summaryrefslogtreecommitdiff
path: root/source4/smb_server/smb
AgeCommit message (Collapse)AuthorFilesLines
2009-08-05changed BCC handling for SMBwriteX to handle broken MacOSX clientAndrew Tridgell1-13/+8
see bug #6610 The MacOSX SMB client sets the BCC value in SMBwriteX calls to zero instead of the correct size. Checking against WindowsXP, I've found that Windows uses the maximum of the computed buffer size and the given BCC value. I've changed Samba4 to do the same to allow MacOSX to work. I've limited this change to non-chained packets to ensure we don't get the possibility of exploits based on overlapping chained requests
2009-08-05on buffer overflow windows gives SMBSRV:ERRerror hereAndrew Tridgell1-1/+1
2009-08-04fixed support for readx greater than 64kAndrew Tridgell1-1/+2
This fixes bug 6547, where smbclient in S3 reads more than 64k at a time with readx.
2009-07-01use the new talloc_reparent in two placesAndrew Tridgell1-1/+1
2009-05-26s4:smb2srv: We only support SMB 2.002.Stefan Metzmacher1-1/+0
We need to loop over all given dialects and check if we can find SMB2_DIALECT_REVISION_202. metze
2009-05-20Have ntvfs_connect() accept union smb_tcon *tcon instead of char* sharenameSam Liddicott2-23/+4
This change brings ntvfs_connect into compliance with other ntvfs functions which take an ntvfs module, an ntvfs request and an smb io union. It now becomes the responsibility of ntvfs modules to examine tcon->generic.level themselves and derive the share name and any other options directly; e.g. const char *sharename; switch (tcon->generic.level) { case RAW_TCON_TCON: sharename = tcon->tcon.in.service; break; case RAW_TCON_TCONX: sharename = tcon->tconx.in.path; break; case RAW_TCON_SMB2: default: return NT_STATUS_INVALID_LEVEL; } if (strncmp(sharename, "\\\\", 2) == 0) { char *p = strchr(sharename+2, '\\'); if (p) { sharename = p + 1; } } service.c smbsrv_tcon_backend() is called before ntvfs_connect and fills in some of the tcon->..out values. For the case of RAW_TCON_TCONX, it filles out tcon->tconx.out.tid and tcon->tconx.out.options For the case of RAW_TCON_TCON it fills out tcon->tcon.out.tid and tcon->tcon.out.max_xmit Thus the ntvfs_connect function for vfs modules may override these values if desired, but are not required to. ntvfs_connect functions are required to fill in the tcon->tconx.out.*_type fields, for RAW_TCON_TCONX, perhaps something like: if (tcon->generic.level == RAW_TCON_TCONX) { tcon->tconx.out.fs_type = ntvfs->ctx->fs_type; tcon->tconx.out.dev_type = ntvfs->ctx->dev_type; } Signed-off-by: Sam Liddicott <sam@liddicott.com> (I fixed the ntvfs_connect() in the smb_server/smb2/ and the RAW_TCON_SMB2 switch case in the modules) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-04-23Add async support for reply_tcon* and ntvfs_connectSam Liddicott2-70/+105
smbsrv_tcon_backend no longer creates the ntvfs_request wrapper, so smbsrv_reply_tcon* can now do this and then invoke ntvfs_connect in the typical manner using SMBSRV_SETUP_NTVFS_REQUEST and SMBSRV_CALL_NTVFS_BACKEND Previously smbsrv_tcon_backend has been responsible for instantiating the ntvfs_module_context to service a tree-connect request, and then create an ntvfs_request wrapper around the smbsrv_request and pass this to ntvfs_connect for the newly created ntvfs. These actions could not be invoked asynchronously. This meant that any client requests made while instantiating the ntvfs module, including any composite's used during authentication (or related client connections for the case of proxy modules) would block other ntvfs modules and requests in the current process as they executed a nested event loop to await completion. Signed-off-by: Sam Liddicott <sam@liddicott.com> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-03-01s4: Use same function signature for convert_* as s3.Jelmer Vernooij1-6/+6
2009-03-01Add allow_badcharcnv argument to all conversion function, forJelmer Vernooij1-2/+2
consistency with Samba 3.
2009-02-13Remove auth/ntlm as a dependency of GENSEC by means of function pointers.Andrew Bartlett3-27/+27
When starting GENSEC on the server, the auth subsystem context must be passed in, which now includes function pointers to the key elements. This should (when the other dependencies are fixed up) allow GENSEC to exist as a client or server library without bundling in too much of our server code. Andrew Bartlett
2009-02-02s4:smb_server: s/private/private_dataStefan Metzmacher3-6/+6
metze
2008-11-02Fix the build.Jelmer Vernooij1-1/+1
2008-11-02Add gensec_settings structure. This wraps loadparm_context for now, butJelmer Vernooij2-2/+2
should in the future only contain some settings required for gensec.
2008-10-24Remove unused include param/param.h.Jelmer Vernooij2-2/+0
2008-10-24Remove iconv_convenience argument from convert_string{,talloc}() butJelmer Vernooij1-2/+2
make them wrappers around convert_string{,talloc}_convenience().
2008-10-24Remove iconv_convenience parameter from simple string push/pullJelmer Vernooij2-2/+2
functions.
2008-10-11Fix include paths to new location of libutil.Jelmer Vernooij1-1/+1
2008-09-30s4:smb_server/smb: FLAGS2_SMB_SECURITY_SIGNATURES should only be echoed, not ↵Stefan Metzmacher1-5/+6
set always metze
2008-09-29NetApp found that we never set the smb signing flags2.Andrew Bartlett1-0/+4
This was found during testing at the CIFS plugfest. No other client seems to honour or use this bit, but it is quite ligitimately required by the spec. Andrew Bartlett
2008-09-23s4:smb_server: remove the bogus smbsrv_signing_restart()Stefan Metzmacher2-41/+2
Real signing always starts with seqnumber 2, and once signing is on the session key never change anymore for the complete smb connection. metze
2008-09-22Explain why we use signing for DCs, but not file serversAndrew Bartlett1-0/+9
2008-09-05Move our DC to implement mandetory signing.Andrew Bartlett2-4/+10
(this does not change the file server role, and only really changes what 'server signing = auto' means) Optional signing really isn't any benifit to network security. In doing so, allow anonymous clients (if permitted by policy) to log in without signing, as Samba3 does not sign these connections (which would use an all-zero key, so pointless). Andrew Bartlett (This used to be commit 468bf839c500ed1a26ab9a358ee64a4c0a695797)
2008-09-05With a windows 2008 client, even anonymous requires signing...Andrew Bartlett1-6/+0
Andrew Bartlett (This used to be commit a89f9818180e8fb868975c444c4d0e5aaa8d4e79)
2008-07-24initialise query_maximal_access here tooAndrew Tridgell1-0/+1
(This used to be commit 4b3af09450cf33c6785a3d8fddddc68047f2e388)
2008-07-24make sure we initialise query_maximal_accessAndrew Tridgell1-0/+1
(This used to be commit 036f73d39a7ef882fd76afcd3c11eef483f6c308)
2008-07-07smb_server/smb: handle incoming multi fragmented nttrans requestsStefan Metzmacher1-16/+152
metze (This used to be commit 9a5f7bf68b20e3b490b209b5cfc4408566320f2e)
2008-07-07smb_server/smb: prepare multi fragmented nttrans requestsStefan Metzmacher1-3/+3
metze (This used to be commit 36a39b92d732a682e38ad4b3f733951fee4757ed)
2008-07-07smb_server/smb: trans(2) setup count is uint8_tStefan Metzmacher1-2/+3
metze (This used to be commit 1b507a9b8e2ede5a4eb542bdf7a0eab9269b9f7b)
2008-07-07smb_server/smb: transs and transs2 calls have different word countsStefan Metzmacher1-1/+12
Also add a note about NT_STATUS_DOS(ERRSRV, ERRerror). metze (This used to be commit 4287b7c1323796cf0688d0fae9b5bd4e840e3d48)
2008-07-07smb_server/smb: fix crash bug with fragmented trans callsStefan Metzmacher1-13/+20
We need to use smbsrv_setup_secondary_request(req) to send the trans ack, because smbsrv_send_reply(req) destroys 'req' and the partial trans list had dead elements in the list. Also make sure the partial list element is removed by a talloc destructor. metze (This used to be commit 221f4d6e534a40b7def6e51dc6b4f9e8057d18b7)
2008-06-02more updates for new info levelsAndrew Tridgell1-3/+12
(This used to be commit 85d1873ee92fcc7df3addc42ddb8189144901f8b)
2008-05-28make sure we send a reply packet for bad create optionsAndrew Tridgell1-1/+2
(This used to be commit f9b94f62998aef5f5f3879ac3cfba93016fa521b)
2008-05-26stricter checks for valid inputs in SMB2 open and lockAndrew Tridgell1-0/+5
(This used to be commit a7b5689a73adde59de28770aa3949660441291ea)
2008-05-19Merge commit 'origin/v4-0-test' into vfs_smb2Andrew Tridgell1-2/+2
(This used to be commit 733937e87a1adcc19492ea2bd138e705701901b6)
2008-05-18Fix a couple (well, little more than that..) of typos.Jelmer Vernooij1-1/+1
(This used to be commit a6b52119940a900fb0de3864b8bca94e2965cc24)
2008-05-18Create prototype headers from Makefile directory, without smb_build in the ↵Jelmer Vernooij1-1/+1
middle. (This used to be commit f4a77b96f9c17d853348b70794026e5b9e384942)
2008-05-18Use variables for source directory in a couple more places.Jelmer Vernooij1-1/+1
(This used to be commit c41bd3005f5f0b9cfd3709fc9217b4a401d265b4)
2008-05-16fixed warningAndrew Tridgell1-1/+2
(This used to be commit d5165ed7a77120f42c25c4997be2630f0f1cb98c)
2008-04-18Flag smb messages array with AND_X and LARGE_REQUESTAmin Azez1-10/+21
If smb_messages flags show for which opcodes VWV(0) signifies chaining modes, and also which opcodes can have requests >64K then the bcc / req->in.data_size fixup in smbsrv_recv_smb_request can be more safely applied. This fix permits nttrans requests >64K to be handled. It is not yet clear if THAT is a good thing, but this fix does the current thing more nicely. (This used to be commit 8e4f16e975e192709f398c98650cbe9fe2a76261)
2008-04-18Re-order smbsrv_recv_smb_request and smb_messagesAmin Azez1-99/+99
No functional change, just re-ordering so that smbsrv_recv_smb_request can refer to smb_messages in a future patch (This used to be commit d06eafea1a3e7fa61c94492cf504e6fd81da861d)
2008-04-17Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-testAndrew Tridgell1-2/+3
(This used to be commit 3ab9abf40605a4a6b220faeebaef81546a8d87a0)
2008-04-17fix the overflow/wrap checks in Samba4 for new gcc optimisation behaviorAndrew Tridgell1-3/+3
The approach I have used is as set out in https://www.securecoding.cert.org/confluence/display/seccode/ARR38-C.+Do+not+add+or+subtract+an+integer+to+a+pointer+if+the+resulting+value+does+not+refer+to+an+element+within+the+array (This used to be commit 92d5fb531db39be655f0cbd2d75b5f675a0a4cfa)
2008-04-17Specify event_context to ldb_wrap_connect explicitly.Jelmer Vernooij1-2/+3
(This used to be commit b4e1ae07a284c044704322446c94351c2decff91)
2008-04-14Use _OBJ_FILES variables in a couple more places.Jelmer Vernooij1-6/+8
(This used to be commit 92856d5054106894b65cd1a1b5119c0facfc4cff)
2008-04-02Install public header files again and include required prototypes.Jelmer Vernooij3-0/+3
(This used to be commit 47ffbbf67435904754469544390b67d34c958343)
2008-03-11smb_server: pass down RAW_RENAME_NTTRANS to the ntvfs layerStefan Metzmacher1-1/+24
metze (This used to be commit 80711c03e0e8fba6f80261facd939ef00e06c7fd)
2008-03-07Use 32 bit storage for nttrans countsAmin Azez1-5/+5
Erroneous 16bit storage for nttrans counts meant that nttrans behaved "strangely" for sizes of over 64K As 32 bit is used in the SMB message and specified in http://us4.samba.org/samba/ftp/specs/draft-leach-cifs-v1-spec-02.txt section 3.13.2 this fix changes storage to match. Signed-off-by: Amin Azez <azez@ufomechanic.net> (This used to be commit d66b6c3823f003875e3b7cdf63617a894cceadf9)
2008-03-06ntvfs: pass down the client capabilities into the ntvfs layerStefan Metzmacher1-0/+6
Note that we don't use any protocol specific values here. For now only NTVFS_CLIENT_CAP_LEVEL_II_OPLOCKS is defined others should be defined, when we find out that the ntvfs layer needs to know about it. metze (This used to be commit cc42cd5f6753ca582677fa6f403f0419eec5ab10)
2008-02-21Remove more global_loadparm instance.sJelmer Vernooij1-1/+1
(This used to be commit a1280252ce924df69d911e597b7f65d8038abef9)
2008-02-18Fix build with partial linking.Jelmer Vernooij1-1/+0
(This used to be commit bfad9610c472e8d7e3656e19c8dbb6b85727dc13)