summaryrefslogtreecommitdiffstats
path: root/source3/smbd
Commit message (Collapse)AuthorAgeFilesLines
* auth/gensec: remove tevent_context argument from gensec_update()Stefan Metzmacher2014-03-273-3/+3
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* s3:build: remove global CLUSTER_SUPPORT defineStefan Metzmacher2014-03-242-9/+0
| | | | | | | | | | All ctdb specific code is isolated in samba-cluster-support.so now. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Mon Mar 24 19:08:44 CET 2014 on sn-devel-104
* smbd: Explicitly pass "file_id" to rename_share_filenameVolker Lendecke2014-03-211-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Use fsp->file_id in open_file_ntcreateVolker Lendecke2014-03-211-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Explicitly pass "file_id" to schedule_defer_openVolker Lendecke2014-03-211-3/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Explicitly pass "file_id" to rename_open_filesVolker Lendecke2014-03-211-3/+5
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: smbd: Fileserving share access checks.Jeremy Allison2014-03-181-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Git commit 86d1e1db8e2747e30c89627cda123fde1e84f579 fixed share_access not being reset between users, by changing make_connection_snum() to call a common function check_user_share_access() in the same way that change_to_user() (which can be called on any incoming packet) does. Unfortunately that bugfix was incorrect and broke "force user" and "force group" as it called check_user_share_access() inside make_connection_snum() using the conn->session_info pointer instead of the vuser->session_info pointer. conn->session_info represents the token to use when actually accessing the file system, and so is modified by force user and force group. conn->session_info represents the "pristine" token of the user logging in, and is never modified by force user and force group. Samba 3.6.x checked the share access based on the "pristine" token of the user logging in, not the token modified by force user and force group. This change restores the expected behavior. Fixes bug #9878 - force user does not work as expected https://bugzilla.samba.org/show_bug.cgi?id=9878 Signed-off-by: Jeremy Allison <jra@samba.org> Tested-by: Gerhard Wiesinger <lists@wiesinger.com> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Mar 18 19:19:31 CET 2014 on sn-devel-104
* CVE-2013-4496:samr: Remove ChangePasswordUserAndrew Bartlett2014-03-131-254/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This old password change mechanism does not provide the plaintext to validate against password complexity, and it is not used by modern clients. It also has quite difficult semantics to handle regarding password lockout. The missing features in both implementations (by design) were: - the password complexity checks (no plaintext) - the minimum password length (no plaintext) Additionally, the source3 version did not check: - the minimum password age - pdb_get_pass_can_change() which checks the security descriptor for the 'user cannot change password' setting. - the password history - the output of the 'passwd program' if 'unix passwd sync = yes'. Finally, the mechanism was almost useless, as it was incorrectly only made available to administrative users with permission to reset the password. It is removed here so that it is not mistakenly reinstated in the future. Andrew Bartlett Bug: https://bugzilla.samba.org/show_bug.cgi?id=10245 Change-Id: If2edd3183c177e5ff37c9511b0d0ad0dd9038c66 Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-on: https://gerrit.samba.org/37
* s3:smb2_tcon: cancel and wait for pending requests on tdisStefan Metzmacher2014-03-121-4/+78
| | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_sesssetup: cancel and wait for pending requests on logoffStefan Metzmacher2014-03-121-4/+78
| | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_tcon: split smbd_smb2_tdis into an async *_send/recv pair.Jeremy Allison2014-03-121-16/+89
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smb2_sesssetup: split smbd_smb2_logoff into an async *_send/recv pair.Jeremy Allison2014-03-121-20/+92
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10344 Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smb2_lock: return RANGE_NOT_LOCKED instead of CANCELLED for logoff and tdisStefan Metzmacher2014-03-121-0/+20
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_lock: fix whitespaces/tabs in smbd_smb2_lock_cancel()Stefan Metzmacher2014-03-121-11/+11
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_server: avoid talloc_zero_array() in smbd_smb2_request_setup_out()Stefan Metzmacher2014-03-062-4/+12
| | | | | | | | | | | In the common case with just one request, we can use a preallocated req->out.vector. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Mar 6 00:59:29 CET 2014 on sn-devel-104
* s3:smb2_server: don't assume that req->out.vector is always a valid talloc ↵Stefan Metzmacher2014-03-051-4/+4
| | | | | | | | | pointer We use 'req' instead as it has the same lifetime. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_server: avoid talloc_zero_array() in smbd_smb2_request_error_ex()Stefan Metzmacher2014-03-051-6/+2
| | | | | | | | | It is only important that the content of info->data stays alive for the lifetime of the request, but the DATA_BLOB structure itself can be on the stack, while passing it as 'dyn' to smbd_smb2_request_done_ex(). Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_server: optimize smbd_smb2_generate_outbody() for the common caseStefan Metzmacher2014-03-052-0/+7
| | | | | | | Use a preallocated buffer for the first response in the compound chain. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_write: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_tcon: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_setinfo: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_sesssetup: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-2/+2
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_read: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_notify: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_negprot: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_lock: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_keepalive: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_ioctl: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_getinfo: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_flush: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_find: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_create: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_close: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_break: make use of smbd_smb2_generate_outbody()Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_server: add smbd_smb2_generate_outbody() helperStefan Metzmacher2014-03-052-0/+7
| | | | | | | We can add optimization there later. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_read: avoid 2 talloc* calls when using sendfile()Stefan Metzmacher2014-03-052-15/+29
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_server: avoid a call to data_blob_clear_free() if not neededStefan Metzmacher2014-03-051-6/+18
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_server: optimize smbd_smb2_request_setup_out()Stefan Metzmacher2014-03-052-6/+10
| | | | | | | | | | We can use a preallocated buffer for the possible error response of the first response in the compound chain. This avoids a talloc_array_zero() call for the common case. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smb2_server: optimize req->in.vector allocationStefan Metzmacher2014-03-052-13/+31
| | | | | | | | | We can avoid a talloc_zero_array() call in the common case (without compound requests) and use a preallocated array instead. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smbd: s/BUFFER_SIZE/LARGE_WRITEX_BUFFER_SIZEStefan Metzmacher2014-03-051-1/+1
| | | | | | | | | Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Mar 5 22:53:34 CET 2014 on sn-devel-104
* s3:smbd: fix the maxentries calculation depending on the max_send.Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smbd: simplify maxentries calculation in reply_search()Stefan Metzmacher2014-03-051-5/+4
| | | | | | | Using helper variables make it much easier to understand. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smbd: fix the read numtoread calculation depending on the max_send.Stefan Metzmacher2014-03-051-9/+9
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smbd: fix the lockread numtoread calculation depending on the max_send.Stefan Metzmacher2014-03-051-9/+9
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smbd: pass the final numtoread reply_outbuf() for the lockread reply.Stefan Metzmacher2014-03-051-4/+5
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smbd: fix lockread numtoread calculation to match reply_outbuf() arguments.Stefan Metzmacher2014-03-051-1/+1
| | | | | Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smbd: take less than SMB_BUFFER_SIZE_MIN ('500') as header overhead in ipc.cStefan Metzmacher2014-03-051-4/+6
| | | | | | | | | | | | | We're now sure that sconn->smb1.sessions.max_send is >= SMB_BUFFER_SIZE_MIN. in order to garantee some progress we need to make sure our assumed header overhead is less than SMB_BUFFER_SIZE_MIN. Assuming 372 bytes for the SMBtrans headers should still be more than enough. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smbd: reject a MaxBufferSize < SMB_BUFFER_SIZE_MIN (500) in a session ↵Stefan Metzmacher2014-03-051-6/+13
| | | | | | | | | | setup request This makes sure sconn->smb1.sessions.max_send is always >= SMB_BUFFER_SIZE_MIN. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smbd: use sconn->smb1.sessions.max_send = SMB_BUFFER_SIZE_MAXStefan Metzmacher2014-03-051-1/+1
| | | | | | | | | SMB_BUFFER_SIZE_MAX is UINT16_MAX and the largest value a client can possibly specify in the session setup request. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:smbd: use SMB_BUFFER_SIZE_MIN/MAX to limit lp_max_xmit()Stefan Metzmacher2014-03-051-1/+6
| | | | | | | | | | | | | The current limit of 128*1024 causes problems as the value has to be <= UINT16_MAX otherwise some clients get confused, as they want to use the MaxBufferSize value from the negprot response (uint32_t) for the MaxBufferSize value in thet session setup request (uint16_t). E.g. Windows 7 (as client) sends MaxBufferSize = 0 if the server value is > UINT16_MAX. Bug: https://bugzilla.samba.org/show_bug.cgi?id=10422 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
generated by cgit (git 2.34.1) at 2024-11-05 21:39:59 +0000