| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
others. The reason we couldn't delete was we were erroring out early if requestor was not the owner of the file we wanted to delete, instead of checking if the requestor owned the directory as well. If either of these is true, we must go on and check the ACL. Karolin, this is a must for 3.4.0 and also 3.3.next. I'll update the bug report with patches for 3.4.0 and 3.3.next and ask vl to review. Jeremy.
(cherry picked from commit 966a51da8998cfd15875ba047b7f765c84b914dd)
|
|
|
|
|
|
|
|
|
| |
The server side of dnssd has been replaced with native avahi support. The code
is only left in in case some OS/X fan wants to revive it, and the client-side
has not been converted yet.
Fix the build of the server side by removing the #ifdef
(cherry picked from commit 8b8336a115b73eb99cd1f9a8d1286df713ec53c3)
|
|
|
|
| |
(cherry picked from commit f9ea09b61a46136fc55314e2e1cd2e9cfb362802)
|
|
|
|
| |
(cherry picked from commit f586b209b0216150f07bcc998c0d57e0d179b8ee)
|
|
|
|
| |
(cherry picked from commit fda54237e8a4a87086a670499273c1402d1cd02b)
|
|
|
|
| |
(cherry picked from commit 5ed457f984c093642afde854715b3792524e0798)
|
|
|
|
|
| |
This reverts commit 5a5dcd125fe236ddd93a6e56ae361fc84e306185.
(cherry picked from commit 79003837947882c4a62490c0eff7984f7c343807)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
owner (bug#2346)
The problem of bug #2346 remains for users exported by
winbindd, because create_token_from_username() just fakes
the token when the user is not in the local sam domain. This causes
user_in_group_sid() to give totally wrong results.
In uid_entry_in_group() we need to check if we already
have the full unix token in the current_user struct.
If so we should use the current_user unix token,
instead of doing a very complex user_in_group_sid()
which doesn't give reliable results anyway.
metze
(cherry picked from commit b79eff843be392f3065e912edca1434081d93c44)
(cherry picked from commit cb5c72c0a05a78ff1b86eb02cf5ecd3d7d69623d)
|
|
|
|
|
| |
This was commit 3d6f4a7af in master.
(cherry picked from commit c66b3807a356655d1d4e351502cad939f4d1d101)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
underlying problem is that once SMBulogoff is called, all server_info contexts associated with the vuid should become invalid, even if that's the context being currently used by the connection struct (tid). When the SMBtdis comes in it doesn't need a valid vuid value, but the code called inside vfs_full_audit always assumes that there is one (and hence a valid conn->server_info pointer) available.
This is actually a bug inside the vfs_full_audit and other code inside Samba,
which should only indirect conn->server_info on calls which require AS_USER to
be set in our process table. I could fix all these issues, but there's no
guarentee that someone might not add more code that fails this assumption, as
it's a hard assumption to break (it's usually true).
So what I've done is to ensure that on SMBulogoff the previously used
conn->server_info struct is kept around to be used for print debugging purposes
(it won't be used to change to an invalid user context, as such calls need
AS_USER set). This isn't strictly correct, as there's no association with the
(now invalid) context being freed and the call that causes conn->server_info to
be indirected, but it's good enough for most cases.
The hard part was to ensure that once a valid context is used again (via new
sessionsetupX calls, or new calls on a still valid vuid on this tid) that we
don't leak memory by simply replacing the stored conn->server_info pointer. We
would never actually leak the memory (as all conn->server_info pointers are
talloc children of conn), but with the previous patch a malicious client could
cause many server_info structs to be talloced by the right combination of SMB
calls. This new patch introduces free_conn_server_info_if_unused(), which
protects against the above.
Jeremy.
This was commit e46a88ce35e1aba9d9a344773bc97a9f3f2bd616 in master.
(cherry picked from commit 146d007e70351532431b739f1264615111044768)
|
|
|
|
|
|
| |
I don't think we should unconditionally send every refused connection attempt
to a share to syslog, that's where all debug level 0 messages end up.
(cherry picked from commit 65fe7c42c6c229a99b7cffc0515fc7a1ed30c43c)
|
|
|
|
|
|
|
| |
This prevents users from getting access to "/" in misconfigured setups.
Michael
(cherry picked from commit 1921d77fa2490bd19aded05924a62795641231ea)
|
|
|
|
|
|
| |
Always add back the real original owner of the directory in the ACE List after
we steal its ACE for the Administrators group.
(cherry picked from commit df44b4f2f6a5e83115e1e04883c94f89fdc9a28f)
|
|
|
|
|
|
|
| |
When adding arbitrary aces to an nt_ace_list we need to make sure we
are not actually adding a duplicate.
add_or_replace_ace() takes care of doing the right thing.
(cherry picked from commit 59ba5e05c01e9a20fbae7cce40b2301585db5c34)
|
|
|
|
| |
(cherry picked from commit 5a5dcd125fe236ddd93a6e56ae361fc84e306185)
|
|
|
|
|
|
|
|
| |
smbd to
access a freed structure.
Jeremy.
(cherry picked from commit 043ade0f4dff788f81e014d3c85217377226899e)
|
|
|
|
| |
(cherry picked from commit 42a2678c2f78b3c9ff59c57eb8132fd3698b5710)
|
|
|
|
|
|
|
|
|
|
|
| |
has parameter "msdfs root = yes"
This was broken by the refactoring around create_file().
MSDFS pathname processing must be done FIRST.
MSDFS pathnames containing IPv6 addresses can
be confused with NTFS stream names (they contain
":" characters.
Jeremy.
(cherry picked from commit f63751ad272b9caade7855665b8a3352cefe2ae7)
|
|
|
|
|
|
|
| |
handle_trans() can talloc_free "conn" if the client requests
close_on_completion. "state" is a talloc_child of conn, so it will be gone when
we later free state->data et al.
(cherry picked from commit 1b7e108cc50a35fa1c15cf4a46f970306efdd1a3)
|
|
|
|
| |
(cherry picked from commit e2cd00813c5221a03508249e5bb49e648befc734)
|
|
|
|
| |
(cherry picked from commit 4955e1610af3086cc7e8d0344313a124b23a4e31)
|
|
|
|
|
|
|
| |
if "hide dot files" is set. Thanks to Barry Kelly <bkelly.ie@gmail.com>
for pointing this one out.
Jeremy.
(cherry picked from commit beeb86618e3af1478708d996b118856a4f9a0c0b)
|
|
|
|
|
|
|
|
|
| |
too.
Otherwise we'll confuse the client signing engine, when we reply an error to each transs2.
metze
(cherry picked from commit 97cdf68a42bd9d5ec312151bcca9830228caeee1)
|
|
|
|
| |
(cherry picked from commit b0ad52693d4ee548a2d3870e28f6499f827bed31)
|
|
|
|
|
|
|
| |
Looks like the pathname parsing for POSIX paths got
broken when the code for doing Windows streams parsing got added.
Jeremy.
(cherry picked from commit 41bf3933b955548c4877e6e3f8fe2768090833c4)
|
|
|
|
|
| |
Jeremy.
(cherry picked from commit 969f2aa114f8ede44c3e56ca52ce2d4b70e709ba)
|
|
|
|
|
|
|
|
|
|
| |
[MS-SMB] 3.3.5.1 Receiving Any Message says that the seqnum
is incremented by only for ntcancel requests for any other
request it's by incremented by 2, even if it doesn't expect
a response.
metze
(cherry picked from commit 0999366b6b36f3084870af0375d686b0cbaae698)
|
|
|
|
| |
(cherry picked from commit 4624451b7b78695b3f84e7fff91018ee9df0e589)
|
|
|
|
|
|
| |
Confirmed by reporters.
Jeremy.
(cherry picked from commit 2cc696192fbc66b10fa6377d84cdebd23a045284)
|
|
|
|
|
|
| |
if admin user.
Jeremy.
(cherry picked from commit 30d2017c7bb01adb5e9ce4bf84df845d676665de)
|
|
|
|
|
| |
Jeremy.
(cherry picked from commit a7efcb3666fe4df778df95449e98970a77369b79)
|
|
|
|
|
|
|
|
| |
We need to store the "force group" uid separately from the
conn->server_info token as we need to apply it separately also.
Volker PLEASE CHECK !
Jeremy.
(cherry picked from commit da340c674d52d79cd4c45ab961a8fd7a204f7a67)
|
|
|
|
|
|
| |
delete file (directory fix).
Jeremy.
(cherry picked from commit fc5765f843fbbe0a8c9ae6be6dc7658033d539d3)
|
|
|
|
|
|
|
|
| |
Inside a directory, keep a file open and then renaming
the directory should fail with ACCESS_DENIED.
Jeremy.
(cherry picked from commit eb02b1e7fe98f826606d0129b1ba172b8645207a)
|
|
|
|
|
|
|
|
|
|
| |
failure if we have a pending modtime and the containing directory
of the file has been renamed (there is no POSIX "update time by
fd" call). This can't happen on Windows as the rename will fail
if there are open files beneath it. Will add a torture test
for this.
Jeremy.
(cherry picked from commit 032f052c9ccfb32f822352155e5f3c17a34f896a)
|
|
|
|
|
| |
Jeremy.
(cherry picked from commit 8d178837f259757340a09a688ed194e3e4a92c36)
|
|
|
|
|
|
|
|
| |
Was missing case of "If file exists open. If file doesn't exist error."
Damn damn damn. CIFSFS client will have to have fallback cases
for this error for a long time.
Jeremy.
(cherry picked from commit b652082648c49b525d2b2ce619b575ee75bc242e)
|
|
|
|
|
| |
Jeremy.
(cherry picked from commit 8858ed261917ce6c80562f05f5407109d66bd6a8)
|
|
|
|
|
|
| |
Fixes the new RAW-STREAMS torture test.
Jeremy.
(cherry picked from commit 3c01f93b4cf4f4dec41511bae622736f1ade3b0f)
|
|
|
|
|
| |
Jeremy.
(cherry picked from commit aea38950ff4865f1d791cd19619fadcd59eaf480)
|
|
|
|
|
|
|
|
| |
truncate.
Needed to fully support stream semantics.
Jeremy.
(cherry picked from commit 5a68f1e2c1fd16d315b1e303a90eb6475bbe7b15)
|
|
|
|
|
| |
Jeremy.
(cherry picked from commit 30a01422a21bd54b2b3a58729fbf25ab173845e8)
|
|
|
|
| |
(cherry picked from commit 1d277bdb6997e3b913bcd1c0b3173c9c735e64c1)
|
|
|
|
|
|
|
|
|
|
|
| |
failing.
Reported by Kukks. Make sure we correctly use LSTAT in all cases where
POSIX pathnames are being used. This matters when dealing with symlinks
pointing to invalid paths being renamed or deleted not all deletes and
renames are done via an nt_create open.
Jeremy.
(cherry picked from commit 249dab1abbf49b0ca45360eb9aedb20d51a80e5f)
|
|
|
|
|
|
|
|
|
|
| |
delete file
This fixes the generic rename/delete problem for 3.3.0 and above.
Fixed slightly differently to discussions, user viewable modified
ACLs are not a good idea :-).
Jeremy.
(cherry picked from commit c5462c8b43435763783185a03029903efe3b0c11)
|
|
|
|
|
|
| |
libraries.
Jeremy.
(cherry picked from commit a8a8dde5ac2b0c0b33e49af685650440469b287f)
|
|
|
|
|
|
| |
samba-3.3.0/source/smbd/dnsregister.c:85:event_add_timed().
Jeremy.
(cherry picked from commit 458a6a4265bc9b429375d7efb52d25969d7faad5)
|
|
|
|
|
|
| |
to ourselves unless that was passed in.
Jeremy.
(cherry picked from commit db2d56484e21daeb91df4b5e2286d242910336e8)
|
|
|
|
|
|
|
|
|
| |
ACLs.
If the chown succeeds then the ACL set should also. Ensure this is the case
(refactor some of this code to make it simpler to read also).
Jeremy.
(cherry picked from commit 90b660e2382711d005e8c4c4ae1c6adbd5e5b687)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Simo is completely correct. We should be doing the chown *first*, and fail the
ACL set if this fails. The long standing assumption I made when writing the
initial POSIX ACL code was that Windows didn't control who could chown a file
in the same was as POSIX. In POSIX only root can do this whereas I wasn't sure
who could do this in Windows at the time (I didn't understand the privilege
model). So the assumption was that setting the ACL was more important (early
tests showed many failed ACL set's due to inability to chown). But now we have
privileges in smbd, and we must always fail an ACL set when we can't chown
first. The key that Simo noticed is that the CREATOR_OWNER bits in the ACL
incoming are relative to the *new* owner, not the old one. This is why the old
user owner disappears on ACL set - their access was set via the USER_OBJ in the
creator POSIX ACL and when the ownership changes they lose their access.
Patch is simple - just ensure we do the chown first before evaluating the
incoming ACL re-read the owners. We already have code to do this it just wasn't
rigorously being applied.
Jeremy.
(cherry picked from commit 96b819e04cd71a6c899801ae68031bf55b54ea46)
|