_serversupplied_info"Volker Lendecke3-6/+6
2010-01-10s3: Remove the typedef for "auth_usersupplied_info"Volker Lendecke1-2/+2
2010-01-08Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"Jeremy Allison1-0/+3
This bug re-occurred for 3.3.x and above. The reason is that to change a NT ACL we now have to open the file requesting WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions in posix_acls doesn't add these bits when "dos filemode = yes", so even though the permission or owner change would be allowed by the POSIX ACL code, the NTCreateX call fails with ACCESS_DENIED now we always check NT permissions first. Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access. Jeremy.
2010-01-07s3:smbd:password_in_history: treat entry with 0 salt as 0 + plain nt hashMichael Adam1-6/+24
This is to introduce a new format of the password history, maintaining backwards compatibility: The old format was 16 byte hash + 16 byte md5(salt + nt hash). The new format is 16 zero bytes and 16 bytes nt hash. This will allow us to respect the last X entries of the nt password history when deciding whether to increment the bad password count. This is part of the fix for bug #4347 . Michael
2010-01-07s3: Remove some code that has become unnecessaryVolker Lendecke1-8/+0
The code I just removed was checked in with e5466fffc286a99f as a bug fix for https://bugzilla.samba.org/show_bug.cgi?id=3319. With the changes to is_visible_file made with 9e8b8f8c16612 these lines have become unnecessary, even with "hide unreadable = yes" dead msdfs symlinks show. This is because we can not stat(2) them and default to showing them. Why this change? I have a user who wants to use "hide unreadable" on msdfs links. Because you can't edit acls on symlinks themselves, the user created the targets as bogus, empty files that just exist as acl placeholders. With the code in place that this patch removes, we never allow this to work. Jeremy, please check! :-) Thanks, Volker
2010-01-07s3: Factor password_in_history() out of check_passwd_history()Volker Lendecke1-25/+41
2010-01-07s3: Fix a typoVolker Lendecke1-1/+1
2010-01-07s3: Avoid a memset(, 0, ) callVolker Lendecke1-2/+1
2010-01-05Fix bug #7020 - smbd using 2G memory.Jeremy Allison1-0/+10
When deferring an async pipe writeX and readX transfer the outstanding request struct onto the conn struct. This needs freeing after the packet is finally processed. Jeremy.
2009-12-23The posix acl version of set_nt_acl() could set the stat_exJeremy Allison1-7/+15
struct in the fsp->fsp_name pointer incorrectly for a directory. Fix this. Make map_canon_ace_perms() public. Jeremy.
2009-12-22s3:ntlmssp: only include ntlmssp.h where actually neededAndrew Bartlett3-0/+3
Andrew Bartlett
2009-12-22s3: Move smb_splice_chain to smbd/process.c, its only userVolker Lendecke1-0/+174
2009-12-21Fix bug reported in mangle_hash code (no bugid yet).Jeremy Allison1-0/+9
Don't change the contents of a const string via a pointer alias (or if you do, change it back.....). Jeremy.
2009-12-21Rename reply_doserror() -> reply_force_doserror().Jeremy Allison4-29/+21
Rewrite all calls to reply_nterror(NT_STATUS_DOS()) to reply_force_doserror() and update the comment in smbd/error.c Jeremy.
2009-12-21Remove all calls to reply_doserror - turn them intoJeremy Allison6-120/+121
correct reply_nterror calls. Next rename reply_doserror -> reply_force_doserror and plumb in when NT_STATUS_DOS is used. Jeremy.
2009-12-18Actually explain the twisty paths of tortured logic behindJeremy Allison1-14/+42
reply_doserror(), reply_nterror(), and reply_nterror(NT_STATUS_DOS()). Fix the call in rely_openerror() to actually force a DOS error for "too many open files". Jeremy.
2009-12-18reply_doserror() doesn't force DOS errors on the wire.Jeremy Allison1-10/+10
Start migrating uses of reply_doserror() to reply_nterror() with the correct mapping. Eventually we'll get to the point where we can change reply_doserror() to force a DOS error code on the wire, and can change calls to reply_nterror(req, NT_STATUS_DOS()) - which *does* force DOS errors on the wire - to reply_doserror(). Which might actually make the server code look like it's making sense. Jeremy.
2009-12-17Always map EMFILE to ERRDOS, ERRnofids, *NOT* NT_STATUS_TOO_MANY_OPENED_FILES.Jeremy Allison1-0/+4
This is what W2KR3 does for NTCreateX and openX calls. May be the correct fix for bug 6837 - "Too many open files" when trying to access large number of files. Jeremy.
2009-12-17Vector correctly through reply_openerror() (which uses the same logic).Jeremy Allison1-6/+1
Jeremy.
2009-12-17Fix bug #6939 - mangling method = hash breaks long filenames.Jeremy Allison1-1/+4
We were returning the wrong sense of the bool. must_mangle() has to return !NT_STATUS_IS_OK, not NT_STATUS_IS_OK. Jeremy.
2009-12-16Add helpful debug of DACL for errors on ACL access.Jeremy Allison1-2/+10
Jeremy.
2009-12-15Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned ↵Jeremy Allison2-18/+25
attributes by protocol level. This makes us consistant in returning DOS attrs across all replies. Tested on OS/2 by Günter Kukkukk. Jeremy.
2009-12-12s3: Fix a very embarrassing build failureVolker Lendecke1-2/+2
2009-12-08s3-spoolss: use driver level info8 everywhere in spoolss server internally.Günther Deschner1-25/+25
Guenther
2009-12-06streamline some log levels for invalid servicenamesChristian Ambach2-2/+2
I don't think we need to log the fact that a user gave a wrong sharename in Explorer with the highest log level. The level of this was not very consistent: service.c: DEBUG(3,("find_service() failed to find service %s\n", service)); service.c: DEBUG(0,("%s (%s) couldn't find service %s\n", smb2_tcon.c: DEBUG(1,("smbd_smb2_tree_connect: couldn't find service %s\n", This changes the last two to 3 as the first one. Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2009-12-04Make Samba3 pass the RAW-LOCK test as Windows.Jeremy Allison1-0/+24
Implement the win7 NT_STATUS_INVALID_LOCK_RANGE. Make smbd behave as Windows does in canceling locks. Jeremy.
2009-12-03Make sure we're not using the old smb_fname data.Jeremy Allison1-1/+1
Jeremy.
2009-12-03Remove smb_fname duplicates that just keep the same information as in ↵Jeremy Allison1-13/+11
fsp->fsp_name. Moving towards making VFS_OPEN/VFS_MKDIR/VFS_RMDIR handle based... Jeremy.
2009-12-03Refactor reply_rmdir to use handle based code. AllJeremy Allison2-262/+298
calls are now handle based. Put rmdir into close.c and make it private. Jeremy.
2009-12-02Remove unneeded argument from can_set_delete_on_close(). EnsureJeremy Allison3-25/+18
can_set_delete_on_close() is correctly called before any setting of the disposition bit (clean up the do_unlink() call). Jeremy.
2009-12-02Fix bug #6837 - "Too many open files" when trying to access large number of ↵Jeremy Allison1-2/+0
files from Windows 7. Original patch by me fixed up with the correct open files number by jmaggard10@hotmail.com. Jeremy.
2009-12-01Ensure we don't see the xattr used to store NT security (visible when xattr_tdbJeremy Allison1-1/+1
is used). Allows make test to pass with acl_xattr.so prepended to the vfs modules. Jeremy.
2009-12-01s3: Fix smbd to correctly return INVALID_LEVEL on set_file_end_of_file_info ↵Tim Prouty1-5/+26
for paths This allows smbd to pass the freshly updated RAW-SFILEINFO-END-OF-FILE torture test.
2009-11-29s3: "check_magic" only looks at the sizeVolker Lendecke1-1/+1
2009-11-29s3: "disk_quotas" only looks at the devicenumberVolker Lendecke1-17/+13
2009-11-29s3: Pass the "fake dir create times" parameter to sys_*statVolker Lendecke2-14/+20
Step 0 to restore it as a per-share paramter
2009-11-26s3-smbd: no drsuapi server stubs yet in s3. Fixes the build, sorry.Günther Deschner1-1/+0
Guenther
2009-11-26s3-rpc: Avoid including every pipe's client and server stubs everywhere in ↵Günther Deschner2-0/+17
samba. Guenther
2009-11-25Make us pass RAW-CHKPATH with a case sensitive share.Jeremy Allison1-42/+105
I know Volker will look at this closely so here's the explaination :-). Originally on a case-sensitive share we simply did a stat (or lstat) call and returned success of fail based on the result. However this failed to take account of incoming paths with a wildcard (which must always fail, and with different error messages depending on whether the wildcard is the last component or in the path). Also it failed to take account of a stat fail with ENOENT due to a missing component of the path as the last component (which is ok as it could be a new file) or if the ENOENT was due to the missing component within the path (not the last component) - which must return the correct error. What this means is that with "case sensitive = yes" we do one more talloc call (to get the parent directory) and one more stat call (on the parent directory) in the case where the stat call fails. I think this is an acceptable overhead to enable case sensitive shares to return the correct error messages for applications. Volker please examine carefully :-). Jeremy.
2009-11-25Fix crash due to uninitialized pointer (not a problem in 3.4.x or below).Jeremy Allison1-2/+1
Jeremy.
2009-11-25s3 setfileinfo: Open with FILE_WRITE_DATA when setting the file sizeTim Prouty1-1/+1
This matches what is outlined here: http://msdn.microsoft.com/en-us/library/ms804363.aspx This is also inline with how winXP/win7 handle this. See RAW-SFILEINFO-END-OF-FILE* in smbtorture4.
2009-11-24Remove call into reduce_name if case sensitive. This allows us to passJeremy Allison1-2/+1
RAW-CHKPATH when case sensitive = yes, but isn't the correct way to do it. I'm testing a larger patch to smbd/filename.c that should fix this correctly, and will add a torture test to ensure RAW-CHKPATH is run against a case sensitive share once this is done. Jeremy.