IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This is the one where I found the problem that led to 3.2.5. So if there is one
checkin in the last year that I would like others to review and *understand*,
it is this one :-)
Volker
This converts the range checks for the setup[] array to rely on req->wct being
set correctly in init_smb_request. As that already verifies the vwv array to be
in the range of the smb_request inbuf, we don't have to do overflow checks here
anymore.
Jeremy, please check thoroughly! :-)
Thanks,
Volker
This fixes a potential crash bug, a client can make us read memory we
should not read. Luckily I got the disp checks right...
Volker
(cherry picked from commit 64a1d80851)
(cherry picked from commit f04c5650a3)
This is a modification of Jeremy's 7522ef15ac
commit.
If no DACL/SACL is present in the packet, the SEC_INFO field should still be
passed down as is to the VFS layer to signal the creation of a NULL DACL/SACL.
As seen in metze RAW-ACL test_nttrans_create_null_dacl(), a NULL DACL is set
regardless of the SEC_DESC_DACL_PRESENT bit being set.
to specific bits every time a security descriptor is set. The S4 torture suite proves
that generic bits are not returned when querying an ACL set using them (ie. only
the specific bits are stored on disk).
Jeremy.
When alignment was in place, we pretended to send more data/params according to
the param_offset/param_length and data_offset/data_length parameters than would
actually fit into the SMB according to the NBSS length field.
(This used to be commit ef3c132b84)
Some of the bits generate INVALID_PARAMETER and some bits
are ignored when they come from a client, that's why we need
to use bits from the ignored range for our internal usage.
metze
(This used to be commit 7b4c8a4e39)
fsp_belongs_conn only used the vuid struct member anyway, and this is available
in the smb_request structure as well.
(This used to be commit 64e9372ab9)
this can only be done via fset_nt_acl() using an open
file/directory handle. I'd like to do the same with
get_nt_acl() but am concerned about efficiency
problems with "hide unreadable/hide unwritable" when
doing a directory listing (this would mean opening
every file in the dir on list).
Moving closer to rationalizing the ACL model and
maybe moving the POSIX calls into a posix_acl VFS
module rather than having them as first class citizens
of the VFS.
Jeremy.
(This used to be commit f487f742cb)
We now never call file_ntimes() directly, every update
is done via smb_set_file_time().
This let samba3 pass the BASE-DELAYWRITE test.
The write time is only updated 2 seconds after the
first write() on any open handle to the current time
(not the time of the first write).
Each handle which had write requests updates the write
time to the current time on close().
If the write time is set explicit via setfileinfo or setpathinfo
the write time is visible directly and a following close
on the same handle doesn't update the write time.
metze
(This used to be commit 2eab212ea2)
create_file calls unix_convert internally, so modifies fname. So we can't use
"fname" after create_file has returned. Use fsp->fsp_name instead.
Found during a lengthy debugging session with Karolin testing the xattr_tdb
module...
(This used to be commit 183fe57046)
Up to now, get_nt_acl() took a files_struct pointer (fsp) and
a file name. All the underlying functions should need and now
do need (after the previous preparatory work), is a connection_struct
and a file name. The connection_struct is already there in the
vfs_handle passed to the vfs functions. So the files_struct
argument can be eliminated.
This eliminates the need of calling open_file_stat in a couple
of places to produce the fsp needed.
Michael
(This used to be commit b5f600fab5)
I'm checking in this long sequence of micro-checkins for review, the overall
patch from 3b057022a5 to this is not too large.
(This used to be commit 51db8d09a4)
False instead of NULL. Fix more of the notifications to
be correct for Samba4 RAW-NOTIFY torture (we had missed
one when calling set_ea_dos_attribute().
Jeremy.
(This used to be commit 39d265375c)
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
to follow. Ensure we don't prepend "./" as a root
directory - this is an invalid pathname for unix_convert().
Jeremy.
(This used to be commit f70ac2e258)
the main server code paths. We should now be able to cope with
paths up to PATH_MAX length now.
Final job will be to add the TALLOC_CTX * parameter to
unix_convert to make it explicit (for Volker).
Jeremy.
(This used to be commit 7f0db75fb0)
There are now ony 17 pstrings left in reply.c,
and these will be easy to remove (and I'll be
doing that shortly). Had to fix an interesting
bug in pull_ucs2_base_talloc() when a source
string is not null terminated :-).
Jeremy.
(This used to be commit 0c9a8c4dff)
and make valgrindtest. Final step will be to change srvstr_get_path()
to return talloced memory in the major codepaths.
Jeremy.
(This used to be commit cf6b6f9c3a)
This adds the two functions talloc_stackframe() and talloc_tos().
* When a new talloc stackframe is allocated with talloc_stackframe(), then
* the TALLOC_CTX returned with talloc_tos() is reset to that new
* frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse
* happens: The previous talloc_tos() is restored.
*
* This API is designed to be robust in the sense that if someone forgets to
* TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and
* resets the talloc_tos().
The original motivation for this patch was to get rid of the
sid_string_static & friends buffers. Explicitly passing talloc context
everywhere clutters code too much for my taste, so an implicit
talloc_tos() is introduced here. Many of these static buffers are
replaced by a single static pointer.
The intended use would thus be that low-level functions can rather
freely push stuff to talloc_tos, the upper layers clean up by freeing
the stackframe. The more of these stackframes are used and correctly
freed the more exact the memory cleanup happens.
This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and
lp_talloc_ctx (did I forget any?)
So, never do a
tmp_ctx = talloc_init("foo");
anymore, instead, use
tmp_ctx = talloc_stackframe()
:-)
Volker
(This used to be commit 6585ea2cb7)
The really pure bugfix would have replaced pparam by *pparam, but we pulled
the fid anyway.
Metze, in line 2421 the FSP_BELONGS_CONN is commented out, is that intended?
The FSCTL_CREATE_OR_GET_OBJECT_ID ioctl did not have it.
Volker
(This used to be commit 2c1376225b)
nt_open_pipe_new() is a copy of nt_open_pipe(). It will stick for a bit
until do_nt_transact_create_pipe is converted as well.
(This used to be commit 247d6baaed)
The complete history of this patch can be found under
http://www.samba.org/~vlendec/inbuf-checkin/.
Jeremy, Jerry: If possible I would like to see this in 3.2.0. I'm only
checking into 3_2 at the moment, as it currently will slow down operations for
all non-converted (i.e. all at this moment) operations, as it will copy the
talloc'ed inbuf over the global InBuffer. It will need quite a bit of effort
to convert everything necessary for the normal operations an XP box does.
I have patches for negprot, session setup, tcon_and_X, open_and_X, close. More
to come, but I would appreciate some help here.
Volker
(This used to be commit 5594af2b20)
Next step is to remove the bug that in the trans2 code we use the inbuf
as the base pointer to decide whether we need ucs2 alignment where we
need to use the beginning of the params buffer
Jeremy, last one for today to reviw :-)
(This used to be commit 18078b9faa)
checkin will pull this up to srvstr_get_path. At that point we can get more
independent of the inbuf, the base_ptr in pull_string will only be used
to satisfy UCS2 alignment constraints.
(This used to be commit 836782b07b)
that contains some of the fields from the SMB header, removing the need
to access inbuf directly. This right now is used only in the open file
code & friends, and creating that header is only done when needed. This
needs more work, but it is a start.
Jeremy, I'm only checking this into 3_0, please review before I merge it
to _26.
Volker
(This used to be commit ca988f4e79)
return to correctly return NT_STATUS_INVALID_OWNER if it
should be disallowed. Matches better what W2K3R3 does.
NFSv4 ACL module owners, please examine these changes.
Jeremy.
(This used to be commit fc6899a550)
This replaces the internal explicit dev/ino file id representation by a
"struct file_id". This is necessary as cluster file systems and NFS
don't necessarily assign the same device number to the shared file
system. With this structure in place we can now easily add different
schemes to map a file to a unique 64-bit device node.
Jeremy, you might note that I did not change the external interface of
smb_share_modes.c.
Volker
(This used to be commit 9b10dbbd5d)
to all callers of smb_setlen (via set_message()
calls). This will allow the server to reflect back
the correct encryption context.
Jeremy.
(This used to be commit 2d80a96120)
the wire. Strange.... But now we're returning Windows compatible
extended info. Next to fix the pipe returns and NTTrans Creates.
Jeremy.
(This used to be commit 57e46f2f80)
response to NTCreateX - need to fix this also for
pipe open and NTTransCreate as well so this isn't
finished.
Jeremy.
(This used to be commit be742f2481)
works from smbclient and Windows, and I am promising to
support and fix both client and server code moving forward.
Still need to test the RPC admin support but I haven't
changed that code.
Jeremy.
(This used to be commit 7a7862c01d)
asking open_file_ntcreate for a batch oplock if the client asked us to do so,
even if it did not ask for an oplock in the first place. Did not test it, but
I think this is bogus anyway.
Volker
(This used to be commit 0b94af112b)
for utimes - change the call to ntimes. This preserves
nsec timestamps we get from stat (if the system supports
it) and only maps back down to usec or sec resolution
on time set. Looks bigger than it is as I had to move
lots of internal code from using time_t and struct utimebuf
to struct timespec.
Jeremy.
(This used to be commit 8f3d530c5a)
srvstr_get_path(inbuf, name, smb_buf(inbuf) + 1, sizeof(name), 0, STR_TERMINATE, &status);
if (!NT_STATUS_IS_OK(status)) {
return ERROR_NT(status);
}
RESOLVE_DFSPATH(name, conn, inbuf, outbuf);
status = unix_convert(conn, name, False, NULL, &sbuf);
if (!NT_STATUS_IS_OK(status)) {
return ERROR_NT(status);
}
status = check_name(conn, name);
if (!NT_STATUS_IS_OK(status)) {
return ERROR_NT(status);
}
Make sure that every access pattern (including the
wildcard generated paths from unlink, rename, and copy)
do the same. Tidy things up a bit....
Jeremy.
(This used to be commit b8327b21dd)
Move more error code returns to NTSTATUS.
Client test code to follow... See if this
passes the build-farm before I add it into
3.0.25.
Jeremy.
(This used to be commit 83dbbdff34)
based approach. The only remaining hook into the backend is now
void *(*notify_add)(TALLOC_CTX *mem_ctx,
struct event_context *event_ctx,
files_struct *fsp, uint32 *filter);
(Should we put this through the VFS, so that others can more easily plug in?)
The trick here is that the backend can pick filter bits that the main smbd
should not handle anymore. Thanks to tridge for this idea.
The backend can notify the main smbd process via
void notify_fsp(files_struct *fsp, uint32 action, char *name);
The core patch is not big, what makes this more than 1800 lines are the
individual backends that are considerably changed but can be reviewed
one by one.
Based on this I'll continue with inotify now.
Volker
(This used to be commit 9cd6a8a827)
Allow us to correctly refuse to set delete on close on a
non-empty directory. There are still some delete-on-close
wrinkles to be fixed, but I understand how to do that better
now. I'll fix this tomorrow.
Jeremy.
(This used to be commit 0296358858)
watch carefully - so I'm doing it in one transaction so I can
roll back).
Change check_name(), reduce_name() and dptr_create() to
return NTSTATUS. This helps a lot in error path processing
and especially in reduce_name() allows us to ditch the flaky
and error-prone saving of errno and return errors directly.
Jeremy.
(This used to be commit 6133a694aa)
The only difference between the two trees now w.r.t file
serving are the changes to smbd/open.c in this branch I need
to review.
Jeremy.
(This used to be commit f4474edf6a)
The only error path of can_delete() that we're interested in ntcreate&x is the
one of can_delete_file_in_directory(), so call that directly.
The only other one where we might get a NT_STATUS_ACCESS_DENIED is from the
lstat in can_delete, but this is covered later in the open_directory and
open_file_ntcreate calls. open_directory does a stat() in the open case which
also covers the (potential) symlink, and open_file_ntcreate does the open(2)
itself, so this should also work.
This makes can_delete() static to reply.c.
Volker
(This used to be commit d289037fdb)
first of the raw-notify subtests, the one-level test_notify_dir without any
flags around yet.
The tricky part was getting the data structures right, I hope the next tests
don't let that fall over.
fsp->notify is now by default NULL, meaning that nobody has issued a
changenotify call. This means nobody is interested in changes for this
directory.
If that has happened, notify_change_buf collects the changes if no current
request is outstanding, and it collects the requests if no change has happened
since the last request.
Happy New Year, somewhere on this planet it's already 2007 :-)
Volker
P.S: Jeremy, there's a question for you in smbd/files.c line 367.
(This used to be commit ce0ad24988)
call_nt_transact_notify_change() is now sync if there are changes around.
A notify_message does a direct reply from within the message, so
process_pending_change_notify_queue is not needed anymore for samba-generated
events. Next step is to restructure the kernel-mechanisms to generate
messages.
Volker
(This used to be commit c813f71d00)
Checking in because Jeremy was bugging me. Potentially this becomes quite
intrusive, I'm not sure if I should open a temporary branch for this.
Jeremy, Jerry, do you think 3_0 is the right place for this?
Volker
(This used to be commit bcf5c751cb)
by ensuring we pass in a valid src_len (or zero when appropriate).
Volker is correct in that this is a *horrible* interface and he is
now free to generally clean it up everywhere :-). Go for it Volker !
Jeremy.
(This used to be commit cd991fb839)
This involved passing the dirname as argument to a few routines instead of
calling parent_dirname() deep down.
Volker
(This used to be commit 7977fd7865)
error messages: We relied upon a stat that a directory did not exist to later
on then do the mkdir or not. This does the mkdir directly and copes with a
potential error.
The second one is more important: It's possible with Samba 3 to do a
ntcreate&x with NTCREATEX_OPTIONS_DIRECTORY and we happily do a NT_STATUS_OK.
Also move up the use_nt_status() logic a bit. I think this does not belong
into the core routines, the smb server as such should take care of it.
Jeremy, do you think this should go to 3.0.24?
I'll update samba4torture when the build farm has picked up this checkin.
Volker
(This used to be commit 472fb11f49)
off conn->mem_ctx, not the null context so we can
safefy free everything on conn close. Should fix
possible memleak.
Jeremy.
(This used to be commit b33bde7b39)
Many things work (OpenHKLM, etc...) but some still don't.
This shouldn't block anyone so I'm checking it in.
Will probably move to a bzr tree after this for
longer dev cycles between checkins.
(This used to be commit cf1404a0d7)
on the wire. This allows us to go to nsec resolution
for systems that support it. It should also now be
easy to add a correct "create time" (birth time)
for systems that support it (*BSD). I'll be watching
the build farm closely after this one for breakage :-).
Jeremy.
(This used to be commit 425280a1d2)
logic in smbd/process.c. All interested (Volker,
Jerry, James etc). PLEASE REVIEW THIS CHANGE.
The logic should be identical but *much* easier
to follow and change (and shouldn't confuse Klockwork :-).
Jeremy.
(This used to be commit d357f8b335)
mid replies on path based set-eof trans2 calls.
Needs modification for HEAD (as in head open_file_ntcreateX
properly returns NTSTATUS - I'll fix this tomorrow my
time). Secondly it still fails the Samba4 RAW-OPLOCK
smbtorture because of an interesting case. Our oplock
code always returns "break to level 2" if it can.
In this case (path-based set-eof or set-allocation size
on an exclusive oplocked file) W2K3 always sends a
break-to-none. We send the break to none (from level2)
after we've done the write for eof or allocation size.
I need to work out some way of telling our break code
to always break to none (might need to extend the message
field).
Jeremy.
(This used to be commit ad9895c654)
into 3.0. Also merge the new POSIX lock code - this
is not enabled unless -DDEVELOPER is defined.
This doesn't yet map onto underlying system POSIX
locks. Updates vfs to allow lock queries.
Jeremy.
(This used to be commit 08e52ead03)
realloc can return NULL in one of two cases - (1) the realloc failed,
(2) realloc succeeded but the new size requested was zero, in which
case this is identical to a free() call.
The error paths dealing with these two cases should be different,
but mostly weren't. Secondly the standard idiom for dealing with
realloc when you know the new size is non-zero is the following :
tmp = realloc(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
However, there were *many* *many* places in Samba where we were
using the old (broken) idiom of :
p = realloc(p, size)
if (!p) {
return error;
}
which will leak the memory pointed to by p on realloc fail.
This commit (hopefully) fixes all these cases by moving to
a standard idiom of :
p = SMB_REALLOC(p, size)
if (!p) {
return error;
}
Where if the realloc returns null due to the realloc failing
or size == 0 we *guarentee* that the storage pointed to by p
has been freed. This allows me to remove a lot of code that
was dealing with the standard (more verbose) method that required
a tmp pointer. This is almost always what you want. When a
realloc fails you never usually want the old memory, you
want to free it and get into your error processing asap.
For the 11 remaining cases where we really do need to keep the
old pointer I have invented the new macro SMB_REALLOC_KEEP_OLD_ON_ERROR,
which can be used as follows :
tmp = SMB_REALLOC_KEEP_OLD_ON_ERROR(p, size);
if (!tmp) {
SAFE_FREE(p);
return error;
} else {
p = tmp;
}
SMB_REALLOC_KEEP_OLD_ON_ERROR guarentees never to free the
pointer p, even on size == 0 or realloc fail. All this is
done by a hidden extra argument to Realloc(), BOOL free_old_on_error
which is set appropriately by the SMB_REALLOC and SMB_REALLOC_KEEP_OLD_ON_ERROR
macros (and their array counterparts).
It remains to be seen what this will do to our Coverity bug count :-).
Jeremy.
(This used to be commit 1d710d06a2)
by saving the UNIX token used to set a delete on close flag,
and using it when doing the delete. libsmbsharemodes.so still
needs updating to cope with this change.
Samba4 torture tests to follow.
Jeremy.
(This used to be commit 23f16cbc2e)
only tell at parse time from the wire if an incoming name
has wildcards or not. If it's a mangled name and we demangle
the demangled name may contain wildcard characters. Ensure
these are ignored.
Jeremy.
(This used to be commit 4cd8e2a96b)
* \PIPE\unixinfo
* winbindd's {group,alias}membership new functions
* winbindd's lookupsids() functionality
* swat (trunk changes to be reverted as per discussion with Deryck)
(This used to be commit 939c3cb5d7)
tests on this as it's very late NY time (just wanted to get this work
into the tree). I'll test this over the weekend....
Jerry - in looking at the difference between the two trees there
seem to be some printing/ntprinting.c and registry changes we might
want to examine to try keep in sync.
Jeremy.
(This used to be commit c7fe18761e)
checking for write access in a directory before delete. Also
controls checking for write access before labeling a file read-only
if DOS attributes are not being stored in EA's.
Docuementation to follow.
Jeremy.
(This used to be commit dd1a5e6e49)
fix trans2 and nttrans secondary packet processing. We were being too strict checking
the incoming packet (by 1 byte).
Jeremy.
(This used to be commit 3eea1ff4b7)
pulling back all recent rpc changes from trunk into
3.0. I've tested a compile and so don't think I've missed
any files. But if so, just mail me and I'll clean backup
in a couple of hours.
Changes include \winreg, \eventlog, \svcctl, and
general parse_misc.c updates.
I am planning on bracketing the event code with an
#ifdef ENABLE_EVENTLOG until I finish merging Marcin's
changes (very soon).
(This used to be commit 4e0ac63c36)
"allocation roundup size", by default set as 1Mb. From
advice by BlueArc about Windows client behaviour. VC++
people can set this to zero to turn it off.
Jeremy.
(This used to be commit 833ca10177)
idea, and aparently improved performance in some circumstances, but it
breaks the VC++ compiler :-(. Not cool. Fix bug #2146.
Jeremy.
(This used to be commit b9f147634d)
only care about failing with ACCESS_DENIED if we can't delete
with DELETE access requested. All other errors will be processed
as normal.
Jeremy.
(This used to be commit 360800592c)
to a WXPSP2 client we must do permission checking in userspace first
(this is a race condition but what can you do...). Needed for bugid #2227.
Jeremy.
(This used to be commit da23577f16)
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
