1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00
Commit Graph

138 Commits

Author SHA1 Message Date
Volker Lendecke
89c785c47a s3: Fix a long-standing problem with recycled PIDs
When a samba server process dies hard, it has no chance to clean up its entries
in locking.tdb, brlock.tdb, connections.tdb and sessionid.tdb.

For locking.tdb and brlock.tdb Samba is robust by checking every time we read
an entry from the database if the corresponding process still exists. If it
does not exist anymore, the entry is deleted. This is not 100% failsafe though:
On systems with a limited PID space there is a non-zero chance that between the
smbd's death and the fresh access, the PID is recycled by another long-running
process. This renders all files that had been locked by the killed smbd
potentially unusable until the new process also dies.

This patch is supposed to fix the problem the following way: Every process ID
in every database is augmented by a random 64-bit number that is stored in a
serverid.tdb. Whenever we need to check if a process still exists we know its
PID and the 64-bit number. We look up the PID in serverid.tdb and compare the
64-bit number. If it's the same, the process still is a valid smbd holding the
lock. If it is different, a new smbd has taken over.

I believe this is safe against an smbd that has died hard and the PID has been
taken over by a non-samba process. This process would not have registered
itself with a fresh 64-bit number in serverid.tdb, so the old one still exists
in serverid.tdb. We protect against this case by the parent smbd taking care of
deregistering PIDs from serverid.tdb and the fact that serverid.tdb is
CLEAR_IF_FIRST.

CLEAR_IF_FIRST does not work in a cluster, so the automatic cleanup does not
work when all smbds are restarted. For this, "net serverid wipe" has to be run
before smbd starts up. As a convenience, "net serverid wipedbs" also cleans up
sessionid.tdb and connections.tdb.

While there, this also cleans up overloading connections.tdb with all the
process entries just for messaging_send_all().

Volker
2010-03-10 16:07:10 +01:00
Volker Lendecke
0f8e2a6ebb Revert "s3: Move the global variable Protocol to struct smbd_server_connection"
This reverts commit c85a4c9ba4.
2009-11-23 16:34:59 +01:00
Volker Lendecke
c85a4c9ba4 s3: Move the global variable Protocol to struct smbd_server_connection 2009-11-21 20:49:17 +01:00
Jeremy Allison
cbafe17bb3 Remove "Protocol" as an extern, and add accessor functions.
Jeremy.
2009-11-04 15:15:50 -08:00
Günther Deschner
503d035814 spnego: share spnego_parse.
Guenther
2009-09-17 01:12:20 +02:00
Stefan Metzmacher
d9843b3db4 s3:smbd: move max_recv to struct smbd_server_connection
metze
2009-06-03 17:54:37 +02:00
Stefan Metzmacher
e16e7146b3 s3:smbd: move negprot related globals to struct smbd_server_connection
metze
2009-06-03 17:54:37 +02:00
Stefan Metzmacher
d7d73b08e9 s3:smbd: allow SMB 2.002 dialect in SMB1 negprot
We create a dummy SMB2 Negotiate inbuf and pass the
connection to the SMB2 engine.

metze
2009-05-20 15:43:00 +02:00
Stefan Metzmacher
c14dd15c6a s3:smbd: make negprot_spnego() non static
metze
2009-05-20 15:42:58 +02:00
Stefan Metzmacher
c16c90a1cb s3:smbd: use new simplified snb_signing code in the server
We keep the seqnum/mid mapping in the smb_request structure.

This also moves one global variable into the
smbd_server_connection struct.

metze
2009-03-23 12:21:13 +01:00
Volker Lendecke
4aed9abbf8 Remove the static "chal" from ntlmssp.c:get_challenge() 2009-02-21 14:04:14 +01:00
Dan Sledz
d96248a9b4 Add two new parameters to control how we verify kerberos tickets. Removes lp_use_kerberos_keytab parameter.
The first is "kerberos method" and replaces the "use kerberos keytab"
with an enum.  Valid options are:
secrets only - use only the secrets for ticket verification (default)
system keytab - use only the system keytab for ticket verification
dedicated keytab - use a dedicated keytab for ticket verification.
secrets and keytab - use the secrets.tdb first, then the system keytab

For existing installs:
"use kerberos keytab = yes" corresponds to secrets and keytab
"use kerberos keytab = no" corresponds to secrets only

The major difference between "system keytab" and "dedicated keytab" is
that the latter method relies on kerberos to find the correct keytab
entry instead of filtering based on expected principals.

The second parameter is "dedicated keytab file", which is the keytab
to use when in "dedicated keytab" mode.  This keytab is only used in
ads_verify_ticket.
2009-02-01 20:23:31 -08:00
Stefan Metzmacher
3dde0cbb76 s3:smbd: move all globals and static variables in globals.[ch]
The goal is to move all this variables into a big context structure.

metze
2009-01-08 12:22:21 +01:00
Volker Lendecke
e7607b95f2 Remove a direct inbuf reference in reply_negprot 2008-11-02 22:38:02 +01:00
Volker Lendecke
af7cf4f992 Remove some direct inbuf references by adding smbreq_bufrem 2008-11-02 09:22:40 +01:00
Volker Lendecke
7bdb571ec4 Remove a bunch of direct inbuf references by adding "buf" to smb_request 2008-11-01 19:41:08 +01:00
Tim Prouty
fb37f15600 Cleanup size_t return values in callers of convert_string_allocate
This patch is the second iteration of an inside-out conversion to cleanup
functions in charcnv.c returning size_t == -1 to indicate failure.
(This used to be commit 6b189dabc5)
2008-05-20 22:40:13 +02:00
Jeremy Allison
29562987c3 Now conn is part of smb_request, we don't need it as
an extra parameter. This cleans up quite a few places
we were passing it around without needing it.
Jeremy.
(This used to be commit 8f36def18e)
2008-01-04 15:37:24 -08:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Volker Lendecke
929e1d9920 r24809: Consolidate the use of temporary talloc contexts.
This adds the two functions talloc_stackframe() and talloc_tos().

 * When a new talloc stackframe is allocated with talloc_stackframe(), then
 * the TALLOC_CTX returned with talloc_tos() is reset to that new
 * frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse
 * happens: The previous talloc_tos() is restored.
 *
 * This API is designed to be robust in the sense that if someone forgets to
 * TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and
 * resets the talloc_tos().

The original motivation for this patch was to get rid of the
sid_string_static & friends buffers. Explicitly passing talloc context
everywhere clutters code too much for my taste, so an implicit
talloc_tos() is introduced here. Many of these static buffers are
replaced by a single static pointer.

The intended use would thus be that low-level functions can rather
freely push stuff to talloc_tos, the upper layers clean up by freeing
the stackframe. The more of these stackframes are used and correctly
freed the more exact the memory cleanup happens.

This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and
lp_talloc_ctx (did I forget any?)

So, never do a

tmp_ctx = talloc_init("foo");

anymore, instead, use

tmp_ctx = talloc_stackframe()

:-)

Volker
(This used to be commit 6585ea2cb7)
2007-10-10 12:30:24 -05:00
Volker Lendecke
5993ddf240 r24659: Some formatting changes helping to minimize the 3_2_0 diff
(This used to be commit c5caea43af)
2007-10-10 12:30:13 -05:00
Stefan Metzmacher
66294f9db5 r24309: if no protocol matches, just return choise 0xffff
as we've done before revision 24002

metze
(This used to be commit 6014ecbbfd)
2007-10-10 12:29:26 -05:00
Stefan Metzmacher
aece6db714 r24308: this needs a better fix that compiles...
metze
(This used to be commit 1a177eb08d)
2007-10-10 12:29:26 -05:00
Stefan Metzmacher
f210f7c432 r24307: fill in choise with value -1 on error
as we've done before revision 24002

metze
(This used to be commit 2961a35e90)
2007-10-10 12:29:26 -05:00
Volker Lendecke
b91704d47b r24135: Convert call_trans2open to the new API
This itself won't help much, because send_trans2_replies_new still allocates
the big buffers, but stay tuned :-)

Also add/update my copyright on stuff I recently touched.

Volker
(This used to be commit 248f15ff14)
2007-10-10 12:29:10 -05:00
Volker Lendecke
8e2aa47b3f r24009: Revert to the 3.0.25 logic for parsing the client's protocols. hpisgr8
with gcc still gives timeouts which worry me.

Volker
(This used to be commit c30835b4f0)
2007-10-10 12:28:56 -05:00
Volker Lendecke
3a836c3ee4 r24006: Some more paranoia in reply_negprot
Some hosts see the smb_bufrem(req->inbuf, p) as an unsigned int. And as
the p += strlen(p) + 2 went one beyond the buffer, this was a very
large positive. Also take the chance to add one more consistency check.
(This used to be commit 3673707f9f)
2007-10-10 12:28:55 -05:00
Volker Lendecke
3d12c53eb3 r24002: Convert reply_negprot to the new API
(This used to be commit bd981f5328)
2007-10-10 12:28:54 -05:00
Volker Lendecke
de1c9f1f6d r24001: Separate out the parsing of the client's requested protocols
This way the range checking only needs to be done once
(This used to be commit befaa9713a)
2007-10-10 12:28:54 -05:00
Andrew Tridgell
5e54558c6d r23784: use the GPLv3 boilerplate as recommended by the FSF and the license text
(This used to be commit b0132e94fc)
2007-10-10 12:28:22 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
James Peach
b1ce226af8 r23510: Tidy calls to smb_panic by removing trailing newlines. Print the
failed expression in SMB_ASSERT.
(This used to be commit 171dc060e2)
2007-10-10 12:23:23 -05:00
Volker Lendecke
14e25f10d6 r23168: Move the lp_max_connections() into service.c.
(This used to be commit 4afe37d431)
2007-10-10 12:22:51 -05:00
Volker Lendecke
f3c477c631 r23167: Remove an unused parameter
(This used to be commit 3452a870d5)
2007-10-10 12:22:51 -05:00
Volker Lendecke
b4a7b7a888 r22844: Introduce const DATA_BLOB data_blob_null = { NULL, 0, NULL }; and
replace all data_blob(NULL, 0) calls.
(This used to be commit 3d3d61687e)
2007-10-10 12:22:01 -05:00
Jeremy Allison
0829e1ad1c r22391: Looks bigger than it is. Make "inbuf" available
to all callers of smb_setlen (via set_message()
calls). This will allow the server to reflect back
the correct encryption context.
Jeremy.
(This used to be commit 2d80a96120)
2007-10-10 12:19:30 -05:00
Jeremy Allison
8b63654c2e r21969: Start working on the gss-side of the server negotiation.
Jeremy.
(This used to be commit fbc569b530)
2007-10-10 12:18:54 -05:00
Günther Deschner
ab9a46a35c r21858: Fix typo.
Guenther
(This used to be commit 663514e511)
2007-10-10 12:18:39 -05:00
Günther Deschner
8d5f85e004 r21857: Stop pretending to be Vista in the %a macro towards Samba clients.
Guenther
(This used to be commit f55e1a312e)
2007-10-10 12:18:39 -05:00
Gerald Carter
7db1c6873c r21250: Partial fix for BUG 4093: Make %a expand to "Vista"
based on the flags2 values in the negprot request.

This also includes some code for testing the dialect
strings for "SMB 2.001" but this is unreliable as Vista
only sends that in the 1st negprot and caches the fact
that we don't support it.  Restartnig the WOrkstation
service on the client clears the cache.
(This used to be commit d781eeb0e4)
2007-10-10 12:17:51 -05:00
Jeremy Allison
2703b3ac48 r20368: Fix valgrind report of uninitialized memory
being returned (false positive). Up debug
level on "open_directory" message.
Jeremy.
(This used to be commit 71a8b8863f)
2007-10-10 12:16:44 -05:00
James Peach
5bb49b08f3 r20237: Replace exit_server with exit_server_cleanly where appropriate. All
send_smb failures should be clean exits. All times when we exit as
a matter of policy should also be clean exits.
(This used to be commit d6382092e7)
2007-10-10 12:16:34 -05:00
Volker Lendecke
c209219d06 r18773: Change negprot_spnego to return a blob
(This used to be commit 28fa772721)
2007-10-10 12:00:56 -05:00
Volker Lendecke
3bddf16b1f r18772: Now that we don't have a one-byte keylength in the extended security case
anymore, we don't have to truncate the length to 255 anymore.

The test I did for this: I sent 50 times the NTLMSSP oid. With truncating
Vista said Access Denied, without truncating it liked the response.

Volker
(This used to be commit f1512cb43c)
2007-10-10 12:00:56 -05:00
Volker Lendecke
a4a2d795b1 r18771: Sequel to r18761: If we always set the keylen to 0 there's no point in passing
a pointer down to negprot_spnego().

Volker
(This used to be commit 18f47130b1)
2007-10-10 12:00:55 -05:00
Volker Lendecke
8f7643bd83 r18761: Even if only offering NTLMSSP Windows (tested with Vista & XP) sends 0 as the
key length in the case of extended security. It does make sense because with
SPNEGO our beloved ASN1 structure gives us the length.

Next test I did to verify this: I modified the server to put in random
garbage, and W2kwks, XP, Vista and W2k3srv still talked to us.

Volker
(This used to be commit f19bd479ce)
2007-10-10 12:00:55 -05:00
Volker Lendecke
45ca718d19 r18760: Fix typos, remove unneeded code
(This used to be commit 56ccfe98b2)
2007-10-10 12:00:55 -05:00
Jeremy Allison
ce61fb21d9 r16397: Fix Klocwork #11767 and drasticly simplify the
logic in smbd/process.c. All interested (Volker,
Jerry, James etc). PLEASE REVIEW THIS CHANGE.
The logic should be identical but *much* easier
to follow and change (and shouldn't confuse Klockwork :-).
Jeremy.
(This used to be commit d357f8b335)
2007-10-10 11:18:52 -05:00
Jeremy Allison
0229b65755 r13647: Fix for standalone Samba servers and XP clients. Reverts
part of the PocketPC bugfix. I'm trying to get someone who
has a pocketpc to test this.
Jeremy.
(This used to be commit ce25e6b002)
2007-10-10 11:10:21 -05:00
Jeremy Allison
6d5757395a r11511: A classic "friday night check-in" :-). This moves much
of the Samba4 timezone handling code back into Samba3.
Gets rid of "kludge-gmt" and removes the effectiveness
of the parameter "time offset" (I can add this back
in very easily if needed) - it's no longer being
looked at. I'm hoping this will fix the problems people
have been having with DST transitions. I'll start comprehensive
testing tomorrow, but for now all modifications are done.
Splits time get/set functions into srv_XXX and cli_XXX
as they need to look at different timezone offsets.
Get rid of much of the "efficiency" cruft that was
added to Samba back in the day when the C library
timezone handling functions were slow.
Jeremy.
(This used to be commit 414303bc02)
2007-10-10 11:05:19 -05:00