1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-28 07:21:54 +03:00
Commit Graph

47 Commits

Author SHA1 Message Date
Jeremy Allison
b70f23c2b5 Correctly check for errors in strlower_m() returns. 2012-08-09 12:08:18 -07:00
Stefan Metzmacher
95e4270813 s3:smb2_tcon: set global->encryption_required and enforce it
This the account or client doesn't support encryption we should
reject the tree connect.

metze
2012-08-09 08:21:35 +02:00
Stefan Metzmacher
f08e478d2f s3:smb2_tcon: make use of SMBD_SMB2_* macros
metze
2012-08-05 20:55:37 +02:00
Stefan Metzmacher
88f326a2c0 s3:smb2_tcon: reject access to shares mark as "smb encrypt = required"
We do not support SMB2 transport encryption yet.

metze
2012-07-23 18:19:36 +02:00
Rusty Russell
fe72740e82 loadparm: make the source3/ lp_ functions take an explicit TALLOC_CTX *.
They use talloc_tos() internally: hoist that up to the callers, some
of whom don't want to us talloc_tos().

A simple patch, but hits a lot of files.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-07-18 15:07:23 +09:30
Stefan Metzmacher
463b308f16 s3:smbd: make use of smbXsrv_tcon and smbXsrv_session for smb2
The removes the protocol specific smbd_smb2_session and
smbd_smb2_tcon.

Pair-Programmed-With: Michael Adam <obnox@samba.org>

metze
2012-06-25 20:55:06 +02:00
Stefan Metzmacher
f52e5738a2 s3:smbd: use 'struct user_struct' instead of typedef'ed 'user_struct'
metze
2012-06-06 10:18:39 +02:00
Stefan Metzmacher
302f767fb7 s3:smb2_tcon: make the top level code async using
metze
2012-05-14 15:12:33 +02:00
Stefan Metzmacher
b19a9dbb5b s3:smb2_tcon: add smbd_smb2_tree_connect_send/recv as wrapper
metze
2012-05-14 15:12:33 +02:00
Stefan Metzmacher
f6b6e963f6 s3:smbd: keep 'num_connections' and 'connections' directly under smbd_server_connection
The plan is to have connection_struct as some kind of low level
abstraction for a smb1/smb2 tree connects, that can be used by SMB_VFS modules.

metze
2012-03-06 21:26:05 +01:00
Andrew Bartlett
d7bb961859 s3-auth: Remove security=share (depricated since 3.6).
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.

The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok.  This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server

At the same time, this closes the door on one of the most arcane areas
of Samba authentication.

Naturally, full user-name/password authentication remain available in
security=user and above.

This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.

Andrew Bartlett

                       --------------
                      /              \
                     /      REST      \
                    /        IN        \
                   /       PEACE        \
                  /                      \
                  |      SEC_SHARE       |
                  |    security=share    |
                  |                      |
                  |                      |
                  |       5 March        |
                  |                      |
                  |        2012          |
                 *|     *  *  *          | *
        _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-04 23:33:05 +01:00
Jeremy Allison
39c627b607 Fix bug 8710 - connections.tdb - major leak with SMB2.
Ensure the cnum used to claim the connection for SMB2 is the
id that will be used for the SMB2 tcon. Based on code from
Ira Cooper <ira@wakeful.net>.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jan 18 23:14:32 CET 2012 on sn-devel-104
2012-01-18 23:14:32 +01:00
Christian Ambach
717a27ba22 s3:smb2 report access_based_dir_enum in tcon reply
let the client know when hide unreadable or hide unwriteable files
is set for a share
2011-11-24 17:26:02 +01:00
Christian Ambach
faf8b9bba0 s3:smb2 do not set allow_namespace_caching flag for a share
this matches Win7/2002R2 behavior and clients also must ignore
this flag when set (MS-SMB 2.2.10), so we should not set it at all
2011-11-24 17:25:58 +01:00
Stefan Metzmacher
68b33aa61a s3:smb2_server: return BAD_NETWORK_NAME if the path is terminated in SMB2_TCON
metze
2011-09-07 10:38:08 +02:00
Stefan Metzmacher
02f7c37e67 s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_tcon.c
metze
2011-09-07 10:38:03 +02:00
Andrew Bartlett
9289537993 s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username
This is closer to the layout of struct auth_session_info in auth.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Stefan Metzmacher
a1046389ff s3:smb2_tcon: return the correct maximal_access on the share
metze
2011-07-11 21:33:29 +02:00
Jeremy Allison
fe3992541d Move smbd_smb2_request_check_tcon() smbd_smb2_request_check_session() next to their only user and make them static. Add comments.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jul  8 21:01:40 CEST 2011 on sn-devel-104
2011-07-08 21:01:40 +02:00
Andrew Bartlett
489f528857 param: Merge param headers into lib/param/loadparm.h
This defines a common table format, so we can in future define a
common table.

Andrew Bartlett
2011-06-29 15:44:09 +10:00
Jeremy Allison
02af307585 More simple const fixes. 2011-05-05 23:56:07 +02:00
Günther Deschner
af300a9fcb s3-auth: smbd needs auth.h
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
8c24ebf371 s3: include smbd/smbd.h where needed.
Guenther
2011-03-30 01:13:08 +02:00
Andrew Tridgell
15e84a9a09 charcnv: removed the allow_badcharcnv and allow_bad_conv options to convert_string*()
we shouldn't accept bad multi-byte strings, it just hides problems

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
2011-03-24 01:47:26 +01:00
Andrew Bartlett
2e69e89456 s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.

The structure is also not ideal for it's current purpose.  Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session.  This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.

(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-22 16:20:10 +11:00
Jeremy Allison
f0dcc90f72 Fix bug 7781 - Samba transforms ShareName to lowercase (sharename) when adding new share via MMC
Change the find_service() interface to not depend on fstring, and
create a useable talloc-based interface.

Jeremy.
2010-11-10 01:14:17 +00:00
Jeremy Allison
edefaf5bed Move tcons.num_open from smb1 to sconn->num_tcons_open as this is needed for SMB2 also. 2010-10-19 15:13:17 -07:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Volker Lendecke
1d3bd5b1c0 s3: Fix some uninitialized variable warnings 2010-08-30 15:57:14 +02:00
Jeremy Allison
b2a7ad8c95 Make DFS work over SMB2.
Jeremy.
2010-05-21 16:56:10 -07:00
Jeremy Allison
fad5d33bf8 Fix connecting to [homes] share over SMB2.
Jeremy.
2010-05-19 21:27:43 -07:00
Jeremy Allison
31b12622cf When tearing down the connection make sure we close all files before
freeing the global context, as we close access to the locking db
before freeing the global context.

Jeremy.
2010-05-07 06:54:16 -07:00
Jeremy Allison
882fb1828f Fix crash in cancel-tdis lock test. Correctly shut down connection.
Jeremy.
2010-05-07 00:33:59 -07:00
Jeremy Allison
3f643f18d9 Correctly report share types (now Win7 makes RPC calls against us).
Jeremy.
2010-04-26 21:36:01 -07:00
Jeremy Allison
bf45b4f4fd First part of fix for bug #7331 - Compound async SMB 2 requests don't work right.
Gets us handling SMB2 compound async requests similar to W2K8R2
(and triggers the same client bug in the Win7 redirector). Great
thanks to Ira Cooper <samba@ira.wakeful.net> for helping with
this and to Metze for the wonderful async framework. The one
thing I need to fix to make us identical to W2K8R2 is that
when a compound request goes async at the end W2K8R2 splits
the replies up into a compound non-async reply followed by
a separate async reply. Currently we're doing the whole thing
in a compound reply.

Jeremy.
2010-04-17 21:20:17 -07:00
Jeremy Allison
556b42a351 On compound requests, MS-SMB2 says clients MAY use 0xFFFFFFFF for compound tid and 0xFFFFFFFFFFFFFFFF for compound sessionid values. Cope with this.
Jeremy.
2010-04-07 10:32:01 -07:00
Jeremy Allison
d1950d66c4 Make conn_close_all() safe to call from SMB2 sessions (fix crash bug).
Ensure we don't call close_cnum() with SMB2, also talloc_move the
compat_conn pointer from the NULL context onto the tcon context
in SMB2 as it's conceptually owned by that pointer.

Jeremy.
2010-02-24 18:11:07 -08:00
Christian Ambach
7050764a3a streamline some log levels for invalid servicenames
I don't think we need to log the fact that a user gave a wrong sharename in Explorer with the highest log level.
The level of this was not very consistent:
service.c:		DEBUG(3,("find_service() failed to find service %s\n", service));
service.c:		DEBUG(0,("%s (%s) couldn't find service %s\n",
smb2_tcon.c:		DEBUG(1,("smbd_smb2_tree_connect: couldn't find service %s\n",

This changes the last two to 3 as the first one.

Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2009-12-06 22:31:35 +01:00
Stefan Metzmacher
1df883aa39 libcli: move some common SMB and SMB2 stuff into libcli/smb/
This will hold code that's shared between source3 and source4.

metze
2009-08-12 18:28:32 +02:00
Stefan Metzmacher
fedac72dfc s3:smbd: make sure we don't call conn_free() with a NULL pointer for SMB2
metze
2009-08-12 13:27:59 +02:00
Stefan Metzmacher
9aa1d25907 s3:smbd: rename conn => sconn for smbd_server_connection structs
This should avoid confusion between smbd_server_connection
and connection_struct variables.

metze
2009-08-08 10:48:39 +02:00
Stefan Metzmacher
c54e6b19e3 s3:smbd: add a smbd_server_connection pointer to connection_struct
This can be NULL for faked connection structs used in the rpc server
or printing code.

metze
2009-08-07 14:18:14 +02:00
Stefan Metzmacher
e545b253d8 s3:smbd: call set_current_service() when a SMB2 tcon will be used
metze
2009-06-04 22:41:17 +02:00
Stefan Metzmacher
4b14ebb91d s3:smbd: return more details in the SMB2 Tree Connect response
metze
2009-06-03 17:54:39 +02:00
Stefan Metzmacher
0099f4758e s3:smbd: create a connection_struct in SMB2 Tree Connect
metze
2009-06-03 17:54:38 +02:00
Stefan Metzmacher
202509a347 s3:smbd: implement SMB2 Tree Disconnect
metze
2009-05-22 14:03:14 +02:00
Stefan Metzmacher
7dfbb2835f s3:smbd: implement SMB2 Tree Connect
For now this only checks if the share is present or not.

metze
2009-05-22 14:03:13 +02:00