1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

665 Commits

Author SHA1 Message Date
Jeremy Allison
c5cbe481a7 Third part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share.
smbd_check_access_rights() - we can always delete a symlink.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Dec 16 03:32:15 CET 2011 on sn-devel-104
2011-12-16 03:32:15 +01:00
Jeremy Allison
8eca223123 First part of fix for bug #8663 - deleting a symlink fails if the symlink target is outside of the share.
Remove two unneeded check_name() calls. They have already been done
in order to get here.
2011-12-15 16:31:51 -08:00
Volker Lendecke
c889c8d705 s3: Slightly simplify the logic in defer_open
Doing 3 &&ed conditions in a single if-statement is easier to understand to me
than continuing out separately.
2011-12-14 17:34:21 +01:00
Volker Lendecke
f7e84f2809 s3: Remove UNUSED_SHARE_MODE_ENTRY 2011-12-14 17:34:21 +01:00
Stefan Metzmacher
940f21e5c6 s3:smbd/open: use talloc_get_type_abort() as private_data can't be NULL
metze
2011-12-14 12:00:07 +01:00
Volker Lendecke
2d2d72e479 s3: Remove an else{} in remove_deferred_open_entry 2011-12-13 17:27:26 +01:00
Stefan Metzmacher
e09c675596 s3:smbd/open: pass smbd_server_connection as private_data to msg_file_was_renamed()
metze
2011-12-13 12:36:35 +01:00
Volker Lendecke
1c46fb5c3e s3: Use autogenerated open_files.idl 2011-12-02 22:43:05 +01:00
Jeremy Allison
de3ab9bd05 Move setting the inherited ACL into the main open code path. Next will
remove it from the ACL modules.
2011-11-22 12:33:27 -08:00
Jeremy Allison
6795432f27 Move the "set SD" code into provided SD and "inherit acls" branches. 2011-11-22 11:53:51 -08:00
Jeremy Allison
7b275c551b Only add the SD if it's not a new stream file. 2011-11-22 10:37:56 -08:00
Jeremy Allison
12514bf008 Move the add security descriptor code to *after* all the other meta-data is
updated. We may be adding an SD that restricts our own access.
2011-11-22 10:28:52 -08:00
Jeremy Allison
bbcb589ef5 No longer do the pre-check on DELETE_ACCESS - we're correctly checking the ACL every time now. 2011-11-04 15:56:15 -07:00
Jeremy Allison
b988a3233f Remove can_access_file_acl(). We no longer need this duplicate code (hurrah!). 2011-11-04 15:55:11 -07:00
Jeremy Allison
60b741415d Remove can_access_file_data() - make it use the standard smbd_check_access_rights() instead. 2011-11-04 15:45:13 -07:00
Jeremy Allison
4851219333 Add const to the smb_filename argument of smbd_check_access_rights(). 2011-11-04 15:39:55 -07:00
Jeremy Allison
a30f84a21c Expose smbd_check_access_rights() to other modules. 2011-11-04 14:37:26 -07:00
Jeremy Allison
32edc1d047 Rename smbd_check_open_rights() to smbd_check_access_rights() as we're going to remove the static from this. 2011-11-04 14:28:08 -07:00
Jeremy Allison
0c886eeb89 Replace smb1_file_se_access_check() with just se_access_check(). 2011-11-04 14:21:35 -07:00
Jeremy Allison
55b9ba79f8 Move root check out of smb1_file_se_access_check() in preparation for deleting this function. 2011-11-04 14:16:51 -07:00
Jeremy Allison
07edf6c65e smb1_file_se_access_check() is now static to smbd/open.c 2011-11-04 14:16:37 -07:00
Jeremy Allison
1fab17de94 Revert "Change function signature of check_parent_access() to take char * instead of struct smb_filename."
This reverts commit a11c0a41a3.

Not needed.
2011-11-04 14:15:47 -07:00
Jeremy Allison
a11c0a41a3 Change function signature of check_parent_access() to take char * instead of struct smb_filename.
Expose it so it can be called from directory code.
2011-11-01 16:38:14 -07:00
Jeremy Allison
3bd6513884 Remove the order dependency in parent_override_delete(), just check for & not ==. 2011-10-28 12:16:42 -07:00
Jeremy Allison
8a65e2c747 Remove unused "struct security_descriptor" parameter from check_parent_access() 2011-10-28 12:16:42 -07:00
Jeremy Allison
ea195b6cd2 Finally do all the open checks inside open_file(). Checks inside
vfs_acl_common can now be removed.
2011-10-28 12:16:42 -07:00
Jeremy Allison
8a3070a7c9 Simplify smbd_check_open_rights() and move all the special casing inside it. 2011-10-28 12:16:42 -07:00
Jeremy Allison
18df3aedb9 Move parent_override_delete() to before I need to use it. 2011-10-28 12:16:42 -07:00
Jeremy Allison
1619de3080 Make smbd_check_open_rights() static. 2011-10-28 12:16:42 -07:00
Jeremy Allison
62ccae3229 Factor out the code checking if a parent should override DELETE_ACCESS into a function.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 26 23:15:05 CEST 2011 on sn-devel-104
2011-10-26 23:15:05 +02:00
Jeremy Allison
4ec2c2a5e8 Remove another level of indentation - deal with !NT_STATUS_OK individually. 2011-10-26 12:29:19 -07:00
Jeremy Allison
4b9bdee167 Add early return on stat open without O_CREAT if file doesn't exist.
Reduces one level of indentation.
2011-10-26 12:08:51 -07:00
Jeremy Allison
30fb5e9969 Refactor to create check_parent_access() which can be called for file creation too.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Oct 20 20:29:22 CEST 2011 on sn-devel-104
2011-10-20 20:29:22 +02:00
Jeremy Allison
ff8fa5aa2b Make mkdir_internal() check the parent ACL for SEC_DIR_ADD_SUBDIR rights. 2011-10-20 09:07:46 -07:00
Jeremy Allison
f64f91f96f Fix error return to be NT_STATUS_NOT_A_DIRECTORY. 2011-10-20 00:58:29 +02:00
Jeremy Allison
7b4edc11e3 Make use of the "dir_exists" we already have on directory open. 2011-10-20 00:58:29 +02:00
Frank Lahm
c3bdcab516 First part of fix for bug #8419 - Make VFS op "streaminfo" stackable.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Oct 17 21:39:32 CEST 2011 on sn-devel-104
2011-10-17 21:39:32 +02:00
Frank Lahm
7a0b5d6fc5 Add support for VFS op streaminfo chaining in all relevant VFS modules.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 14 03:26:06 CEST 2011 on sn-devel-104
2011-10-14 03:26:06 +02:00
Jeremy Allison
f93fd128eb Fix bug #8507 - smbd doesn't correctly honor the "force create mode" bits from a cifsfs create.
Don't manipulate the new_dos_attributes bits until we know it's not a POSIX open.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct  5 01:19:17 CEST 2011 on sn-devel-104
2011-10-05 01:19:17 +02:00
Volker Lendecke
f9d183f931 s3: Pass sconn explicitly to open_was_deferred 2011-08-02 19:18:08 +02:00
Volker Lendecke
04253dfd9f s3: Explicitly pass sconn to remove_deferred_open_message_smb 2011-08-02 19:18:08 +02:00
Volker Lendecke
190b5432f0 s3: Make map_open_params_to_ntcreate() available in lib/ 2011-07-29 16:43:17 +02:00
Volker Lendecke
0102c6e2bc s3: Make is_executable() available in lib/ 2011-07-29 16:43:17 +02:00
Volker Lendecke
6d67d41444 s3: We only need base_name in map_open_params_to_ntcreate 2011-07-29 16:43:17 +02:00
Andrew Bartlett
9289537993 s3-auth Use struct auth_user_info_unix for unix_name and sanitized_username
This is closer to the layout of struct auth_session_info in auth.idl

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-20 09:17:11 +10:00
Stefan Metzmacher
896f105ed4 s3:smbd: check the share level access mask in smbd_calculate_access_mask()
I think we should reject invalid access early,
before we might create new files.

Also smbd_check_open_rights() is only called if the file existed.

metze
2011-07-11 21:33:20 +02:00
Stefan Metzmacher
ce66d4e4a8 s3:smbd: make smbd_calculate_access_mask() non-static
metze
2011-07-11 21:23:08 +02:00
Volker Lendecke
4deca5d728 s3: Fix bug 8102
We can't allow open with access that has been denied via the share
security descriptor

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jul  5 16:21:54 CEST 2011 on sn-devel-104
2011-07-05 16:21:53 +02:00
Jeremy Allison
5d7d52ceea Fix bug #8254 - "acl check permissions = no" does not work in all cases
Move lp_acl_check_permissions() into can_delete_file_in_directory()
where it makes sense. Remove ACL check when requesting DELETE_ACCESS
when lp_acl_check_permissions is false.

Thanks to John Janosik @ IBM for noticing this.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jun 24 01:18:11 CEST 2011 on sn-devel-104
2011-06-24 01:18:11 +02:00
Andrew Bartlett
3d15137653 s3-talloc Change TALLOC_ARRAY() to talloc_array()
Using the standard macro makes it easier to move code into common, as
TALLOC_ARRAY isn't standard talloc.
2011-06-09 12:40:08 +02:00
Jeremy Allison
19213b83d6 Ensure when creating a directory, if we make any changes due to inheritance parameters, we update the stat returned.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jun  9 00:46:39 CEST 2011 on sn-devel-104
2011-06-09 00:46:38 +02:00
Jeremy Allison
c6bc1eeb7b Part 4 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs
We don't need to check mode bits as well as dev/ino to
ensure we're in the same place.
2011-06-08 14:26:02 -07:00
Jeremy Allison
5fb27814ad Part 3 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs
When changing ownership on a new file make sure we
must have a valid stat struct before making the inheritance
calls (as they may look at it), and if we make changes we
must have a valid stat struct after them.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jun  8 03:07:04 CEST 2011 on sn-devel-104
2011-06-08 03:07:04 +02:00
Jeremy Allison
40c54a736d Part 2 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs
When changing ownership on a new file make sure we
also change the returned stat struct to have the correct uid.
2011-06-07 16:48:14 -07:00
Jeremy Allison
cabed2fb17 Part 1 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs
When changing ownership on a new directory make sure we
also change the returned stat struct to have the correct uid.
2011-06-07 16:42:02 -07:00
Jeremy Allison
febde0de54 Move fd_close on error path to be identical to all other error paths.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jun  1 22:30:03 CEST 2011 on sn-devel-104
2011-06-01 22:30:03 +02:00
Jeremy Allison
61e8c5949a TALLOC_FREE already checks for null. 2011-06-01 12:12:26 -07:00
Jeremy Allison
5a2b5b6cfe Fix bug #8175 - smbd deadlock.
Force the open operation (which is the expensive one anyway) to
acquire and release locks in a way compatible with the more common
do_lock check.

Jeremy.
2011-06-01 12:11:53 -07:00
Jeremy Allison
8cf14c21b3 Fix the SMB2 showstopper, found by an extended torture test from Volker.
In the oplock refactoring, the algorithm underwent an unnoticed change.
In 3.5.x stat_opens were silently (i.e. no explicit code had comments
explaining this) ignored when looking for oplock breaks and share mode
violations. After the refactoring, the function find_oplock_types()
no longer ignored stat_open entries in the share mode table when looking
for batch and exclusive oplocks. This patch adds two changes to find_oplock_types()
to ignore the case where the incoming open request is a stat open being
tested against existing opens, and also when the incoming open request
is a non-stat open being tested against existing stat opens. Neither
of these cause an oplock break or share mode violation. Thanks a *lot*
to Volker, who persevered in reproducing this problem.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon May 16 22:38:20 CEST 2011 on sn-devel-104
2011-05-16 22:38:20 +02:00
Jeremy Allison
fe21bdc43c Ensure we always write the correct incoming mid into the share mode
table entries.
2011-05-16 10:41:51 -07:00
Andrew Bartlett
0520da2bbe s3-smb Use FILE_ATTRIBUTE_ARCHIVE intead of aARCH
This means we use just one constant for this file attribute.

Andrew Bartlett
2011-04-29 16:38:13 +10:00
Andrew Bartlett
0eca33bbf6 s3-smb Use FILE_ATTRIBUTE_DIRECTORY intead of aDIR
This means we use just one constant for this file attribute.

Andrew Bartlett
2011-04-29 16:38:13 +10:00
Jeremy Allison
525ccd589e Ensure vfs_chown_fsp() is safe against races. 2011-04-15 12:21:39 -07:00
Jeremy Allison
4389bf4bc9 Ensure change_dir_owner_to_parent() can't be raced.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Apr 14 23:39:55 CEST 2011 on sn-devel-104
2011-04-14 23:39:55 +02:00
Jeremy Allison
9c2ba9436d Optimization for change_file_owner_to_parent() and change_dir_owner_to_parent()
Don't do the chown if the owner is already correct.
2011-04-14 12:49:58 -07:00
Jeremy Allison
df269c0834 Don't print "success" message after error message in change_file_owner_to_parent(). Remove "goto" in change_dir_owner_to_parent(). 2011-04-13 14:13:24 -07:00
Jeremy Allison
c6c17242d2 Subtle change. Microsoft SMB2 tests return different access mask than for SMB1 with raw.acls. 2011-04-08 16:18:56 -07:00
Günther Deschner
ab36d597e7 s3-messages: make ndr_messaging.h part of messages.h.
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
b2af281e50 s3-messages: only include messages.h where needed.
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
af300a9fcb s3-auth: smbd needs auth.h
Guenther
2011-03-30 01:13:09 +02:00
Günther Deschner
8c24ebf371 s3: include smbd/smbd.h where needed.
Guenther
2011-03-30 01:13:08 +02:00
Günther Deschner
0e771263ee s3-includes: only include system/filesys.h when needed.
Guenther
2011-03-30 01:13:07 +02:00
Stefan Metzmacher
f0ec69b535 s3:smbd: access checks should not depend on share mode flags
metze
2011-03-21 22:35:19 +01:00
Volker Lendecke
32731db56f s3: Fix some nonempty blank lines 2011-02-27 19:27:44 +01:00
Jeremy Allison
f92fad101a Ensure we don't return an incorrect access mask.
From the Microsoft test suite @ Connectathon:

Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
    File created with access = 0x7 (Read, Write, Delete)
    Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)

Jeremy.
2011-02-25 01:57:04 +01:00
Jeremy Allison
2d0727bc49 Batch oplocks conflict with exclusive as well as themselves.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Feb 24 21:44:50 CET 2011 on sn-devel-104
2011-02-24 21:44:50 +01:00
Jeremy Allison
9e93dacfc6 Remember to free the second temporary string.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Feb 24 04:17:49 CET 2011 on sn-devel-104
2011-02-24 04:17:49 +01:00
Jeremy Allison
916e82823b Fix bug 7950 - Samba 3.5.x fails BASE-CREATEX_SHAREMODES_DIR smbtorture4 test
We need to revalidate the pathname once re-constructed from a root fsp.

Jeremy.
2011-02-23 18:24:41 -08:00
Andrew Bartlett
2e69e89456 s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_info
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.

The structure is also not ideal for it's current purpose.  Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session.  This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.

(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-22 16:20:10 +11:00
Jeremy Allison
4ccb7e5bdd Oops. Need to test for if(!NT_STATUS_IS_OK(..)) for error.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Feb  9 22:06:05 CET 2011 on sn-devel-104
2011-02-09 22:06:05 +01:00
Jeremy Allison
8c363e9252 Move to opening an fd on directory opens. Get more careful about symlink races. 2011-02-09 21:21:04 +01:00
Jeremy Allison
65e6dea73f Remove unneeded stat call. 2011-02-09 21:21:04 +01:00
Jeremy Allison
224fc03cb5 Pass fsp to dptr_CloseDir(). Cope with setting the fd if we're closing an fd that opendir knows about. 2011-02-08 15:06:00 -08:00
Jeremy Allison
e68f6adca9 If possible (O_DIRECTORY exists) open an fd for a directory open.
Start of the move towards handle-based code for directory access.
Currently makes fstat/fchown code work for directories rather than
falling back to pathnames.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Feb  8 06:34:41 CET 2011 on sn-devel-104
2011-02-08 06:34:41 +01:00
Jeremy Allison
0a7f1af82c Fix leak in error path. 2011-02-07 17:33:26 -08:00
Jeremy Allison
ece94989b8 Move the "oplock file with byte range locks" check to the correct place, where we're making oplock decisions.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Feb  5 01:18:14 CET 2011 on sn-devel-104
2011-02-05 01:18:14 +01:00
Jeremy Allison
3d4a9ddc24 Based on a conversation with Volker, refactor some of the oplock code to make it comprehensible.
delay_for_oplocks() did 4 things.

1). Validation of existing oplock types.
2). Check for compatibility with batch oplocks (pass 1).
3). Check for compatibility with exclusive oplocks (pass 2).
4). Set the correct oplock type from the requested value.

Refactor into 4 separate functions:

1). find_oplock_types() - does validation of oplock types and
	returns pointers to specific values.
2). delay_for_batch_oplocks() - the pass 1 phase above.
3). delay_for_exclusive_oplocks() - the pass 2 phase above
4). grant_fsp_oplock_type() - Set the correct oplock type from the requested value.

Now separated out this code should be much easier to understand
and modify. This also fixes an erroneous SMB_ASSERT which was
hidden by the previous complexity of the single delay_for_oplocks()
code.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Feb  2 01:52:21 CET 2011 on sn-devel-104
2011-02-02 01:52:21 +01:00
Pavel Shilovsky
7690d9d70c Fix bug #7928 - Samba problems with kernel oplocks option set to "no"
We should not grant levelII oplocks on a file with existing
byte range locks.
2011-01-31 12:00:15 -08:00
Jeremy Allison
44732734cc Fix bug #7863 - Unlink may unlink wrong file when hardlinks are involved.
Do this by keeping a linked list of delete on close tokens, one for
each filename that identifies a path to the dev/inode. Use the
jenkins hash of the pathname to identify the correct token.
2011-01-25 14:23:19 -08:00
Jeremy Allison
9b31f6ab6c Fix bug #7892 - open_file_fchmod() leaves a stale lock.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Dec 29 02:15:23 CET 2010 on sn-devel-104
2010-12-29 02:15:23 +01:00
Jeremy Allison
0a5f4f523f Keep track of the sparse status of an open file handle. Allows bypass of
strict allocation on sparse files. Files opened as POSIX opens are always
sparse.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Dec 21 04:12:22 CET 2010 on sn-devel-104
2010-12-21 04:12:22 +01:00
Jeremy Allison
c8395ac6cf Fix a typo - should be '&&' not '&' when checking for privileges.
Jeremy.
2010-12-01 17:29:05 -08:00
Volker Lendecke
c133fcc0b1 s3: Remove an unused prototype
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Nov  4 17:44:09 UTC 2010 on sn-devel-104
2010-11-04 17:44:09 +00:00
Jeremy Allison
272feb7bd1 Revert "Wrap security_token_has_privilege() with a check for lp_enable_privileges(). Needed"
Not needed - privileges code prevents "enable privileges = no" from adding privileges
anyway.

This reverts commit a8b95686a7.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 23:41:36 UTC 2010 on sn-devel-104
2010-10-22 23:41:36 +00:00
Jeremy Allison
a8b95686a7 Wrap security_token_has_privilege() with a check for lp_enable_privileges(). Needed
to maintain compatibility with smb.conf manpage.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 18:15:48 UTC 2010 on sn-devel-104
2010-10-22 18:15:48 +00:00
Jeremy Allison
e00c2b3cdf Add code to implement SeSecurityPrivilege in net rpc rights, and in the
open and get/set NT security descriptor code.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Oct 21 00:15:57 UTC 2010 on sn-devel-104
2010-10-21 00:15:57 +00:00
Jeremy Allison
8cad5e23b6 Fix bug #7734 - When creating files with "inherit ACLs" set to true, we neglect to apply appropriate create masks.
Jeremy.
2010-10-15 17:38:21 -07:00
Jeremy Allison
92adb68637 Fix bug #7733 - Invalid client DOS attributes on create can cause incorrect unix mode_t to be generated.
It turns out a client can send an NTCreateX call for a new file, but specify
FILE_ATTRIBUTE_DIRECTORY in the attribute list. Windows silently strips this,
but we don't - causing the unix_mode() function to go through the "mode bits
for new directory" codepath, instead of the "mode bits for new file" codepath.

Jeremy.
2010-10-15 17:38:21 -07:00
Andrew Bartlett
f768b32e37 libcli/security Provide a common, top level libcli/security/security.h
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.

This includes (along with other security headers) dom_sid.h and
security_token.h

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12 05:54:10 +00:00
Volker Lendecke
db607331d3 s3: Remove smbd_server_conn from msg_file_was_renamed 2010-10-03 18:17:09 +02:00
Volker Lendecke
3cf3d54fbc s3: Remove smbd_server_conn from validate_my_share_entries 2010-10-03 18:17:09 +02:00
Volker Lendecke
75c6e0e5c7 s3: Lift smbd_server_conn from file_find_di_first 2010-09-28 07:36:17 +02:00
Volker Lendecke
b448e42de4 s3: Lift smbd_server_conn from file_find_dif 2010-09-28 07:36:16 +02:00
Andrew Bartlett
d1bb21b0d5 s3:auth Remove NT_USER_TOKEN
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-09-11 18:46:06 +10:00
Günther Deschner
b5bdcdd65e s3-build: only include "fake_file.h" where needed.
Guenther
2010-08-26 00:20:28 +02:00
Volker Lendecke
fec8505e0b s3: Avoid an unnecessary ftruncate call
If we just created the file, it has length 0 by definition. This is still done
while holding the share mode lock, so no race around wrt other cifs clients.
2010-07-29 22:46:36 +02:00
Simo Sorce
849cc65654 s3-smbd: Migrated to new spoolss functions for printing.
Signed-off-by: Jim McDonough <jmcd@samba.org>
2010-07-27 10:27:13 -04:00
Volker Lendecke
e168b85f00 s3: Remove procid_self() from fill_deferred_open_entry() 2010-07-05 11:06:31 +02:00
Volker Lendecke
ba3b101c45 s3: Remove smbd_messaging_context() from send_break_message() 2010-07-05 11:06:26 +02:00
Günther Deschner
a75436e3ee s3-security: use shared SECINFO_DACL define.
Guenther
2010-06-03 11:00:12 +02:00
Günther Deschner
e24a59f932 s3-security: use shared SECINFO_SACL define.
Guenther
2010-06-03 10:59:54 +02:00
Günther Deschner
630c27bdad s3-security: use shared SECINFO_GROUP define.
Guenther
2010-06-03 10:59:38 +02:00
Günther Deschner
415d3d5fe7 s3-security: use shared SECINFO_OWNER define.
Guenther
2010-06-03 10:59:15 +02:00
Günther Deschner
f9f8007361 s3-build: only use ndr_security.h where needed.
Guenther
2010-05-31 11:32:37 +02:00
Jeremy Allison
895b99fd6b Be more forgiving on client oplock break failure (as Windows does). Remove a global.
Jeremy.
2010-05-13 11:33:02 -07:00
Jeremy Allison
ed6fa379ef Treat an open of stream ::$DATA as an open of the base file.
This fixes a class of SMB_ASSERT failures when doing stream tests.

Jeremy.
2010-05-13 10:54:15 -07:00
Günther Deschner
c6ebab846d s3: only include gen_ndr headers where needed.
This shrinks include/includes.h.gch by the size of 7 MB and reduces build time
as follows:

ccache build w/o patch
real    4m21.529s
ccache build with patch
real    3m6.402s

pch build w/o patch
real    4m26.318s
pch build with patch
real    3m6.932s

Guenther
2010-05-06 00:22:59 +02:00
Simo Sorce
168b86c384 s3-smbd: group print relate data in own structure 2010-04-23 14:26:33 -07:00
Jeremy Allison
2bbb8c917e Allow smb2 create requests to be cancelled.
Jeremy.
2010-04-23 13:10:15 -07:00
Jeremy Allison
8f67f873ac Make deferred opens (NT_STATUS_SHARING_VIOLATION) work over SMB2.
Makes SMB2Create call re-entrant internally.
Now this infrastructure is in place, oplocks will follow shortly.
Tested with Win7 client and with W2K8R2.

Jeremy.
2010-04-22 23:52:19 -07:00
Jeremy Allison
7984243768 Move to using 64-bit mid values in our internal open file database.
This will allow us to share logic much easier between SMB1 and SMB2
servers.

Jeremy
2010-04-12 21:40:28 -07:00
Jeremy Allison
e15939b456 Plumb SMB2 stubs into all the places we defer SMB1 operations.
Rename functions to be internally consistent. Next step is
to cope queueing single (non-compounded) SMB2 requests to
put some code inside the stubs.

Jeremy.
2010-04-09 19:26:34 -07:00
Jeremy Allison
984eee7e29 Switch over to using get_currect_XXX() accessor functions.
Jeremy.
2010-03-15 14:49:15 -07:00
Jeremy Allison
4b85a0ea7f Rever e80ceb1d73 "Remove more uses of "extern struct current_user current_user;"."
As requested by Volker, split this into smaller commits.

Jeremy.
2010-03-15 14:48:54 -07:00
Jeremy Allison
a2be29dfa3 Missed a couple more uses of conn->server_info->ptok that need to be get_current_nttok(conn)
Centralize the root check into smb1_file_se_access_check()
so this is used by modules/vfs_acl_common.c also.

Jeremy.
2010-03-12 14:31:47 -08:00
Jeremy Allison
e80ceb1d73 Remove more uses of "extern struct current_user current_user;".
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.

Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.

Jeremy.
2010-03-12 13:56:51 -08:00
Jeremy Allison
c61c9c3a4c Fix for bug #7189 - Open txt files with notepad on samba shares creates problem.
Ensure we don't use any of the create_options for Samba private
use. Add a new parameter to the VFS_CREATE call (private_flags)
which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code).
Rev. the VFS interface to version 28.

Jeremy.
2010-03-05 15:13:37 -08:00
Jeremy Allison
b8c87c43dd Add helpful debug of DACL for errors on ACL access.
Jeremy.
2009-12-16 10:09:11 -08:00
Jeremy Allison
66c968778d Make sure we're not using the old smb_fname data.
Jeremy.
2009-12-03 17:44:38 -08:00
Jeremy Allison
3fe7dfd1d9 Remove smb_fname duplicates that just keep the same information as in fsp->fsp_name.
Moving towards making VFS_OPEN/VFS_MKDIR/VFS_RMDIR
handle based...
Jeremy.
2009-12-03 16:45:35 -08:00
Jeremy Allison
dfcc4115dd Remove unneeded argument from can_set_delete_on_close(). Ensure
can_set_delete_on_close() is correctly called before any setting
of the disposition bit (clean up the do_unlink() call).
Jeremy.
2009-12-02 18:06:40 -08:00
Jeremy Allison
947c47f281 Fix crash due to uninitialized pointer (not a problem in 3.4.x or below).
Jeremy.
2009-11-25 09:58:45 -08:00
Jeremy Allison
4b8859840b Remove unused code.
Jeremy.
2009-11-23 18:00:36 -08:00
Volker Lendecke
5c4885a26b Revert "s3: Make the implicit reference to Protocol in is_in_path() explicit"
This reverts commit f7b4151a64.
2009-11-23 16:35:00 +01:00
Volker Lendecke
0f8e2a6ebb Revert "s3: Move the global variable Protocol to struct smbd_server_connection"
This reverts commit c85a4c9ba4.
2009-11-23 16:34:59 +01:00
Volker Lendecke
e8ef799c4b s3: Move a variable declaration to its only use 2009-11-23 14:22:54 +01:00
Volker Lendecke
c85a4c9ba4 s3: Move the global variable Protocol to struct smbd_server_connection 2009-11-21 20:49:17 +01:00
Volker Lendecke
f7b4151a64 s3: Make the implicit reference to Protocol in is_in_path() explicit 2009-11-21 20:49:17 +01:00
Jeremy Allison
54ba3f522b Fix logic bug where high bits tests was being
done on both Windows and POSIX mkdirs instead of
only on Windows mkdir (as intended). The variable
"file_attributes" had already had FILE_FLAG_POSIX_SEMANTICS
removed above in the function if it had already been set.
Jeremy.
2009-11-20 17:23:20 -08:00
Jeremy Allison
a770caed0f Remove "store create time" code, cause create time to be stored
in the "user.DOSATTRIB" EA. From the docs:
In Samba 3.5.0 and above the "user.DOSATTRIB" extended attribute has been extended to store
the create time for a file as well as the DOS attributes. This is done in a backwards compatible
way so files created by Samba 3.5.0 and above can still have the DOS attribute read from this
extended attribute by earlier versions of Samba, but they will not be able to read the create
time stored there. Storing the create time separately from the normal filesystem meta-data
allows Samba to faithfully reproduce NTFS semantics on top of a POSIX filesystem.
Passes make test but will need more testing.
Jeremy.
2009-11-17 14:55:02 -08:00
Abhidnya P Chirmule
ac774c4969 s3: Add access_mask to the flock VFS call 2009-10-06 18:52:06 +02:00
Volker Lendecke
b4a4186556 s3:smbd: Fix Coverity ID 937, REVERSE_INULL 2009-09-04 07:57:26 +02:00
Jeremy Allison
c69f92d16d Second attempt at fix for bug 6529 - Offline files conflict with Vista and Office 2003.
Confirmation from reporter that this fixes the issue in master on ext3/ext4.
Back-ports to follow.
Jeremy.
2009-08-24 20:57:37 -07:00
Jeremy Allison
1af0aa92b3 Fix bug 6529 - Offline files conflict with Vista and Office 2003
On filesystems that can't store less than one second timestamps,
round the incoming timestamp set requests so the client can't discover
that a time set request has been truncated by the filesystem.
Needs backporting to 3.4, 3.3, 3.2 and (even) 3.0.
Jeremy
2009-08-21 21:44:21 -07:00
Stefan Metzmacher
b70ae644ed s3:smbd: make smbd_check_open_rights() function non-static for use in SMB2
metze
2009-08-19 19:28:24 +02:00
Jeremy Allison
d6270df748 Add "store create time" parameter (docs to follow)
that stores the create time in the user.DosTimestamps EA.
Jeremy.
2009-08-12 13:00:54 -07:00
Jeremy Allison
7b9542ba34 Ensure the fsp->fsp_name stat_ex struct is always
up to date after the open.
Jeremy.
2009-08-10 16:39:13 -07:00
Tim Prouty
6b49f28592 s3: Plumb smb_filename through map_open_params_to_ntcreate 2009-07-21 12:04:58 -07:00
Tim Prouty
f4530f6d2a s3: Plumb smb_filename through open_fake_file 2009-07-20 17:26:57 -07:00
Tim Prouty
5a8d70d465 s3: Change fsp->fsp_name to be an smb_filename struct! 2009-07-20 17:26:56 -07:00