summaryrefslogtreecommitdiffstats
path: root/source3/smbd/service.c
Commit message (Collapse)AuthorAgeFilesLines
* s3:lib/afs move afs.c to common lib dirChristian Ambach2014-06-041-0/+1
| | | | | | | | | | some of the code in afs.c is needed by wbinfo that lives in the toplevel nsswitch directory, so move the afs.c file to a new top-level lib/afs directory. Use the name afs_funcs to avoid collisions with the afs.h header from OpenAFS Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:smbd: fix typo in comment for set_conn_force_user_group()Michael Adam2014-04-231-1/+1
| | | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Kamen Mazdrashki <kamenim@samba.org> Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org> Autobuild-Date(master): Wed Apr 23 01:49:09 CEST 2014 on sn-devel-104
* s3: smbd: Fileserving share access checks.Jeremy Allison2014-03-181-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Git commit 86d1e1db8e2747e30c89627cda123fde1e84f579 fixed share_access not being reset between users, by changing make_connection_snum() to call a common function check_user_share_access() in the same way that change_to_user() (which can be called on any incoming packet) does. Unfortunately that bugfix was incorrect and broke "force user" and "force group" as it called check_user_share_access() inside make_connection_snum() using the conn->session_info pointer instead of the vuser->session_info pointer. conn->session_info represents the token to use when actually accessing the file system, and so is modified by force user and force group. conn->session_info represents the "pristine" token of the user logging in, and is never modified by force user and force group. Samba 3.6.x checked the share access based on the "pristine" token of the user logging in, not the token modified by force user and force group. This change restores the expected behavior. Fixes bug #9878 - force user does not work as expected https://bugzilla.samba.org/show_bug.cgi?id=9878 Signed-off-by: Jeremy Allison <jra@samba.org> Tested-by: Gerhard Wiesinger <lists@wiesinger.com> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Mar 18 19:19:31 CET 2014 on sn-devel-104
* param: change fstype to use a constant stringGarming Sam2014-02-121-2/+2
| | | | | | | | Substitution isn't really necessary for this parameter. Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* param: rename lp function and variable from "rootpreexec" to "root_preexec"Garming Sam2014-02-071-3/+3
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "rootpostexec" to "root_postexec"Garming Sam2014-02-071-2/+2
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "veto_oplocks" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "veto_oplock_files" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "shortpreservecase" to ↵Garming Sam2014-02-071-1/+1
| | | | | | | | "short_preserve_case" Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from "preservecase" to "preserve_case"Garming Sam2014-02-071-1/+1
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: rename lp function and variable from 'casesensitive' to 'case_sensitive'Garming Sam2014-02-071-3/+3
| | | | | | Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* loadparm: rename lp[cfg]_print_ok to lp[cfg]_printable for consistency with docsMichael Adam2014-02-031-3/+3
| | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* loadparm: rename lp[cfg]_readonly to lp[cfg]_read_only for consistency with docsMichael Adam2014-02-031-1/+1
| | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* loadparm: rename lp[cfg]_hostsdeny to lp[cfg]_hosts_deny for consistency ↵Michael Adam2014-02-031-1/+1
| | | | | | | | | with docs Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* loadparm: rename lp[cfg]_hostsallow to lp[cfg]_hosts_allow for consistency ↵Michael Adam2014-02-031-1/+1
| | | | | | | | | with docs Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* loadparm: rename lp[cfg]_pathname to lp[cfg]_path for consistency with docsMichael Adam2014-02-031-1/+1
| | | | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
* fileserver: raise the debug level for share connection from non IPC to 2Matthieu Patou2013-04-191-1/+1
| | | | | | | | So that logs of make test are not spamed, the code dates from 1999 maybe at that moment we wanted to have some warning I think nodays it's pretty stable. Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Convert make_connection_snum to synthetic_smb_fnameVolker Lendecke2013-04-171-3/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Fix a typoVolker Lendecke2013-01-091-1/+1
| | | | | | Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Move create_share_access_mask() from smbd/service.c to smbd/uid.c.Jeremy Allison2013-01-091-38/+0
| | | | | | | | Make it static. Only called from uid.c now. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Fix bug #9518 - conn->share_access appears not be be reset between users.Jeremy Allison2013-01-091-20/+8
| | | | | | | | | Ensure make_connection_snum() uses the same logic as check_user_ok() to decide if a user can access a share. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Change API for create_share_access_mask() - remove conn struct.Jeremy Allison2013-01-091-5/+5
| | | | | | | | | Eventually this will be indepentent of conn, just pass in the readonly flag. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Change API for create_share_access_mask() to pass in the token.Jeremy Allison2013-01-091-3/+6
| | | | | | | | Don't automatically use the one from conn->session_info->security_token. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Fix API for create_share_access_mask().Jeremy Allison2013-01-091-8/+11
| | | | | | | | | Return the uint32_t share_access rather than directly changing the conn struct. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* Remove static from create_share_access_mask().Jeremy Allison2013-01-091-1/+1
| | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:smbd: pass the current time to make_connection[_smb1]()Stefan Metzmacher2012-11-051-4/+5
| | | | | | | | | | Otherwise smbstatus reports the wrong time for tree connects. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Mon Nov 5 20:43:23 CET 2012 on sn-devel-104
* s3:smbd: don't call claim/yield_connection() in ↵Stefan Metzmacher2012-10-191-16/+0
| | | | | | | | | make_connection_snum/close_cnum() This was used to maintain the connections.tdb database which is being removed. We use info from the smbXsrv_tcon instead. Signed-off-by: Michael Adam <obnox@samba.org>
* s3:smbd: fill tcon->global->session_global_idStefan Metzmacher2012-10-191-0/+2
| | | | | | metze Signed-off-by: Michael Adam <obnox@samba.org>
* s3: For read-only shares, filter out write bits from conn->access_maskVolker Lendecke2012-09-271-0/+7
| | | | | | | Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Sep 27 02:51:42 CEST 2012 on sn-devel-104
* Move cached cwd onto conn struct.Jeremy Allison2012-09-121-0/+6
| | | | | This enables us to make VFS modules safe for use in root called code when we've changed directory under conn->connectpath.
* Correctly check for errors in strlower_m() returns.Jeremy Allison2012-08-091-1/+5
|
* Check error returns from strupper_m() (in all reasonable places).Jeremy Allison2012-08-091-1/+4
|
* source3/smbd/conn.c: wean off string_set/string_freeRusty Russell2012-08-071-4/+5
| | | | | | | Use straight talloc strings. This is the only user outside loadparm.c. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
* loadparm: make the source3/ lp_ functions take an explicit TALLOC_CTX *.Rusty Russell2012-07-181-49/+53
| | | | | | | | | | They use talloc_tos() internally: hoist that up to the callers, some of whom don't want to us talloc_tos(). A simple patch, but hits a lot of files. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* s3:smbd: make use of smbXsrv_tcon for smb1Stefan Metzmacher2012-06-251-2/+42
| | | | | | Pair-Programmed-With: Michael Adam <obnox@samba.org> metze
* s3:smbd: make use of smbXsrv_tcon and smbXsrv_session for smb2Stefan Metzmacher2012-06-251-3/+7
| | | | | | | | | The removes the protocol specific smbd_smb2_session and smbd_smb2_tcon. Pair-Programmed-With: Michael Adam <obnox@samba.org> metze
* s3:smbd: let close_cnum() take a uint64_t vuidStefan Metzmacher2012-06-061-1/+1
| | | | metze
* s3:smbd: let make_connection() take a uint64_t vuidStefan Metzmacher2012-06-061-1/+1
| | | | metze
* s3:smbd: use 'struct user_struct' instead of typedef'ed 'user_struct'Stefan Metzmacher2012-06-061-4/+4
| | | | metze
* s3:smbd: remove unused 'connection_struct->used'Michael Adam2012-05-221-1/+0
| | | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue May 22 16:42:22 CEST 2012 on sn-devel-104
* s3: Remove an unused extern declarationVolker Lendecke2012-05-041-2/+0
|
* Fix bug #8882 - Broken processing of %U with vfs_full_audit when force user ↵Jeremy Allison2012-04-231-0/+11
| | | | | | | | | | is set. When doing a "force user" we need to remember what the "sanitized_username" was from the original connect. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Apr 23 19:52:19 CEST 2012 on sn-devel-104
* s3:smbd only initialize kernel oplocks if they are enabled for a shareChristian Ambach2012-04-111-0/+4
| | | | Signed-off-by: Jeremy Allison <jra@samba.org>
* lib/util: Remove obsolete sys_getpid() and sys_fork().Jelmer Vernooij2012-03-241-1/+1
| | | | | | | | | The performance of these is minimal (these days) and they can return invalid results when used as part of applications that do not use sys_fork(). Autobuild-User: Jelmer Vernooij <jelmer@samba.org> Autobuild-Date: Sat Mar 24 21:55:41 CET 2012 on sn-devel-104
* s3: Remove the sys_notify dependency from notify_internalVolker Lendecke2012-03-231-5/+9
| | | | | Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Fri Mar 23 12:12:51 CET 2012 on sn-devel-104
* s3: Move the notify_ctx to the smbd_server_connectionVolker Lendecke2012-03-211-4/+5
| | | | | | | | | We only need one notify_ctx per smbd. The notify_array can become quite large. It's based on absolute paths, so there's no point in having a copy of the complete array in memory multiple times. Autobuild-User: Volker Lendecke <vl@samba.org> Autobuild-Date: Wed Mar 21 14:26:07 CET 2012 on sn-devel-104
* s3: Remove "conn" param from notify_init()Volker Lendecke2012-03-211-3/+3
|
* s3: Remove the separate server_id arg to notify_initVolker Lendecke2012-03-151-1/+0
| | | | | | The server_id is tied to the messaging_context Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3-smbd: vuser and session_info cannot be NULL hereAndrew Bartlett2012-03-041-37/+31
| | | | | | | The callers always supply it. (this is a hold-over from the security=share removal). Andrew Bartlett
* s3-auth: Remove security=share (depricated since 3.6).Andrew Bartlett2012-03-041-88/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch removes security=share, which Samba implemented by matching the per-share password provided by the client in the Tree Connect with a selection of usernames supplied by the client, the smb.conf or guessed from the environment. The rationale for the removal is that for the bulk of security=share users, we just we need a very simple way to run a 'trust the network' Samba server, where users mark shares as guest ok. This is still supported, and the smb.conf options are documented at https://wiki.samba.org/index.php/Public_Samba_Server At the same time, this closes the door on one of the most arcane areas of Samba authentication. Naturally, full user-name/password authentication remain available in security=user and above. This includes documentation updates for username and only user, which now only do a small amount of what they used to do. Andrew Bartlett -------------- / \ / REST \ / IN \ / PEACE \ / \ | SEC_SHARE | | security=share | | | | | | 5 March | | | | 2012 | *| * * * | * _________)/\\_//(\/(/\)/\//\/\///|_)_______
* Fix problem reported by Tom Lee <tlee2951@gmail.com> - when calculatingJeremy Allison2012-02-281-3/+28
| | | | | | | | the share security mask, take priviliges into account for the connecting user. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Feb 28 20:21:26 CET 2012 on sn-devel-104
generated by cgit (git 2.34.1) at 2024-06-08 05:47:28 +0000