1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Commit Graph

114 Commits

Author SHA1 Message Date
Andrew Bartlett
73b377432c s3-talloc Change TALLOC_REALLOC_ARRAY() to talloc_realloc()
Using the standard macro makes it easier to move code into common, as
TALLOC_REALLOC_ARRAY isn't standard talloc.

Andrew Bartlett
2011-06-09 12:40:08 +02:00
Günther Deschner
27022587e3 s3-libsmb: move protos to libsmb/proto.h
Guenther
2011-05-06 16:37:18 +02:00
Jeremy Allison
02af307585 More simple const fixes. 2011-05-05 23:56:07 +02:00
Jeremy Allison
9efea96d16 More const compiler warning fixes. 2011-05-05 11:29:01 -07:00
Jeremy Allison
0c464df22b Change safe_strcpy_base to strlcpy_base. Note the size doesn't change here as the original macro auto-added the -1. 2011-05-04 12:12:14 -07:00
Volker Lendecke
66c968068d s3: Fix Coverity ID 2331: RESOURCE_LEAK 2011-03-27 11:25:33 +02:00
Volker Lendecke
ada2a5a245 s3: Use poll in nmbd 2011-02-28 16:40:19 +01:00
Volker Lendecke
e9f552925d s3: Fix a typed-punned warning
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Feb 14 11:46:50 CET 2011 on sn-devel-104
2011-02-14 11:46:50 +01:00
Stefan Metzmacher
19d3779274 Revert "s3:events: Call all ready fd event handlers on each iteration of the main loop"
This reverts commit 455fccf86b.

I'll add a more generic fix for this problem.

metze
2011-01-31 16:16:09 +01:00
Volker Lendecke
2672101cc4 s3: Remove some unused code 2011-01-07 13:28:07 +01:00
Volker Lendecke
dab6a35f4c s3: Limit the number of unexpected clients to 200
DoS protection like the max winbind clients. Settable by
nmbd:unexpected_clients
2011-01-07 13:28:07 +01:00
Volker Lendecke
5297f3fcff s3: Make nmbd listen on the unexpected socket 2011-01-07 13:28:04 +01:00
Volker Lendecke
4de4703bb9 s3: Fix some nonempty blank lines
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Jan  5 16:03:24 CET 2011 on sn-devel-104
2011-01-05 16:03:24 +01:00
Jeremy Allison
30d29e64cb All calls to event_add_to_select_args() call GetTimeOfDay() and
pass this in as the &now parameter. Push this call inside of
event_add_to_select_args() to the correct point so it doesn't
get called unless needed.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Dec 23 01:08:11 CET 2010 on sn-devel-104
2010-12-23 01:08:11 +01:00
Jeremy Allison
52f2520648 Fix the unexpected.tdb database problem. Change nmbd to store the
transaction id of packets it was requested to send via a client, and
only store replies that match these ids. On the client side change
clients to always attempt to ask nmbd first for name_query and
node_status calls, and then fall back to doing socket calls if
we can't talk to nmbd (either nmbd is not running, or we're not
root and cannot open the messaging tdb's). Fix readers of unexpected.tdb
to delete packets they've successfully read.

This should fix a long standing problem of unexpected.tdb
growing out of control in noisy NetBIOS envioronments with
lots of bradcasts, yet still allow unprivileged client apps
to work mostly as well as they already did (nmblookup for
example) in an environment when nmbd isn't running.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sun Nov 14 05:22:45 UTC 2010 on sn-devel-104
2010-11-14 05:22:45 +00:00
Steven Danneman
455fccf86b s3:events: Call all ready fd event handlers on each iteration of the main loop
Previously, only one fd handler was being called per main message loop
in all smbd child processes.

In the case where multiple fds are available for reading the fd
corresponding to the event closest to the beginning of the event list
would be run.  Obviously this is arbitrary and could cause unfairness.

Usually, the first event fd is the network socket, meaning heavy load
of client requests can starve out other fd events such as oplock
or notify upcalls from the kernel.

In this patch, I have changed the behavior of run_events() to unset
any fd that it has already called a handler function, as well
as decrement the number of fds that were returned from select().
This allows the caller of run_events() to iterate it, until all
available fds have been handled.

I then changed the main loop in smbd child processes to iterate
run_events().  This way, all available fds are handled on each wake
of select, while still checking for timed or signalled events between
each handler function call.  I also added an explicit check for
EINTR from select(), which previously was masked by the fact that
run_events() would handle any signal event before the return code
was checked.

This required a signature change to run_events() but all other callers
should have no change in their behavior.  I also fixed a bug in
run_events() where it could be called with a selrtn value of -1,
doing unecessary looping through the fd_event list when no fds were
available.

Also, remove the temporary echo handler hack, as all fds should be
treated fairly now.
2010-10-01 13:31:33 -07:00
Günther Deschner
b38d0542e1 samba: share select wrappers.
Guenther
2010-10-01 22:30:22 +02:00
Günther Deschner
c217790918 s3-nmbd: move nmbd proto out of main proto.h
Guenther
2010-08-26 00:20:28 +02:00
Jeremy Allison
0f0229c454 Fix unused variable warning after change to new DLINK macros.
Jeremy.
2010-02-10 17:20:21 -08:00
Andrew Tridgell
ece7089918 s3-nmbd: update nmbd to use new DLIST_ macros
(cherry picked from commit 4d23d777bc6d4fad20d0f3084fe658635812bee9)
2010-02-10 15:36:37 -08:00
Jeremy Allison
c2f3ed48c5 More of the fix for bug #7118 - nmbd problems with socket address.
Add a simple "processed packet queue" cache to stop nmbd responding to
packets received on the broadcast and non-broadcast socket (which
it has opened when "nmbd bind explicit broadcast = yes").

This is a very simple packet queue - it only keeps the packets
processed during a single call to listen_for_packets() (i.e. one
select call). This means that if the delivery notification for a
packet received on both broadcast and non-broadcast addresses
is done in two different select calls, the packet will still be
processed twice. This is a very rare occurrance and we can just
live with it when it does as the protocol is stateless. If this
is ever flagged as a repeatable problem then we can add a longer
lived cache, using timeout processing to clear etc. etc. But without
storing all packets processed we can never be *sure* we've eliminated
the race condition so I'm going to go with this simple solution until
someone proves a more complex one is needed :-).

Jeremy.
2010-02-10 12:32:05 -08:00
Jeremy Allison
3f2415c9bf Make "nmbd bind explicit broadcast" on by default.
Fix a comment typo.

Jeremy.
2010-02-08 14:35:02 -08:00
Stefan Metzmacher
30a1bc3650 s3:nmbd: also listen explicit on the subnet broadcast addresses
And send replies always via the unicast address of the subnet.

This behavior is off by default (as before)
and can be enabled with "nmbd:bind explicit broadcast = yes".

metze
2010-02-08 18:35:10 +01:00
Jeremy Allison
1e4868d251 Reduce debug log level from 0 -> 7 on non-critical message.
Jeremy.
2009-09-24 17:44:45 -07:00
Jeremy Allison
6610327770 Fix Coverity bug #902, uninitialized variable.
Jeremy.
2009-04-23 02:02:28 -07:00
Stefan Metzmacher
2630d4a252 s3:nmbd: as the sig_term() handler only sets a flag we don't need to block SIGTERM
The arguments of commit d98bea900e
are no longer valid.

metze
2009-01-27 15:28:09 +01:00
Stefan Metzmacher
048f8dba14 s3: always call run_events() before and after sys_select()
And always setup the fd events.

metze
2009-01-22 12:37:29 +01:00
Jelmer Vernooij
d6a5476ee7 Use sockaddr_storage only where we rely on the size, use sockaddr
otherwise (to clarify we can also pass in structs smaller than
sockaddr_storage, such as sockaddr_in).
2008-10-23 19:53:15 +02:00
Michael Adam
33e3e94e0c nmbd_packets: make queue_packet() public.
Michael
(This used to be commit 363eb90ce8)
2008-08-09 01:15:58 +02:00
Jeremy Allison
0090ec236d Attempt to fix bug #3617. Mix of patches from Volker and
myself. Use standard dlinklist macros.
Jeremy.
(This used to be commit 1b06ee69f6)
2008-01-02 11:56:07 -08:00
Jeremy Allison
afc93255d1 Add SMB encryption. Still fixing client decrypt but
negotiation works.
Jeremy.
(This used to be commit d78045601a)
2007-12-26 17:12:36 -08:00
Jeremy Allison
9e733924d9 Arg. The fix for CVE-2007-6015 hadn't been merged into 3.2.
Do so now....
Jeremy.
(This used to be commit 6b1246c29a)
2007-12-13 16:44:24 -08:00
Gerald (Jerry) Carter
d41713b107 Fix for CVE-2007-5398.
== Subject:     Remote code execution in Samba's WINS
==              server daemon (nmbd) when processing name
==              registration followed name query requests.
==
== CVE ID#:     CVE-2007-5398
==
== Versions:    Samba 3.0.0 - 3.0.26a (inclusive)
...
Secunia Research reported a vulnerability that allows for
the execution of arbitrary code in nmbd.  This defect may
only be exploited when the "wins support" parameter has
been enabled in smb.conf.
(This used to be commit e40c372e0d)
2007-11-15 10:57:31 -06:00
Jeremy Allison
f88b7a076b This is a large patch (sorry). Migrate from struct in_addr
to struct sockaddr_storage in most places that matter (ie.
not the nmbd and NetBIOS lookups). This passes make test
on an IPv4 box, but I'll have to do more work/testing on
IPv6 enabled boxes. This should now give us a framework
for testing and finishing the IPv6 migration. It's at
the state where someone with a working IPv6 setup should
(theorecically) be able to type :
smbclient //ipv6-address/share
and have it work.
Jeremy.
(This used to be commit 98e154c312)
2007-10-24 14:16:54 -07:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Jeremy Allison
8e54530b52 Add start of IPv6 implementation. Currently most of this is avoiding
IPv6 in winbindd, but moves most of the socket functions that were
wrongly in lib/util.c into lib/util_sock.c and provides generic
IPv4/6 independent versions of most things. Still lots of work
to do, but now I can see how I'll fix the access check code.
Nasty part that remains is the name resolution code which is
used to returning arrays of in_addr structs.
Jeremy.
(This used to be commit 3f6bd0e1ec)
2007-10-10 18:25:16 -07:00
Gerald (Jerry) Carter
e5a951325a [GLUE] Rsync SAMBA_3_2_0 SVN r25598 in order to create the v3-2-test branch.
(This used to be commit 5c6c8e1fe9)
2007-10-10 15:34:30 -05:00
Jeremy Allison
0d87820380 r25492: Start adding IPv6 compatible code to lib/util_sock.c and deal with
the ripple effects this causes. utmp has to change etc. Remove some
global varables and store address/port in the unexpected db.
Jeremy.
(This used to be commit 18c6a2211d)
2007-10-10 12:31:09 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Volker Lendecke
ab7a9d2bbe r22902: Add an event_context and a messaging_context to nmbd. Not used yet.
(This used to be commit 6d210fb8a1)
2007-10-10 12:22:06 -05:00
Jeremy Allison
0829e1ad1c r22391: Looks bigger than it is. Make "inbuf" available
to all callers of smb_setlen (via set_message()
calls). This will allow the server to reflect back
the correct encryption context.
Jeremy.
(This used to be commit 2d80a96120)
2007-10-10 12:19:30 -05:00
Jeremy Allison
0a2cc569a1 r22045: As Volker noticed, skip_string's last argument is
redundent. Remove it.
Jeremy.
(This used to be commit 140881cfbb)
2007-10-10 12:19:05 -05:00
Jeremy Allison
261c004d7b r22014: Make us pass RANDOMIPC test again :-(. This is an ugly check-in,
but I've no option.
Jeremy.
(This used to be commit c3a565081d)
2007-10-10 12:19:01 -05:00
Jeremy Allison
4d79117c6d r13887: Fix coverity bug CID #94. mem leak on error codepath.
Jeremy.
(This used to be commit dd47e0ef11)
2007-10-10 11:10:58 -05:00
Jeremy Allison
4c0bf8d75d r13884: Fix coverity CID #95. Resource leak on error path.
Jeremy.
(This used to be commit f4bf550b57)
2007-10-10 11:10:58 -05:00
Gerald Carter
54abd2aa66 r10656: BIG merge from trunk. Features not copied over
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
2007-10-10 11:04:48 -05:00
Jeremy Allison
7171515a01 r5082: Don't blindly copy question rr_type and class, set correctly as required
by rfc1002.
Jeremy.
(This used to be commit 422fb43dda)
2007-10-10 10:55:14 -05:00
Jeremy Allison
e03b7d30d5 r5077: Use correct type for rr record on negative name query reply.
Jeremy.
(This used to be commit 86c5548d27)
2007-10-10 10:55:14 -05:00
Jeremy Allison
22923f7d2d r5076: Ensure that WINS negative name query responses and WACK packets
use the correct RR type of 0xA instead of reflecting back what
the query RR type was (0x20). See rfc1002 sections 4.2.14 and
4.2.16.
Jeremy.
(This used to be commit ab8c924004)
2007-10-10 10:55:13 -05:00