summaryrefslogtreecommitdiff
path: root/source3/smbd
Commit message (Collapse)AuthorAgeFilesLines
* smbd: Remove an unnecessary else branchVolker Lendecke2015-08-201-2/+1
| | | | | | | | | | "goto out;" is sufficient before Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Aug 20 15:52:20 CEST 2015 on sn-devel-104
* s3:smb2_negprot: prefer AES128_CCM if the client supports itStefan Metzmacher2015-08-171-4/+14
| | | | | | | | | | | | Callgrind showed that we use 28,165,720,719 cpu cycles to send a 100MB file to a client using aes-ccm. With aes-gcm this is raises up to 723,094,413,831 cpu cycles. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* smbd: Use a struct initializerVolker Lendecke2015-08-141-8/+9
| | | | | | | Saves a few bytes of .text Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
* smbd: Remove a confusing commentVolker Lendecke2015-08-141-1/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Martin Schwenke <martin@meltin.net>
* smbd: Log smb2 requests returning !OK with higher log levelChristof Schmitt2015-08-061-3/+3
| | | | | | | | This can be useful for narrowing down problems without taking a full level 10 trace. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* s3:sesssetup: use session->pending_auth in smb1 session setupMichael Adam2015-07-301-11/+24
| | | | | | | (instead of session->gensec) Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* s3:smb2_sesssetup: use session->pending_authStefan Metzmacher2015-07-302-27/+48
| | | | | | Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* smbXsrv_session: add smbXsrv_session_create_auth()Stefan Metzmacher2015-07-302-0/+59
| | | | | | Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* smbXsrv_session: add smbXsrv_session_find_auth()Stefan Metzmacher2015-07-302-0/+24
| | | | | | Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3:smb2_sesssetup: remove now unneeded declaration of smb2srv_session_lookup_rawMichael Adam2015-07-301-6/+0
| | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* s3:smb2_server: defer channel/session validation to the session setup code.Michael Adam2015-07-291-4/+20
| | | | | | | | | | | | | | For session bind, and the channel is only to be bound to the given session just now, so it is not valid. The early request validation code can hence not check it, and hence validation is defered to the actual session setup code, which can look at the session binding flags. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Wed Jul 29 21:31:09 CEST 2015 on sn-devel-104
* s3:smb2_sesssetup: check that the connection belongs to the session in ↵Michael Adam2015-07-291-0/+8
| | | | | | | sess.setup Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
* smbXsrv: use smb2srv_session_lookup_client in smbXsrv_session_close_loopMichael Adam2015-07-291-4/+3
| | | | | | Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* smbXsrv: add smb2srv_session_lookup_client().Michael Adam2015-07-292-0/+12
| | | | | | | | | This is a variant of smb2srv_session_lookup_conn() that does not verify the session on the channel. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* smbXsrv: rename smb2srv_session_lookup -> smb2srv_session_lookup_connMichael Adam2015-07-294-14/+15
| | | | | | | | | | This is in preparation of adding a variant that operates on the client and does in particular not verify that the connection belongs to a session as a channel. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* smbXsrv: add a smbXsrv_connection argument to smb2srv_session_lookup_rawMichael Adam2015-07-291-2/+8
| | | | | | | | This way, we can verify that the session is valid on a channel. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
* smbXsrv: add a smbXsrv_connection argument to smbXsrv_session_local_lookup()Stefan Metzmacher2015-07-291-2/+19
| | | | | | | | This way, we can verify that a session is valid on the channel. Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
* s3-smbd: Remove the global dfree_broken variableAndreas Schneider2015-07-173-5/+1
| | | | | | Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3-smbd: Leave sys_disk_free() if dfree command is usedAndreas Schneider2015-07-171-16/+13
| | | | | | | | | | | | | | | | If we have a broken system which reports incorrect sizes we provide the 'dfree command'. This command makes sure Samba gets the correct values. However after that we call the quota command which then reports the broken values. The dfree command should take care to provide the correct values and in case of quota's it should also calculate the quote correctly. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11403 Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3:smbd: change a loglevel from 0 to 1 when SMB_VFS_CONNECT failsRalph Boehme2015-07-161-1/+3
| | | | | | | | | | | Logging at level 0 may result in log flooding. Additionally log the share name that failed in SMB_VFS_CONNECT. Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Thu Jul 16 20:24:47 CEST 2015 on sn-devel-104
* async_req: check for errors when monitoring socket for readabilityUri Simchoni2015-07-151-2/+2
| | | | | | | | | | | | | | | | | | Add an option to wait_for_read_send(), so that the request, upon calling back, report whether the socket actually contains data or is in EOF/error state. EOF is signalled via the EPIPE error. This is useful for clients which do not expect data to arrive but wait for readability to detect a closed socket (i.e. they do not intend to actually read the socket when it's readable). Actual data arrival would indicate a bug in this case, so the check can be used to print an error message. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11397 Signed-off-by: Uri Simchoni <urisimchoni@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org>
* ctdbd_conn: Move release_ip handling into process.cVolker Lendecke2015-07-141-5/+18
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Jul 14 09:56:25 CEST 2015 on sn-devel-104
* ctdbd_conn: Make register_with_ctdbd use an int-returning callbackVolker Lendecke2015-07-142-15/+19
| | | | | | | | This will allow an early return from ctdbd_msg_call_back so that we can also handle CTDB_SRVID_RELEASE_IP via register_with_ctdbd. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Replace random() and related calls with generate_random_buffer()Robin McCorkell2015-07-101-4/+3
| | | | | | | | | | | Result: better seeded random numbers that are cryptographically secure (not that it matters in this case) Please let it be right this time... Signed-off-by: Robin McCorkell <rmccorkell@karoshi.org.uk> Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Fix CID 1311338 Error handling issues (CHECKED_RETURN)Volker Lendecke2015-07-091-1/+6
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* smbd: Fix CID 1311337 Error handling issues (CHECKED_RETURN)Volker Lendecke2015-07-091-2/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* dosmode: Change message of result to informationalChristof Schmitt2015-07-091-2/+3
| | | | | | | | | | Logging the returned mode bits should be only "informational" (level 5). Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jul 9 15:36:30 CEST 2015 on sn-devel-104
* vfs: Change final message in check_reduce_name to "info"Christof Schmitt2015-07-091-2/+1
| | | | | | | | "Informational" is a better description for this message; change the log level accordingly (level 5). Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* vfs: Make entry message for check_reduced_name a debug messageChristof Schmitt2015-07-091-1/+1
| | | | | | | | | The interesting information is already logged later; having an additional message when entering the function should be only done as debug message (level 10). Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* Spelling correction: exlusive -> exclusivePaul Wayper2015-07-081-1/+1
| | | | | | Signed-off-by: Paul Wayper <paulway@redhat.com> Reviewed-by: Martin Schwenke <martin@meltin.net> Reviewed-by: Volker Lendecke <vl@samba.org>
* notifyd: Add notifyddVolker Lendecke2015-07-072-0/+90
| | | | | | | A little standalone notify daemon to play around with. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* notify: Remove two now unused stubsVolker Lendecke2015-07-072-21/+0
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Remove SMB_VFS_NOTIFY_WATCHVolker Lendecke2015-07-071-16/+0
| | | | | | | No longer needed Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* notify: Re-add notify_walk()Volker Lendecke2015-07-072-13/+73
| | | | | | | | This used to be a tdb traverse wrapper. Now we get the notify db from notifyd via messages. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* notifyd: Add notifyd_parse_db()Volker Lendecke2015-07-072-0/+84
| | | | | | | | | | The database format notifyd is "private" to it. This makes it possible for smbcontrol and others to query notifyd's database with MSG_SMB_NOTIFY_GET_DB and inspect it without having to know exactly what format it uses. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Kernel change notify is done by notifydVolker Lendecke2015-07-071-22/+0
| | | | | | | smbd itself does not need to call VFS_NOTIFY_WATCH anymore Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Replace the tdb-based notify_internal with notify_msgVolker Lendecke2015-07-073-1283/+268
| | | | | | | | For the moment, this removes smbstatus -N output. It will come back with the next commits. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Don't start the notify cleanup anymoreVolker Lendecke2015-07-071-100/+0
| | | | | | | We don't have a database to clean up anymore Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Start the notify daemonVolker Lendecke2015-07-071-0/+95
| | | | | | | For this we need the kernel change notify stuff to be global: There's only one notifyd and we have to pass over the kernel change notify watch function Signed-off-by: Volker Lendecke <vl@samba.org>
* smbd: Add the notify daemonVolker Lendecke2015-07-074-0/+1692
| | | | | | | | | This adds the notify daemon listening on MSG_SMB_NOTIFY_REC_CHANGE and MSG_SMB_NOTIFY_TRIGGER messages. It relies on ctdbd to distribute the notify database and events in a cluster. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Add direct notify_fam supportVolker Lendecke2015-07-072-0/+317
| | | | | | | | | | notifyd won't have the VFS around, it is a systemwide daemon without a connection to specific shares. To continue FAM support, notifyd needs to be able to link it directly. This adds code to make fam equivalent to inotify. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* param: Make "change notify" globalVolker Lendecke2015-07-071-1/+1
| | | | | | | | With a central notifyd, we can't do this per share anymore. Notifyd will only look at absolute paths, not shares. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd:trans2: treat new SMB_SIGNING_DESIRED in caseMichael Adam2015-07-071-0/+1
| | | | | Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-mdssvc: add mdssd RPC service daemon for mdssvcRalph Boehme2015-07-071-0/+10
| | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* smbd:smb2: use encryption_desired in send_breakMichael Adam2015-07-071-2/+2
| | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* smbd:smb2: only enable encryption in tcon if desiredMichael Adam2015-07-071-3/+6
| | | | | | | | | | Don't enforce it but only announce DATA_ENCRYPT, making use of encryption_desired in tcon. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* smbd:smb2: only enable encryption in session if desiredMichael Adam2015-07-071-3/+4
| | | | | | | | | | Don't enforce it but only announce ENCRYPT_DATA, using the encryption_desired flag in session setup. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* smbd:smb2: separate between encryption required and enc desiredMichael Adam2015-07-072-4/+17
| | | | | | | | | | | | | | | | this means we: - accept unencrypted requests if encryption only desired and not required, - but we always send encrypted responses in the desired case, not only when the request was encrypted. For this purpose, the do_encryption in the request structure is separated into was_encrypted and do_encryption. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11372 Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Guenther Deschner <gd@samba.org>
* s3-smbd: reset protocol in smbXsrv_connection_init_tables failure paths.Günther Deschner2015-06-301-1/+6
| | | | | | | | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=11373 Guenther Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Pair-Programmed-With: Michael Adam <obnox@samba.org> Signed-off-by: Guenther Deschner <gd@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
* s3: smbd: Use separate flag to track become_root()/unbecome_root() state.Jeremy Allison2015-06-251-2/+6
| | | | | | | | | | | | | | | | | Early function exit can mean backup_priv is set but we haven't called become_root(). *Lots* of work by the reviewers went in to checking this isn't a security issue. Found by Codenomicon at the Redmond plugfest. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11339 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Thu Jun 25 22:14:58 CEST 2015 on sn-devel-104