IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Jan 30 18:21:19 CET 2013 on sn-devel-104
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 8 23:30:41 CET 2013 on sn-devel-104
A worker smbd is as not long-lived as the main smbd, but as the async
echo handler exits when the worker smbd does, passing "true" here is the
right thing to do and fixes our clear_if_first handling when the async
echo handler is active.
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Fri Dec 7 11:29:36 CET 2012 on sn-devel-104
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 30 03:27:07 CET 2012 on sn-devel-104
It's not the client fault, if he doesn't know that encryption is required.
We should just return ACCESS_DENIED and let the client work on other
shares and open files on the current SMB connection.
metze
We already have a server address in sockaddr_storage format.
Also the name "client_socket" was very miss leading,
as it returns the local address of the socket.
metze
They use talloc_tos() internally: hoist that up to the callers, some
of whom don't want to us talloc_tos().
A simple patch, but hits a lot of files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This boolean was only set if the old machine account store (with an
MD4 hash in it) was returned. We have not set that password type for
years. If this call ever worked, it would store a plaintext password,
so we could only ever be here if we had set a password using a version
of Samba so old as not to store plaintext, and then never honered the
flag anyway.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 13 07:52:40 CEST 2012 on sn-devel-104
This makes sure we generate unique persistent file ids,
which are stored in smbXsrv_open_global.tdb.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 29 21:01:11 CEST 2012 on sn-devel-104
Only sconn->smb1.sessions.next_vuid remains as uint16_t,
so that we do not generate larger values yet.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jun 6 12:07:33 CEST 2012 on sn-devel-104
For now we still use a global 'global_smbXsrv_connection'
in order to pass the connection state to exit_server*().
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu May 24 20:07:20 CEST 2012 on sn-devel-104
This will represent a transport connection for SMB 1 or 2
in the server. smbd_server_connection will slowly be moved
to the SMB_VFS layer to satisfy the existing modules,
but it will hopefully be protocol independend in future.
metze
The performance of these is minimal (these days) and they can return
invalid results when used as part of applications that do not use
sys_fork().
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Mar 24 21:55:41 CET 2012 on sn-devel-104
Based on code from Richard Sharpe. Move to talloc from malloc.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Mar 22 00:20:41 CET 2012 on sn-devel-104
This is used to enable async chained command sequences. A synchronous
reply_xxx command does not need to take are anymore about and_x
chaining. The async commands (pipe r/w at this moment) must do so
however. When finished, they must inform the main chain engine that
they are finished with a smb_request_done call.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Sat Mar 10 17:14:05 CET 2012 on sn-devel-104
This is a new implementation of our andx handling code. The old
code was quite involved in that it was called from within the reply_
handlers. This leads to pretty complex faking of smb_request
structures to give them the same environment, independent of whether
they are called directly or from within chain_reply.
chain_reply needs to go because it blocks really async handling of
chained requests.
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
This adds an alisas to ensure that both our loadparm systems know all
the names.
I would like to move to the 'server ..' name as canonical, and this
will be raised on the list.
Andrew Bartlett
No code change, just remove a {} block left over as the else branch
from the previous commit
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Fri Feb 24 18:07:48 CET 2012 on sn-devel-104
We no longer need to call poll() directly inside smbd !
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Feb 17 02:49:13 CET 2012 on sn-devel-104
sys_poll() is only needed if the signal pipe is set up and used, but as
no signal handler ever writes to the pipe, this can all be removed.
signal based events are now handled via tevent.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
This got lost in commit b2511a280a.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Dec 12 10:23:44 CET 2011 on sn-devel-104
We can not read from the echo handler socket when we have the main socket
locked. This leads to the echo responder to lock up sitting in the fcntl lock
while the parent wants to read the remainder of a large packet.
OS/2 sends an unexpected write&x/read&x chain
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Aug 14 08:48:58 CEST 2011 on sn-devel-104
This way we are sure the cache is primed properly and messages can be sent to
processes if necessary as all messaging has been set up.
Signed-off-by: Andreas Schneider <asn@samba.org>
This way we can properly deal with pcap updates in the background queue process
if it is enabled (on by default) and not perform these actions in the main
smbd process.
Signed-off-by: Günther Deschner <gd@samba.org>
Without this, an active client connection can starve the echo responder. This
leads to apparently "lost" SMBs.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Jul 28 18:53:38 CEST 2011 on sn-devel-104
This makes auth3_session_info identical to auth_session_info
The logic to convert the info3 to a struct auth_user_info is
essentially moved up the stack from the named pipe proxy in
source3/rpc_server to create_local_token().
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Move the num_requests field out of the smb1 struct into the generic
struct smbd_server_connection struct. Use it to count SMB2 requests
as well as SMB1 and ensure that check_log_size() is called every 50
SMB2 requests.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jul 8 01:14:53 CEST 2011 on sn-devel-104
This has been a wrapper around server_event_context() for some time
now, and removing this from dummmysmbd.c assists with library
dependencies.
Andrew Bartlett
in the early CTDB days, the RELEASE_IP message was defined
and some code was added to react on such a message to make
smbd exit if the IP address it was using for the server socket
is removed by CTDB.
Later, it was discovered that we need to stop smbd immediately
and logic was added to ctdb_conn to call release_ip() without
going through the messaging system.
So this code is not used and can be removed
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Fri May 20 16:18:24 CEST 2011 on sn-devel-104
This enables activating the echo responder also if SMB2 is enabled, albeit it
will only be used for SMB1 at this moment.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri May 20 15:06:03 CEST 2011 on sn-devel-104
release_ip() needs the private_data, but it was never saved away
to feed it into release_ip() later
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Thu May 19 21:21:14 CEST 2011 on sn-devel-104
"struct smbd_server_connection" is called sconn elsewhere, avoid confusion
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue May 17 19:00:20 CEST 2011 on sn-devel-104
We need to read from the echo socket, pass the socket to read
from down to the read routines
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Apr 14 15:34:36 CEST 2011 on sn-devel-104
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Found by Michael Hanscho <samba@micha.priv.at> with a WinCE client.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jan 14 17:42:05 CET 2011 on sn-devel-104
Since commit 7022554, smbds share a printcap cache (printer_list.tdb),
therefore ordering of events between smbd processes is important when
updating printcap cache information. Consider the following two process
example:
1) smbd1 receives HUP or printcap cache time expiry
2) smbd1 checks whether pcap needs refresh, it does
3) smbd1 marks pcap as refreshed
4) smbd1 forks child1 to obtain cups printer info
5) smbd2 receives HUP or printcap cache time expiry
6) smbd2 checks whether pcap needs refresh, it does not (due to step 3)
7) smbd2 reloads printer shares prior to child1 completion (stale pcap)
8) child1 completion, pcap cache (printer_list.tdb) is updated by smbd1
9) smbd1 reloads printer shares based on new pcap information
In this case both smbd1 and smbd2 are reliant on the pcap update
performed on child1 completion.
The prior commit "reload shares after pcap cache fill" ensures that
smbd1 only reloads printer shares following pcap update, however smbd2
continues to present shares based on stale pcap data.
This commit addresses the above problem by driving pcap cache and
printer share updates from the parent smbd process.
1) smbd0 (parent) receives a HUP or printcap cache time expiry
2) smbd0 forks child0 to obtain cups printer info
3) child0 completion, pcap cache (printer_list.tdb) is updated by smbd0
4) smbd0 reloads printer shares
5) smbd0 notifies child smbds of pcap update via message_send_all()
6) child smbds read fresh pcap data and reload printer shares
This architecture has the additional advantage that only a single
process (the parent smbd) requests printer information from the printcap
backend.
Use time_mono in housekeeping functions As suggested by Björn Jacke.
Since commit eada8f8a, updates to the cups pcap cache are performed
asynchronously - cups_cache_reload() forks a child process to request
cups printer information and notify the parent smbd on completion.
Currently printer shares are reloaded immediately following the call to
cups_cache_reload(), this occurs prior to smbd receiving new cups pcap
information from the child process. Such behaviour can result in stale
print shares as outlined in bug 7836.
This fix ensures print shares are only reloaded after new pcap data has
been received.
Pair-Programmed-With: Lars Müller <lars@samba.org>
pass this in as the &now parameter. Push this call inside of
event_add_to_select_args() to the correct point so it doesn't
get called unless needed.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Dec 23 01:08:11 CET 2010 on sn-devel-104
This fixes a crash in the echo responder when the client started to send the
NetBIOS-Level 0x85-style keepalive packets. We did not correctly check the
packet length, so the code writing the signing seqnum overwrote memory after
the malloc'ed area for the 4 byte keepalive packet.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Oct 7 19:47:35 UTC 2010 on sn-devel-104
Without this, we can get a writable pipe end, but the writev call on the pipe
will block.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Oct 6 13:57:30 UTC 2010 on sn-devel-104
Previously, only one fd handler was being called per main message loop
in all smbd child processes.
In the case where multiple fds are available for reading the fd
corresponding to the event closest to the beginning of the event list
would be run. Obviously this is arbitrary and could cause unfairness.
Usually, the first event fd is the network socket, meaning heavy load
of client requests can starve out other fd events such as oplock
or notify upcalls from the kernel.
In this patch, I have changed the behavior of run_events() to unset
any fd that it has already called a handler function, as well
as decrement the number of fds that were returned from select().
This allows the caller of run_events() to iterate it, until all
available fds have been handled.
I then changed the main loop in smbd child processes to iterate
run_events(). This way, all available fds are handled on each wake
of select, while still checking for timed or signalled events between
each handler function call. I also added an explicit check for
EINTR from select(), which previously was masked by the fact that
run_events() would handle any signal event before the return code
was checked.
This required a signature change to run_events() but all other callers
should have no change in their behavior. I also fixed a bug in
run_events() where it could be called with a selrtn value of -1,
doing unecessary looping through the fd_event list when no fds were
available.
Also, remove the temporary echo handler hack, as all fds should be
treated fairly now.
If select returns -1, we can't rely on the fd sets. The current code might loop
endlessly because when putting an invalid fd (the closed socket?) on the read
set, a select implementation might choose not to touch it but directly return
with EINVAL. Thus run_events will see the socket readable, which leads to a
"return true", and thus a NT_STATUS_RETRY -> same game again.
We should never get into this situation, but to me the logfiles given in bug
7518 do not reveal enough information to understand how this can happen.
Found by the CodeNomicon test suites at the SNIA plugfest.
http://www.codenomicon.com/
If an invalid NetBIOS session request is received the code in name_len() in
libsmb/nmblib.c can hit an assert.
Re-write name_len() and name_extract() to use "buf/len" pairs and
always limit reads.
Jeremy.
This completely removes the DEBUG(0, ..) error message from write_data(). I've
gone through all callers of write_data() and made sure that they have their own
equivalent error message printing.
