Changeset 165 for branches/samba-3.0/source/smbd
- Timestamp:
- Mar 11, 2009, 9:14:55 AM (16 years ago)
- Location:
- branches/samba-3.0/source/smbd
- Files:
-
- 16 edited
-
aio.c (modified) (2 diffs)
-
build_options.c (modified) (3 diffs)
-
conn.c (modified) (1 diff)
-
dosmode.c (modified) (2 diffs)
-
files.c (modified) (1 diff)
-
msdfs.c (modified) (5 diffs)
-
notify.c (modified) (1 diff)
-
password.c (modified) (2 diffs)
-
posix_acls.c (modified) (6 diffs)
-
process.c (modified) (1 diff)
-
reply.c (modified) (3 diffs)
-
server.c (modified) (4 diffs)
-
sesssetup.c (modified) (6 diffs)
-
share_access.c (modified) (2 diffs)
-
trans2.c (modified) (6 diffs)
-
uid.c (modified) (5 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.0/source/smbd/aio.c
r44 r165 254 254 a->aio_sigevent.sigev_value.sival_int = aio_ex->mid; 255 255 256 become_root(); 256 257 if (SMB_VFS_AIO_READ(fsp,a) == -1) { 257 258 DEBUG(0,("schedule_aio_read_and_X: aio_read failed. " 258 259 "Error %s\n", strerror(errno) )); 259 260 delete_aio_ex(aio_ex); 260 return False; 261 } 261 unbecome_root(); 262 return False; 263 } 264 unbecome_root(); 262 265 263 266 DEBUG(10,("schedule_aio_read_and_X: scheduled aio_read for file %s, " … … 344 347 a->aio_sigevent.sigev_value.sival_int = aio_ex->mid; 345 348 349 become_root(); 346 350 if (SMB_VFS_AIO_WRITE(fsp,a) == -1) { 347 351 DEBUG(3,("schedule_aio_wrote_and_X: aio_write failed. " 348 352 "Error %s\n", strerror(errno) )); 349 353 delete_aio_ex(aio_ex); 350 return False; 351 } 354 unbecome_root(); 355 return False; 356 } 357 unbecome_root(); 352 358 353 359 if (!write_through && !lp_syncalways(SNUM(fsp->conn)) -
branches/samba-3.0/source/smbd/build_options.c
r124 r165 345 345 output(screen, " HAVE_INTTYPES_H\n"); 346 346 #endif 347 #ifdef HAVE_KEYUTILS_H 348 output(screen, " HAVE_KEYUTILS_H\n"); 349 #endif 347 350 #ifdef HAVE_KRB5_H 348 351 output(screen, " HAVE_KRB5_H\n"); … … 2265 2268 output(screen, " WITH_CIFSMOUNT\n"); 2266 2269 #endif 2270 #ifdef WITH_CIFSUPCALL 2271 output(screen, " WITH_CIFSUPCALL\n"); 2272 #endif 2267 2273 #ifdef WITH_DFS 2268 2274 output(screen, " WITH_DFS\n"); … … 2613 2619 #ifdef WITH_CIFSMOUNT 2614 2620 output(screen, " WITH_CIFSMOUNT\n"); 2621 #endif 2622 #ifdef WITH_CIFSUPCALL 2623 output(screen, " WITH_CIFSUPCALL\n"); 2615 2624 #endif 2616 2625 #ifdef WITH_DFS -
branches/samba-3.0/source/smbd/conn.c
r134 r165 262 262 handle = conn->vfs_handles; 263 263 while(handle) { 264 thandle = handle->next; 264 265 DLIST_REMOVE(conn->vfs_handles, handle); 265 thandle = handle->next;266 266 if (handle->free_data) 267 267 handle->free_data(&handle->data); -
branches/samba-3.0/source/smbd/dosmode.c
r124 r165 78 78 mode_t dir_mode = 0; /* Mode of the inherit_from directory if 79 79 * inheriting. */ 80 80 81 if (!lp_store_dos_attributes(SNUM(conn)) && IS_DOS_READONLY(dosmode)) { 81 82 result &= ~(S_IWUSR | S_IWGRP | S_IWOTH); … … 167 168 } 168 169 } /* Else never set the readonly bit. */ 170 169 171 #ifndef __OS2__ 170 172 if (MAP_ARCHIVE(conn) && ((sbuf->st_mode & S_IXUSR) != 0)) -
branches/samba-3.0/source/smbd/files.c
r44 r165 125 125 chain_fsp = fsp; 126 126 127 /* A new fsp invalidates a negative fsp_fi_cache. */ 128 if (fsp_fi_cache.fsp == NULL) { 129 ZERO_STRUCT(fsp_fi_cache); 130 } 127 /* A new fsp invalidates the positive and 128 negative fsp_fi_cache as the new fsp is pushed 129 at the start of the list and we search from 130 a cache hit to the *end* of the list. */ 131 132 ZERO_STRUCT(fsp_fi_cache); 131 133 132 134 *result = fsp; -
branches/samba-3.0/source/smbd/msdfs.c
r134 r165 714 714 char **ppdata, 715 715 struct junction_map *junction, 716 int consumedcnt,717 716 BOOL self_referral) 718 717 { … … 771 770 772 771 /* create the header */ 773 SSVAL(pdata,0,consumedcnt * 2); /* path consumed */ 772 SSVAL(pdata,0,requestedpathlen - 2); /* UCS2 of path consumed minus 773 774 774 SSVAL(pdata,2,junction->referral_count); /* number of referral in this pkt */ 775 775 if(self_referral) { … … 815 815 char **ppdata, 816 816 struct junction_map *junction, 817 int consumedcnt,818 817 BOOL self_referral) 819 818 { … … 853 852 854 853 /* create the header */ 855 SSVAL(pdata,0,consumedcnt * 2); /* path consumed */ 854 SSVAL(pdata,0,reqpathlen - 2); /* UCS2 of path consumed minus 855 2 byte null */ 856 856 857 SSVAL(pdata,2,junction->referral_count); /* number of referral */ 857 858 if(self_referral) { … … 975 976 case 2: 976 977 reply_size = setup_ver2_dfs_referral(pathnamep, ppdata, &junction, 977 consumedcnt,self_referral);978 self_referral); 978 979 break; 979 980 case 3: 980 981 reply_size = setup_ver3_dfs_referral(pathnamep, ppdata, &junction, 981 consumedcnt,self_referral);982 self_referral); 982 983 break; 983 984 default: -
branches/samba-3.0/source/smbd/notify.c
r124 r165 349 349 { 350 350 char *fullpath; 351 352 if (path[0] == '.' && path[1] == '/') { 353 path += 2; 354 } 351 355 352 356 if (asprintf(&fullpath, "%s/%s", conn->connectpath, path) == -1) { -
branches/samba-3.0/source/smbd/password.c
r124 r165 271 271 const char *unix_homedir = 272 272 pdb_get_unix_homedir(server_info->sam_account); 273 274 273 if (unix_homedir) { 275 274 vuser->unix_homedir = … … 356 355 vuser->unix_homedir[1] = ':'; 357 356 #endif 358 359 357 360 358 if ( (!vuser->guest) && vuser->unix_homedir && *(vuser->unix_homedir)) -
branches/samba-3.0/source/smbd/posix_acls.c
r140 r165 3120 3120 } 3121 3121 3122 #if 0 3123 /* Disable this - prevents ACL inheritance from the ACL editor. JRA. */ 3124 3122 3125 /**************************************************************************** 3123 3126 Take care of parent ACL inheritance. … … 3301 3304 } 3302 3305 3303 parent_sd->dacl->aces = new_ace; 3304 parent_sd->dacl->num_aces = i; 3305 3306 *pp_new_sd = parent_sd; 3306 /* This sucks. psd should be const and we should 3307 * be doing a deep-copy here. We're getting away 3308 * with is as we know parent_sd is talloced off 3309 * talloc_tos() as well as psd. JRA. */ 3310 3311 psd->dacl->aces = new_ace; 3312 psd->dacl->num_aces = i; 3313 psd->type &= ~(SE_DESC_DACL_AUTO_INHERITED| 3314 SE_DESC_DACL_AUTO_INHERIT_REQ); 3315 3316 *pp_new_sd = psd; 3307 3317 return status; 3308 3318 } 3319 #endif 3309 3320 3310 3321 /**************************************************************************** … … 3420 3431 create_file_sids(&sbuf, &file_owner_sid, &file_grp_sid); 3421 3432 3433 #if 0 3434 /* Disable this - prevents ACL inheritance from the ACL editor. JRA. */ 3435 3436 /* See here: http://www.codeproject.com/KB/winsdk/accessctrl2.aspx 3437 * for details and also the log trace in bug #4308. JRA. 3438 */ 3439 3422 3440 if ((security_info_sent & DACL_SECURITY_INFORMATION) && 3423 3441 psd->dacl != NULL && … … 3431 3449 } 3432 3450 } 3451 #endif 3433 3452 3434 3453 acl_perms = unpack_canon_ace( fsp, &sbuf, &file_owner_sid, &file_grp_sid, … … 4271 4290 return False; 4272 4291 } 4292 #ifndef __OS2__ 4293 /* Samba always runs as root on OS/2 */ 4273 4294 if (current_user.ut.uid == 0 || conn->admin_user) { 4274 4295 /* I'm sorry sir, I didn't know you were root... */ 4275 4296 return True; 4276 4297 } 4298 #endif 4277 4299 4278 4300 /* Check primary owner write access. */ … … 4327 4349 (unsigned int)access_mask, fname )); 4328 4350 4329 #ifndef __OS2__4330 /* Samba always runs as root on OS/2 */4331 4351 if (current_user.ut.uid == 0 || conn->admin_user) { 4332 4352 /* I'm sorry sir, I didn't know you were root... */ 4333 4353 return True; 4334 4354 } 4335 #endif 4355 4336 4356 if (!VALID_STAT(*psbuf)) { 4337 4357 /* Get the file permission mask and owners. */ -
branches/samba-3.0/source/smbd/process.c
r135 r165 968 968 969 969 if (!change_to_user(conn,session_tag)) { 970 remove_deferred_open_smb_message( 971 SVAL(inbuf, smb_mid)); 970 972 return(ERROR_NT(NT_STATUS_DOS(ERRSRV,ERRbaduid))); 971 973 } -
branches/samba-3.0/source/smbd/reply.c
r134 r165 169 169 170 170 *d = '\0'; 171 172 171 return ret; 173 172 } … … 2215 2214 2216 2215 if ( SMB_VFS_SENDFILE( smbd_server_fd(), fsp, fsp->fh->fd, &header, startpos, nread) == -1) { 2217 /* Returning ENOSYS means no data at all was sent. Do this as a normal read. */ 2216 /* Returning ENOSYS means no data at all was sent. 2217 Do this as a normal read. */ 2218 2218 if (errno == ENOSYS) { 2219 2219 goto normal_readbraw; … … 4645 4645 DEBUG(3,("rename_internals: succeeded doing rename " 4646 4646 "on %s -> %s\n", directory, newname)); 4647 notify_rename(conn, S_ISDIR(sbuf1.st_mode), 4648 directory, newname); 4647 4649 rename_open_files(conn, lck, sbuf1.st_dev, 4648 4650 sbuf1.st_ino, newname); 4649 4651 TALLOC_FREE(lck); 4650 notify_rename(conn, S_ISDIR(sbuf1.st_mode),4651 directory, newname);4652 4652 return NT_STATUS_OK; 4653 4653 } -
branches/samba-3.0/source/smbd/server.c
r124 r165 300 300 Open the socket communication. 301 301 ****************************************************************************/ 302 303 bool reinit_after_fork(struct messaging_context *msg_ctx, 304 struct event_context *ev_ctx, 305 bool parent_longlived); 302 306 303 307 static BOOL open_sockets_smbd(BOOL is_daemon, BOOL interactive, const char *smb_ports) … … 561 565 False); 562 566 563 /* Reset the state of the random 564 * number generation system, so 565 * children do not get the same random 566 * numbers as each other */ 567 568 set_need_random_reseed(); 569 /* tdb needs special fork handling - remove 570 * CLEAR_IF_FIRST flags */ 571 if (tdb_reopen_all(1) == -1) { 572 DEBUG(0,("tdb_reopen_all failed.\n")); 573 smb_panic("tdb_reopen_all failed."); 567 if (!reinit_after_fork(smbd_messaging_context(), 568 smbd_event_context(), 569 true)) { 570 DEBUG(0, ("reinit_after_fork failed.\n")); 571 smb_panic("reinit_after_fork failed.\n"); 574 572 } 575 573 576 574 return True; 577 575 } 576 /* The parent doesn't need this socket */ 577 close(smbd_server_fd()); 578 578 579 579 /* Sun May 6 18:56:14 2001 ackley@cs.unm.edu: … … 946 946 947 947 reopen_logs(); 948 948 949 #ifdef __OS2__ 949 950 unsigned long _System DosSetPriority (unsigned long ulScope, unsigned long ulClass, long lDelta, unsigned long ulID); … … 956 957 DEBUG(0,( "Server priority set to PRTYC_FOREGROUNDSERVER\n")); 957 958 #endif 959 958 960 DEBUG(0,( "smbd version %s started.\n", SAMBA_VERSION_STRING)); 959 961 DEBUGADD( 0, ( "%s\n", COPYRIGHT_STARTUP_MESSAGE ) ); -
branches/samba-3.0/source/smbd/sesssetup.c
r158 r165 99 99 /**************************************************************************** 100 100 Send a security blob via a session setup reply. 101 We must already have called set_message(outbuf,4,0,True) 102 before calling this function. 101 103 ****************************************************************************/ 102 104 … … 109 111 ERROR_NT(nt_status_squash(nt_status)); 110 112 } else { 111 set_message(outbuf,4,0,True);112 113 113 nt_status = nt_status_squash(nt_status); 114 114 SIVAL(outbuf, smb_rcls, NT_STATUS_V(nt_status)); … … 519 519 SAFE_FREE(client); 520 520 521 set_message(outbuf,4,0,True); 522 521 523 if (sess_vuid == UID_FIELD_INVALID ) { 522 524 ret = NT_STATUS_LOGON_FAILURE; … … 525 527 reload_services( True ); 526 528 527 set_message(outbuf,4,0,True);528 529 SSVAL(outbuf, smb_vwv3, 0); 529 530 … … 582 583 } 583 584 585 set_message(outbuf,4,0,True); 586 584 587 if (NT_STATUS_IS_OK(nt_status)) { 585 588 int sess_vuid; … … 598 601 reload_services( True ); 599 602 600 set_message(outbuf,4,0,True);601 603 SSVAL(outbuf, smb_vwv3, 0); 602 604 -
branches/samba-3.0/source/smbd/share_access.c
r1 r165 193 193 */ 194 194 195 BOOL user_ok_token(const char *username, struct nt_user_token *token, int snum)195 BOOL user_ok_token(const char *username, const struct nt_user_token *token, int snum) 196 196 { 197 197 if (lp_invalid_users(snum) != NULL) { … … 250 250 251 251 BOOL is_share_read_only_for_token(const char *username, 252 struct nt_user_token *token, int snum)252 const struct nt_user_token *token, int snum) 253 253 { 254 254 BOOL result = lp_readonly(snum); -
branches/samba-3.0/source/smbd/trans2.c
r159 r165 205 205 } 206 206 207 if (sizeret == -1) {208 return NULL; }207 if (sizeret == -1) 208 return NULL; 209 209 210 210 DEBUG(10,("get_ea_list_from_file: ea_namelist size = %u\n", (unsigned int)sizeret )); … … 303 303 size_t total_ea_len = 0; 304 304 TALLOC_CTX *mem_ctx = NULL; 305 305 306 if (!lp_ea_support(SNUM(conn))) { 306 307 return 0; … … 865 866 return ERROR_NT(NT_STATUS_INVALID_PARAMETER); 866 867 } 867 } else if (IVAL(pdata,0) != 4) {868 return ERROR_NT(NT_STATUS_INVALID_PARAMETER);869 868 } 870 869 … … 977 976 if (mask[0] == '.' && mask[1] == 0) 978 977 return False; 978 if (dptr_has_wild(conn->dirptr)) { 979 return False; 980 } 979 981 if (conn->case_sensitive) 980 982 return strcmp(str,mask)==0; 981 if (StrCaseCmp(str,mask) != 0) { 982 return False; 983 } 984 if (dptr_has_wild(conn->dirptr)) { 985 return False; 986 } 987 return True; 983 else 984 return StrCaseCmp(str,mask) == 0; 988 985 } 989 986 … … 4162 4159 fsp_set_pending_modtime(fsp, ts[1]); 4163 4160 } 4161 4164 4162 } 4165 4163 #ifdef __OS2__ … … 6190 6188 return ERROR_NT(NT_STATUS_INVALID_PARAMETER); 6191 6189 } 6190 /* If total_data == 4 Windows doesn't care what values 6191 * are placed in that field, it just ignores them. 6192 * The System i QNTC IBM SMB client puts bad values here, 6193 * so ignore them. */ 6192 6194 6193 6195 status = create_directory(conn, directory); -
branches/samba-3.0/source/smbd/uid.c
r106 r165 143 143 } 144 144 145 /******************************************************************* 146 Check if a username is OK in share level security. 147 ********************************************************************/ 148 149 static bool check_user_ok_sharelevel_security(connection_struct *conn, 150 const char *unix_name, 151 int snum) 152 { 153 NT_USER_TOKEN *token = conn->nt_user_token; 154 155 if (!user_ok_token(unix_name, token, snum)) { 156 return false; 157 } 158 159 conn->read_only = is_share_read_only_for_token(unix_name, 160 token, 161 snum); 162 163 if (!conn->read_only && 164 !share_access_check(token, lp_servicename(snum), 165 FILE_WRITE_DATA)) { 166 /* smb.conf allows r/w, but the security descriptor denies 167 * write. Fall back to looking at readonly. */ 168 conn->read_only = true; 169 DEBUG(5,("falling back to read-only access-evaluation due to " 170 "security descriptor\n")); 171 } 172 173 if (!share_access_check(token, lp_servicename(snum), 174 conn->read_only ? 175 FILE_READ_DATA : FILE_WRITE_DATA)) { 176 return false; 177 } 178 179 conn->admin_user = token_contains_name_in_list( 180 unix_name, NULL, token, 181 lp_admin_users(SNUM(conn))); 182 183 return true; 184 } 185 186 145 187 /**************************************************************************** 146 188 Become the user of a connection number without changing the security context … … 150 192 BOOL change_to_user(connection_struct *conn, uint16 vuid) 151 193 { 194 enum security_types sec = (enum security_types)lp_security(); 152 195 user_struct *vuser = get_valid_user_struct(vuid); 153 154 196 int snum; 155 197 gid_t gid; … … 173 215 */ 174 216 175 if(( lp_security()== SEC_SHARE) && (current_user.conn == conn) &&217 if((sec == SEC_SHARE) && (current_user.conn == conn) && 176 218 (current_user.ut.uid == conn->uid)) { 177 219 DEBUG(4,("change_to_user: Skipping user change - already " … … 194 236 lp_servicename(snum))); 195 237 return False; 238 } else if ((sec == SEC_SHARE) && !check_user_ok_sharelevel_security(conn, 239 conn->user, snum)) { 240 DEBUG(2,("change_to_user: unix user %s " 241 "not permitted access to share %s.\n", 242 conn->user, 243 lp_servicename(snum))); 244 return false; 196 245 } 197 246 … … 273 322 DEBUG(5,("change_to_user uid=(%d,%d) gid=(%d,%d)\n", 274 323 (int)getuid(),(int)geteuid(),(int)getgid(),(int)getegid())); 275 324 276 325 return(True); 277 326 }
Note:
See TracChangeset
for help on using the changeset viewer.
