1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-26 10:04:02 +03:00

693 Commits

Author SHA1 Message Date
Stefan Metzmacher
f0ec69b535 s3:smbd: access checks should not depend on share mode flags
metze
2011-03-21 22:35:19 +01:00
Volker Lendecke
32731db56f s3: Fix some nonempty blank lines 2011-02-27 19:27:44 +01:00
Jeremy Allison
f92fad101a Ensure we don't return an incorrect access mask.
From the Microsoft test suite @ Connectathon:

Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
    File created with access = 0x7 (Read, Write, Delete)
    Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)

Jeremy.
2011-02-25 01:57:04 +01:00
Jeremy Allison
2d0727bc49 Batch oplocks conflict with exclusive as well as themselves.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Feb 24 21:44:50 CET 2011 on sn-devel-104
2011-02-24 21:44:50 +01:00
Jeremy Allison
9e93dacfc6 Remember to free the second temporary string.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Feb 24 04:17:49 CET 2011 on sn-devel-104
2011-02-24 04:17:49 +01:00
Jeremy Allison
916e82823b Fix bug 7950 - Samba 3.5.x fails BASE-CREATEX_SHAREMODES_DIR smbtorture4 test
We need to revalidate the pathname once re-constructed from a root fsp.

Jeremy.
2011-02-23 18:24:41 -08:00
Andrew Bartlett
2e69e89456 s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.

The structure is also not ideal for it's current purpose.  Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session.  This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.

(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-22 16:20:10 +11:00
Jeremy Allison
4ccb7e5bdd Oops. Need to test for if(!NT_STATUS_IS_OK(..)) for error.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Feb  9 22:06:05 CET 2011 on sn-devel-104
2011-02-09 22:06:05 +01:00
Jeremy Allison
8c363e9252 Move to opening an fd on directory opens. Get more careful about symlink races. 2011-02-09 21:21:04 +01:00
Jeremy Allison
65e6dea73f Remove unneeded stat call. 2011-02-09 21:21:04 +01:00
Jeremy Allison
224fc03cb5 Pass fsp to dptr_CloseDir(). Cope with setting the fd if we're closing an fd that opendir knows about. 2011-02-08 15:06:00 -08:00
Jeremy Allison
e68f6adca9 If possible (O_DIRECTORY exists) open an fd for a directory open.
Start of the move towards handle-based code for directory access.
Currently makes fstat/fchown code work for directories rather than
falling back to pathnames.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Feb  8 06:34:41 CET 2011 on sn-devel-104
2011-02-08 06:34:41 +01:00
Jeremy Allison
0a7f1af82c Fix leak in error path. 2011-02-07 17:33:26 -08:00
Jeremy Allison
ece94989b8 Move the "oplock file with byte range locks" check to the correct place, where we're making oplock decisions.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Feb  5 01:18:14 CET 2011 on sn-devel-104
2011-02-05 01:18:14 +01:00
Jeremy Allison
3d4a9ddc24 Based on a conversation with Volker, refactor some of the oplock code to make it comprehensible.
delay_for_oplocks() did 4 things.

1). Validation of existing oplock types.
2). Check for compatibility with batch oplocks (pass 1).
3). Check for compatibility with exclusive oplocks (pass 2).
4). Set the correct oplock type from the requested value.

Refactor into 4 separate functions:

1). find_oplock_types() - does validation of oplock types and
	returns pointers to specific values.
2). delay_for_batch_oplocks() - the pass 1 phase above.
3). delay_for_exclusive_oplocks() - the pass 2 phase above
4). grant_fsp_oplock_type() - Set the correct oplock type from the requested value.

Now separated out this code should be much easier to understand
and modify. This also fixes an erroneous SMB_ASSERT which was
hidden by the previous complexity of the single delay_for_oplocks()
code.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Feb  2 01:52:21 CET 2011 on sn-devel-104
2011-02-02 01:52:21 +01:00
Pavel Shilovsky
7690d9d70c Fix bug #7928 - Samba problems with kernel oplocks option set to "no"
We should not grant levelII oplocks on a file with existing
byte range locks.
2011-01-31 12:00:15 -08:00
Jeremy Allison
44732734cc Fix bug #7863 - Unlink may unlink wrong file when hardlinks are involved.
Do this by keeping a linked list of delete on close tokens, one for
each filename that identifies a path to the dev/inode. Use the
jenkins hash of the pathname to identify the correct token.
2011-01-25 14:23:19 -08:00
Jeremy Allison
9b31f6ab6c Fix bug #7892 - open_file_fchmod() leaves a stale lock.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Dec 29 02:15:23 CET 2010 on sn-devel-104
2010-12-29 02:15:23 +01:00
Jeremy Allison
0a5f4f523f Keep track of the sparse status of an open file handle. Allows bypass of
strict allocation on sparse files. Files opened as POSIX opens are always
sparse.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Dec 21 04:12:22 CET 2010 on sn-devel-104
2010-12-21 04:12:22 +01:00
Jeremy Allison
c8395ac6cf Fix a typo - should be '&&' not '&' when checking for privileges.
Jeremy.
2010-12-01 17:29:05 -08:00
Volker Lendecke
c133fcc0b1 s3: Remove an unused prototype
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Nov  4 17:44:09 UTC 2010 on sn-devel-104
2010-11-04 17:44:09 +00:00
Jeremy Allison
272feb7bd1 Revert "Wrap security_token_has_privilege() with a check for lp_enable_privileges(). Needed"
Not needed - privileges code prevents "enable privileges = no" from adding privileges
anyway.

This reverts commit a8b95686a7bde3f96f141b6938e24e101567ef54.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 23:41:36 UTC 2010 on sn-devel-104
2010-10-22 23:41:36 +00:00
Jeremy Allison
a8b95686a7 Wrap security_token_has_privilege() with a check for lp_enable_privileges(). Needed
to maintain compatibility with smb.conf manpage.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 18:15:48 UTC 2010 on sn-devel-104
2010-10-22 18:15:48 +00:00
Jeremy Allison
e00c2b3cdf Add code to implement SeSecurityPrivilege in net rpc rights, and in the
open and get/set NT security descriptor code.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Oct 21 00:15:57 UTC 2010 on sn-devel-104
2010-10-21 00:15:57 +00:00
Jeremy Allison
8cad5e23b6 Fix bug #7734 - When creating files with "inherit ACLs" set to true, we neglect to apply appropriate create masks.
Jeremy.
2010-10-15 17:38:21 -07:00
Jeremy Allison
92adb68637 Fix bug #7733 - Invalid client DOS attributes on create can cause incorrect unix mode_t to be generated.
It turns out a client can send an NTCreateX call for a new file, but specify
FILE_ATTRIBUTE_DIRECTORY in the attribute list. Windows silently strips this,
but we don't - causing the unix_mode() function to go through the "mode bits
for new directory" codepath, instead of the "mode bits for new file" codepath.

Jeremy.
2010-10-15 17:38:21 -07:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Volker Lendecke
db607331d3 s3: Remove smbd_server_conn from msg_file_was_renamed 2010-10-03 18:17:09 +02:00
Volker Lendecke
3cf3d54fbc s3: Remove smbd_server_conn from validate_my_share_entries 2010-10-03 18:17:09 +02:00
Volker Lendecke
75c6e0e5c7 s3: Lift smbd_server_conn from file_find_di_first 2010-09-28 07:36:17 +02:00
Volker Lendecke
b448e42de4 s3: Lift smbd_server_conn from file_find_dif 2010-09-28 07:36:16 +02:00
Andrew Bartlett
d1bb21b0d5 s3:auth Remove NT_USER_TOKEN
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Günther Deschner
b5bdcdd65e s3-build: only include "fake_file.h" where needed.
Guenther
2010-08-26 00:20:28 +02:00
Volker Lendecke
fec8505e0b s3: Avoid an unnecessary ftruncate call
If we just created the file, it has length 0 by definition. This is still done
while holding the share mode lock, so no race around wrt other cifs clients.
2010-07-29 22:46:36 +02:00
Simo Sorce
849cc65654 s3-smbd: Migrated to new spoolss functions for printing.
Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:13 -04:00
Volker Lendecke
e168b85f00 s3: Remove procid_self() from fill_deferred_open_entry() 2010-07-05 11:06:31 +02:00
Volker Lendecke
ba3b101c45 s3: Remove smbd_messaging_context() from send_break_message() 2010-07-05 11:06:26 +02:00
Günther Deschner
a75436e3ee s3-security: use shared SECINFO_DACL define.
Guenther
2010-06-03 11:00:12 +02:00
Günther Deschner
e24a59f932 s3-security: use shared SECINFO_SACL define.
Guenther
2010-06-03 10:59:54 +02:00
Günther Deschner
630c27bdad s3-security: use shared SECINFO_GROUP define.
Guenther
2010-06-03 10:59:38 +02:00
Günther Deschner
415d3d5fe7 s3-security: use shared SECINFO_OWNER define.
Guenther
2010-06-03 10:59:15 +02:00
Günther Deschner
f9f8007361 s3-build: only use ndr_security.h where needed.
Guenther
2010-05-31 11:32:37 +02:00
Jeremy Allison
895b99fd6b Be more forgiving on client oplock break failure (as Windows does). Remove a global.
Jeremy.
2010-05-13 11:33:02 -07:00
Jeremy Allison
ed6fa379ef Treat an open of stream ::$DATA as an open of the base file.
This fixes a class of SMB_ASSERT failures when doing stream tests.

Jeremy.
2010-05-13 10:54:15 -07:00
Günther Deschner
c6ebab846d s3: only include gen_ndr headers where needed.
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time
as follows:

ccache build w/o patch
real    4m21.529s
ccache build with patch
real    3m6.402s

pch build w/o patch
real    4m26.318s
pch build with patch
real    3m6.932s

Guenther
2010-05-06 00:22:59 +02:00
Simo Sorce
168b86c384 s3-smbd: group print relate data in own structure 2010-04-23 14:26:33 -07:00
Jeremy Allison
2bbb8c917e Allow smb2 create requests to be cancelled.
Jeremy.
2010-04-23 13:10:15 -07:00
Jeremy Allison
8f67f873ac Make deferred opens (NT_STATUS_SHARING_VIOLATION) work over SMB2.
Makes SMB2Create call re-entrant internally.
Now this infrastructure is in place, oplocks will follow shortly.
Tested with Win7 client and with W2K8R2.

Jeremy.
2010-04-22 23:52:19 -07:00
Jeremy Allison
7984243768 Move to using 64-bit mid values in our internal open file database.
This will allow us to share logic much easier between SMB1 and SMB2
servers.

Jeremy
2010-04-12 21:40:28 -07:00
Jeremy Allison
e15939b456 Plumb SMB2 stubs into all the places we defer SMB1 operations.
Rename functions to be internally consistent. Next step is
to cope queueing single (non-compounded) SMB2 requests to
put some code inside the stubs.

Jeremy.
2010-04-09 19:26:34 -07:00