Jeremy Allison
da992be64f
Fix bug 8636 - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field.
...
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 30 04:59:07 CET 2011 on sn-devel-104
2011-11-30 04:59:07 +01:00
Jeremy Allison
6bf97ea3bc
Fix bug 8631 - POSIX ACE x permission becomes rx following mapping to and from a DACL
...
Reported by David Disseldorp. Fix based on a patch by David.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Nov 29 22:32:27 CET 2011 on sn-devel-104
2011-11-29 22:32:27 +01:00
Christian Ambach
717a27ba22
s3:smb2 report access_based_dir_enum in tcon reply
...
let the client know when hide unreadable or hide unwriteable files
is set for a share
2011-11-24 17:26:02 +01:00
Christian Ambach
faf8b9bba0
s3:smb2 do not set allow_namespace_caching flag for a share
...
this matches Win7/2002R2 behavior and clients also must ignore
this flag when set (MS-SMB 2.2.10), so we should not set it at all
2011-11-24 17:25:58 +01:00
Jeremy Allison
de3ab9bd05
Move setting the inherited ACL into the main open code path. Next will
...
remove it from the ACL modules.
2011-11-22 12:33:27 -08:00
Jeremy Allison
6795432f27
Move the "set SD" code into provided SD and "inherit acls" branches.
2011-11-22 11:53:51 -08:00
Jeremy Allison
7b275c551b
Only add the SD if it's not a new stream file.
2011-11-22 10:37:56 -08:00
Jeremy Allison
12514bf008
Move the add security descriptor code to *after* all the other meta-data is
...
updated. We may be adding an SD that restricts our own access.
2011-11-22 10:28:52 -08:00
Stefan Metzmacher
005798fa0b
s3:smb2_negprot: add support for SMB2_22
...
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Nov 20 16:46:45 CET 2011 on sn-devel-104
2011-11-20 16:46:45 +01:00
Stefan Metzmacher
af1a2eecce
s3:smbd: calculate the negprot signing flags from the signing_state
...
We should map from lp_server_signing() just once in srv_init_signing().
metze
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Nov 16 18:59:49 CET 2011 on sn-devel-104
2011-11-16 18:59:49 +01:00
Jeremy Allison
05e841c82c
Final part of patchset to fix bug #8556 - ACL permissions ignored when SMBsetatr is requested.
...
This now plumbs access checks through all setattr calls.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 16 04:20:04 CET 2011 on sn-devel-104
2011-11-16 04:20:04 +01:00
Jeremy Allison
865bc0c0ac
Remove the check for FILE_WRITE_ATTRIBUTES from smb_set_file_time(). It
...
is called from places like fileio.c that need to update the write time
on a file handle only open for write, without neccessarily having
FILE_WRITE_ATTRIBUTES permission. Move all checks to before the
smb_set_file_time() callers.
2011-11-15 17:41:48 -08:00
Jeremy Allison
86c1609219
Always set the attribute first, before the time.
2011-11-15 17:01:58 -08:00
Jeremy Allison
edaa7479ed
Move handle-based access check into handle codepath.
2011-11-15 17:01:58 -08:00
Jeremy Allison
c6a62f60a2
We've already checked fsp must be non-null here.
2011-11-15 17:01:58 -08:00
Jeremy Allison
93000c98ad
Remove unneeded access check. This is done inside smb_set_file_time().
2011-11-15 17:01:58 -08:00
Jeremy Allison
f5cda7160c
Remove unneeded access check. This is done inside smb_set_file_size().
2011-11-15 17:01:58 -08:00
Jeremy Allison
c27551b163
Move handle based access check into handle code path.
2011-11-15 17:01:58 -08:00
Jeremy Allison
65566dfa86
Ensure we correctly calculate reply credits over all returned
...
SMB2 replies, and do as Windows does and return the total in the
last SMB2 reply. Fixes an issue found by Christian M Ambach <christian.ambach@de.ibm.com>
(and thanks to Christian for the initial patch this was based on).
2011-11-15 22:44:25 +01:00
Jeremy Allison
c4763385a8
Remove unneeded NULL check.
2011-11-15 22:44:25 +01:00
Stefan Metzmacher
31cd1fbd2b
s3:smbd/aio: handle_aio_completed() should do nothing if aio_ex->fsp is NULL
...
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Nov 15 18:47:55 CET 2011 on sn-devel-104
2011-11-15 18:47:55 +01:00
Stefan Metzmacher
21eb1450cc
s3:smbd/aio: pass ECANCELED to the smb2 aio handlers
...
metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
483b79cfc4
s3:smb2_read: make it possible to cancel aio reads
...
metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
3fbf32213a
s3:smb2_write: make it possible to cancel aio writes
...
metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
2802be75e3
s3:smbd/aio: add cancel_smb2_aio()
...
metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
0cd67698ca
s3:smb2_ioctl: STATUS_PENDING is defered by 1 millisecond for SMB2_IOCTL
...
metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
05246ae623
s3:smb2_create: defer STATUS_PENDING for 2 seconds as before
...
metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
88dd90d928
s3:smb2_server: pass explicit defer_times to smbd_smb2_request_pending_queue()
...
metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
693cb77b2f
s3:smb2_server: always send STATUS_PENDING responses, but delayed by 0.5 milliseconds
...
In future we'll pass the delay from the caller.
metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
72cabbbe50
s3:smb2_flush: outbody only needs 4 bytes
...
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Nov 14 10:01:30 CET 2011 on sn-devel-104
2011-11-14 10:01:30 +01:00
Volker Lendecke
5e0258fc93
s3: Avoid a race with the async echo handler
...
We can not read from the echo handler socket when we have the main socket
locked. This leads to the echo responder to lock up sitting in the fcntl lock
while the parent wants to read the remainder of a large packet.
2011-11-10 17:18:53 +01:00
Stefan Metzmacher
22ddbb5053
s3:smbd: don't limit the number of open dptrs for smb2 (bug #8592 )
...
This fixes a crash bug that is triggered, when a client has more than
256 directory handles with searches.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Nov 10 14:08:14 CET 2011 on sn-devel-104
2011-11-10 14:08:13 +01:00
Stefan Metzmacher
39bb5a6297
s3:smbd: fully construct the dptr before allocating a dnum in the bitmap
...
metze
2011-11-10 12:31:01 +01:00
Stefan Metzmacher
7644547a55
s3:smbd: avoid string_set() in dir.c
...
And do some more error checks.
metze
2011-11-10 12:30:52 +01:00
Stefan Metzmacher
ffbd1ed279
s3:smb2_server: grant credits in async interim responses (bug #8357 )
...
The first fix for bug #8357 intruduced a regression, so that we no
longer grant credits for real async interim responses with
STATUS_PENDING.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov 9 11:56:29 CET 2011 on sn-devel-104
2011-11-09 11:56:29 +01:00
Jeremy Allison
60b7dae3fa
Add the SEC_DIR_LIST check to dptr_create().
...
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Nov 7 21:11:03 CET 2011 on sn-devel-104
2011-11-07 21:11:03 +01:00
Jeremy Allison
2898485848
Move the SEC_DIR_LIST check into dptr_create for SMB2 and now for SMB1.
...
The pathname check still needs fixing.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Nov 5 01:38:00 CET 2011 on sn-devel-104
2011-11-05 01:38:00 +01:00
Jeremy Allison
7ff5a5584f
can_write_to_file() does now take share permissions into account. Fix comment.
2011-11-04 16:01:16 -07:00
Jeremy Allison
bbcb589ef5
No longer do the pre-check on DELETE_ACCESS - we're correctly checking the ACL every time now.
2011-11-04 15:56:15 -07:00
Jeremy Allison
b988a3233f
Remove can_access_file_acl(). We no longer need this duplicate code (hurrah!).
2011-11-04 15:55:11 -07:00
Jeremy Allison
60b741415d
Remove can_access_file_data() - make it use the standard smbd_check_access_rights() instead.
2011-11-04 15:45:13 -07:00
Jeremy Allison
4851219333
Add const to the smb_filename argument of smbd_check_access_rights().
2011-11-04 15:39:55 -07:00
Jeremy Allison
a30f84a21c
Expose smbd_check_access_rights() to other modules.
2011-11-04 14:37:26 -07:00
Jeremy Allison
32edc1d047
Rename smbd_check_open_rights() to smbd_check_access_rights() as we're going to remove the static from this.
2011-11-04 14:28:08 -07:00
Jeremy Allison
0c886eeb89
Replace smb1_file_se_access_check() with just se_access_check().
2011-11-04 14:21:35 -07:00
Jeremy Allison
55b9ba79f8
Move root check out of smb1_file_se_access_check() in preparation for deleting this function.
2011-11-04 14:16:51 -07:00
Jeremy Allison
07edf6c65e
smb1_file_se_access_check() is now static to smbd/open.c
2011-11-04 14:16:37 -07:00
Jeremy Allison
1fab17de94
Revert "Change function signature of check_parent_access() to take char * instead of struct smb_filename."
...
This reverts commit a11c0a41a35aa2b1c14333552045a65e3e50df1e.
Not needed.
2011-11-04 14:15:47 -07:00
Jeremy Allison
d433af92b9
Revert "Call check_parent_access() on readdir."
...
This reverts commit a763edaf9c76afe2546c035fc090370301dd347b.
Checking the wrong thing..
2011-11-04 14:15:43 -07:00
Christian Ambach
b99becd4fa
s3:smbd increase a debug level
...
logging disconnected clients with level 1 swamps the logs
2011-11-04 17:39:43 +01:00