summaryrefslogtreecommitdiffstats
path: root/source3/smbd
Commit message (Collapse)AuthorAgeFilesLines
* s3: increase the log level for missing PIDs on SIGCHLDDavid Disseldorp2011-08-181-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Since the fix for bso#7836, the parent smbd is responsible for maintaining an up-to-date printcap cache. It does this by forking a child process to asynchronously fetch printcap data from CUPS. When the child process exits after fetching all printcap data, the parent smbd is sent SIGCHLD. This triggers smbd_sig_chld_handler() which looks for the exited process PID on a "children" list. Child smbd process PIDs are added to the "children" list to ensure cleanup on unclean shutdown and log level change notification messages. Printcap update process PIDs are not added to the list as they do not maintain any state that requires cleanup, nor do they wait on tevent for messages. Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Thu Feb 17 11:11:45 CET 2011 on sn-devel-104 (cherry picked from commit 9c12232f1ae36e00d04114ad73edd8ba3c2c6a5c) Fix bug #8269 (smbd spams log with "Could not find child X -- ignoring" messages). (cherry picked from commit ba118ac287d49267dd2f346d4ddd2e590ebbe653) (cherry picked from commit c943af7ff13c64343e5246b27a7416627bffd365)
* s3-printing: remove pcap_cache_loaded assertsDavid Disseldorp2011-08-181-2/+0
| | | | | | | | | | | | | | | | | | pcap_cache_loaded() assertions were added to the (re)load_printers() functions, to ensure the caller had called pcap_cache_reload() prior to reloading printer shares. The problem is, pcap_cache_loaded() returns false if the the pcap_cache contains no printer entries. i.e. pcap_cache_reload() has run but not detected any printers. Remove these assertions, correct call ordering is already enforced. Signed-off-by: Günther Deschner <gd@samba.org> The last 3 patches address bug #7836 (A newly added printer isn't visbile to clients). (cherry picked from commit da9b2d9d58193ed3da36c2f8ff1e41a1e743ba07)
* Revert "Revert "s3-printing: update parent smbd pcap cache""David Disseldorp2011-08-182-2/+18
| | | | | | | This reverts commit ad450870eacb114b3f15941a4478ba25701e035a. Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit ee094b53d7fd9c46bca57b9815993282c63af00c)
* Revert "Revert "s3-printing: reload shares after pcap cache fill""David Disseldorp2011-08-181-6/+6
| | | | | | | This reverts commit 36ea03bbe28122ce03de4969e254dd276cfe5a79. Signed-off-by: Günther Deschner <gd@samba.org> (cherry picked from commit 3e1969d229dff2921b43189969dfbe522b167cc2)
* Fix bug #7892 - open_file_fchmod() leaves a stale lock.Jeremy Allison2011-01-133-45/+10
| | | | (cherry picked from commit 023aa6f4aae29ba22b3d42c815027ba6a66f8ee2)
* s3: Stop using the write cache after an oplock breakVolker Lendecke2011-01-131-0/+1
| | | | | | Fix bug #7715 (Setting Samba Write Cache Size Can Cause File Corruption). (cherry picked from commit 9f8292e5f765dff586bfbb261b54da4d4b27a837) (cherry picked from commit e18ef6cdf042a73e7f08b792e4a9901b071b1f67)
* Fix bug #7669.Jeremy Allison2010-09-091-3/+14
| | | | | | | | | | | | | | | | | | | | | | | | Fix bug #7669 (buffer overflow in sid_parse() in Samba3 and dom_sid_parse in Samba4). CVE-2010-3069: =========== Description =========== All current released versions of Samba are vulnerable to a buffer overrun vulnerability. The sid_parse() function (and related dom_sid_parse() function in the source4 code) do not correctly check their input lengths when reading a binary representation of a Windows SID (Security ID). This allows a malicious client to send a sid that can overflow the stack variable that is being used to store the SID in the Samba smbd server. A connection to a file share is needed to exploit this vulnerability, either authenticated or unauthenticated (guest connection).
* Fix bug 7310 - DOS attribute inconsistency with MS OfficeJeremy Allison2010-05-061-0/+17
| | | | | | | On rename we need to set the archive bit on the renamed file. Jeremy (cherry picked from commit d5029023e1a44e1bfcbd4e5822d937fa03ba5a1b)
* Fix bug 7297 - smbd crashes with CUPS printers and no [printers] share defined.Jeremy Allison2010-05-061-1/+1
| | | | | | | | Ensure we don't dereference an array with an index of -1. Jeremy. (cherry picked from commit e4127ab299e654777c43d983b2e0a158baa7d79a) (cherry picked from commit fcb4c51e79f648ae02f77784d46bcc9c7331d3cb)
* s3: Fix an uninitialized variable readVolker Lendecke2010-05-061-1/+1
| | | | | | | | | | | | Found by Laurent Gaffie <laurent.gaffie@gmail.com> Thanks for that, Volker Fix bug #7254 (An uninitialized variable read could cause an smbd crash). (cherry picked from commit 9280051bfba337458722fb157f3082f93cbd9f2b) (cherry picked from commit 3373b973ef892f013dbf6a1df805de158c0ff4e2)
* s3: Fix a NULL pointer dereferenceVolker Lendecke2010-05-061-1/+10
| | | | | | | | | | | | | Found by Laurent Gaffie <laurent.gaffie@gmail.com>. Thanks! Volker (cherry picked from commit 25452a2268ac7013da28125f3df22085139af12d) Fix bug #7229 (NULL pointer dereference). (cherry picked from commit bf40d130a1761daa14ce6a2cf3d02dbd9095c2b5) (cherry picked from commit 6e8c643688a323c9a68baa9f015cffec65d75115)
* Revert "Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail ↵samba-3.4.7Karolin Seeger2010-03-081-8/+0
| | | | | | | | to respond to a read or write." This reverts commit c81c109a6ce83741bb5149a51ceb4ab30855e9f9. This fixes bug #7222 (All users have full rigths on all shares)(CVE-2010-0728).
* Fix bug #7154 - mangling method = hash can crash storing a name not ↵Jeremy Allison2010-02-221-3/+5
| | | | | | | | | | | containing a '.' Fix use of uninitialized variable. This can lead to crashes if mangling = hash processes names with no '.'. Jeremy. (cherry picked from commit df13b1303a751962d8f7d5298b39e4a7500fef15) (cherry picked from commit 7eaeb891c8aee880fb06733f998b2feb95ef9c36)
* Fix bug #7155 - valgrind Conditional jump or move depends on uninitialised ↵Jeremy Allison2010-02-221-0/+1
| | | | | | | | | | | | value(s) error when "mangling method = hash" The charset array allocated in init_chartest() is allocated by MALLOC, but only some elements of it being set after allocation. Fix is to memset to zero after allocation. Jeremy. (cherry picked from commit a4e8210ba7d6d471cb9f17754244393b9c1e5930) (cherry picked from commit fcca63d5fd0b900bc4bdcfbfb21b14f655abbbf7)
* Fix bug #6557 - Do not work VFS full_auditJeremy Allison2010-02-221-18/+16
| | | | | | | | | | | | Re-arrange the operations order so SMB_VFS_CONNECT is done first as root (to allow modules to correctly initialize themselves). Reviewed modules to check if they needed CONNECT invoked as a user (which we previously did) and it turns out any of them that cared needed root permissions anyway. Jeremy. (cherry picked from commit 2eb33851a753cbd5594d44243802388cff5ae152)
* Fixes issue with preexec scripts creating a share directory, and problems if ↵Jeremy Allison2010-02-151-28/+35
| | | | | | | | | | | | | | | | | | a smb.conf reload turns wide links back on after a connection is establised. Includes git refs : cd18695fc2e4d09ab75e9eab2f0c43dcc15adf0b 94865e4dbd3d721c9855aada8c55e02be8b3881e 5d92d969dda450cc3564dd2265d2b042d832c542 02a5078f1fe6285e4a0b6ad95a3aea1c5bb3e8cf a6f402ad87ff0ae14d57d97278d67d0ceaaa1d82 from master. Jeremy. Fix bug #7104 ("wide links" and "unix extensions" are incompatible.) (cherry picked from commit 16e73d88944ce644cccfa19a99338f5903c061f0)
* Fix bug #7122 - Reading a large browselist fails (server returns invalid ↵Jeremy Allison2010-02-152-3/+6
| | | | | | | | | | | | | | | | | | values in subsequent SMBtrans replies) There are two problems: 1). The server is off-by-one in the end of buffer space test. 2). The server returns 0 in the totaldata (smb_vwv1) and totalparams (smb_vwv0) fields in the second and subsequent SMBtrans replies. This patch fixes both. Jeremy. (cherry picked from commit 8ddc977c1421a47bedba8d5494f7ae67692b772a) Signed-off-by: Stefan Metzmacher <metze@samba.org> (cherry picked from commit 8ac6085a2c7382e544888e632ff62c30f7e7a884)
* s3:smbd: use StrCaseCmp() instead of strcasecmpStefan Metzmacher2010-02-151-4/+3
| | | | | | metze (cherry picked from commit bc8242a08e1bb9489cc8171b1ec02bd2518b1857) (cherry picked from commit 8142883b40819b5cb92ea671bb6c89bff68d3680)
* s3:smbd: Fix really ugly bool vs. int bug!!!Stefan Metzmacher2010-02-151-2/+2
| | | | | | | | | | A comparison function for qsort needs to return an 'int'! Otherwise you'll get random results depending on the compiler and the architecture... metze (cherry picked from commit 1686a5e7e7eb1b411b003cbbde5c0d28741c6d02) (cherry picked from commit 4e419df9154c329b3376ab00d6bb55093fbfe71a)
* s3:smbd: implement api_RNetServerEnum3Stefan Metzmacher2010-02-151-1/+212
| | | | | | | | This is needed to support large browse lists. metze (cherry picked from commit 30eec0656c926d3d85a438dc28f17649b53318f8) (cherry picked from commit f37f187070934e1046ce05d298d92ede7e6f7030)
* s3:smbd: add/improve some DEBUG messages in api_RNetServerEnum2()Stefan Metzmacher2010-02-151-4/+6
| | | | | | metze (cherry picked from commit 495ac4616654c9e62e14031b7439aff21e42ec91) (cherry picked from commit f8f6beff57fd58b69648633f5b1c15289015f96b)
* s3:smbd: rename api_RNetServerEnum => api_RNetServerEnum2Stefan Metzmacher2010-02-151-3/+3
| | | | | | metze (cherry picked from commit dc58672c6588a1715698721153b35ed2d594bc67) (cherry picked from commit 0b6d850a553c0a558d579ab5e46f49794a015e34)
* Fix bug 7104 - "wide links" and "unix extensions" are incompatible.Jeremy Allison2010-02-153-38/+9
| | | | | | | | | | | | | | | | Change parameter "wide links" to default to "no". Ensure "wide links = no" if "unix extensions = yes" on a share. Fix man pages to refect this. Remove "within share" checks for a UNIX symlink set - even if widelinks = no. The server will not follow that link anyway. Correct DEBUG message in check_reduced_name() to add missing "\n" so it's really clear when a path is being denied as it's outside the enclosing share path. Jeremy. (cherry picked from commit 9e64c33b7757dd4528a9c8d31d0c0c159a33daf8)
* s3/smbd: Fix string buffer overflow causing heap corruptionSteven Danneman2010-02-151-1/+2
| | | | | | | | | | | | | | | | | | The destname malloc size was not taking into account the 1 extra byte needed if a string without a leading '/' was passed in and that slash was added. This would cause the '\0' byte to be written past the end of the malloced destname string and corrupt whatever heap memory was there. This problem would be hit if a share name was given in smb.conf without a leading '/' and if it was the exact size of the allocated STRDUP memory which in some implementations of malloc is a power of 2. (cherry picked from commit f42971c520360e69c4cdd64bebb02a5f5ba49b94) Fix bug #7096. (cherry picked from commit db5ccb70b6ac51ea263889cc9cdd523673ae8ecd) (cherry picked from commit 3916710b9414d679774399e6d0cff61e4b67a2e3)
* Fix bug #7067 - Linux asynchronous IO (aio) can cause smbd to fail to ↵Jeremy Allison2010-02-151-0/+8
| | | | | | | | | | | respond to a read or write. Only works on Linux kernels 2.6.26 and above. Grants CAP_KILL capability to allow Linux threads under different euids to send signals to each other. Jeremy. (cherry picked from commit 899bd0005f56dcc1e95c3988d41ab3f628bb15db) (cherry picked from commit 246eba3b807e5ce50ee838c51823a9eb44f6b690)
* smbd: Fix opening the quota magic fileStefan Metzmacher2010-01-181-5/+10
| | | | | | | This fixes bug #6642 and bug #6919. metze (cherry picked from commit 7fd0767c6abdc9f4c456ae0a7d247f3a25ffcbd9)
* Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"Jeremy Allison2010-01-181-0/+3
| | | | | | | | | | | | | | | | This bug re-occurred for 3.3.x and above. The reason is that to change a NT ACL we now have to open the file requesting WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions in posix_acls doesn't add these bits when "dos filemode = yes", so even though the permission or owner change would be allowed by the POSIX ACL code, the NTCreateX call fails with ACCESS_DENIED now we always check NT permissions first. Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access. Jeremy. (cherry picked from commit f04a8d1811c1099eb653efda314bc98553fa6d02)
* Fix bug #7020 - smbd using 2G memory.Jeremy Allison2010-01-181-0/+10
| | | | | | | | | When deferring an async pipe writeX and readX transfer the outstanding request struct onto the conn struct. This needs freeing after the packet is finally processed. Jeremy. (cherry picked from commit cabe8f0ee859013d49fba011a5a9ac0112d7b001)
* Fix bug 6837 - "Too many open files" when trying to access large number of filesJeremy Allison2009-12-301-2/+0
| | | | | | | Win7 needs the Windows server open file handle number of 16384 handles. Jeremy. (cherry picked from commit bbdc2c017ca5abb35897ab61717b806133e0af0b)
* Fix bug 7005 - mangle method = hash truncates files with dot '.' characterJeremy Allison2009-12-291-0/+9
| | | | | | | | Don't change the contents of a const string via a pointer alias (or if you do, change it back.....). Jeremy. (cherry picked from commit a5bfbad790870ff66d4b09f99f0835ccb61c10ed)
* Fix bug #6939 - mangling method = hash breaks long filenames.Jeremy Allison2009-12-231-1/+4
| | | | | | | | We were returning the wrong sense of the bool. must_mangle() has to return !NT_STATUS_IS_OK, not NT_STATUS_IS_OK. Jeremy. (cherry picked from commit 2f1a66a72a6bd9f3e160b01982171dd66835990e)
* s3:posix_acls: Fix bug 6841 - "map acl inherit = yes" not working.Jeremy Allison2009-12-231-8/+29
| | | | | | | | The code to read the new V2 SAMBA_PAI entries had two errors. Jeremy. (cherry picked from commit ce060ae48d71e8988282b16f8348ca0b0434cfde)
* Second part of fix for 6875 - trans2 FIND_FIRST2 response --> FIND_FIRST2 ↵Jeremy Allison2009-12-232-18/+25
| | | | | | | | | Data -> Fille Attributes are returned as 0x220 for LANMAN2.1 dialect Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned attributes by protocol level. This makes us consistant in returning DOS attrs across all replies. Tested on OS/2 by Günter Kukkukk. Jeremy. (cherry picked from commit 22332e08ab5b406ca603576b29fcaf0c1f786708)
* Fix bug #6898 - Samba duplicates file content on appending. Move posix case ↵Jeremy Allison2009-12-232-11/+43
| | | | | | semantics out from under the VFS. Jeremy. (cherry picked from commit 24282f2a282ba4ef78108d983d1ef4a6ad4cbf89)
* s3: Fix shadow copy display on Windows 7Volker Lendecke2009-12-231-1/+1
| | | | | | | | Windows 7 is a bit more picky on our NT_STATUS_BUFFER_TOO_SMALL. Announce the right buffer size, the same amount we later check for. Fix bug #6850 (Shadow Copy Support for VISTA / Windows 7). (cherry picked from commit b1243ff12d4f4b948dc7bbd85795f8ee8f7621d9)
* Second part of the fix for bug 6828 - infinite timeout occurs when byte lock ↵Jeremy Allison2009-12-231-6/+9
| | | | | | held outside of samba. Fixes case where a connection with a pending lock can me marked "idle", and ensures that the lock queue timeout is always recalculated. Jeremy. (cherry picked from commit aecf2dba0b2bfd65a307d9edae1792b3896fc73f)
* Fix bug 6875 - trans2 FIND_FIRST2 response --> FIND_FIRST2 Data -> Fille ↵Jeremy Allison2009-12-231-0/+14
| | | | | | Attributes are returned as 0x220 for LANMAN2.1 dialect Jeremy. (cherry picked from commit dc9b226d8ced06b8b24eb38b411eac11eace41be)
* Fix bug 6867 - trans2findnext returns reply_nterror(req, ntstatus) In a ↵Jeremy Allison2009-12-231-12/+16
| | | | | | directory with a lot of files. Jeremy. (cherry picked from commit a6e7be60322b981f9eb81f2b686d28223bd735bc)
* Fix bug 6828 - infinite timeout occurs when byte lock held outside of samba ↵Jeremy Allison2009-10-261-8/+18
| | | | | | Jeremy. (cherry picked from commit a572c28ca3daa199d78fc340819c5c9ff53a3ed6)
* s3/aio: Correctly handle aio_error() and errno.Olaf Flebbe2009-10-201-32/+26
| | | | | Fix bug #6805. (cherry picked from commit dd28b7850c7ace008558571caee9679ff97a5e91)
* Fix bug 6774 - smbd crashes if "aio write behind" is set.Jeremy Allison2009-10-201-1/+1
| | | | | | | Don't dereference a talloc_move'd pointer. Jeremy. (cherry picked from commit 951991df2976b5f8f57c0418257d9d817ebda661)
* s3/aio: allow for outstanding_aio_calls to be decremented.Olaf Flebbe2009-10-201-2/+4
| | | | | Fixes bug #6772. (cherry picked from commit a13f8bf949300079419cd86982012212323fcb65)
* Correct fix for bug 6781 - Cannot rename subfolders in Explorer view with ↵Jeremy Allison2009-10-201-20/+12
| | | | | | recent versions of Samba. Without this fix, renaming a directory ./a to ./b, whilst a directory ./aa was already open would fail. Simplifies logic of earlier code. Jeremy. (cherry picked from commit 37f42ad6a1fff1e43bfd6dcaa8244b738ea37363)
* Fix bug 6769 - symlink unlink does nothing. Jeremy.Jeremy Allison2009-10-202-26/+80
| | | | (cherry picked from commit 9f7d155001bc4c2808b6d17e9cb5ce87173b6061)
* s3:smbd: Add a "hidden" parameter "share:fake_fscaps"Volker Lendecke2009-10-201-0/+3
| | | | | | | | | | | | | | | This is needed to support some special app I've just come across where I had to set the SPARSE_FILES bit (0x40) to make it work against Samba at all. There might be others to fake. This is definitely a "Don't touch if you don't know what you're doing" thing, so I decided to make this an undocumented parametric parameter. I know this sucks, so feel free to beat me up on this. But I don't think it will hurt. (cherry picked from commit a5cace128d1dcabd6cc90dda71a09dfa8ee8c6f6) Fix bug #6765. (cherry picked from commit af0c2b78f7b697fae0fae6f88a5c9922abc7c514)
* Fix bug 6529 - Offline files conflict with Vista and Office 2003. Jeremy.Jeremy Allison2009-10-202-66/+76
| | | | (cherry picked from commit e971428f137dcb42e8b735386d79f1b3a6effe34)
* Fix for CVE-2009-2906.samba-3.4.2Jeremy Allison2009-09-301-5/+25
| | | | | | | | Summary: Specially crafted SMB requests on authenticated SMB connections can send smbd into a 100% CPU loop, causing a DoS on the Samba server.
* Fix for CVE-2009-2813.Jeremy Allison2009-09-281-1/+5
| | | | | | | | | | | | | | | =========================================================== == Subject: Misconfigured /etc/passwd file may share folders unexpectedly == == CVE ID#: CVE-2009-2813 == == Versions: All versions of Samba later than 3.0.11 == == Summary: If a user in /etc/passwd is misconfigured to have == an empty home directory then connecting to the home == share of this user will use the root of the filesystem == as the home directory. ===========================================================
* Fix bug 6673 - smbpasswd does not work with "unix password sync = yes". ↵Jeremy Allison2009-09-092-3/+3
| | | | | | Revert change from 3.3 -> 3.4 with read_socket_with_timeout changed from sys_read() to sys_recv(). read_socket_with_timeout() is called with non-fd's (with a pty in chgpasswd.c and with a disk file in lib/dbwrap_file.c via read_data()). recv works for the disk file, but not the pty. Change the name of read_socket_with_timeout() to read_fd_with_timeout() to make this clear (and add comments). Jeremy. (cherry picked from commit 91a5b8561e2f13f77fa5648f7cc373aff1701954)
* Hopefully last part of the fix for bug 6651 - smbd SIGSEGV when breaking ↵Jeremy Allison2009-09-091-2/+2
| | | | | | oplocks. This one is subtle. There is a race condition where a signal can be queued for oplock break, and then the file can be closed by the client before the signal can be processed. Currently if this occurs we panic (we can't match an incoming signal fd with a fsp pointer). Simply log the error (at debug level 10 right now, might be too much) and then return without processing the break request. It looks like there is another race condition with this fix, but here's why it won't happen. If the signal was pending (caused by a kernel oplock break from a local file open), and the client closed the file and then re-opened another file which happened to use the same file descriptor as the file just closed, then theoretically the oplock break requests could be processed on the wrong fd. Here's why this should be very rare.. Processing a pending signal always take precedence over an incoming network request, so as long as the client close request is non-chained then the break signal should always be harmlessly processed *before* the open can be called. If the open is chained onto the close, and the fd on the new open is the same as the old closed fd, then it's possible this race will occur. However, all that will happen is that we'll lose the oplock on this file. A shame, but not a fatal event. Jeremy. (cherry picked from commit bdc7bdb0d3e02d04477906dbda8995bc5789ce22) (cherry picked from commit 95cc5af5fd6150f3c54cd344b66393dbc186c2df)
generated by cgit (git 2.34.1) at 2025-08-29 04:23:09 +0000