summaryrefslogtreecommitdiffstats
path: root/source3/smbd
Commit message (Collapse)AuthorAgeFilesLines
* Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail ↵samba-3.4.7Karolin Seeger2010-03-081-8/+0
| | | | | | | | to respond to a read or write." This reverts commit c81c109a6ce83741bb5149a51ceb4ab30855e9f9. This fixes bug #7222 (All users have full rigths on all shares)(CVE-2010-0728).
* Fix bug #7154 - mangling method = hash can crash storing a name not ↵Jeremy Allison2010-02-221-3/+5
| | | | | | | | | | | containing a '.' Fix use of uninitialized variable. This can lead to crashes if mangling = hash processes names with no '.'. Jeremy. (cherry picked from commit df13b1303a751962d8f7d5298b39e4a7500fef15) (cherry picked from commit 7eaeb891c8aee880fb06733f998b2feb95ef9c36)
* Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised ↵Jeremy Allison2010-02-221-0/+1
| | | | | | | | | | | | value(s) error when "mangling method = hash" The charset array allocated in init_chartest() is allocated by MALLOC, but only some elements of it being set after allocation. Fix is to memset to zero after allocation. Jeremy. (cherry picked from commit a4e8210ba7d6d471cb9f17754244393b9c1e5930) (cherry picked from commit fcca63d5fd0b900bc4bdcfbfb21b14f655abbbf7)
* Fix bug #6557 - Do not work VFS full_auditJeremy Allison2010-02-221-18/+16
| | | | | | | | | | | | Re-arrange the operations order so SMB_VFS_CONNECT is done first as root (to allow modules to correctly initialize themselves). Reviewed modules to check if they needed CONNECT invoked as a user (which we previously did) and it turns out any of them that cared needed root permissions anyway. Jeremy. (cherry picked from commit 2eb33851a753cbd5594d44243802388cff5ae152)
* Fixes issue with preexec scripts creating a share directory, and problems if ↵Jeremy Allison2010-02-151-28/+35
| | | | | | | | | | | | | | | | | | a smb.conf reload turns wide links back on after a connection is establised. Includes git refs : cd18695fc2e4d09ab75e9eab2f0c43dcc15adf0b 94865e4dbd3d721c9855aada8c55e02be8b3881e 5d92d969dda450cc3564dd2265d2b042d832c542 02a5078f1fe6285e4a0b6ad95a3aea1c5bb3e8cf a6f402ad87ff0ae14d57d97278d67d0ceaaa1d82 from master. Jeremy. Fix bug #7104 ("wide links" and "unix extensions" are incompatible.) (cherry picked from commit 16e73d88944ce644cccfa19a99338f5903c061f0)
* Fix bug #7122 - Reading a large browselist fails (server returns invalid ↵Jeremy Allison2010-02-152-3/+6
| | | | | | | | | | | | | | | | | | values in subsequent SMBtrans replies) There are two problems: 1). The server is off-by-one in the end of buffer space test. 2). The server returns 0 in the totaldata (smb_vwv1) and totalparams (smb_vwv0) fields in the second and subsequent SMBtrans replies. This patch fixes both. Jeremy. (cherry picked from commit 8ddc977c1421a47bedba8d5494f7ae67692b772a) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8ac6085a2c7382e544888e632ff62c30f7e7a884)
* s3:smbd: use StrCaseCmp() instead of strcasecmpStefan Metzmacher2010-02-151-4/+3
| | | | | | metze (cherry picked from commit bc8242a08e1bb9489cc8171b1ec02bd2518b1857) (cherry picked from commit 8142883b40819b5cb92ea671bb6c89bff68d3680)
* s3:smbd: Fix really ugly bool vs. int bug!!!Stefan Metzmacher2010-02-151-2/+2
| | | | | | | | | | A comparison function for qsort needs to return an 'int'! Otherwise you'll get random results depending on the compiler and the architecture... metze (cherry picked from commit 1686a5e7e7eb1b411b003cbbde5c0d28741c6d02) (cherry picked from commit 4e419df9154c329b3376ab00d6bb55093fbfe71a)
* s3:smbd: implement api_RNetServerEnum3Stefan Metzmacher2010-02-151-1/+212
| | | | | | | | This is needed to support large browse lists. metze (cherry picked from commit 30eec0656c926d3d85a438dc28f17649b53318f8) (cherry picked from commit f37f187070934e1046ce05d298d92ede7e6f7030)
* s3:smbd: add/improve some DEBUG messages in api_RNetServerEnum2()Stefan Metzmacher2010-02-151-4/+6
| | | | | | metze (cherry picked from commit 495ac4616654c9e62e14031b7439aff21e42ec91) (cherry picked from commit f8f6beff57fd58b69648633f5b1c15289015f96b)
* s3:smbd: rename api_RNetServerEnum => api_RNetServerEnum2Stefan Metzmacher2010-02-151-3/+3
| | | | | | metze (cherry picked from commit dc58672c6588a1715698721153b35ed2d594bc67) (cherry picked from commit 0b6d850a553c0a558d579ab5e46f49794a015e34)
* Fix bug 7104 - "wide links" and "unix extensions" are incompatible.Jeremy Allison2010-02-153-38/+9
| | | | | | | | | | | | | | | | Change parameter "wide links" to default to "no". Ensure "wide links = no" if "unix extensions = yes" on a share. Fix man pages to refect this. Remove "within share" checks for a UNIX symlink set - even if widelinks = no. The server will not follow that link anyway. Correct DEBUG message in check_reduced_name() to add missing "\n" so it's really clear when a path is being denied as it's outside the enclosing share path. Jeremy. (cherry picked from commit 9e64c33b7757dd4528a9c8d31d0c0c159a33daf8)
* s3/smbd: Fix string buffer overflow causing heap corruptionSteven Danneman2010-02-151-1/+2
| | | | | | | | | | | | | | | | | | The destname malloc size was not taking into account the 1 extra byte needed if a string without a leading '/' was passed in and that slash was added. This would cause the '\0' byte to be written past the end of the malloced destname string and corrupt whatever heap memory was there. This problem would be hit if a share name was given in smb.conf without a leading '/' and if it was the exact size of the allocated STRDUP memory which in some implementations of malloc is a power of 2. (cherry picked from commit f42971c520360e69c4cdd64bebb02a5f5ba49b94) Fix bug #7096. (cherry picked from commit db5ccb70b6ac51ea263889cc9cdd523673ae8ecd) (cherry picked from commit 3916710b9414d679774399e6d0cff61e4b67a2e3)
* Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to ↵Jeremy Allison2010-02-151-0/+8
| | | | | | | | | | | respond to a read or write. Only works on Linux kernels 2.6.26 and above. Grants CAP_KILL capability to allow Linux threads under different euids to send signals to each other. Jeremy. (cherry picked from commit 899bd0005f56dcc1e95c3988d41ab3f628bb15db) (cherry picked from commit 246eba3b807e5ce50ee838c51823a9eb44f6b690)
* smbd: Fix opening the quota magic fileStefan Metzmacher2010-01-181-5/+10
| | | | | | | This fixes bug #6642 and bug #6919. metze (cherry picked from commit 7fd0767c6abdc9f4c456ae0a7d247f3a25ffcbd9)
* Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"Jeremy Allison2010-01-181-0/+3
| | | | | | | | | | | | | | | | This bug re-occurred for 3.3.x and above. The reason is that to change a NT ACL we now have to open the file requesting WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions in posix_acls doesn't add these bits when "dos filemode = yes", so even though the permission or owner change would be allowed by the POSIX ACL code, the NTCreateX call fails with ACCESS_DENIED now we always check NT permissions first. Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access. Jeremy. (cherry picked from commit f04a8d1811c1099eb653efda314bc98553fa6d02)
* Fix bug #7020 - smbd using 2G memory.Jeremy Allison2010-01-181-0/+10
| | | | | | | | | When deferring an async pipe writeX and readX transfer the outstanding request struct onto the conn struct. This needs freeing after the packet is finally processed. Jeremy. (cherry picked from commit cabe8f0ee859013d49fba011a5a9ac0112d7b001)
* Fix bug 6837 - "Too many open files" when trying to access large number of filesJeremy Allison2009-12-301-2/+0
| | | | | | | Win7 needs the Windows server open file handle number of 16384 handles. Jeremy. (cherry picked from commit bbdc2c017ca5abb35897ab61717b806133e0af0b)
* Fix bug 7005 - mangle method = hash truncates files with dot '.' characterJeremy Allison2009-12-291-0/+9
| | | | | | | | Don't change the contents of a const string via a pointer alias (or if you do, change it back.....). Jeremy. (cherry picked from commit a5bfbad790870ff66d4b09f99f0835ccb61c10ed)
* Fix bug #6939 - mangling method = hash breaks long filenames.Jeremy Allison2009-12-231-1/+4
| | | | | | | | We were returning the wrong sense of the bool. must_mangle() has to return !NT_STATUS_IS_OK, not NT_STATUS_IS_OK. Jeremy. (cherry picked from commit 2f1a66a72a6bd9f3e160b01982171dd66835990e)
* s3:posix_acls: Fix bug 6841 - "map acl inherit = yes" not working.Jeremy Allison2009-12-231-8/+29
| | | | | | | | The code to read the new V2 SAMBA_PAI entries had two errors. Jeremy. (cherry picked from commit ce060ae48d71e8988282b16f8348ca0b0434cfde)
* Second part of fix for 6875 - trans2 FIND_FIRST2 response --> FIND_FIRST2 ↵Jeremy Allison2009-12-232-18/+25
| | | | | | | | | Data -> Fille Attributes are returned as 0x220 for LANMAN2.1 dialect Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned attributes by protocol level. This makes us consistant in returning DOS attrs across all replies. Tested on OS/2 by Günter Kukkukk. Jeremy. (cherry picked from commit 22332e08ab5b406ca603576b29fcaf0c1f786708)
* Fix bug #6898 - Samba duplicates file content on appending. Move posix case ↵Jeremy Allison2009-12-232-11/+43
| | | | | | semantics out from under the VFS. Jeremy. (cherry picked from commit 24282f2a282ba4ef78108d983d1ef4a6ad4cbf89)
* s3: Fix shadow copy display on Windows 7Volker Lendecke2009-12-231-1/+1
| | | | | | | | Windows 7 is a bit more picky on our NT_STATUS_BUFFER_TOO_SMALL. Announce the right buffer size, the same amount we later check for. Fix bug #6850 (Shadow Copy Support for VISTA / Windows 7). (cherry picked from commit b1243ff12d4f4b948dc7bbd85795f8ee8f7621d9)
* Second part of the fix for bug 6828 - infinite timeout occurs when byte lock ↵Jeremy Allison2009-12-231-6/+9
| | | | | | held outside of samba. Fixes case where a connection with a pending lock can me marked "idle", and ensures that the lock queue timeout is always recalculated. Jeremy. (cherry picked from commit aecf2dba0b2bfd65a307d9edae1792b3896fc73f)
* Fix bug 6875 - trans2 FIND_FIRST2 response --> FIND_FIRST2 Data -> Fille ↵Jeremy Allison2009-12-231-0/+14
| | | | | | Attributes are returned as 0x220 for LANMAN2.1 dialect Jeremy. (cherry picked from commit dc9b226d8ced06b8b24eb38b411eac11eace41be)
* Fix bug 6867 - trans2findnext returns reply_nterror(req, ntstatus) In a ↵Jeremy Allison2009-12-231-12/+16
| | | | | | directory with a lot of files. Jeremy. (cherry picked from commit a6e7be60322b981f9eb81f2b686d28223bd735bc)
* Fix bug 6828 - infinite timeout occurs when byte lock held outside of samba ↵Jeremy Allison2009-10-261-8/+18
| | | | | | Jeremy. (cherry picked from commit a572c28ca3daa199d78fc340819c5c9ff53a3ed6)
* s3/aio: Correctly handle aio_error() and errno.Olaf Flebbe2009-10-201-32/+26
| | | | | Fix bug #6805. (cherry picked from commit dd28b7850c7ace008558571caee9679ff97a5e91)
* Fix bug 6774 - smbd crashes if "aio write behind" is set.Jeremy Allison2009-10-201-1/+1
| | | | | | | Don't dereference a talloc_move'd pointer. Jeremy. (cherry picked from commit 951991df2976b5f8f57c0418257d9d817ebda661)
* s3/aio: allow for outstanding_aio_calls to be decremented.Olaf Flebbe2009-10-201-2/+4
| | | | | Fixes bug #6772. (cherry picked from commit a13f8bf949300079419cd86982012212323fcb65)
* Correct fix for bug 6781 - Cannot rename subfolders in Explorer view with ↵Jeremy Allison2009-10-201-20/+12
| | | | | | recent versions of Samba. Without this fix, renaming a directory ./a to ./b, whilst a directory ./aa was already open would fail. Simplifies logic of earlier code. Jeremy. (cherry picked from commit 37f42ad6a1fff1e43bfd6dcaa8244b738ea37363)
* Fix bug 6769 - symlink unlink does nothing. Jeremy.Jeremy Allison2009-10-202-26/+80
| | | | (cherry picked from commit 9f7d155001bc4c2808b6d17e9cb5ce87173b6061)
* s3:smbd: Add a "hidden" parameter "share:fake_fscaps"Volker Lendecke2009-10-201-0/+3
| | | | | | | | | | | | | | | This is needed to support some special app I've just come across where I had to set the SPARSE_FILES bit (0x40) to make it work against Samba at all. There might be others to fake. This is definitely a "Don't touch if you don't know what you're doing" thing, so I decided to make this an undocumented parametric parameter. I know this sucks, so feel free to beat me up on this. But I don't think it will hurt. (cherry picked from commit a5cace128d1dcabd6cc90dda71a09dfa8ee8c6f6) Fix bug #6765. (cherry picked from commit af0c2b78f7b697fae0fae6f88a5c9922abc7c514)
* Fix bug 6529 - Offline files conflict with Vista and Office 2003. Jeremy.Jeremy Allison2009-10-202-66/+76
| | | | (cherry picked from commit e971428f137dcb42e8b735386d79f1b3a6effe34)
* Fix for CVE-2009-2906.samba-3.4.2Jeremy Allison2009-09-301-5/+25
| | | | | | | | Summary: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server.
* Fix for CVE-2009-2813.Jeremy Allison2009-09-281-1/+5
| | | | | | | | | | | | | | | =========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. ===========================================================
* Fix bug 6673 - smbpasswd does not work with "unix password sync = yes". ↵Jeremy Allison2009-09-092-3/+3
| | | | | | Revert change from 3.3 -> 3.4 with read_socket_with_timeout changed from sys_read() to sys_recv(). read_socket_with_timeout() is called with non-fd's (with a pty in chgpasswd.c and with a disk file in lib/dbwrap_file.c via read_data()). recv works for the disk file, but not the pty. Change the name of read_socket_with_timeout() to read_fd_with_timeout() to make this clear (and add comments). Jeremy. (cherry picked from commit 91a5b8561e2f13f77fa5648f7cc373aff1701954)
* Hopefully last part of the fix for bug 6651 - smbd SIGSEGV when breaking ↵Jeremy Allison2009-09-091-2/+2
| | | | | | oplocks. This one is subtle. There is a race condition where a signal can be queued for oplock break, and then the file can be closed by the client before the signal can be processed. Currently if this occurs we panic (we can't match an incoming signal fd with a fsp pointer). Simply log the error (at debug level 10 right now, might be too much) and then return without processing the break request. It looks like there is another race condition with this fix, but here's why it won't happen. If the signal was pending (caused by a kernel oplock break from a local file open), and the client closed the file and then re-opened another file which happened to use the same file descriptor as the file just closed, then theoretically the oplock break requests could be processed on the wrong fd. Here's why this should be very rare.. Processing a pending signal always take precedence over an incoming network request, so as long as the client close request is non-chained then the break signal should always be harmlessly processed *before* the open can be called. If the open is chained onto the close, and the fd on the new open is the same as the old closed fd, then it's possible this race will occur. However, all that will happen is that we'll lose the oplock on this file. A shame, but not a fatal event. Jeremy. (cherry picked from commit bdc7bdb0d3e02d04477906dbda8995bc5789ce22) (cherry picked from commit 95cc5af5fd6150f3c54cd344b66393dbc186c2df)
* Help debug for bug 6651 - smbd SIGSEGV when breaking oplocks. Should help ↵Jeremy Allison2009-09-091-0/+4
| | | | | | track if we get invoked with an invalid fd from the signal handler. Jeremy. (cherry picked from commit 213546103749c30dbb3ad8472872b9a8fad34205) (cherry picked from commit 6b9d518b9f1244c99fbaa2812886d02635caff14)
* Check we read off the compelte event from inotifySimo Sorce2009-09-081-2/+8
| | | | | | | | | | The kernel may return a short read, so we must use read_data() to make sure we read off the full buffer. If somethign bad happens we also need to kill the inotify watch because the filedescriptor will return out of sync structures if we read only part of the data. Fixes bug #6693. (cherry picked from commit ada543569f498ef526ea9602eb19850e37f62fe2)
* Correctly implement SMB_INFO_STANDARD setfileinfo.Jeremy Allison2009-08-131-3/+3
| | | | | | | Fixes bug #6593. Jeremy. (cherry picked from commit c704e22806198a620d7e058c8d69c144ce096837)
* s3: Fix a bug in renames of directoriesTim Prouty2009-08-131-6/+18
| | | | | | | | | | | | Recently code was added to match windows semantics of denying the rename of a directory if there are open files underneath it. This does partly match windows semantics, but it turns out the rename should be allowed if the open file handle is for the directory being renamed, or for a stream on the directory being renamed. This patch refines the check to better follow these rename semantics. Addresses bug #6620. (cherry picked from commit 06ab965b72ba477505d297ab72156136ab981e93)
* Fix a valgrind error in chain_replyVolker Lendecke2009-08-131-3/+10
| | | | | | | | construct_reply() references the request after chain_reply has freed it. (cherry picked from commit 5135ebd6f099518f0a0b5796e8057210be824740) Addresses bug #6611. (cherry picked from commit 5c6aa5ce9fb0cc5d63d04b0777d296c82e61c0a5)
* Fix bug #6506 - SMBD server doesn't set EAs when a file is overwritten in ↵Jeremy Allison2009-08-131-1/+2
| | | | | | | | | NT_TRANSACT_CREATE. Reported and verified by Long Li <longli@microsoft.com> Jeremy. (cherry picked from commit 9c48f5bf2dcc12e6eb6170ab3a2af5ca119cf008) (cherry picked from commit 92bb659e4340f22f855400e02e2a67474d2a048b)
* Fix bug #6564 - SetPrinter fails (panics) as non root. Missing ↵Jeremy Allison2009-08-131-0/+1
| | | | | | become_root()/unbecome_root() around reload_services. Jeremy. (cherry picked from commit d53cb77ab21cc6edc2f1767bb56a75901c4c1709)
* Fix bug #6551 - win98 clients cannot connect after server upgrade to ↵Jeremy Allison2009-08-132-0/+3
| | | | | | samba-3.4.0. The values of vuid and tid were not being correctly updated in the struct smb_request when passed to chain_reply inside sessionsetupX and tconX. Jeremy. (cherry picked from commit e7c5f7c924ae40ce3f36d352d55a92a906d92181)
* s3:smbd: cancel all locks that are made before the first failureStefan Metzmacher2009-08-131-6/+6
| | | | | | | | We never reached the cleanup code and directly returned the error. This addresses bug #6538 (Fail to back out lockingX calls on error). metze (cherry picked from commit 94303584b942135355f99d138f8dc375d8dfacfb)
* Fix bug #6520 time stamps - e.g. last mod time is not preserved when "unix ↵Jeremy Allison2009-07-021-3/+31
| | | | | | | | | | extensions=yes" are set - and using latest cifs vfs client Cancel out any pending "sticky" writes or "last write" changes when doing a UNIX info level set. Jeremy. (cherry picked from commit b971860e01a3e616b0dd21990c054c8f8356f513) (cherry picked from commit 3c8e5d5339ec246bca846aee48ecfba74c7d7c69)
* s3/lanman: Workaround for KB932762.Volker Lendecke2009-06-271-0/+1
| | | | | | This addresses bug #6498. (cherry picked from commit a702dea5a86f22e0b7857b67447152a06b3bbea2) (cherry picked from commit ed9d22f23789aa0b3c3c69aabcd398d52c95de5b)
generated by cgit (git 2.34.1) at 2025-09-25 00:25:18 +0000