1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

7176 Commits

Author SHA1 Message Date
Stefan Metzmacher
069db9b630 s3:smb2_break: encrypt OPLOCK BREAK notifications
metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug 23 10:01:14 CEST 2012 on sn-devel-104
2012-08-23 10:01:14 +02:00
Stefan Metzmacher
54dfd08cb2 s3:smb2_server: use smbXsrv_session->nonce_*
metze
2012-08-23 08:23:07 +02:00
Stefan Metzmacher
6c7ffa9092 s3:smb2_server: remove dump_data() from smbd_smb2_request_pending_timer()
This was just for debugging...

metze
2012-08-23 08:23:07 +02:00
Andrew Bartlett
125e93cdde s3-pysmbd: Correct the python type for smb_acl_t
The t is weird, but the python bindings trim the traditional IDL name
prefix of each element, as it is usually rudundent.

Andrew Bartlett
2012-08-22 01:31:57 +02:00
Andrew Bartlett
dc063bf3bd s3-pysmbd: Add get/set functions for the posix ACL layer
These will be used to verify that an ACL set as an NT ACL creates
the correct posix ACL.

Andrew Bartlett
2012-08-21 15:25:50 +10:00
Andrew Bartlett
4df2c65ea6 s3-pysmbd: Correct comments in python VFS bindings 2012-08-21 15:25:50 +10:00
Andrew Bartlett
d963aaf73b s3-pysmbd: Add hook for a VFS chown() 2012-08-21 15:25:49 +10:00
Andrew Bartlett
0f2d288f76 s3-smbd: ensure we give appropriate errors for EA requests on streams 2012-08-20 21:57:47 +10:00
Andrew Bartlett
6ce084f092 s3-smbd: Do not look for EA information on a stream
The estimated EA size needs to be of the main file.  However, the fsp
may point to the stream, so we need to ignore it if this is the case.

This may mean we estimate wrong if there has been a rename.

Andrew Bartlett
2012-08-20 21:57:46 +10:00
Andrew Bartlett
f9f8a8c3d8 s3-smbd: Push smb_fname into estimate_ea_size
This ensures that we return the ea size of the stream, not the overall file.

This is important as if there is an EA on the main file, the raw.streams
test was failing.

Andrew Bartlett
2012-08-20 21:57:46 +10:00
Stefan Metzmacher
45471f4d8f s3:smb2_negprot: annouce/negotiate SMB3 encryption support
metze
2012-08-17 14:51:57 +02:00
Stefan Metzmacher
9397d6709f s3:smb2_server: add SMB3 encryption support
metze
2012-08-17 14:51:57 +02:00
Stefan Metzmacher
9f1dfd8fac s3:smbd: don't disconnect the client when a share has "smb encrypt = required"
It's not the client fault, if he doesn't know that encryption is required.
We should just return ACCESS_DENIED and let the client work on other
shares and open files on the current SMB connection.

metze
2012-08-17 14:51:57 +02:00
Stefan Metzmacher
e5d4e8df6b s3:smbd: lp_smb_encrypt() returns SMB_SIGNING_* values
metze
2012-08-17 14:51:57 +02:00
Stefan Metzmacher
8b3da9a1f4 s3:smbd: make use of ENCRYPTION_REQUIRED()
metze
2012-08-17 14:51:57 +02:00
Stefan Metzmacher
16edb6eb7b s3:smb2_server: try to sign an error response if we have a signing key
metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 17 00:54:01 CEST 2012 on sn-devel-104
2012-08-17 00:54:01 +02:00
Stefan Metzmacher
19ca98a162 s3:smb2_server: verify the signature before the session_status
metze
2012-08-16 23:13:07 +02:00
Stefan Metzmacher
f4432fea6a s3:smb2_server: add some const to print_req_vectors()
metze
2012-08-16 23:13:07 +02:00
Volker Lendecke
fbebd7530e s3-libsmb: Add a python wrapper
Please note that this is not finished and only for internal use.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-08-16 21:10:32 +02:00
Andrew Bartlett
1157db293f s3-smbd: Do not check no_acl_syscall_error(errno) after sys_acl_init()
This is no longer a VFS call, so will no longer fail in this way.

Andrew Bartlett
2012-08-16 15:25:39 +10:00
Stefan Metzmacher
b596a116fd s3:smb2_server: do calculations based on SMBD_SMB2_NUM_IOV_PER_REQ in smbd_smb2_request_validate()
metze
2012-08-15 14:45:04 +02:00
Andrew Bartlett
24b1143068 s3-sysacls: Remove sys_acl_free_qualifier() as it is a no-op
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 15 05:23:18 CEST 2012 on sn-devel-104
2012-08-15 05:23:18 +02:00
Andrew Bartlett
6ccfd05e72 s3-sysacls: Remove sys_acl_free_acl() and replace with TALLOC_FREE() 2012-08-15 11:44:50 +10:00
Andrew Bartlett
e25830dcd8 s3-smbd: Remove sys_acl_*() VFS wrapper functions
We no longer do struct smb_acl_t manipuations via the VFS layer,
which is now reduced to handling the get/set functions.

The only backend that implemented these functions (aside from audit)
was the vfs_default module calling the sys_acl code.  The various ACL
implementation modules either worked on the fully initilaised
smb_acl_t object or on NT ACLs.

This not only makes the operation of the posix ACL code more efficient
(as allocation and free is not put via the VFS), it makes it easier to
test and removes the fantasy that a module could safely redefine this
structure or the behaviour here.

The smb_acls.idl now defines the structure, and it is now allocated
with talloc.

These operations were originally added to the VFS in commit
3bb219161a.

Andrew Bartlett
2012-08-15 11:44:50 +10:00
Andrew Bartlett
a63a2a72eb s3-smbd: Remove unused conn argument from convert_permset_to_mode_t() 2012-08-15 11:44:50 +10:00
Andrew Bartlett
3d031f2189 s3-smbd: Call sys_acl_set_permset() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.

Andrew Bartlett
2012-08-15 11:44:49 +10:00
Andrew Bartlett
9f16fcfd3f s3-smbd: Call sys_acl_set_qualifier() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.

Andrew Bartlett
2012-08-15 11:44:49 +10:00
Andrew Bartlett
21e0b91e9c s3-smbd: Call sys_acl_set_tag_type() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.

Andrew Bartlett
2012-08-15 11:44:49 +10:00
Andrew Bartlett
50d147b858 s3-smbd: Call sys_acl_create_entry() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.

Andrew Bartlett
2012-08-15 11:44:48 +10:00
Andrew Bartlett
db544790f1 s3-smbd: Call sys_acl_add_perm() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.

Andrew Bartlett
2012-08-15 11:44:48 +10:00
Andrew Bartlett
631a356ea2 s3-smbd: Call sys_acl_clear_perms() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.

Andrew Bartlett
2012-08-15 11:44:48 +10:00
Andrew Bartlett
d78c7c32dc s3-smbd: Call sys_acl_init() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.

Andrew Bartlett
2012-08-15 11:44:47 +10:00
Andrew Bartlett
8b3227eb45 s3-smbd: Call sys_acl_free_acl() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.

Andrew Bartlett
2012-08-15 11:44:47 +10:00
Andrew Bartlett
6a46fbb393 s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.

Andrew Bartlett
2012-08-15 11:44:47 +10:00
Andrew Bartlett
e019b93f0e s3-smbd: Call sys_acl_get_entry() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.

Andrew Bartlett
2012-08-15 11:44:46 +10:00
Andrew Bartlett
d8fb9e77ec s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.

Andrew Bartlett
2012-08-15 11:44:46 +10:00
Andrew Bartlett
6a2f142b49 s3-smbd: Call sys_acl_get_qualifier() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.

Andrew Bartlett
2012-08-15 11:44:45 +10:00
Andrew Bartlett
d83276c13f s3-smbd: Call sys_acl_get_tagtype() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.

Andrew Bartlett
2012-08-15 11:44:45 +10:00
Andrew Bartlett
3b409324d3 s3-smbd: Call sys_acl_get_permset() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.

Andrew Bartlett
2012-08-15 11:44:45 +10:00
Andrew Bartlett
7dff34f5d0 s3-smbd: Call sys_acl_get_perm() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.

Andrew Bartlett
2012-08-15 11:44:44 +10:00
Björn Jacke
f7403d838f s3: skip loading vfs modules for printer connections
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Sun Aug 12 23:40:23 CEST 2012 on sn-devel-104
2012-08-12 23:40:23 +02:00
Andrew Bartlett
c991ac0ebf s3-smbd: Merge ACE entries based on mapped UID/GID not SID
As the test for a valid posix ACL is based on the unix uid/gid only appearing once in the ACL
the merge process also needs to be UID/GID based.

This is a problem when we have multiple builtin groups mapped to the same POSIX group
as happens in a Samba4 provision.

Andrew Bartlett

Signed-off-by: Jeremy Allison <jra@samba.org>
2012-08-10 14:38:47 -07:00
Andrew Bartlett
d3188a0480 s3-smbd: Convert posix_acls.c to use struct unixid internally
This is consistent with the rest of Samba which uses this structure to represent
a unix uid or gid.

World values remain represented by the owner_type being WORLD_ACE in the containing
structure.  A -1 value is filled in to the unixid.id in the same way the .world value
was initialised in the union.

Andrew Bartlett

Signed-off-by: Jeremy Allison <jra@samba.org>
2012-08-10 14:38:47 -07:00
Andrew Bartlett
1c3c5e2156 s3-smbd: Create a shortcut for building the token of a user by SID for posix_acls
When a user owns a file, but does not have specific permissions on that file, we need to
make up the user permissions.  This change ensures that the first thing that we do
is to look up the SID, and confirm it is a user.  Then, we avoid the getpwnam()
and directly create the token via the SID.

Andrew Bartlett

Signed-off-by: Jeremy Allison <jra@samba.org>
2012-08-10 14:38:47 -07:00
Stefan Metzmacher
8defcb8bd1 Revert "s3:smbd: include smbXsrv.h before smbd/proto.h to have the smbXsrv_ structs available"
This reverts commit 98ccca8dca.

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Aug 10 17:35:38 CEST 2012 on sn-devel-104
2012-08-10 17:35:38 +02:00
Stefan Metzmacher
0e76bbc520 Revert "s3:smbd: Include smbXsrv.h before vfs.h (in smbd.h) so that the smbXsrv structures are available"
This reverts commit e332bfaff5.
2012-08-10 15:56:33 +02:00
Jeremy Allison
b70f23c2b5 Correctly check for errors in strlower_m() returns. 2012-08-09 12:08:18 -07:00
Jeremy Allison
c13887defc Check error returns on strnorm(). 2012-08-09 12:07:32 -07:00
Jeremy Allison
526e875cec Check error returns from strupper_m() (in all reasonable places). 2012-08-09 12:06:54 -07:00
Stefan Metzmacher
0d7b17f4db s3:smb2_sesssetup: setup global->[en|de]cryption_key
metze

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Aug  9 09:59:02 CEST 2012 on sn-devel-104
2012-08-09 09:59:02 +02:00