1
0
mirror of https://github.com/samba-team/samba.git synced 2025-03-15 02:50:27 +03:00

6369 Commits

Author SHA1 Message Date
Jeremy Allison
da992be64f Fix bug 8636 - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 30 04:59:07 CET 2011 on sn-devel-104
2011-11-30 04:59:07 +01:00
Jeremy Allison
6bf97ea3bc Fix bug 8631 - POSIX ACE x permission becomes rx following mapping to and from a DACL
Reported by David Disseldorp. Fix based on a patch by David.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Nov 29 22:32:27 CET 2011 on sn-devel-104
2011-11-29 22:32:27 +01:00
Christian Ambach
717a27ba22 s3:smb2 report access_based_dir_enum in tcon reply
let the client know when hide unreadable or hide unwriteable files
is set for a share
2011-11-24 17:26:02 +01:00
Christian Ambach
faf8b9bba0 s3:smb2 do not set allow_namespace_caching flag for a share
this matches Win7/2002R2 behavior and clients also must ignore
this flag when set (MS-SMB 2.2.10), so we should not set it at all
2011-11-24 17:25:58 +01:00
Jeremy Allison
de3ab9bd05 Move setting the inherited ACL into the main open code path. Next will
remove it from the ACL modules.
2011-11-22 12:33:27 -08:00
Jeremy Allison
6795432f27 Move the "set SD" code into provided SD and "inherit acls" branches. 2011-11-22 11:53:51 -08:00
Jeremy Allison
7b275c551b Only add the SD if it's not a new stream file. 2011-11-22 10:37:56 -08:00
Jeremy Allison
12514bf008 Move the add security descriptor code to *after* all the other meta-data is
updated. We may be adding an SD that restricts our own access.
2011-11-22 10:28:52 -08:00
Stefan Metzmacher
005798fa0b s3:smb2_negprot: add support for SMB2_22
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Nov 20 16:46:45 CET 2011 on sn-devel-104
2011-11-20 16:46:45 +01:00
Stefan Metzmacher
af1a2eecce s3:smbd: calculate the negprot signing flags from the signing_state
We should map from lp_server_signing() just once in srv_init_signing().

metze

Signed-off-by: Günther Deschner <gd@samba.org>

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Nov 16 18:59:49 CET 2011 on sn-devel-104
2011-11-16 18:59:49 +01:00
Jeremy Allison
05e841c82c Final part of patchset to fix bug #8556 - ACL permissions ignored when SMBsetatr is requested.
This now plumbs access checks through all setattr calls.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 16 04:20:04 CET 2011 on sn-devel-104
2011-11-16 04:20:04 +01:00
Jeremy Allison
865bc0c0ac Remove the check for FILE_WRITE_ATTRIBUTES from smb_set_file_time(). It
is called from places like fileio.c that need to update the write time
on a file handle only open for write, without neccessarily having
FILE_WRITE_ATTRIBUTES permission. Move all checks to before the
smb_set_file_time() callers.
2011-11-15 17:41:48 -08:00
Jeremy Allison
86c1609219 Always set the attribute first, before the time. 2011-11-15 17:01:58 -08:00
Jeremy Allison
edaa7479ed Move handle-based access check into handle codepath. 2011-11-15 17:01:58 -08:00
Jeremy Allison
c6a62f60a2 We've already checked fsp must be non-null here. 2011-11-15 17:01:58 -08:00
Jeremy Allison
93000c98ad Remove unneeded access check. This is done inside smb_set_file_time(). 2011-11-15 17:01:58 -08:00
Jeremy Allison
f5cda7160c Remove unneeded access check. This is done inside smb_set_file_size(). 2011-11-15 17:01:58 -08:00
Jeremy Allison
c27551b163 Move handle based access check into handle code path. 2011-11-15 17:01:58 -08:00
Jeremy Allison
65566dfa86 Ensure we correctly calculate reply credits over all returned
SMB2 replies, and do as Windows does and return the total in the
last SMB2 reply. Fixes an issue found by Christian M Ambach <christian.ambach@de.ibm.com>
(and thanks to Christian for the initial patch this was based on).
2011-11-15 22:44:25 +01:00
Jeremy Allison
c4763385a8 Remove unneeded NULL check. 2011-11-15 22:44:25 +01:00
Stefan Metzmacher
31cd1fbd2b s3:smbd/aio: handle_aio_completed() should do nothing if aio_ex->fsp is NULL
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Nov 15 18:47:55 CET 2011 on sn-devel-104
2011-11-15 18:47:55 +01:00
Stefan Metzmacher
21eb1450cc s3:smbd/aio: pass ECANCELED to the smb2 aio handlers
metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
483b79cfc4 s3:smb2_read: make it possible to cancel aio reads
metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
3fbf32213a s3:smb2_write: make it possible to cancel aio writes
metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
2802be75e3 s3:smbd/aio: add cancel_smb2_aio()
metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
0cd67698ca s3:smb2_ioctl: STATUS_PENDING is defered by 1 millisecond for SMB2_IOCTL
metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
05246ae623 s3:smb2_create: defer STATUS_PENDING for 2 seconds as before
metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
88dd90d928 s3:smb2_server: pass explicit defer_times to smbd_smb2_request_pending_queue()
metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
693cb77b2f s3:smb2_server: always send STATUS_PENDING responses, but delayed by 0.5 milliseconds
In future we'll pass the delay from the caller.

metze
2011-11-15 17:14:13 +01:00
Stefan Metzmacher
72cabbbe50 s3:smb2_flush: outbody only needs 4 bytes
metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Nov 14 10:01:30 CET 2011 on sn-devel-104
2011-11-14 10:01:30 +01:00
Volker Lendecke
5e0258fc93 s3: Avoid a race with the async echo handler
We can not read from the echo handler socket when we have the main socket
locked. This leads to the echo responder to lock up sitting in the fcntl lock
while the parent wants to read the remainder of a large packet.
2011-11-10 17:18:53 +01:00
Stefan Metzmacher
22ddbb5053 s3:smbd: don't limit the number of open dptrs for smb2 (bug #8592)
This fixes a crash bug that is triggered, when a client has more than
256 directory handles with searches.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Thu Nov 10 14:08:14 CET 2011 on sn-devel-104
2011-11-10 14:08:13 +01:00
Stefan Metzmacher
39bb5a6297 s3:smbd: fully construct the dptr before allocating a dnum in the bitmap
metze
2011-11-10 12:31:01 +01:00
Stefan Metzmacher
7644547a55 s3:smbd: avoid string_set() in dir.c
And do some more error checks.

metze
2011-11-10 12:30:52 +01:00
Stefan Metzmacher
ffbd1ed279 s3:smb2_server: grant credits in async interim responses (bug #8357)
The first fix for bug #8357 intruduced a regression, so that we no
longer grant credits for real async interim responses with
STATUS_PENDING.

metze

Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Nov  9 11:56:29 CET 2011 on sn-devel-104
2011-11-09 11:56:29 +01:00
Jeremy Allison
60b7dae3fa Add the SEC_DIR_LIST check to dptr_create().
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Nov  7 21:11:03 CET 2011 on sn-devel-104
2011-11-07 21:11:03 +01:00
Jeremy Allison
2898485848 Move the SEC_DIR_LIST check into dptr_create for SMB2 and now for SMB1.
The pathname check still needs fixing.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Nov  5 01:38:00 CET 2011 on sn-devel-104
2011-11-05 01:38:00 +01:00
Jeremy Allison
7ff5a5584f can_write_to_file() does now take share permissions into account. Fix comment. 2011-11-04 16:01:16 -07:00
Jeremy Allison
bbcb589ef5 No longer do the pre-check on DELETE_ACCESS - we're correctly checking the ACL every time now. 2011-11-04 15:56:15 -07:00
Jeremy Allison
b988a3233f Remove can_access_file_acl(). We no longer need this duplicate code (hurrah!). 2011-11-04 15:55:11 -07:00
Jeremy Allison
60b741415d Remove can_access_file_data() - make it use the standard smbd_check_access_rights() instead. 2011-11-04 15:45:13 -07:00
Jeremy Allison
4851219333 Add const to the smb_filename argument of smbd_check_access_rights(). 2011-11-04 15:39:55 -07:00
Jeremy Allison
a30f84a21c Expose smbd_check_access_rights() to other modules. 2011-11-04 14:37:26 -07:00
Jeremy Allison
32edc1d047 Rename smbd_check_open_rights() to smbd_check_access_rights() as we're going to remove the static from this. 2011-11-04 14:28:08 -07:00
Jeremy Allison
0c886eeb89 Replace smb1_file_se_access_check() with just se_access_check(). 2011-11-04 14:21:35 -07:00
Jeremy Allison
55b9ba79f8 Move root check out of smb1_file_se_access_check() in preparation for deleting this function. 2011-11-04 14:16:51 -07:00
Jeremy Allison
07edf6c65e smb1_file_se_access_check() is now static to smbd/open.c 2011-11-04 14:16:37 -07:00
Jeremy Allison
1fab17de94 Revert "Change function signature of check_parent_access() to take char * instead of struct smb_filename."
This reverts commit a11c0a41a35aa2b1c14333552045a65e3e50df1e.

Not needed.
2011-11-04 14:15:47 -07:00
Jeremy Allison
d433af92b9 Revert "Call check_parent_access() on readdir."
This reverts commit a763edaf9c76afe2546c035fc090370301dd347b.

Checking the wrong thing..
2011-11-04 14:15:43 -07:00
Christian Ambach
b99becd4fa s3:smbd increase a debug level
logging disconnected clients with level 1 swamps the logs
2011-11-04 17:39:43 +01:00