Age | Commit message (Collapse) | Author | Files | Lines |
|
When a samba server process dies hard, it has no chance to clean up its entries
in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb.
For locking.tdb and brlock.tdb Samba is robust by checking every time we read
an entry from the database if the corresponding process still exists. If it
does not exist anymore, the entry is deleted. This is not 100% failsafe though:
On systems with a limited PID space there is a non-zero chance that between the
smbd's death and the fresh access, the PID is recycled by another long-running
process. This renders all files that had been locked by the killed smbd
potentially unusable until the new process also dies.
This patch is supposed to fix the problem the following way: Every process ID
in every database is augmented by a random 64-bit number that is stored in a
serverid.tdb. Whenever we need to check if a process still exists we know its
PID and the 64-bit number. We look up the PID in serverid.tdb and compare the
64-bit number. If it's the same, the process still is a valid smbd holding the
lock. If it is different, a new smbd has taken over.
I believe this is safe against an smbd that has died hard and the PID has been
taken over by a non-samba process. This process would not have registered
itself with a fresh 64-bit number in serverid.tdb, so the old one still exists
in serverid.tdb. We protect against this case by the parent smbd taking care of
deregistering PIDs from serverid.tdb and the fact that serverid.tdb is
CLEAR_IF_FIRST.
CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not
work when all smbds are restarted. For this, "net serverid wipe" has to be run
before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up
sessionid.tdb and connections.tdb.
While there, this also cleans up overloading connections.tdb with all the
process entries just for messaging_send_all().
Volker
|
|
|
|
Karolin
|
|
detects CAP_DAC_OVERRIDE being left on in error.
Jeremy.
|
|
into a read-only directory, or read a owner-read-only file.
Jeremy.
|
|
|
|
controlled developer machines.
Jeremy.
|
|
Found by Laurent Gaffie <laurent.gaffie@gmail.com>.
Thanks!
Volker
|
|
Also add torture test to check filter parsing.
|
|
|
|
to respond to a read or write."
This reverts commit a6ae7a552f851a399991262377cc0e062e40ac20.
This fixes bug #7222 (All users have full rigths on all shares) (CVE-2010-0728).
(cherry picked from commit 1c9494c76cc9686c61e0966f38528d3318f3176f)
|
|
Michael
|
|
|
|
this module adds optional server-side support for limited rename operations
beyond filesystem boundaries, which was the previously the default.
|
|
cross-device rename support has some major limitations:
- on huge files clients will timeout or hang
- ACLs and EA information is not retained
Usually a client will have to handle this. A Windows Server with a reparse
point will also just return NT_STATUS_NOT_SAME_DEVICE. We will now by default
do the same.
I will add a vfs module which will restore the old cross-device renames.
|
|
Now that cifs-utils are their own project, we need to go ahead and pull
them out of the samba tree. This patch represents the first step toward
that end.
Remove the cifs-utilities from the source3 and source4 builds. Please
pay particular attention to the source4 piece. I'm not at all familiar
with the build system there, and would appreciate someone sanity
checking my changes.
It also adds a small README.cifs-utils file in the topdir. This is
optional, but I think it's a good idea to carry this for a release or
two.
Once this patch looks ok, I'll plan to do another patch to actually
remove the client dir and the relevant docs-xml files from the tree
altogether.
Signed-off-by: Jeff Layton <jlayton@redhat.com>
|
|
Thanks to Geza Gemes <geza@kzsdabas.hu> for filing this bug
|
|
Ensure we don't use any of the create_options for Samba private
use. Add a new parameter to the VFS_CREATE call (private_flags)
which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code).
Rev. the VFS interface to version 28.
Jeremy.
|
|
If we don't pass enough arguments we don't have to close the connection.
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
|
|
|
|
|
|
spoolss_EnumPrinterDataEx IDL change.
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
That will hopefully make debugging a bit easier (at least for me).
metze
|
|
Guenther
|
|
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
Jeremy.
|
|
This reverts commit 22d316926b9589608d332143c1fa134229b75b3c.
Please see bug #7209 for details.
|
|
On some broken systems like RHEL5, we need to be able
to disable --as-needed.
metze
|
|
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
Signed-off-by: Bo Yang <boyang@samba.org>
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This permits to set the security descriptor of a registry
key from the unix command line.
Michael
|
|
Michael
|
|
Michael
|
|
sddl format
Michael
|
|
New net_registry_getsd_internal does the work(),
net_registry_getsd() just prints the result.
This in preparation to add support for other output formats
than the currently used display_sec_desc().
Michael
|
|
|