1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

39950 Commits

Author SHA1 Message Date
Christian Ambach
eec5ece6f5 s3:smb2_server add function to verify creditcharge
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-03-09 16:48:15 -08:00
Christian Ambach
bd0ad2bbb5 s3:smb2_server: announce LargeMTU for SMB2.1
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-03-09 16:48:15 -08:00
Christian Ambach
6d128aac11 s3:smb2_server increase defaults for read/write/trans sizes to 1MB
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-03-09 16:48:15 -08:00
Christian Ambach
7f131d3cee s3:smb2_server: add supports_multicredit to sconn
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-03-09 16:48:15 -08:00
Christian Ambach
880f64b556 s3:smb2_server use the correct variables for max read/write
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-03-09 16:48:15 -08:00
Volker Lendecke
177c61bd72 s3: asprintf->talloc_asprintf
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Fri Mar  9 19:01:06 CET 2012 on sn-devel-104
2012-03-09 19:01:06 +01:00
Volker Lendecke
8a75d3d91e s3: Replace a SMB_ASSERT with an error return 2012-03-09 17:21:55 +01:00
Volker Lendecke
1bf126c0b3 s3: Remove some superfluous () 2012-03-09 17:21:11 +01:00
Andrew Bartlett
239c7a355c auth/ntlmssp: Remove gensec_security element from gensec_ntlmssp_state
This just means there is one less pointer to ensure we initialise.

Andrew Bartlett
2012-03-09 14:31:24 +11:00
Andrew Bartlett
77602d877e s3-auth: Remove single-implementation plugin layer
The ->get_ntlm_challenge and ->check_ntlm_password elements of struct auth_context
were only ever initialised to a single value.  Make it easier to follow by
just calling the function directly.

Andrew Bartlett
2012-03-08 10:14:05 +01:00
Andrew Bartlett
50547a9950 s3-auth: Follow auth_ntlmssp and use auth4_context for Session Setup
This patch ensures consistency in behaviour between NTLMSSP and NTLM
session setup handlers.  By calling the same layer that auth_ntlmssp
calls, we can not only allow redirection of all authentication to the
AD DC, we ensure that map to guest and username map handling is
consistent, even in the file server alone.

Andrew Bartlett
2012-03-08 10:14:05 +01:00
Andrew Bartlett
79753ec02c selftest: add more tests for different authentication codepaths 2012-03-08 10:14:05 +01:00
Jeremy Allison
9788d6a348 Change default protocol to SMB2_02.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Mar  7 22:41:21 CET 2012 on sn-devel-104
2012-03-07 22:41:21 +01:00
Ira Cooper
0c3474b45e s3: piddir creation fix part 2.
Since the piddir got moved from the lockdir by default, the default piddir
wasn't getting created, stopping some configurations from running.

Signed-off-by: Jeremy Allison <jra@samba.org>
2012-03-07 11:01:57 -08:00
Ira Cooper
e19cf64356 addns: Fix the Solaris/Illumos build.
uuid_t is not defined without including sys/uuid.h, configure+waf checks added.

Signed-off-by: Jeremy Allison <jra@samba.org>
2012-03-07 11:01:33 -08:00
Ira Cooper
25fbf907e9 s3: piddir creation fix.
Since the piddir got moved from the lockdir by default, the default piddir
wasn't getting created stopping some configurations from running.

Signed-off-by: Jeremy Allison <jra@samba.org>
2012-03-07 11:00:44 -08:00
Andrew Bartlett
54d36099ec s3-rpc_server: Do not register embedded ncacn_np endpoints by default
The end point mapper is primarily in support of lsasd, and the key
SAMR, LSA and NETLOGON services being accessed over TCP/IP.  The end
point mapper does not appear to be used for the well-known mappings to
named pipes, and we have a problem with how to safely register the
embedded pipes.  For now, disable this to avoid re-registration storms
in production, until we sort out a better way.

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Mar  7 14:27:38 CET 2012 on sn-devel-104
2012-03-07 14:27:38 +01:00
Andrew Bartlett
78f85b282e s3-rpc_server: Register embedded RPC services after starting lsasd and spoolssd
This ensures that these services are not accidentally registered in
these child processes.

Andrew Bartlett
2012-03-07 12:46:14 +01:00
Andrew Bartlett
8466b3c85e s3-rpc_server: Do not setup ncalrpc pipes and TCP for embedded rpc servers
Embedded RPC services are those not launched in the preforked lsasd
and spoolssd children.

The reason that these child processes were created is that is is not
possible to correctly listen for ncalrpc and TCP connections without
creating a child process.  Therefore, we should not have these
embedded RPC services to listen on these sockets just because the
endpoint mapper has been enabled.

Andrew Bartlett
2012-03-07 12:46:13 +01:00
Andrew Bartlett
008648a034 s3-smbd make change_to_user_by_session static 2012-03-07 12:46:13 +01:00
Gregor Beck
4f5412dda6 s3:selftest: ask smbtorture4 for smb2 tests
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Mar  7 01:34:05 CET 2012 on sn-devel-104
2012-03-07 01:34:05 +01:00
Stefan Metzmacher
68b840726b s3:smbd: keep 'num_files' and 'files' directly under smbd_server_connection
The plan is to have files_struct as some kind of low level
abstraction for a smb1/smb2 opens, that can be used by SMB_VFS modules.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Mar  6 23:04:01 CET 2012 on sn-devel-104
2012-03-06 23:04:01 +01:00
Stefan Metzmacher
f6b6e963f6 s3:smbd: keep 'num_connections' and 'connections' directly under smbd_server_connection
The plan is to have connection_struct as some kind of low level
abstraction for a smb1/smb2 tree connects, that can be used by SMB_VFS modules.

metze
2012-03-06 21:26:05 +01:00
Stefan Metzmacher
6ce72a01ab s3:smbd: keep 'num_users' and 'users' directly under smbd_server_connection
The plan is to have users_struct as some kind of low level
abstraction for a smb1/smb2 session, that can be used by SMB_VFS modules.

metze
2012-03-06 21:26:05 +01:00
Stefan Metzmacher
d95dbb86c5 s3:msdfs: set the 'cnum' field to invalid for faked connection_structs
metze
2012-03-06 21:26:05 +01:00
Volker Lendecke
1f62df52aa s3: Move a talloc_strdup out of the main code path
This is only used for AS_GUEST requests

Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Tue Mar  6 14:29:50 CET 2012 on sn-devel-104
2012-03-06 14:29:50 +01:00
Volker Lendecke
b709589445 s3: Fix some format string warnings
We were printing nmb->header.name_trn_id with %hu, which denotes a
short. However, header.name_trn_id is an int for the better or
worse.
2012-03-06 10:38:32 +01:00
Andrew Bartlett
074ee6f34c s3-rpc_server: Remove remaining code for embedded endpoint mapper
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Mar  5 23:14:33 CET 2012 on sn-devel-104
2012-03-05 23:14:33 +01:00
Andrew Bartlett
be7bcf0e55 s3-rpc_server: Only init and register embedded RPC services in dcesrv_ep_setup()
This consults the two definitions for embedded, that is if the deamon is forking
or if the rpc_server:<interface> line is set to embedded.

Andrew Bartlett

Signed-off-by: Andreas Schneider <asn@samba.org>
2012-03-05 21:34:25 +01:00
Volker Lendecke
cae455f688 s3: Fix a "Invalid (state->nread >= 0)" warning
Both read_from_internal_pipe and tstream_readv_pdu_queue_recv return
ssize_t.

Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Mar  5 17:38:16 CET 2012 on sn-devel-104
2012-03-05 17:38:16 +01:00
Volker Lendecke
216769f2ce s3: Move the drain_socket on error to reply_write_and_X
That's the only case where this can happen, so we should not clutter the main
code path.
2012-03-05 15:59:36 +01:00
Volker Lendecke
82b948a816 s3: Use "goto out;" in reply_write_and_X 2012-03-05 15:59:36 +01:00
Volker Lendecke
07386bb533 s3: Remove "size" param from switch_message
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Mon Mar  5 15:13:49 CET 2012 on sn-devel-104
2012-03-05 15:13:49 +01:00
Volker Lendecke
c99d245548 s3: Remove "size" param from smb_dump 2012-03-05 13:35:05 +01:00
Andrew Bartlett
14d31376aa s3-lsasd: Fix debug messages on registration failure
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Mar  5 09:50:17 CET 2012 on sn-devel-104
2012-03-05 09:50:17 +01:00
Andrew Bartlett
6dbf632bc3 selftest: Reduce declarations of smbclient_auth tests by moving into a loop 2012-03-05 08:15:05 +01:00
Andrew Bartlett
fc5762388a selftest: run smbtorture_s3 tests against the ntvfs file server
This checks not only the behaviour of the NTVFS file server, but also the
client library and authentication stack.

Andrew Bartlett
2012-03-05 08:15:05 +01:00
Amitay Isaacs
5c5111ca03 s3-ctdb: Enable CTDB readonly support only if CTDB supports it
Autobuild-User: Amitay Isaacs <amitay@samba.org>
Autobuild-Date: Mon Mar  5 02:47:36 CET 2012 on sn-devel-104
2012-03-05 02:47:36 +01:00
Rusty Russell
5bda068773 dbwrap_ctdb: only fetch a read-only copy if we had a record already.
Because revoking read-only copies of records is expensive, we only
want ctdbd to do it for high-turnover records.  A basic heuristic is
that if we don't find a local copy of the record, don't ask for a
read-only copy.

The fetch itself will cause ctdbd to migrate the record, so eventually
we will have a local copy.  Next time it gets migrated away, we'll
call ctdbd_fetch() with local_copy = true.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-03-05 01:11:26 +01:00
Rusty Russell
67bb5abe81 ctdbd_conn: fetch read-only copies of records.
This means we try to get a read-only copy of a record, which we can
then place in the local tdb.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-03-05 01:11:26 +01:00
Rusty Russell
a3e6f55065 dbwrap_ctdb: handle read-only records.
The new read-only record flags make determining if we can use a record
a bit more complex, so extract it into its own function.

The OLD logic was:
1) If the record doesn't exist, we can't use it.
2) If we are the dmaster for the record, we can use it.

The new logic is:
1) If the record doesn't exist, we can't use it.
2) If we are the dmaster for the record, we can use it IF we only
   want read-only access, OR there are no read-only delegations.
3) If we are not dmaster, we can only use it if we want read-only
   access and it is marked as a read-only copy.

This logic is unused until the next patches which begin to ask
for read-only copies of records.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-03-05 01:11:26 +01:00
Andrew Bartlett
c23b2bdea1 selftest: remove unused config.h check
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Mar  5 01:10:01 CET 2012 on sn-devel-104
2012-03-05 01:10:01 +01:00
Andrew Bartlett
2c7d77c77f s3-smbd: vuser and session_info cannot be NULL here
The callers always supply it. (this is a hold-over from the
security=share removal).

Andrew Bartlett
2012-03-04 23:33:05 +01:00
Andrew Bartlett
8b99c83d2f s3-rpc_server: consolidate rpc server init routines
This uses a helper function to reduce duplication.

Andrew Bartlett
2012-03-04 23:33:05 +01:00
Andrew Bartlett
50de3cf9c0 s3-auth Add make_session_info_from_pw to avoid multiple getpwnam() calls 2012-03-04 23:33:05 +01:00
Andrew Bartlett
d7bb961859 s3-auth: Remove security=share (depricated since 3.6).
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.

The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok.  This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server

At the same time, this closes the door on one of the most arcane areas
of Samba authentication.

Naturally, full user-name/password authentication remain available in
security=user and above.

This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.

Andrew Bartlett

                       --------------
                      /              \
                     /      REST      \
                    /        IN        \
                   /       PEACE        \
                  /                      \
                  |      SEC_SHARE       |
                  |    security=share    |
                  |                      |
                  |                      |
                  |       5 March        |
                  |                      |
                  |        2012          |
                 *|     *  *  *          | *
        _________)/\\_//(\/(/\)/\//\/\///|_)_______
2012-03-04 23:33:05 +01:00
Stefan Metzmacher
acfa107ec6 s3:smbd/globals.h: remove unused pollfd pointer
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Mar  4 23:18:10 CET 2012 on sn-devel-104
2012-03-04 23:18:10 +01:00
Volker Lendecke
b6f4a5d0ee s3: Fix some && vs & warnings
Signed-off-by: Andreas Schneider <asn@samba.org>

Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Sun Mar  4 13:31:25 CET 2012 on sn-devel-104
2012-03-04 13:31:25 +01:00
Andrew Bartlett
769cee44a2 s3-winbindd: Add stdin handler for winbind
This will help avoid runaway processes in the test env, particularly when
the whole selftest.pl is killed.

Andrew Bartlett
2012-03-04 10:14:34 +01:00
Andrew Bartlett
807f5f1a8b s3-nmbd: Add stdin handler for nmbd
This will help avoid runaway processes in the test env, particularly
when the whole selftest.pl is killed.

Andrew Bartlett
2012-03-04 10:14:34 +01:00