| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
| |
The change to smbd/trans2.c opens up
SETFILEINFO calls to POSIX_OPEN only. The change to first smbd/open.c closes 2
holes that would have been exposed by allowing POSIX_OPENS on readonly shares,
and their ability to set arbitrary flags permutations. The O_CREAT ->
O_CREAT|O_EXCL change removes an illegal combination (O_EXCL without O_CREAT)
that previously was being passed down to the open syscall.
Jeremy.
(cherry picked from commit d49ae9c87d182f32702a0b6a1cc2a2038f31d81d)
|
| |
|
|
| |
(cherry picked from commit 0d32230c17dbfa5e790d2023ba655f109938ef28)
|
| |
|
|
| |
(cherry picked from commit 78aecba62195822f3edb6134548657cf7ba9037c)
|
| |
|
|
|
|
|
|
|
|
|
| |
When we run out of file descriptors for some reason, every new
connection forks a child that immediately panics causing smbd to
coredump. This seems unnecessarily harsh; with this code change we
now catch that error and merely log a message about it and exit
without the core dump.
Signed-off-by: Tim Prouty <tprouty@samba.org>
(cherry picked from commit 1c8f9892010ce8cc754089b25313c6bc8e622165)
|
| |
|
|
|
|
| |
directory name.
Jeremy.
(cherry picked from commit 689664ad7acf13b07409abd4c2820dbe10255b68)
|
| |
|
|
|
|
|
|
|
| |
This is a follow up to 69d61453df6019caef4e7960fa78c6a3c51f3d2a to
adjust the API to allow the lower layers allocate memory. Now the
memory can explicitly be freed rather than relying on talloc_tos().
Signed-off-by: Tim Prouty <tprouty@samba.org>
(cherry picked from commit bfe7383d7f0349fec796d04772d42d566f7f083b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
These were found interally via code inspection.
1) fake_sendfile was incorrectly writing zeros over real data on a
short read.
2) sendfile_short_send was doing 4 byte writes instead of 1024 byte
writes due to an incorrect sizeof usage.
Jermey, Vl please check
(cherry picked from commit 7cd8dfc7bdbc6e0715bbd8eddf1ef11c622a8f72)
|
| |
|
|
|
|
|
| |
The aio_fork module does not need this, as it does not communicate via signals
but with pipes. Watching a strace log with those become_root() calls in aio.c
is absolutely awful, and it does affect performance.
(cherry picked from commit b8d12d3ffce304b4086488d999f85d80667e196e)
|
| |
|
|
| |
(cherry picked from commit 413a76cef78de56087574a875a1c478603d5d090)
|
| |
|
|
|
| |
Jeremy
(cherry picked from commit 82d9d7b2136a236d3f2b7b1255a920a1ef394ffe)
|
| |
|
|
|
| |
Jeremy.
(cherry picked from commit 0e7f37336ec2d7e1158342fb855af3dff84a7d1e)
|
| |
|
|
|
| |
(cherry picked from commit 3627ceb5e25cdecd1a8113a5028cc898a1424349)
(cherry picked from commit de68d52c8b7b101ad37d3eb09456bcb31e687906)
|
| |
|
|
|
|
|
| |
Move the strict lock/unlock code down a level for reads to avoid
calling chain_reply before the unlock.
(cherry picked from commit c60bb39df355c2ef36e4cfdff69cc348adc6dae1)
(cherry picked from commit 4fe9f5e1204fd5578a6043ad314614dc541decda)
|
| |
|
|
|
|
|
|
| |
It was too late... Thanks Metze for noticing.
Michael
(cherry picked from commit 7d6e4c7e950592112d09f7d98393c41e8097bba8)
(cherry picked from commit af5adfbd402a8d4fe31b7de5d13aa82287e88e57)
|
| |
|
|
|
|
| |
Michael
(cherry picked from commit e86a534fa707b44baec87060745dd8a557622721)
(cherry picked from commit acf13609039a0cd321fdfe7ce75e508036f91e5d)
|
| |
|
|
|
| |
Jeremy.
(cherry picked from commit 6c5450d9010b83e4acdd359279102ceda9bf0318)
|
| |
|
|
|
|
|
|
|
|
| |
The GPFS get_real_file name does not know about mangled names. Tim, if onefs
does not either, you need this bugfix :-)
In case onefs does 8.3 names, we need to pass the mangled flag down to
SMB_VFS_GET_REAL_FILENAME to give GPFS a chance say ENOTSUPP and do the
fallback.
(cherry picked from commit 97c668276d24743065f16dccaf29704b6f3857f4)
|
| |
|
|
|
|
|
|
|
| |
A sesssetupAndX chained with a tconn will not correctly set the TID in
the response header. I'm seeing an XP client send this chained
sesssetup/tconn when samba has security = share. Samba's current
behavior is to return a TID of 0 in the smb header rather than the
actual TID. This patch also updates the UID in the header as well.
(cherry picked from commit b6c86e1ef28d9008eec1d39ad714a475dc735c38)
|
| |
|
|
| |
(cherry picked from commit c6bf4cb7e611c4acd3df2e8a52ed535ec3210c24)
|
| |
|
|
|
|
| |
not reliable for winbindd users from foreign domains.
Jeremy.
(cherry picked from commit 32eaef7d2f2e9be171f835b8f440b7c78ee22bd8)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
owner (bug#2346)
The problem of bug #2346 remains for users exported by
winbindd, because create_token_from_username() just fakes
the token when the user is not in the local sam domain. This causes
user_in_group_sid() to give totally wrong results.
In uid_entry_in_group() we need to check if we already
have the full unix token in the current_user struct.
If so we should use the current_user unix token,
instead of doing a very complex user_in_group_sid()
which doesn't give reliable results anyway.
metze
(cherry picked from commit b79eff843be392f3065e912edca1434081d93c44)
(cherry picked from commit 369c52cc8c3042dab5b60c25c03218a761ffd3ef)
|
| |
|
|
|
|
|
|
|
|
|
| |
It is a bad idea to just tell everyone that an account is disabled without
really having checked the password first.
Found by torture test.
Guenther
(cherry picked from commit c400fc1e1e9a0c3db82c9a96e9684c8debfb3b74)
(cherry picked from commit e754be3e03f96952ab1d8a4af1762a9f68562fa3)
|
| |
|
|
|
| |
Guenther
(cherry picked from commit 2c0238226e95101b193615fd122e0494480b746a)
|
| |
|
|
|
|
| |
Guenther
(cherry picked from commit 9966541f89b45834cdf63060202621f885bf9f5c)
(cherry picked from commit 4d67491ef558c96fd57a959bb58df9efa5e83ceb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Often times before creating a file, a client will first query to see
if it already exists. Since some systems have a case-insensitive stat
that is called from unix_convert, we can definitively return
STATUS_NO_SUCH_FILE to the client without scanning the whole
directory.
This code path is taken from trans2querypathinfo, but trans2findfirst
still does a full directory scan even though the get_real_filename
(the case-insensitive stat vfs call) can prevent this.
This patch adds the get_real_filename call to the trans2find* path,
and also changes the vfs_default behavior for
SMB_VFS_GET_REAL_FILENAME. Previously, in the absence of a
get_real_filename implementation, we would fallback to the full
directory scan. The default behavior now returns -1 and sets errno to
EOPNOTSUPP. This allows SMB_VFS_GET_REALFILENAME to be called from
trans2* and unix_convert.
(cherry picked from commit 92558a875ebf842e652614a5519ae101dd62ffd1)
|
| |
|
|
| |
(cherry picked from commit 651ae5c705c15c84882f6c1c3d73292794c63aa9)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We need to allow to set filesystem capabilities from the default vfs in
create_conn_struct() in order to find mixed-case filenames. Thanks Volker!
This one was hard to find, so a little longer explanation:
When a Windows client tries to upload e.g. the Xerox 4110 PS driver, the client
first uploads the driver files to the [print$] share. Some of them (in this case
the Windows Postscript drivers) are with uppercase filenames while some of them
(like the PPD file) are in lowercase. After the driver upload the client issues
the spoolss_AddPrinterDriverEx() call with level 6. There the client tries to
add the PPD file with an uppercase filename (while having stored it in lowercase
on the server). The internal spoolss add driver functions then could not find the
appropriate filename while trying to move them to the version subdirectory (in
this case W32X86/3) and fails then entire spoolss_AddPrinterDriverEx() call.
With this fix, the convert_unix_name() name finds the correct file and
the spoolss_AddPrinterDriverEx() succeeds.
Guenther
(cherry picked from commit fe839b65a7b4e8d5e085287b7d33ee1f970fe7c2)
(cherry picked from commit d9233f534e9087cf6b35db5b72aefdd396b772e0)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The underlying problem
is that once SMBulogoff is called, all server_info contexts associated with the
vuid should become invalid, even if that's the context being currently used by
the connection struct (tid). When the SMBtdis comes in it doesn't need a valid
vuid value, but the code called inside vfs_full_audit always assumes that there
is one (and hence a valid conn->server_info pointer) available.
This is actually a bug inside the vfs_full_audit and other code inside Samba,
which should only indirect conn->server_info on calls which require AS_USER to
be set in our process table. I could fix all these issues, but there's no
guarentee that someone might not add more code that fails this assumption, as
it's a hard assumption to break (it's usually true).
So what I've done is to ensure that on SMBulogoff the previously used
conn->server_info struct is kept around to be used for print debugging purposes
(it won't be used to change to an invalid user context, as such calls need
AS_USER set). This isn't strictly correct, as there's no association with the
(now invalid) context being freed and the call that causes conn->server_info to
be indirected, but it's good enough for most cases.
The hard part was to ensure that once a valid context is used again (via new
sessionsetupX calls, or new calls on a still valid vuid on this tid) that we
don't leak memory by simply replacing the stored conn->server_info pointer. We
would never actually leak the memory (as all conn->server_info pointers are
talloc children of conn), but with the previous patch a malicious client could
cause many server_info structs to be talloced by the right combination of SMB
calls. This new patch introduces free_conn_server_info_if_unused(), which
protects against the above.
Jeremy.
(cherry picked from commit 4b3bd6d0ba3348659615e69b3508969aa41e7de4)
|
| |
|
|
|
|
| |
I don't think we should unconditionally send every refused connection attempt
to a share to syslog, that's where all debug level 0 messages end up.
(cherry picked from commit 8c7afce8bb86cda773c713459bb18233dc4848a3)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
instead of reading the registry directly with tdb and activating the
configure options by hand.
This eliminates the need for repeating checks done in loadparm.
For instance it disables registry shares without path in the server
as is the case with text based shares.
Michael
(cherry picked from commit 077bcc11257697b243916fbb02cd72b3a122b9ba)
(cherry picked from commit 502bfe9352d36ee909d7210a9d0ec0b6c7db5149)
|
| |
|
|
|
| |
This reverts commit c8cc6da0ab4441ce7b22cf00eed05290e91530c4.
(cherry picked from commit c7d5e046d8fa4097fc16a3dee10e95b83a8c8e55)
|
| |
|
|
|
|
| |
Always add back the real original owner of the directory in the ACE List after
we steal its ACE for the Administrators group.
(cherry picked from commit 5d8f374ad75e06354ac27f34e3f44b3d459ac2ef)
|
| |
|
|
|
|
|
| |
When adding arbitrary aces to an nt_ace_list we need to make sure we
are not actually adding a duplicate.
add_or_replace_ace() takes care of doing the right thing.
(cherry picked from commit 89dfbdba515b5be32f535a112a7f1019884aa651)
|
| |
|
|
|
|
| |
Guenther
(cherry picked from commit da92e54236293460e307edd52ca7f1e20c6f23ef)
(cherry picked from commit 3e9ee3fa54b514987f40a477b3049b18e87390e9)
|
| |
|
|
| |
(cherry picked from commit c8cc6da0ab4441ce7b22cf00eed05290e91530c4)
|
| |
|
|
|
|
|
|
| |
smbd to
access a freed structure.
Jeremy.
(cherry picked from commit e023058f5b774ddbb61e8187aa7dbd2e6e25804d)
|
| |
|
|
|
|
|
|
| |
What a difference a name makes... :-). Just because something is missnamed
SAMR_ACCESS_OPEN_DOMAIN, when it should actually be SAMR_ACCESS_LOOKUP_DOMAIN,
don't automatically use it for a security check in _samr_OpenDomain().
Jeremy.
(cherry picked from commit 1994a8a5db5c3abd6292b81aa975e7b8fe8311d0)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The second r/o opener of a file is supposed to get a level2 oplock. The first
opener due to the protection in process_oplock_break_message() has been forced
to break to no oplock. The second opener according to locking.tdb gets a level2
oplock. Further down in open_file_ntcreate we try to set this level2 oplock in
the kernel, and the non-clustered Linux kernel disallows this. The rules for
the kernel leases are a bit baroque, but the attempt to do the SETLEASE
correctly fails and we end up with no oplock for any client.
In the clustered case however the linux kernel on the second opening node has
not seen the open fd of the first node, it is only the cluster fs that has this
information. If the cluster fs does not have the very same notion of leases as
the local kernel has, we can end up with a WRLCK style kernel lease for the
second opener where locking.tdb only indicates a level2 oplock. Getting a
kernel oplock break signal with just a level2 oplock in locking.tdb is
something smbd is not prepared for. For example after sending out the break in
response to the kernel signal we set a timeout, waiting for a reply.
More work needs to be done to make level2 kernel oplocks real for us. This
patch addresses a real problem we have right now without them.
(cherry picked from commit 17962ba589f24b7d2a67474978d06e33adad56c2)
|
| |
|
|
| |
(cherry picked from commit fb8707e2c2d1657294b0660064e1b16590d1ca6c)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
parameter "msdfs root = yes"
This was broken by the refactoring around create_file().
MSDFS pathname processing must be done FIRST.
MSDFS pathnames containing IPv6 addresses can
be confused with NTFS stream names (they contain
":" characters.
Jeremy.
(cherry picked from commit b8251a7e01304afce96cb0bee15a1fee2bd57490)
|
| |
|
|
| |
(cherry picked from commit 130baafc7c36333cf29a19921f4736beb53a15e9)
|
| |
|
|
|
|
| |
Signed-off-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 574a6a8c350a4bab3f42f3f9cfb382db721d69b5)
(cherry picked from commit 7e6d6eeff3e082d7223264c17cb27c2ab89df9aa)
|
| |
|
|
|
|
| |
This removes all oplock dependence on locking.tdb
(cherry picked from commit 9d2d07503a17971a63153ecc13fdddb763e614b8)
(cherry picked from commit f922e22d907d4a99e91f00f001c05b2b35d73a26)
|
| |
|
|
|
| |
(cherry picked from commit 651fa0964a6c49a071c28cdb1e4891b1d95d5b09)
(cherry picked from commit 4e091804b86ae9b8318b985d39e826366681e21b)
|
| |
|
|
|
|
|
| |
handle_trans() can talloc_free "conn" if the client requests
close_on_completion. "state" is a talloc_child of conn, so it will be gone when
we later free state->data et al.
(cherry picked from commit e9457c598e25ededb48b73d7dc5ab0f6295ea399)
|
| |
|
|
| |
(cherry picked from commit 4996d89d19655ab6f0d4656ea72d6bad52ba7d6d)
|
| |
|
|
| |
(cherry picked from commit d5bec253f7494dd74cce3acf59ddd417900e5ad3)
|
| |
|
|
|
|
|
| |
if "hide dot files" is set. Thanks to Barry Kelly <bkelly.ie@gmail.com>
for pointing this one out.
Jeremy.
(cherry picked from commit 286d6a404cca02a0d3662f6aa2ddd69d3dcbc17a)
|
| |
|
|
|
| |
This fixes a "defined but not used" compile warning.
(cherry picked from commit 1aa65f485b60a80766581e7d3f31565f340aa528)
|
| |
|
|
|
|
|
|
|
|
| |
too.
Otherwise we'll confuse the client signing engine, when we reply an error to each transs2.
metze
(cherry picked from commit 7716ad68a8d859ac3651c4eb559b6e45d98566db)
(cherry picked from commit 1d11417c71ebcb80851c8b77e9f3102ee9b592f8)
|
