summaryrefslogtreecommitdiffstats
path: root/source/smbd
Commit message (Collapse)AuthorAgeFilesLines
* Fix bug #6297 - owner of sticky directory cannot delete files created by ↵Jeremy Allison2009-06-151-2/+13
| | | | | | others. The reason we couldn't delete was we were erroring out early if requestor was not the owner of the file we wanted to delete, instead of checking if the requestor owned the directory as well. If either of these is true, we must go on and check the ACL. Karolin, this is a must for 3.4.0 and also 3.3.next. I'll update the bug report with patches for 3.4.0 and 3.3.next and ask vl to review. Jeremy. (cherry picked from commit 966a51da8998cfd15875ba047b7f765c84b914dd)
* Fix bug 6441 -- fix the compile with --enable-dnssdVolker Lendecke2009-06-101-4/+0
| | | | | | | | | The server side of dnssd has been replaced with native avahi support. The code is only left in in case some OS/X fan wants to revive it, and the client-side has not been converted yet. Fix the build of the server side by removing the #ifdef (cherry picked from commit 8b8336a115b73eb99cd1f9a8d1286df713ec53c3)
* Simplify the dropbox patchJeremy Allison2009-06-101-5/+10
| | | | (cherry picked from commit f9ea09b61a46136fc55314e2e1cd2e9cfb362802)
* Re-Add the "dropbox" functionality with -wx rights on a directoryVolker Lendecke2009-06-101-3/+3
| | | | (cherry picked from commit f586b209b0216150f07bcc998c0d57e0d179b8ee)
* Fix bug 6382: Case insensitive access to DFS links brokenVolker Lendecke2009-06-101-0/+2
| | | | (cherry picked from commit fda54237e8a4a87086a670499273c1402d1cd02b)
* Do not use the file system GET_REAL_FILENAME for mangled namesVolker Lendecke2009-06-101-7/+53
| | | | (cherry picked from commit 5ed457f984c093642afde854715b3792524e0798)
* Revert "Do not use the file system GET_REAL_FILENAME for mangled names"Karolin Seeger2009-06-101-23/+7
| | | | | This reverts commit 5a5dcd125fe236ddd93a6e56ae361fc84e306185. (cherry picked from commit 79003837947882c4a62490c0eff7984f7c343807)
* s3:smbd: fix posix acls when setting an ACL without explicit ACE for the ↵Stefan Metzmacher2009-06-101-3/+18
| | | | | | | | | | | | | | | | | | owner (bug#2346) The problem of bug #2346 remains for users exported by winbindd, because create_token_from_username() just fakes the token when the user is not in the local sam domain. This causes user_in_group_sid() to give totally wrong results. In uid_entry_in_group() we need to check if we already have the full unix token in the current_user struct. If so we should use the current_user unix token, instead of doing a very complex user_in_group_sid() which doesn't give reliable results anyway. metze (cherry picked from commit b79eff843be392f3065e912edca1434081d93c44) (cherry picked from commit cb5c72c0a05a78ff1b86eb02cf5ecd3d7d69623d)
* Fix bug #6330 - DFS doesn't work on AIX. Jeremy.Jeremy Allison2009-06-101-0/+4
| | | | | This was commit 3d6f4a7af in master. (cherry picked from commit c66b3807a356655d1d4e351502cad939f4d1d101)
* Fix bug #6315 smbd crashes doing vfs_full_audit on IPC$ close event. The ↵Jeremy Allison2009-06-101-3/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | underlying problem is that once SMBulogoff is called, all server_info contexts associated with the vuid should become invalid, even if that's the context being currently used by the connection struct (tid). When the SMBtdis comes in it doesn't need a valid vuid value, but the code called inside vfs_full_audit always assumes that there is one (and hence a valid conn->server_info pointer) available. This is actually a bug inside the vfs_full_audit and other code inside Samba, which should only indirect conn->server_info on calls which require AS_USER to be set in our process table. I could fix all these issues, but there's no guarentee that someone might not add more code that fails this assumption, as it's a hard assumption to break (it's usually true). So what I've done is to ensure that on SMBulogoff the previously used conn->server_info struct is kept around to be used for print debugging purposes (it won't be used to change to an invalid user context, as such calls need AS_USER set). This isn't strictly correct, as there's no association with the (now invalid) context being freed and the call that causes conn->server_info to be indirected, but it's good enough for most cases. The hard part was to ensure that once a valid context is used again (via new sessionsetupX calls, or new calls on a still valid vuid on this tid) that we don't leak memory by simply replacing the stored conn->server_info pointer. We would never actually leak the memory (as all conn->server_info pointers are talloc children of conn), but with the previous patch a malicious client could cause many server_info structs to be talloced by the right combination of SMB calls. This new patch introduces free_conn_server_info_if_unused(), which protects against the above. Jeremy. This was commit e46a88ce35e1aba9d9a344773bc97a9f3f2bd616 in master. (cherry picked from commit 146d007e70351532431b739f1264615111044768)
* 3.3: Increase debug level of "create_connection_server_info failed" messageVolker Lendecke2009-06-101-1/+1
| | | | | | I don't think we should unconditionally send every refused connection attempt to a share to syslog, that's where all debug level 0 messages end up. (cherry picked from commit 65fe7c42c6c229a99b7cffc0515fc7a1ed30c43c)
* s3:mark registry shares without path unavailable in the server, tooMichael Adam2009-06-101-0/+4
| | | | | | | This prevents users from getting access to "/" in misconfigured setups. Michael (cherry picked from commit 1921d77fa2490bd19aded05924a62795641231ea)
* Fix profile acls in some corner casesSimo Sorce2009-04-281-3/+18
| | | | | | Always add back the real original owner of the directory in the ACE List after we steal its ACE for the Administrators group. (cherry picked from commit df44b4f2f6a5e83115e1e04883c94f89fdc9a28f)
* Avoid duplicate acesSimo Sorce2009-04-281-7/+48
| | | | | | | When adding arbitrary aces to an nt_ace_list we need to make sure we are not actually adding a duplicate. add_or_replace_ace() takes care of doing the right thing. (cherry picked from commit 59ba5e05c01e9a20fbae7cce40b2301585db5c34)
* Do not use the file system GET_REAL_FILENAME for mangled namesVolker Lendecke2009-04-281-7/+23
| | | | (cherry picked from commit 5a5dcd125fe236ddd93a6e56ae361fc84e306185)
* Fix bug found by Tim Prouty, logging off and then re-using a vuid can cause ↵Jeremy Allison2009-04-171-0/+11
| | | | | | | | smbd to access a freed structure. Jeremy. (cherry picked from commit 043ade0f4dff788f81e014d3c85217377226899e)
* Fix a memleak in an unlikely error path in change_notify_create()Volker Lendecke2009-04-171-0/+1
| | | | (cherry picked from commit 42a2678c2f78b3c9ff59c57eb8132fd3698b5710)
* Fix bug #6254 - PUT/GET produces an error in IPv6 to a smb-server(3.3)Jeremy Allison2009-04-171-18/+23
| | | | | | | | | | | has parameter "msdfs root = yes" This was broken by the refactoring around create_file(). MSDFS pathname processing must be done FIRST. MSDFS pathnames containing IPv6 addresses can be confused with NTFS stream names (they contain ":" characters. Jeremy. (cherry picked from commit f63751ad272b9caade7855665b8a3352cefe2ae7)
* Fix smbd crash for close_on_completionVolker Lendecke2009-04-171-0/+4
| | | | | | | handle_trans() can talloc_free "conn" if the client requests close_on_completion. "state" is a talloc_child of conn, so it will be gone when we later free state->data et al. (cherry picked from commit 1b7e108cc50a35fa1c15cf4a46f970306efdd1a3)
* Use cluster-aware procid_is_me instead of comparing pid'sVolker Lendecke2009-04-171-2/+2
| | | | (cherry picked from commit e2cd00813c5221a03508249e5bb49e648befc734)
* Use procid_str in debug messages for better cluster-debuggabilityVolker Lendecke2009-04-171-11/+13
| | | | (cherry picked from commit 4955e1610af3086cc7e8d0344313a124b23a4e31)
* Ensure files starting with multiple dots are hiddenJeremy Allison2009-03-311-4/+8
| | | | | | | if "hide dot files" is set. Thanks to Barry Kelly <bkelly.ie@gmail.com> for pointing this one out. Jeremy. (cherry picked from commit beeb86618e3af1478708d996b118856a4f9a0c0b)
* s3:smbd: if we allow trans2 on the IPC$ share, then we have to allow transs2 ↵Stefan Metzmacher2009-03-271-1/+1
| | | | | | | | | too. Otherwise we'll confuse the client signing engine, when we reply an error to each transs2. metze (cherry picked from commit 97cdf68a42bd9d5ec312151bcca9830228caeee1)
* Use avahi to register _smb._tcp in smbdVolker Lendecke2009-03-272-6/+187
| | | | (cherry picked from commit b0ad52693d4ee548a2d3870e28f6499f827bed31)
* Fix bug #6196 - Unable to serve files with colons to Linux CIFS/VFS clientJeremy Allison2009-03-271-2/+7
| | | | | | | Looks like the pathname parsing for POSIX paths got broken when the code for doing Windows streams parsing got added. Jeremy. (cherry picked from commit 41bf3933b955548c4877e6e3f8fe2768090833c4)
* Fix bug #6186 - map readonly does not workJeremy Allison2009-03-271-3/+25
| | | | | Jeremy. (cherry picked from commit 969f2aa114f8ede44c3e56ca52ce2d4b70e709ba)
* s3:signing: the seqnum should only be decremented by 1 for ntcancel requestsStefan Metzmacher2009-03-112-5/+5
| | | | | | | | | | [MS-SMB] 3.3.5.1 Receiving Any Message says that the seqnum is incremented by only for ntcancel requests for any other request it's by incremented by 2, even if it doesn't expect a response. metze (cherry picked from commit 0999366b6b36f3084870af0375d686b0cbaae698)
* Fix a valgrind error / segfault in dns_register_smbd()Volker Lendecke2009-03-111-1/+2
| | | | (cherry picked from commit 4624451b7b78695b3f84e7fff91018ee9df0e589)
* Fix bug #6160 - Office 2007 fails saving files to a Samba mapped drive.Jeremy Allison2009-03-061-0/+22
| | | | | | Confirmed by reporters. Jeremy. (cherry picked from commit 2cc696192fbc66b10fa6377d84cdebd23a045284)
* Second part of fix for #6154, ensure we return max accessJeremy Allison2009-03-061-0/+9
| | | | | | if admin user. Jeremy. (cherry picked from commit 30d2017c7bb01adb5e9ce4bf84df845d676665de)
* Fix bug #6154 - zfs does not honor admin users.Jeremy Allison2009-03-061-0/+5
| | | | | Jeremy. (cherry picked from commit a7efcb3666fe4df778df95449e98970a77369b79)
* Fix bug #6155 - "force group" is no longer working as expected.Jeremy Allison2009-03-063-3/+17
| | | | | | | | We need to store the "force group" uid separately from the conn->server_info token as we need to apply it separately also. Volker PLEASE CHECK ! Jeremy. (cherry picked from commit da340c674d52d79cd4c45ab961a8fd7a204f7a67)
* Fix bug #6082 - smbd_gpfs_getacl failed: Windows client can´t rename orJeremy Allison2009-03-061-0/+19
| | | | | | delete file (directory fix). Jeremy. (cherry picked from commit fc5765f843fbbe0a8c9ae6be6dc7658033d539d3)
* Make us pass the RAW-RENAME torture test I just added.Jeremy Allison2009-03-062-0/+53
| | | | | | | | Inside a directory, keep a file open and then renaming the directory should fail with ACCESS_DENIED. Jeremy. (cherry picked from commit eb02b1e7fe98f826606d0129b1ba172b8645207a)
* Fix more POSIX path lstat calls. Fix bug where close can returnJeremy Allison2009-03-061-5/+17
| | | | | | | | | | failure if we have a pending modtime and the containing directory of the file has been renamed (there is no POSIX "update time by fd" call). This can't happen on Windows as the rename will fail if there are open files beneath it. Will add a torture test for this. Jeremy. (cherry picked from commit 032f052c9ccfb32f822352155e5f3c17a34f896a)
* Make test for open modes more robust against other bits.Jeremy Allison2009-03-061-1/+1
| | | | | Jeremy. (cherry picked from commit 8d178837f259757340a09a688ed194e3e4a92c36)
* Fix bug in processing of open modes in POSIX open.Jeremy Allison2009-03-061-0/+2
| | | | | | | | Was missing case of "If file exists open. If file doesn't exist error." Damn damn damn. CIFSFS client will have to have fallback cases for this error for a long time. Jeremy. (cherry picked from commit b652082648c49b525d2b2ce619b575ee75bc242e)
* Fix some NetBSD warnings.Jeremy Allison2009-03-061-1/+1
| | | | | Jeremy. (cherry picked from commit 8858ed261917ce6c80562f05f5407109d66bd6a8)
* Allow set attributes on a stream fnum to be redirected to the base filename.Jeremy Allison2009-03-061-3/+14
| | | | | | Fixes the new RAW-STREAMS torture test. Jeremy. (cherry picked from commit 3c01f93b4cf4f4dec41511bae622736f1ade3b0f)
* More warning fixes for Solaris.Jeremy Allison2009-02-245-31/+31
| | | | | Jeremy. (cherry picked from commit aea38950ff4865f1d791cd19619fadcd59eaf480)
* Backport the semantics of when to delete alternate data streams on a file ↵Jeremy Allison2009-02-202-1/+15
| | | | | | | | truncate. Needed to fully support stream semantics. Jeremy. (cherry picked from commit 5a68f1e2c1fd16d315b1e303a90eb6475bbe7b15)
* Noted by Vericode analysis. Correctly use chroot().Jeremy Allison2009-02-161-2/+9
| | | | | Jeremy. (cherry picked from commit 30a01422a21bd54b2b3a58729fbf25ab173845e8)
* Don't try and delete a default ACL from a file.Günter Kukkukk2009-02-161-4/+8
| | | | (cherry picked from commit 1d277bdb6997e3b913bcd1c0b3173c9c735e64c1)
* Fix bug #Bug 6090 renaming or deleting a "not matching/resolving" symlink is ↵Jeremy Allison2009-02-163-44/+116
| | | | | | | | | | | failing. Reported by Kukks. Make sure we correctly use LSTAT in all cases where POSIX pathnames are being used. This matters when dealing with symlinks pointing to invalid paths being renamed or deleted not all deletes and renames are done via an nt_create open. Jeremy. (cherry picked from commit 249dab1abbf49b0ca45360eb9aedb20d51a80e5f)
* Fix bug #6082 - smbd_gpfs_getacl failed: Windows client can´t rename or ↵Jeremy Allison2009-02-162-18/+49
| | | | | | | | | | delete file This fixes the generic rename/delete problem for 3.3.0 and above. Fixed slightly differently to discussions, user viewable modified ACLs are not a good idea :-). Jeremy. (cherry picked from commit c5462c8b43435763783185a03029903efe3b0c11)
* Fix warning (bad handler prototype) and fix detection of dns_sdJeremy Allison2009-02-161-1/+1
| | | | | | libraries. Jeremy. (cherry picked from commit a8a8dde5ac2b0c0b33e49af685650440469b287f)
* Fix bug #6069 - Build breaks with too many arguments toJeremy Allison2009-02-161-1/+0
| | | | | | samba-3.3.0/source/smbd/dnsregister.c:85:event_add_timed(). Jeremy. (cherry picked from commit 458a6a4265bc9b429375d7efb52d25969d7faad5)
* Fix logic error in try_chown - we shouldn't arbitrarily chownJeremy Allison2009-01-231-6/+9
| | | | | | to ourselves unless that was passed in. Jeremy. (cherry picked from commit db2d56484e21daeb91df4b5e2286d242910336e8)
* Second part of the attemt to fix #4308 - Excel save operation corrupts file ↵Jeremy Allison2009-01-231-131/+144
| | | | | | | | | ACLs. If the chown succeeds then the ACL set should also. Ensure this is the case (refactor some of this code to make it simpler to read also). Jeremy. (cherry picked from commit 90b660e2382711d005e8c4c4ae1c6adbd5e5b687)
* Another attempt to fix bug #4308 - Excel save operation corrupts file ACLs.Jeremy Allison2009-01-231-25/+4
| | | | | | | | | | | | | | | | | | | | | Simo is completely correct. We should be doing the chown *first*, and fail the ACL set if this fails. The long standing assumption I made when writing the initial POSIX ACL code was that Windows didn't control who could chown a file in the same was as POSIX. In POSIX only root can do this whereas I wasn't sure who could do this in Windows at the time (I didn't understand the privilege model). So the assumption was that setting the ACL was more important (early tests showed many failed ACL set's due to inability to chown). But now we have privileges in smbd, and we must always fail an ACL set when we can't chown first. The key that Simo noticed is that the CREATOR_OWNER bits in the ACL incoming are relative to the *new* owner, not the old one. This is why the old user owner disappears on ACL set - their access was set via the USER_OBJ in the creator POSIX ACL and when the ownership changes they lose their access. Patch is simple - just ensure we do the chown first before evaluating the incoming ACL re-read the owners. We already have code to do this it just wasn't rigorously being applied. Jeremy. (cherry picked from commit 96b819e04cd71a6c899801ae68031bf55b54ea46)
generated by cgit (git 2.34.1) at 2024-10-05 01:31:35 +0000