sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code
79,254 Commits 60 Branches 1,145 Tags 452 MiB
eec5ece6f5
Commit Graph

6594 Commits

Author SHA1 Message Date
Volker Lendecke
0f9d14820e s3: Remove a bunch of calls to procid_self() 
All callers to messaging_[re]init only used procid_self()
 2011-12-12 21:50:25 +01:00
Stefan Metzmacher
77dc976b53 s3:smbd/close: pass smbd_server_connection to notify_deferred_opens() 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Dec 12 21:49:11 CET 2011 on sn-devel-104
 2011-12-12 21:49:11 +01:00
Stefan Metzmacher
4d44f879e1 s3:smbd/clode: pass smbd_server_connection as private_data to msg_close_file() 
metze
 2011-12-12 20:14:41 +01:00
Stefan Metzmacher
d1e0997614 s3:smbd/blocking: pass smbd_server_connection as private_data to received_unlock_msg() 
metze
 2011-12-12 20:14:41 +01:00
Stefan Metzmacher
f59d358653 s3:smb2_lock: pass smbd_server_connection as private_data to received_unlock_msg() 
metze
 2011-12-12 20:14:41 +01:00
Stefan Metzmacher
763fe4216b s3:smb2_server: use sconn->ev_ctx instead of sconn->smb2.event_ctx 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Dec 12 16:08:59 CET 2011 on sn-devel-104
 2011-12-12 16:08:59 +01:00
Stefan Metzmacher
7081d7e78f s3:smb2_lock: avoid using server_event_context() 
metze
 2011-12-12 14:35:43 +01:00
Stefan Metzmacher
e7a100200b s3:smbd/pipes: avoid passing server_event_context() as event context to np_{read,write}_send 
metze
 2011-12-12 14:35:43 +01:00
Stefan Metzmacher
bf8cce18c6 s3:smbd/process: avoid using server_event_context() for the forked echo handler 
metze
 2011-12-12 14:35:43 +01:00
Stefan Metzmacher
16cfc7243b s3:smbd/process: avoid using server_event_context() for smbd_deferred_open_timer events 
metze
 2011-12-12 14:35:43 +01:00
Stefan Metzmacher
68a7be6ab4 s3:smbd/oplock: avoid using server_event_context() in add_oplock_timeout_handler() 
metze
 2011-12-12 14:35:43 +01:00
Stefan Metzmacher
6811b47c99 s3:smbd/service: avoid using server_event_context() for notify_init() 
metze
 2011-12-12 14:35:43 +01:00
Stefan Metzmacher
c7286f159a s3:smbd/ipc: pass 'state' as mem_ctx to np_read_send() 
metze
 2011-12-12 14:35:43 +01:00
Stefan Metzmacher
1df1e0fb56 s3:smbd/fileio: avoid usage of server_event_context() 
metze
 2011-12-12 14:35:43 +01:00
Stefan Metzmacher
61d8674727 s3:smbd/close: avoid usage of server_event_context() 
metze
 2011-12-12 14:35:42 +01:00
Stefan Metzmacher
1909cb0724 s3:smbd/blocking: avoid usage of server_event_context() 
metze
 2011-12-12 14:35:42 +01:00
Stefan Metzmacher
1ce9c0ea32 s3:smbd: remember the event context on smbd_server_connection 
metze
 2011-12-12 14:35:42 +01:00
Stefan Metzmacher
0b8eeb1edc s3:smbd: pass down smbd_server_connection via smbd_echo_state 
metze
 2011-12-12 14:35:42 +01:00
Stefan Metzmacher
bf35606bbf s3:smbd: remove references to the global smbd_server_conn 
metze
 2011-12-12 14:35:42 +01:00
Stefan Metzmacher
6d84b24d76 s3:smbd: make struct pending_message_list private 
metze
 2011-12-12 14:35:42 +01:00
Stefan Metzmacher
8b2b7d1c87 s3:smbd: remember the smbd_server_connection on pending_message_list 
metze
 2011-12-12 14:35:42 +01:00
Stefan Metzmacher
3d7521c8ab s3:smbd: call sub_set_socket_ids() in smbd_process() again 
This got lost in commit b2511a280a.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Dec 12 10:23:44 CET 2011 on sn-devel-104
 2011-12-12 10:23:43 +01:00
Richard Sharpe
422494a8e6 vfs: Make function pointer names consistent. They all end in _fn 
Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Mon Dec 12 04:58:40 CET 2011 on sn-devel-104
 2011-12-12 04:58:40 +01:00
Volker Lendecke
14d3889285 s3: Fix some 64-bit warnings 2011-12-08 15:03:42 +01:00
Volker Lendecke
1c46fb5c3e s3: Use autogenerated open_files.idl 2011-12-02 22:43:05 +01:00
Jeremy Allison
da992be64f Fix bug 8636 - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field. 
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 30 04:59:07 CET 2011 on sn-devel-104
 2011-11-30 04:59:07 +01:00
Jeremy Allison
6bf97ea3bc Fix bug 8631 - POSIX ACE x permission becomes rx following mapping to and from a DACL 
Reported by David Disseldorp. Fix based on a patch by David.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Nov 29 22:32:27 CET 2011 on sn-devel-104
 2011-11-29 22:32:27 +01:00
Christian Ambach
717a27ba22 s3:smb2 report access_based_dir_enum in tcon reply 
let the client know when hide unreadable or hide unwriteable files
is set for a share
 2011-11-24 17:26:02 +01:00
Christian Ambach
faf8b9bba0 s3:smb2 do not set allow_namespace_caching flag for a share 
this matches Win7/2002R2 behavior and clients also must ignore
this flag when set (MS-SMB 2.2.10), so we should not set it at all
 2011-11-24 17:25:58 +01:00
Jeremy Allison
de3ab9bd05 Move setting the inherited ACL into the main open code path. Next will 
remove it from the ACL modules.
 2011-11-22 12:33:27 -08:00
Jeremy Allison
6795432f27 Move the "set SD" code into provided SD and "inherit acls" branches. 2011-11-22 11:53:51 -08:00
Jeremy Allison
7b275c551b Only add the SD if it's not a new stream file. 2011-11-22 10:37:56 -08:00
Jeremy Allison
12514bf008 Move the add security descriptor code to *after* all the other meta-data is 
updated. We may be adding an SD that restricts our own access.
 2011-11-22 10:28:52 -08:00
Stefan Metzmacher
005798fa0b s3:smb2_negprot: add support for SMB2_22 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Nov 20 16:46:45 CET 2011 on sn-devel-104
 2011-11-20 16:46:45 +01:00
Stefan Metzmacher
af1a2eecce s3:smbd: calculate the negprot signing flags from the signing_state 
We should map from lp_server_signing() just once in srv_init_signing().

metze

Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Nov 16 18:59:49 CET 2011 on sn-devel-104
 2011-11-16 18:59:49 +01:00
Jeremy Allison
05e841c82c Final part of patchset to fix bug #8556 - ACL permissions ignored when SMBsetatr is requested. 
This now plumbs access checks through all setattr calls.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 16 04:20:04 CET 2011 on sn-devel-104
 2011-11-16 04:20:04 +01:00
Jeremy Allison
865bc0c0ac Remove the check for FILE_WRITE_ATTRIBUTES from smb_set_file_time(). It 
is called from places like fileio.c that need to update the write time
on a file handle only open for write, without neccessarily having
FILE_WRITE_ATTRIBUTES permission. Move all checks to before the
smb_set_file_time() callers.
 2011-11-15 17:41:48 -08:00
Jeremy Allison
86c1609219 Always set the attribute first, before the time. 2011-11-15 17:01:58 -08:00
Jeremy Allison
edaa7479ed Move handle-based access check into handle codepath. 2011-11-15 17:01:58 -08:00
Jeremy Allison
c6a62f60a2 We've already checked fsp must be non-null here. 2011-11-15 17:01:58 -08:00
Jeremy Allison
93000c98ad Remove unneeded access check. This is done inside smb_set_file_time(). 2011-11-15 17:01:58 -08:00
Jeremy Allison
f5cda7160c Remove unneeded access check. This is done inside smb_set_file_size(). 2011-11-15 17:01:58 -08:00
Jeremy Allison
c27551b163 Move handle based access check into handle code path. 2011-11-15 17:01:58 -08:00
Jeremy Allison
65566dfa86 Ensure we correctly calculate reply credits over all returned 
SMB2 replies, and do as Windows does and return the total in the
last SMB2 reply. Fixes an issue found by Christian M Ambach <christian.ambach@de.ibm.com>
(and thanks to Christian for the initial patch this was based on).
 2011-11-15 22:44:25 +01:00
Jeremy Allison
c4763385a8 Remove unneeded NULL check. 2011-11-15 22:44:25 +01:00
Stefan Metzmacher
31cd1fbd2b s3:smbd/aio: handle_aio_completed() should do nothing if aio_ex->fsp is NULL 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Nov 15 18:47:55 CET 2011 on sn-devel-104
 2011-11-15 18:47:55 +01:00
Stefan Metzmacher
21eb1450cc s3:smbd/aio: pass ECANCELED to the smb2 aio handlers 
metze
 2011-11-15 17:14:13 +01:00
Stefan Metzmacher
483b79cfc4 s3:smb2_read: make it possible to cancel aio reads 
metze
 2011-11-15 17:14:13 +01:00
Stefan Metzmacher
3fbf32213a s3:smb2_write: make it possible to cancel aio writes 
metze
 2011-11-15 17:14:13 +01:00
Stefan Metzmacher
2802be75e3 s3:smbd/aio: add cancel_smb2_aio() 
metze
 2011-11-15 17:14:13 +01:00
Stefan Metzmacher
0cd67698ca s3:smb2_ioctl: STATUS_PENDING is defered by 1 millisecond for SMB2_IOCTL 
metze
 2011-11-15 17:14:13 +01:00
Stefan Metzmacher
05246ae623 s3:smb2_create: defer STATUS_PENDING for 2 seconds as before 
metze
 2011-11-15 17:14:13 +01:00
Stefan Metzmacher
88dd90d928 s3:smb2_server: pass explicit defer_times to smbd_smb2_request_pending_queue() 
metze
 2011-11-15 17:14:13 +01:00
Stefan Metzmacher
693cb77b2f s3:smb2_server: always send STATUS_PENDING responses, but delayed by 0.5 milliseconds 
In future we'll pass the delay from the caller.

metze
 2011-11-15 17:14:13 +01:00
Stefan Metzmacher
72cabbbe50 s3:smb2_flush: outbody only needs 4 bytes 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Nov 14 10:01:30 CET 2011 on sn-devel-104
 2011-11-14 10:01:30 +01:00
Volker Lendecke
5e0258fc93 s3: Avoid a race with the async echo handler 
We can not read from the echo handler socket when we have the main socket
locked. This leads to the echo responder to lock up sitting in the fcntl lock
while the parent wants to read the remainder of a large packet.
 2011-11-10 17:18:53 +01:00
Stefan Metzmacher
22ddbb5053 s3:smbd: don't limit the number of open dptrs for smb2 (bug #8592) 
This fixes a crash bug that is triggered, when a client has more than
256 directory handles with searches.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Nov 10 14:08:14 CET 2011 on sn-devel-104
 2011-11-10 14:08:13 +01:00
Stefan Metzmacher
39bb5a6297 s3:smbd: fully construct the dptr before allocating a dnum in the bitmap 
metze
 2011-11-10 12:31:01 +01:00
Stefan Metzmacher
7644547a55 s3:smbd: avoid string_set() in dir.c 
And do some more error checks.

metze
 2011-11-10 12:30:52 +01:00
Stefan Metzmacher
ffbd1ed279 s3:smb2_server: grant credits in async interim responses (bug #8357) 
The first fix for bug #8357 intruduced a regression, so that we no
longer grant credits for real async interim responses with
STATUS_PENDING.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov  9 11:56:29 CET 2011 on sn-devel-104
 2011-11-09 11:56:29 +01:00
Jeremy Allison
60b7dae3fa Add the SEC_DIR_LIST check to dptr_create(). 
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Nov  7 21:11:03 CET 2011 on sn-devel-104
 2011-11-07 21:11:03 +01:00
Jeremy Allison
2898485848 Move the SEC_DIR_LIST check into dptr_create for SMB2 and now for SMB1. 
The pathname check still needs fixing.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Nov  5 01:38:00 CET 2011 on sn-devel-104
 2011-11-05 01:38:00 +01:00
Jeremy Allison
7ff5a5584f can_write_to_file() does now take share permissions into account. Fix comment. 2011-11-04 16:01:16 -07:00
Jeremy Allison
bbcb589ef5 No longer do the pre-check on DELETE_ACCESS - we're correctly checking the ACL every time now. 2011-11-04 15:56:15 -07:00
Jeremy Allison
b988a3233f Remove can_access_file_acl(). We no longer need this duplicate code (hurrah!). 2011-11-04 15:55:11 -07:00
Jeremy Allison
60b741415d Remove can_access_file_data() - make it use the standard smbd_check_access_rights() instead. 2011-11-04 15:45:13 -07:00
Jeremy Allison
4851219333 Add const to the smb_filename argument of smbd_check_access_rights(). 2011-11-04 15:39:55 -07:00
Jeremy Allison
a30f84a21c Expose smbd_check_access_rights() to other modules. 2011-11-04 14:37:26 -07:00
Jeremy Allison
32edc1d047 Rename smbd_check_open_rights() to smbd_check_access_rights() as we're going to remove the static from this. 2011-11-04 14:28:08 -07:00
Jeremy Allison
0c886eeb89 Replace smb1_file_se_access_check() with just se_access_check(). 2011-11-04 14:21:35 -07:00
Jeremy Allison
55b9ba79f8 Move root check out of smb1_file_se_access_check() in preparation for deleting this function. 2011-11-04 14:16:51 -07:00
Jeremy Allison
07edf6c65e smb1_file_se_access_check() is now static to smbd/open.c 2011-11-04 14:16:37 -07:00
Jeremy Allison
1fab17de94 Revert "Change function signature of check_parent_access() to take char * instead of struct smb_filename." 
This reverts commit a11c0a41a3.

Not needed.
 2011-11-04 14:15:47 -07:00
Jeremy Allison
d433af92b9 Revert "Call check_parent_access() on readdir." 
This reverts commit a763edaf9c.

Checking the wrong thing..
 2011-11-04 14:15:43 -07:00
Christian Ambach
b99becd4fa s3:smbd increase a debug level 
logging disconnected clients with level 1 swamps the logs
 2011-11-04 17:39:43 +01:00
Stefan Metzmacher
9b4c300922 s3:smbd: also send the server name in the negprot response 
This matches W2K (at least sp4) and higher.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Nov  4 15:50:06 CET 2011 on sn-devel-104
 2011-11-04 15:50:06 +01:00
Stefan Metzmacher
caa134672c s3:smbd: make use of SMB_SIGNING_* constants 
metze
 2011-11-03 16:55:13 +01:00
Stefan Metzmacher
44d7774a18 s3:param: the behavior of "client/server signing = auto" is the same as "true" 
So remove the special case for 'Auto'.

metze
 2011-11-03 16:55:11 +01:00
David Disseldorp
8fb9e087e3 s3:smb2_server: remove unused outhdr variables 2011-11-02 15:15:28 +01:00
Jeremy Allison
a763edaf9c Call check_parent_access() on readdir. 2011-11-01 16:38:14 -07:00
Jeremy Allison
a11c0a41a3 Change function signature of check_parent_access() to take char * instead of struct smb_filename. 
Expose it so it can be called from directory code.
 2011-11-01 16:38:14 -07:00
Stefan Metzmacher
91648aeb64 s3:smb2_server: FLAG_CHAINED means we always use the last session_id and tid 
metze
 2011-10-31 19:39:02 +01:00
Stefan Metzmacher
8d07d7148b s3:smb2_server: don't reset the tid and session id in the out hdr of compound requests 
Windows also leaves tid (0xFFFFFFFF) and session id (0xFFFFFFFFFFFFFFFF)
as the client requested them.

metze
 2011-10-31 19:39:02 +01:00
Stefan Metzmacher
c7d3b6b2c3 s3:smb2_server: echo the SMB2_HDR_CREDIT_CHARGE and SMB2_HDR_SIGNATURE fields 
Windows just echos back the given values by default.

metze
 2011-10-31 19:39:02 +01:00
Stefan Metzmacher
63c7107c4a s3:smbd: also the parent smbd needs FLAG_MSG_PRINT_GENERAL (bug #8553) 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Oct 31 17:37:34 CET 2011 on sn-devel-104
 2011-10-31 17:37:33 +01:00
Jeremy Allison
3bd6513884 Remove the order dependency in parent_override_delete(), just check for & not ==. 2011-10-28 12:16:42 -07:00
Jeremy Allison
8a65e2c747 Remove unused "struct security_descriptor" parameter from check_parent_access() 2011-10-28 12:16:42 -07:00
Jeremy Allison
ea195b6cd2 Finally do all the open checks inside open_file(). Checks inside 
vfs_acl_common can now be removed.
 2011-10-28 12:16:42 -07:00
Jeremy Allison
8a3070a7c9 Simplify smbd_check_open_rights() and move all the special casing inside it. 2011-10-28 12:16:42 -07:00
Jeremy Allison
18df3aedb9 Move parent_override_delete() to before I need to use it. 2011-10-28 12:16:42 -07:00
Jeremy Allison
1619de3080 Make smbd_check_open_rights() static. 2011-10-28 12:16:42 -07:00
Andreas Schneider
2f65ae25df s3: Include uid_wrapper where it is missing. 2011-10-27 13:32:02 +02:00
Andreas Schneider
7cb08171ce Include uid_wrapper correctly. 2011-10-27 13:32:02 +02:00
Jeremy Allison
62ccae3229 Factor out the code checking if a parent should override DELETE_ACCESS into a function. 
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 26 23:15:05 CEST 2011 on sn-devel-104
 2011-10-26 23:15:05 +02:00
Jeremy Allison
4ec2c2a5e8 Remove another level of indentation - deal with !NT_STATUS_OK individually. 2011-10-26 12:29:19 -07:00
Jeremy Allison
4b9bdee167 Add early return on stat open without O_CREAT if file doesn't exist. 
Reduces one level of indentation.
 2011-10-26 12:08:51 -07:00
Stefan Metzmacher
1fa7300037 libcli/smb: move smb_signing.[ch] to the toplevel 
metze
 2011-10-25 01:47:21 +02:00
Jeremy Allison
f459318187 Third part of fix for bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share. 
Missed passing ucf_flags instead of hard coded flags in findfirst call.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 22 06:30:16 CEST 2011 on sn-devel-104
 2011-10-22 06:30:16 +02:00
Jeremy Allison
d1a4ee604f Second part of fix for bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share. 
The statcache has to do lstat instead of stat when returning cached
posix pathnames.
 2011-10-22 04:57:10 +02:00
Jeremy Allison
662e9c04fb Fix bug #8541 - readlink() on Linux clients fails if the symlink target is outside of the share. 
The key is to only allow the lookup to succeed if it's a UNIX level lookup or readlink,
but disallow all other operations.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 22 01:37:41 CEST 2011 on sn-devel-104
 2011-10-22 01:37:41 +02:00
Stefan Metzmacher
75d146d3ed libcli/smb: move smb_seal.c to the toplevel 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Oct 21 10:22:39 CEST 2011 on sn-devel-104
 2011-10-21 10:22:39 +02:00
Andrew Bartlett
38de149e9b s3-seal Remove struct smb_srv_trans_enc_ctx 
This structure added no value, particularly after the move to gensec.

It was added at a time when auth_ntlmssp_state was not available in
the client.  This changed a while back (the wrapper was extended with
client calls), and the move to gensec again reinforced that we do not
need the extra complexity.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-21 08:50:02 +02:00
Andrew Bartlett
0fe4192054 s3-ntlmssp Remove references to auth_ntlmssp_context from the smb sealing code 
Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-21 08:44:48 +02:00
Andrew Bartlett
3f079885b2 s3-ntlmssp Remove auth_ntlmssp_want_feature() 
We now just call the gensec_want_feature() directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-21 08:43:33 +02:00
Andrew Bartlett
487545d48f s3-ntlmssp Remove auth_ntlmssp_negotiated_sign() and auth_ntlmssp_negotiated_seal() 
We now just call the gensec_have_feature() directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-21 08:43:18 +02:00
Andrew Bartlett
083025ccd5 s3-ntlmssp Remove auth_ntlmssp_update wrapper 
We now just call gensec_update directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-21 08:43:10 +02:00
Andrew Bartlett
915fe7981b s3-auth remove auth_ntlmssp_session_info() 
Instead, call gensec_session_info() directly.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-21 08:43:02 +02:00
Stefan Metzmacher
21a434d817 s3:smbd/seal: pass talloc_tos() auth_ntlmssp_update(), because we free a few lines later 
metze
 2011-10-21 08:43:01 +02:00
Jeremy Allison
30fb5e9969 Refactor to create check_parent_access() which can be called for file creation too. 
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Oct 20 20:29:22 CEST 2011 on sn-devel-104
 2011-10-20 20:29:22 +02:00
Jeremy Allison
ff8fa5aa2b Make mkdir_internal() check the parent ACL for SEC_DIR_ADD_SUBDIR rights. 2011-10-20 09:07:46 -07:00
Jeremy Allison
f64f91f96f Fix error return to be NT_STATUS_NOT_A_DIRECTORY. 2011-10-20 00:58:29 +02:00
Jeremy Allison
7b4edc11e3 Make use of the "dir_exists" we already have on directory open. 2011-10-20 00:58:29 +02:00
David Disseldorp
d5ea379428 s3: Remove duplicate fsctl function definitions 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-19 15:44:29 +02:00
Andrew Bartlett
5ef4e91cf0 s3-smbd Give the nt error string when failing to set up encrypted transport 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-18 13:13:32 +11:00
Andrew Bartlett
0c6e4adcb2 ntlmssp: Move ntlmssp code to auth/ntlmssp 
This brings in the code from both libcli/auth and
source4/auth/ntlmssp.

Andrew Bartlett

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-10-18 13:13:31 +11:00
Frank Lahm
c3bdcab516 First part of fix for bug #8419 - Make VFS op "streaminfo" stackable. 
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Oct 17 21:39:32 CEST 2011 on sn-devel-104
 2011-10-17 21:39:32 +02:00
Günther Deschner
46e7ab37bf s3: remove some dead prototypes. 
Guenther
 2011-10-14 12:07:23 +02:00
Frank Lahm
7a0b5d6fc5 Add support for VFS op streaminfo chaining in all relevant VFS modules. 
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 14 03:26:06 CEST 2011 on sn-devel-104
 2011-10-14 03:26:06 +02:00
Andrew Bartlett
01c934c81e lib/util: Add back control of mmap and hash size in tdb for top level build 
This passes down a struct loadparm_context to allow these
parameters to be checked.  This may be s3 or s4 context, allowing the
#if _SAMBA_BUILD_ macro to go away safely.

Andrew Bartlett
 2011-10-13 14:06:07 +02:00
Andrew Bartlett
5603dab647 libcli/auth: Provide a struct loadparm_context to schannel calls 
This will allow us to pass this down to the tdb_wrap layer.

Andrew Bartlett
 2011-10-13 14:06:07 +02:00
Stefan Metzmacher
5e04231e96 s3:smb2_server: get/set info are limited by max_trans size (bug #8473) 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Oct 13 03:32:02 CEST 2011 on sn-devel-104
 2011-10-13 03:32:02 +02:00
Stefan Metzmacher
6981f11147 s3:smb2_server: reject writes larger then the negotiated max_write size (bug #8473) 
metze
 2011-10-13 01:59:05 +02:00
Stefan Metzmacher
40ea66c5dd s3:smb2_server: remember the max_{trans,read,write} sizes we negotiated (bug #8473) 
We should enforce the negotiated max sizes instead of the
lp_smb2_max_*() sizes.

metze
 2011-10-13 01:59:05 +02:00
Gregor Beck
6648d90652 s3:smbcontrol: let smbd pass the idmap msg to its children for convenience 
Signed-off-by: Michael Adam <obnox@samba.org>
 2011-10-12 22:45:53 +02:00
Gregor Beck
da85f5a43e s3: factor out messaging_send_to_children() 
Signed-off-by: Michael Adam <obnox@samba.org>
 2011-10-12 22:45:53 +02:00
Gregor Beck
3ff8733792 s3: fix id_cache_kill to delete the the id-mappig from caches 
The intendet and documented behavior of smbcontrol smbd idmap kill is to
delete the mapping from caches and additionally kill the smbd if an affected id
is in use.

Signed-off-by: Michael Adam <obnox@samba.org>
 2011-10-12 22:45:52 +02:00
Michael Adam
506349832c s3:smbd: convert notify db to use dbwrap wrapper functions 
Avoid direct use of the db_record and db_context structs.
 2011-10-11 14:17:57 +02:00
Michael Adam
ec057c369f s3:smbd: convert session.c to use dbwrap wrapper functions only 
Avoid direct use of the db_record and db_context structs.
 2011-10-11 14:17:57 +02:00
Michael Adam
43a13b55fc s3:smbd: convert connections.c to use only dbrwap wrapper functions 
Avoid direct use of the db_record and db_context structs.
 2011-10-11 14:17:57 +02:00
Michael Adam
bdee9458f6 s3:sessionid: use dbwrap_travers_read() in sessionid_travers_read() 
This also changes the return code of sessionid_traverse_read() to NTSTATUS.
It also uses traverse_read instead of traverse.
 2011-10-11 14:17:56 +02:00
Christian Ambach
ec0c1f2c34 s3:smb2_create: fix allocation size return value when opening existing files 
at least on GPFS, using the stat information gave wrong results
example: FileInfo gave 12582912000, Create Response gave 25769803776000

This makes the create part use the same method as fileinfo,
matching up the replies of both calls

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Oct 10 21:49:53 CEST 2011 on sn-devel-104
 2011-10-10 21:49:53 +02:00
Stefan Metzmacher
09731c7687 s3:msdfs: removed unused variables 
metze
 2011-10-08 01:43:38 +02:00
Stefan Metzmacher
f6eb85c952 s3:msdfs: implement setup_dfs_referral() on top of SMB_VFS_GET_DFS_REFERRALS() 
metze
 2011-10-08 01:43:38 +02:00
Stefan Metzmacher
9bd26d8190 s3:vfs: add SMB_VFS_GET_DFS_REFERRAL() hooks 
metze
 2011-10-08 01:43:38 +02:00
Volker Lendecke
1184e7de59 s3: Use the uid_wrapper 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
 2011-10-06 12:15:27 +02:00
Jeremy Allison
f93fd128eb Fix bug #8507 - smbd doesn't correctly honor the "force create mode" bits from a cifsfs create. 
Don't manipulate the new_dos_attributes bits until we know it's not a POSIX open.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct  5 01:19:17 CEST 2011 on sn-devel-104
 2011-10-05 01:19:17 +02:00
Richard Sharpe
c875ab8747 Move FSCTL handling into the VFS. Initial code changes. Passes smbtorture NTTRANS-FSCTL. Test added to selftests. 2011-10-01 07:02:20 -07:00
Jeremy Allison
c704d9216d Fix bug #8493 - DFS breaks zip file extracting unless "follow symlinks = no" set 
If a client sends a mangled name as part of a DFS path, use the
post-mangled name for the pathname walk, not the mangled name.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct  1 00:45:59 CEST 2011 on sn-devel-104
 2011-10-01 00:45:59 +02:00
David Disseldorp
dbcd59f46b s3-smb2_server: fix ioctl InputOffset checking 
Currently the InputOffset is always check to point to the input data
buffer, regardless of whether input data is present.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-09-29 13:14:21 +02:00
David Disseldorp
18482957da s3-smb2_server: SMB2_OP_IOCTL doesn't require at least 1 dyn byte 
Signed-off-by: Stefan Metzmacher <metze@samba.org>
 2011-09-29 13:14:21 +02:00
Stefan Metzmacher
ea00f0e452 s3:smb2_server: SMB2_OP_CANCEL requests don't have to be signed 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Sep 29 02:58:41 CEST 2011 on sn-devel-104
 2011-09-29 02:58:41 +02:00
Volker Lendecke
b35d80aa38 s3: Remove the smbd_server_conn ref from create_junction 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Sep 26 16:33:30 CEST 2011 on sn-devel-104
 2011-09-26 16:33:29 +02:00
Volker Lendecke
d2958fd064 s3: Remove the smbd_server_conn ref from setup_dfs_referral 2011-09-26 14:59:12 +02:00
Volker Lendecke
fba833d055 s3: Remove the smbd_server_conn ref from get_referred_path 2011-09-26 14:59:12 +02:00
Volker Lendecke
cb2b5c521b s3: Remove the smbd_server_conn ref from dfs_redirect 2011-09-26 14:59:12 +02:00
Volker Lendecke
425b93ef69 s3: Remove the smbd_server_conn ref from create_conn_struct 2011-09-26 14:59:12 +02:00
Volker Lendecke
649437af3d s3: Remove the smbd_server_conn ref from parse_dfs_path 2011-09-26 14:59:12 +02:00
Stefan Metzmacher
5494856294 s3:smbd: disconnect the socket if we got an unexpected request 
If we got a SMB2_OP_NEGPROT after the protocol is already negotiated
or if we got a non SMB2_OP_NEGPROT before the protocol was negotiated
we should close the connection (as windows does).

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Sep 23 12:30:50 CEST 2011 on sn-devel-104
 2011-09-23 12:30:50 +02:00
Stefan Metzmacher
02d83d8fd4 s3:smbd: don't call smbd_terminate_connection in smb2_validate_message_id() (bug #8476) 
Only return false and the caller will terminate the connection.

metze
 2011-09-23 11:00:04 +02:00
Jeremy Allison
f0f91d0117 Fix bug #8477 - Map to guest can return uninitialized blob of data. 
Found by Codenomicon at SNIA SDC.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Sep 23 03:19:46 CEST 2011 on sn-devel-104
 2011-09-23 03:19:46 +02:00
Stefan Metzmacher
1bb6e6758c s3:smb2_server: fix a logic error, we should sign non guest sessions 
metze
 2011-09-22 22:30:22 +02:00
Jeremy Allison
d50fa9c21e Fix bug #8476 - Samba asserts when SMB2 client breaks the crediting rules. 
Just drop the connection, not SMB_ASSERT.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Sep 22 19:41:31 CEST 2011 on sn-devel-104
 2011-09-22 19:41:31 +02:00
Jeremy Allison
893497ee16 Fix bug #8458] - IE9 on Windows 7 cannot download files to samba 3.5.11 share 
Handle the SECINFO_LABEL flag in the same was as Win2k3.
 2011-09-21 13:34:50 -07:00
Jeremy Allison
e68ebe600d Fix bug #8473 - smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans. 
Use lp_smb2_max_trans() instead of 0x10000.
 2011-09-21 11:30:06 -07:00
Michael Adam
39dcf4bf02 s3:smb2-server: session setup replies should always be signed (except for guest sessions) 
not only if the session should be signed

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Sep 21 11:00:09 CEST 2011 on sn-devel-104
 2011-09-21 11:00:09 +02:00
Volker Lendecke
80d643f7e3 s3: Trim a debug to 80 chars 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Sep 18 01:15:02 CEST 2011 on sn-devel-104
 2011-09-18 01:15:02 +02:00
Volker Lendecke
b5ff6d86e7 s3: Fix a cut&paste error 2011-09-17 23:44:16 +02:00
Stefan Metzmacher
f8c26c16b8 s3:smbd: SMB ReadX with size > 0xffff should only possible for samba clients. 
Windows 2008 R2 (and others) ignore the high bits for the read size.

Unless we're using the unix extentions and the client
uses CIFS_UNIX_LARGE_READ_CAP, we should also ignore
the high bits.

But we still need to support old "smbclient" binaries
and have to check if the client is "Samba".

metze

Signed-off-by: Jeremy Allison <jra@samba.org>
 2011-09-14 12:37:02 -07:00
Stefan Metzmacher
555c626af8 s3:smbd: remember the client unix capabilities on the connection 
metze

Signed-off-by: Jeremy Allison <jra@samba.org>
 2011-09-14 12:37:02 -07:00
Stefan Metzmacher
563fa741f6 s3:smb2_server: SMB2_OP_GETINFO doesn't require at least 1 dyn byte 
metze
 2011-09-14 15:53:36 +02:00
Stefan Metzmacher
abb24bf8e8 s3:smbd: make use of better SMB signing negotiation 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Sep 14 09:41:02 CEST 2011 on sn-devel-104
 2011-09-14 09:41:02 +02:00
Stefan Metzmacher
0a6d0f8eda s3:smb_signing: add support for easier negotiation of SMB signing 
We don't make use of it yet, but it will follow.

metze
 2011-09-14 08:09:15 +02:00
Stefan Metzmacher
f205e4cada s3:smbd: echo FLAGS2_SMB_SECURITY_SIGNATURES* and the signature field in the reply 
This matches what windows is doing.

metze
 2011-09-14 08:09:15 +02:00
Volker Lendecke
6344482f00 s3: Remove a reference to smbd_server_conn 2011-09-13 11:00:13 +02:00
Volker Lendecke
3e8a8d08e3 s3: Remove a reference to smbd_server_conn 2011-09-13 11:00:13 +02:00
Volker Lendecke
d911bd5c69 s3: Remove a reference to smbd_server_conn 2011-09-13 11:00:13 +02:00
Volker Lendecke
d08885b0c4 s3: Remove a reference to smbd_server_conn 2011-09-13 11:00:12 +02:00
Volker Lendecke
2b32918117 s3: Remove a reference to smbd_server_conn 2011-09-13 11:00:12 +02:00
Volker Lendecke
f6fa51ddf7 s3: Fix some nonempty blank lines 2011-09-13 11:00:12 +02:00
Stefan Metzmacher
258ffddf1c libcli/smb: s/FLAGS2_UNKNOWN_BIT4/FLAGS2_SMB_SECURITY_SIGNATURES_REQUIRED 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sat Sep 10 00:34:50 CEST 2011 on sn-devel-104
 2011-09-10 00:34:50 +02:00
Jeremy Allison
e30b8c72de Second part of fix for bug #8443 - Default user entry is set to minimal permissions on incoming ACL change with no user specified. 
Be smarter about setting default permissions when a ACL_USER_OBJ isn't given. Use the principle of least surprises for the user.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Sep  9 00:26:08 CEST 2011 on sn-devel-104
 2011-09-09 00:26:08 +02:00
Jeremy Allison
793bd527fd First part of fix for bug #8443 - Default user entry is set to minimal permissions on incoming ACL change with no user specified. 
create_default_mode() is not needed - it's taken care of by code
inside ensure_canon_entry_valid().
 2011-09-08 13:54:04 -07:00
Jeremy Allison
de710cee37 Revert "Part 4 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)" 
This belongs as part of the bugfix for bug #8443 - Default user entry is set to minimal permissions on incoming ACL change with no user specified.

Not as part of #7509.

This reverts commit 2a1453e231.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Sep  8 08:50:12 CEST 2011 on sn-devel-104
 2011-09-08 08:50:12 +02:00
Stefan Metzmacher
9bc4decc1c s3:smb2_server: return OBJECT_NAME_INVALID if the path is terminated in SMB2_FIND/QUERY_DIRECTORY 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Sep  7 12:15:51 CEST 2011 on sn-devel-104
 2011-09-07 12:15:51 +02:00
Stefan Metzmacher
1bc93c2605 s3:smb2_server: return OBJECT_NAME_INVALID if the path is terminated in SMB2_CREATE 
metze
 2011-09-07 10:38:08 +02:00
Stefan Metzmacher
68b33aa61a s3:smb2_server: return BAD_NETWORK_NAME if the path is terminated in SMB2_TCON 
metze
 2011-09-07 10:38:08 +02:00
Stefan Metzmacher
1a726b88ec s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_write.c 
metze
 2011-09-07 10:38:08 +02:00
Stefan Metzmacher
3643a05ba6 s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_setinfo.c 
metze
 2011-09-07 10:38:07 +02:00
Stefan Metzmacher
f3a8d65bdf s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_read.c 
metze
 2011-09-07 10:38:07 +02:00
Stefan Metzmacher
c6480366e5 s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_notify.c 
metze
 2011-09-07 10:38:07 +02:00
Stefan Metzmacher
a358eee2d8 s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_lock.c 
metze
 2011-09-07 10:38:06 +02:00
Stefan Metzmacher
22d479f757 s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_keepalive.c 
metze
 2011-09-07 10:38:06 +02:00
Stefan Metzmacher
29b3601c02 s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_ioctl.c 
metze
 2011-09-07 10:38:06 +02:00
Stefan Metzmacher
880eafd7e8 s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_getinfo.c 
metze
 2011-09-07 10:38:05 +02:00
Stefan Metzmacher
440f702aa9 s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_flush.c 
metze
 2011-09-07 10:38:05 +02:00
Stefan Metzmacher
bc95ab99dc s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_find.c 
metze
 2011-09-07 10:38:05 +02:00
Stefan Metzmacher
251815bfd3 s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_create.c 
metze
 2011-09-07 10:38:04 +02:00
Stefan Metzmacher
e09b3940a7 s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_close.c 
metze
 2011-09-07 10:38:04 +02:00
Stefan Metzmacher
9da2f72d47 s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_break.c 
metze
 2011-09-07 10:38:04 +02:00
Stefan Metzmacher
02f7c37e67 s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_tcon.c 
metze
 2011-09-07 10:38:03 +02:00
Stefan Metzmacher
d280d9f945 s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_sesssetup.c 
metze
 2011-09-07 10:38:03 +02:00
Stefan Metzmacher
7ec3a35d2a s3:smb2_server: use smbd_smb2_request_verify_sizes() in smb2_negprot.c 
metze
 2011-09-07 10:38:03 +02:00
Stefan Metzmacher
6985a1378b s3:smb2_server: add smbd_smb2_request_verify_sizes() 
metze
 2011-09-07 10:38:02 +02:00
Jeremy Allison
9646d802b7 Revert "Part 5 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)" 
This reverts commit 17f6e02723.

Using the existing default permissions for group access is incorrect
when no such permissions are given in the incoming ACL.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Sep  7 03:50:21 CEST 2011 on sn-devel-104
 2011-09-07 03:50:21 +02:00
Stefan Metzmacher
436cda0cbd s3:smb2_server: make use of SMB2_WRITEFLAG_WRITE_THROUGH 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Sep  6 16:59:50 CEST 2011 on sn-devel-104
 2011-09-06 16:59:49 +02:00
Stefan Metzmacher
012c9d06a9 s3:smb2_server: add basic support for SMB 2.1 
This adds support for the 2 stage negprot, from SMB 1 to SMB 2.1.

Support for this of for now and "max protocol = SMB2" still maps
to "max protocol = SMB2_02" PROTOCOL_SMB2_02.

In order to activate smb2.1, you need to use "max protocol = SMB2_10".

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Sep  5 19:30:58 CEST 2011 on sn-devel-104
 2011-09-05 19:30:58 +02:00
Stefan Metzmacher
1c8e8c7e7b s3:smb2_server: return NOT_SUPPORTED if we don't find a common dialect with the client 
metze
 2011-09-05 18:01:07 +02:00
Stefan Metzmacher
e603929b98 s3:smb2_server: max_trans, max_read and max_write are limited to 64 kilobytes 
Only if SMB2_CAP_LARGE_MTU is supported we should announce larger limits.

metze
 2011-09-05 18:01:07 +02:00
Andreas Schneider
3e8c665465 s3-smbd: Rename reload_printers() and add documentation. 
Autobuild-User: Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date: Mon Sep  5 17:59:47 CEST 2011 on sn-devel-104
 2011-09-05 17:59:47 +02:00
Volker Lendecke
303962e370 s3: Fix smbcontrol smbd idmap kill S-1-5-21-... 
The calls to sid_to_gid and sid_to_uid create id mapping entries themselves,
which makes it pretty difficult to reliably delete id mapping entries
everywhere just using a SID.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Sep  5 16:30:41 CEST 2011 on sn-devel-104
 2011-09-05 16:30:41 +02:00
Volker Lendecke
76ba67862f s3: Reformat msg_idmap.c to match Samba coding 2011-09-05 14:58:46 +02:00
Stefan Metzmacher
491c975dfe s3:smbd: make use of PROTOCOL_SMB2_02 
metze
 2011-09-05 13:25:00 +02:00
Stefan Metzmacher
0ed0a66956 libcli/smb: move smb2_signing.c to the toplevel 
metze
 2011-09-05 13:17:32 +02:00
Jeremy Allison
17f6e02723 Part 5 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument) 
Be smarter about setting default permissions when a ACL_GROUP_OBJ isn't given. Use the
principle of least surprises for the user.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Sep  3 00:16:05 CEST 2011 on sn-devel-104
 2011-09-03 00:16:05 +02:00
Jeremy Allison
2a1453e231 Part 4 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument) 
Be smarter about setting default permissions when a ACL_USER_OBJ isn't given. Use the
principle of least surprises for the user.
 2011-09-02 13:36:10 -07:00
Jeremy Allison
c528fc5cac Part 3 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument) 
Don't call check_owning_objs() to convert ACL_USER->ACL_USER_OBJ and
AC_GROUP->ACL_GROUP_OBJ for default (directory) ACLs, we do this separately
inside ensure_canon_entry_valid().
 2011-09-02 12:22:34 -07:00
Jeremy Allison
a5038ace24 Part 2 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument) 
Only map CREATOR_OWNER/CREATOR_GROUP to ACL_USER_OBJ/ACL_GROUP_OBJ in
a default(directory) ACL set.
 2011-09-02 11:58:56 -07:00
Jeremy Allison
2b935b49f3 Part 1 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument) 
Remove the code I added for bug "6878 - Cannot change ACL's inherit flag". It is incorrect
and causes the POSIX ACL ACL_USER_OBJ duplication.
 2011-09-02 11:21:08 -07:00
Jeremy Allison
786fe9fab2 Fix bug 8429 - Compound SMB2 requests on an IPC connection can corrupt the reply stream. 
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Aug 31 21:18:11 CEST 2011 on sn-devel-104
 2011-08-31 21:18:11 +02:00
Jeremy Allison
726b4685aa Based on metze's fix for Bug 8407 - SMB2 server can return requests out-of-order when processing a compound request. (cherry picked from commit 19db1c98c6ba3cb5e883e16e865c44900ce17444) 2011-08-31 19:49:31 +02:00
Stefan Metzmacher
0d450d166b s3:smb2_server: keep compound_related on struct smbd_smb2_request 
metze
(cherry picked from commit cda93f04eb4e7e975b192a5fd33275ec638140ac)
 2011-08-31 19:49:31 +02:00
Volker Lendecke
781074664d s3: Fix bug 8334, do not fork the echo handler for smb2 
If a smb1 negprot negotiated smb2 we forked the echo responder. This will
eventually lead to a panic from

[2011/08/30 10:33:29.212578,  0, pid=3846917] smbd/smb2_server.c:243(smbd_smb2_request_create)
  Invalid SMB packet: first request: 0x0009

because from the echo responder we always read using the normal smb1 protocol
handling routine. If that is a bit down the smb2 stream, we get a non-negprot
packet and panic.

BTW, the echo responder is not required for smb2 anyway, Microsoft confirmed
that it probes the server liveness using TCP keepalives and not smb2 echo
requests.

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Aug 31 17:58:48 CEST 2011 on sn-devel-104
 2011-08-31 17:58:48 +02:00
Christian Ambach
b58e7bb88e s3:smb2 fix Bug 8428 - wrong reply to DHnC (durable handle reconnect) 
According to [MS-SMB2] 3.3.5.9.7
(http://msdn.microsoft.com/en-us/library/cc246784%28v=PROT.13%29.aspx),
smbd must reply with NT_STATUS_OBJECT_NAME_NOT_FOUND as it does not
support durable file-handles yet.

I have seen w2k8r2 running xcopy /C ending up in an endless loop
trying to get back the original file handle from smbd sending the same
requests over and over.

Metze, Jeremy, please check!

Signed-off-by: Jeremy Allison <jra@samba.org>

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Aug 30 22:20:36 CEST 2011 on sn-devel-104
 2011-08-30 22:20:36 +02:00
Jeremy Allison
dec3b21cd1 Fix bug 8412 - Microsoft Office 2007 (Microsoft Word) fails to save as on a Samba share with SMB2. 2011-08-29 16:47:16 -07:00
Michael Adam
316834cf42 s3:smbd: remove an unused variable in dptr_create() 2011-08-25 23:55:06 +02:00
Volker Lendecke
f533b50105 s3: Pass smbd_server_connection to (unused) server_encryption_shutdown 2011-08-25 21:36:19 +02:00
Volker Lendecke
7e70f85350 s3: Pass smbd_server_connection to srv_encrypt_buffer 2011-08-25 21:36:19 +02:00
Volker Lendecke
d4c4705e55 s3: Pass smbd_server_connection to srv_decrypt_buffer 2011-08-25 21:36:19 +02:00
Volker Lendecke
08262fe964 s3: Pass smbd_server_connection to srv_free_enc_buffer 2011-08-25 21:36:19 +02:00
Volker Lendecke
f9ef138ec7 s3: Pass smbd_server_connection to is_encrypted_packet 2011-08-25 21:36:19 +02:00
Volker Lendecke
b4b9918cc8 s3: Pass sconn to valid_smb_header 2011-08-25 21:36:19 +02:00
Volker Lendecke
4cb6e1284c s3: Explicitly pass smb_srv_trans_enc_ctx to srv_enc_ctx 2011-08-25 21:36:18 +02:00
Andreas Schneider
61ada700a6 s3-id_cache: Use better names for id cache management ops 
The IDMAP term is normally associated with Winbind's idmap stuff.
These functions deal with id caching not id mapping.

Signed-off-by: Simo Sorce <idra@samba.org>
 2011-08-21 09:08:25 -04:00
Andreas Schneider
177db0a880 s3-id_cache: Move id caches mgmt out of smbd 
We must leave the MSG_IDMAP_KILL operation in SMBD as it uses smbd
specific internal globals and makes sense only in the context of a smbd
daemon.
The rest is moved under lib/ as we need to deal with id cache cleanups
in other daemons too (like lsasd).

Signed-off-by: Simo Sorce <idra@samba.org>
 2011-08-21 09:08:25 -04:00
Simo Sorce
23e7e1c158 s3-rpc_server: Replace RPC_SERVICE_MODE_DAEMON checks 
Use rpc_daemon_type() macros where appropriate instead.

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
 2011-08-21 09:05:03 -04:00
Andreas Schneider
7b715f15b1 s3-smbd: Start lsasd as deamon. 
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
 2011-08-21 09:05:02 -04:00
Jeremy Allison
a6d06c0697 Fix bug #8370 - vfs_chown_fsp broken -- returns in the wrong directory 
Ensure we always use vfs_ChDir() to keep the singleton cache coherent.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Aug 19 00:43:05 CEST 2011 on sn-devel-104
 2011-08-19 00:43:04 +02:00
Volker Lendecke
1022c28e15 s3: Fix bug 8360 
OS/2 sends an unexpected write&x/read&x chain

Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Aug 14 08:48:58 CEST 2011 on sn-devel-104
 2011-08-14 08:48:58 +02:00
Andrew Bartlett
daa78ead19 s3-smbd Avoid races creating 'ncaclrpc dir' with epmd in a child process 2011-08-13 20:18:41 +10:00
Stefan Metzmacher
42cde0480b s3:smb2_server: make sure we prefer responses over requests on the client socket 
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Fri Aug 12 16:46:43 CEST 2011 on sn-devel-104
 2011-08-12 16:46:43 +02:00
Volker Lendecke
38fb4df694 s3: Adapt msg_idmap.c to Samba coding conventions 2011-08-10 19:56:09 +02:00
Volker Lendecke
223fbc9c62 s3: Fix some nonempty blank lines 2011-08-10 19:56:09 +02:00
Simo Sorce
c3cfa6be47 s3-printing: Do not try to force reload. 
Be more correct in load printers at startup.
If async process have already started we do not need to force a reload, but we
just need to load the printers. If other process have not finished initializing
it makes no sense to try to force them as they are masking SIGHUP unitl init is
done anyway.

Signed-off-by: Andreas Schneider <asn@samba.org>
 2011-08-10 18:14:06 +02:00
Simo Sorce
0de09289ae s3-printing: Force pcap reload when all ready 
This way we are sure the cache is primed properly and messages can be sent to
processes if necessary as all messaging has been set up.

Signed-off-by: Andreas Schneider <asn@samba.org>
 2011-08-10 18:14:05 +02:00
Simo Sorce
d36a8dc896 s3:spoolssd Start spoolssd from printing_subsystem_init 
Use a child for the background updater process
Forward printer update messages from spoolss to background update process.

Signed-off-by: Andreas Schneider <asn@samba.org>
 2011-08-10 18:14:04 +02:00
Simo Sorce
9ce6416673 s3-printing: Rework how the background process is started 
Signed-off-by: Andreas Schneider <asn@samba.org>
 2011-08-10 18:14:04 +02:00
Simo Sorce
05455b459a lib-util: Make useful function a common utility. 
Signed-off-by: Andreas Schneider <asn@samba.org>
 2011-08-10 18:14:02 +02:00
Andreas Schneider
dd3a927959 s3-smbd: Pass tevent context to smbd_server_connection_loop_once(). 
Signed-off-by: Simo Sorce <idra@samba.org>
 2011-08-09 10:41:47 +02:00
Stefan Metzmacher
47bffb9b92 s3:smb2_server: make sure we grant credits on async read/write operations (bug #8357) 
Currently we skip, the "gone async" interim response on read and write,
this caused the aio code path to grant 0 credits to the client
in the read/write responses.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Aug  7 22:23:57 CEST 2011 on sn-devel-104
 2011-08-07 22:23:57 +02:00
Volker Lendecke
dfa8a5fca5 s3: Make srv_enc_ctx static 
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Aug  5 18:29:24 CEST 2011 on sn-devel-104
 2011-08-05 18:29:24 +02:00
Volker Lendecke
3b5e7c55d8 s3: Fix a debug message 2011-08-05 17:12:07 +02:00
Volker Lendecke
eb2d3961d8 s3: Fix some nonempty blank lines 2011-08-05 17:12:06 +02:00
Andrew Bartlett
fec25c3a62 ntlmssp: Add ntlmssp_blob_matches_magic() 
This avoids having the same check in 3 different parts of the code

Andrew Bartlett

Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Aug  3 12:45:04 CEST 2011 on sn-devel-104
 2011-08-03 12:45:04 +02:00
Andrew Bartlett
8fca9741fe s3-auth rename auth_ntlmssp_steal_session_info() 
There is no longer any theft of memory as the underlying routines now
produce a new auth_session_info for this caller, allocating it
on the supplied memory context.

Andrew Bartlett
 2011-08-03 18:48:05 +10:00
Andrew Bartlett
b0dd2cde86 s3-smbd Be consistent with %U subs on guest logins 
The NTLMSSP code always specified "" as the username, and this makes
guest logins via the old-style session setup do the same.

Andrew Bartlett
 2011-08-03 18:48:05 +10:00
Andrew Bartlett
d3524f2eae s3-auth use auth_generic_start to get full GENSEC in Samba3 session setup 
This tests if the auth_generic_start() hook is available on the auth
context during the negprot, and if so it uses auth_generic_start() to
hook to GENSEC to handle the full SPNEGO blob.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2011-08-03 18:48:04 +10:00
Andrew Bartlett
23bbf4e758 s3-smbd clarify behaviour by not passing an OID that will not be used 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2011-08-03 18:48:04 +10:00
Andrew Bartlett
36112a442f s3-smbd Ensure we do not read past the end of a possible NTLMSSP blob 
Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2011-08-03 18:48:04 +10:00
Andrew Bartlett
9a45bf3952 s3-auth set session_info->sanitized_username in create_local_token() 
Rather than passing this value around the callers, and eventually
setting it in register_existing_vuid(), we simply pass it to
create_local_token().  This also removes the need for
auth_ntlmssp_get_username().

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2011-08-03 18:48:04 +10:00
Andrew Bartlett
8b983d2326 s3-ntlmssp Split auth_ntlmssp_start into two functions 
This helps map on to the GENSEC semantics better, and ensures that the
full set of desired features are set before the mechanism starts.

Andrew Bartlett

Signed-off-by: Andrew Tridgell <tridge@samba.org>
 2011-08-03 18:48:04 +10:00