IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This structure added no value, particularly after the move to gensec.
It was added at a time when auth_ntlmssp_state was not available in
the client. This changed a while back (the wrapper was extended with
client calls), and the move to gensec again reinforced that we do not
need the extra complexity.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This adds support for the 2 stage negprot, from SMB 1 to SMB 2.1.
Support for this of for now and "max protocol = SMB2" still maps
to "max protocol = SMB2_02" PROTOCOL_SMB2_02.
In order to activate smb2.1, you need to use "max protocol = SMB2_10".
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Sep 5 19:30:58 CEST 2011 on sn-devel-104
This tests if the auth_generic_start() hook is available on the auth
context during the negprot, and if so it uses auth_generic_start() to
hook to GENSEC to handle the full SPNEGO blob.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This patch finally has the same structure being used to describe the
authorization data of a user across the whole codebase.
This will allow of our session handling to be accomplished with common code.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This seperation between the structure used inside the auth modules and
in the wider codebase allows for a gradual migration from struct
auth_serversupplied_info -> struct auth_session_info (from auth.idl)
The idea here is that we keep a clear seperation between the structure
before and after the local groups, local user lookup and the session
key modifications have been processed, as the lack of this seperation
has caused issues in the past.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Move the num_requests field out of the smb1 struct into the generic
struct smbd_server_connection struct. Use it to count SMB2 requests
as well as SMB1 and ensure that check_log_size() is called every 50
SMB2 requests.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jul 8 01:14:53 CEST 2011 on sn-devel-104
section until we decide if we want to idle SMB2 directory handles.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Mar 18 01:13:53 CET 2011 on sn-devel-104
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Since commit 7022554, smbds share a printcap cache (printer_list.tdb),
therefore ordering of events between smbd processes is important when
updating printcap cache information. Consider the following two process
example:
1) smbd1 receives HUP or printcap cache time expiry
2) smbd1 checks whether pcap needs refresh, it does
3) smbd1 marks pcap as refreshed
4) smbd1 forks child1 to obtain cups printer info
5) smbd2 receives HUP or printcap cache time expiry
6) smbd2 checks whether pcap needs refresh, it does not (due to step 3)
7) smbd2 reloads printer shares prior to child1 completion (stale pcap)
8) child1 completion, pcap cache (printer_list.tdb) is updated by smbd1
9) smbd1 reloads printer shares based on new pcap information
In this case both smbd1 and smbd2 are reliant on the pcap update
performed on child1 completion.
The prior commit "reload shares after pcap cache fill" ensures that
smbd1 only reloads printer shares following pcap update, however smbd2
continues to present shares based on stale pcap data.
This commit addresses the above problem by driving pcap cache and
printer share updates from the parent smbd process.
1) smbd0 (parent) receives a HUP or printcap cache time expiry
2) smbd0 forks child0 to obtain cups printer info
3) child0 completion, pcap cache (printer_list.tdb) is updated by smbd0
4) smbd0 reloads printer shares
5) smbd0 notifies child smbds of pcap update via message_send_all()
6) child smbds read fresh pcap data and reload printer shares
This architecture has the additional advantage that only a single
process (the parent smbd) requests printer information from the printcap
backend.
Use time_mono in housekeeping functions As suggested by Björn Jacke.
The all UPPER case typedef is no longer the preferred Samba style
and this makes it easier to see that this is the IDL-derivied structure
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This breaks the perfcol_onefs() build.
Tim, Steve, this use of smbd_server_fd is replacable by calls into
substitute.c. I don't have a onefs environment around to build a fix, so I've
decided to insert an #error, making it not compile. The fix should be pretty
obvious, you can get the socket data via "%I" and "%i" substitutions.
This moves those arrays from dynamic to static, shared memory, removing them
from globals.c.
I did it by dumping the result of init_tables() with dump_data(). Some massage
by an editor macro made it the initializer.
into negprot_spnego() where it belongs (it's not an SPNEGO operation).
Add a TALLOC_CTX for callers of negprot_spnego(). Closer to unifying all
the gen_negTokenXXX calls.
Jeremy.
Volker pointed out I'd missed the "last directory" cache
part of this code. Return us to caching the directory we're
in (reduces sys call load).
Mea maxima culpa.
Jeremy.
This reverts commit 2f30aea332.
It would be obvious to initialize this in smbd_init_globals(), but there the
messaging_context can't be initialized yet because we don't have smb.conf
loaded yet.
The my_yp_domain variable is just a static cache needed to avoid
making over and over expensive and potentially blocking calls to
yp_get_default_domain().
Instead of keeping this onto the smbd_server_connection struct, just
keep it local to the only function ever using this variable.
This disentagle this function (and a number of calling functions)
from having to pass around smbd_server_connection and thus having
to link against smbd. It also removes a few ifdefs.
Nothing changes from a global/local pov, as the smbd_server_connection
variable passed around is also a global one.
Signed-off-by: Andreas Schneider <asn@samba.org>
typedefs are no longer preferred Samba style.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
It turns out that the persistent handles are used by the Microsoft
redirector to index files on oplock break requests. So even if we
don't do durable handles (yet) we must set the persistent handle
on create. For now just use the same handle value as we use for
volatile.
Jeremy.
Metze, you'll probably be happier with this work as it
doesn't abuse tevent in the way you dislike. This is a
first cut at the code, which will need lots of testing
but I'm hoping this will give people an idea of where I'm
going with this.
Jeremy.
Makes SMB2Create call re-entrant internally.
Now this infrastructure is in place, oplocks will follow shortly.
Tested with Win7 client and with W2K8R2.
Jeremy.
Gets us handling SMB2 compound async requests similar to W2K8R2
(and triggers the same client bug in the Win7 redirector). Great
thanks to Ira Cooper <samba@ira.wakeful.net> for helping with
this and to Metze for the wonderful async framework. The one
thing I need to fix to make us identical to W2K8R2 is that
when a compound request goes async at the end W2K8R2 splits
the replies up into a compound non-async reply followed by
a separate async reply. Currently we're doing the whole thing
in a compound reply.
Jeremy.
Rename functions to be internally consistent. Next step is
to cope queueing single (non-compounded) SMB2 requests to
put some code inside the stubs.
Jeremy.
Allocate a uint16_t internal SMB1 mid for an SMB2 request.
Add a back pointer from the faked up smb_request struct
to the smb2 request.
Getting ready to add restart code for blocking locks,
share mode violations and oplocks in SMB2.
Jeremy.
Remove the bool ms_dfs_link parameter from smbd_do_qfilepathinfo.
It is not possible for this to be a DFS link. Remove the check_msdfs_link()
call from call_trans2qfilepathinfo() - the call to filename_convert()
above with a ucf_flags of zero *MUST* catch a DFS link and return
NT_STATUS_PATH_NOT_COVERED in this case, so the code below checking
for msdfs links is redundent. Don't add this to 3.5.x, as it's an
optimization but not needed to fix bug #7339 - MSDFS is non-functional in 3.5.x.
Jeremy.
This can we used by SMB2, the key difference between
SMB1 and SMB2 is that with SMB2 entries are aligned
to 8 bytes and there's no padding at the end of the last entry.
metze
in smbd_do_qfilepathinfo(). update_stat_ex_mtime() modifies the
stat struct inside the smb_fname so don't make a copy of that
stat struct, use it directly - it's meant to be updated and
represent the state of the file we're returning.
Jeremy.
We use a fd event and receive incoming smb requests
when the fd becomes readable. It's not completely
nonblocking yet, but it should behave like the old code.
We use timed events to trigger retries for deferred open calls.
metze
