The branch, master has been updated via 19078b9 s3:smbd/globals: remove unused msg_ctx_to_sconn() via 0345551 s3:smbd: pass smbd_server_connection and a snumused function pointer to reload_services() via 5061dd2 s3:printing/spoolssd: pass event and messaging context to check_updater_child() via 06c1c33 s3:rpc_server/spoolss: remove reload_services check from delete_printer_hook() via e412b8b s3:smbd: split smb_conf_updated into parent and child versions via 715933a s3:smbd: split ID_CACHE_* message handling into parent and child parts from 0429471 lib/ccan: Fix some typos in libccan.m4
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 19078b9b0564ed2654a1dae1d23488f89aadb41f Author: Stefan Metzmacher <me...@samba.org> Date: Wed Dec 14 13:26:36 2011 +0100 s3:smbd/globals: remove unused msg_ctx_to_sconn() metze Autobuild-User: Stefan Metzmacher <me...@samba.org> Autobuild-Date: Thu Dec 15 14:24:59 CET 2011 on sn-devel-104 commit 03455519e70253cb86007ac5a8960999e9aa5fa4 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Dec 14 13:25:20 2011 +0100 s3:smbd: pass smbd_server_connection and a snumused function pointer to reload_services() metze commit 5061dd26d314baf38c7e8b3f8e495579baba49de Author: Stefan Metzmacher <me...@samba.org> Date: Wed Dec 14 11:12:49 2011 +0100 s3:printing/spoolssd: pass event and messaging context to check_updater_child() metze commit 06c1c338e3fcaf6460f4e462c7f881ce2abc9ac7 Author: Stefan Metzmacher <me...@samba.org> Date: Thu Dec 15 11:03:29 2011 +0100 s3:rpc_server/spoolss: remove reload_services check from delete_printer_hook() As the spoolss code can run embedded or external relative to the smbd file server process, it's very tricky to verify if a share is still in use. Checking the result of the "deleteprinter command" command should be enough to check for success. We should not return WERR_ACCESS_DENIED if the share is still in use, by the current client, as the primary printer definition is already deleted. metze commit e412b8bfcce46720b913d42ac7f56d4e024162f0 Author: Stefan Metzmacher <me...@samba.org> Date: Wed Dec 14 12:39:36 2011 +0100 s3:smbd: split smb_conf_updated into parent and child versions metze commit 715933a3d3d1023df0d77c1765850e8579b84dfc Author: Stefan Metzmacher <me...@samba.org> Date: Wed Dec 14 10:23:30 2011 +0100 s3:smbd: split ID_CACHE_* message handling into parent and child parts metze ----------------------------------------------------------------------- Summary of changes: source3/Makefile.in | 2 +- source3/printing/spoolssd.c | 9 +- source3/rpc_server/spoolss/srv_spoolss_nt.c | 20 ++-- source3/smbd/globals.c | 13 -- source3/smbd/globals.h | 2 - source3/smbd/msg_idmap.c | 174 --------------------------- source3/smbd/negprot.c | 4 +- source3/smbd/process.c | 138 +++++++++++++++++++++- source3/smbd/proto.h | 7 +- source3/smbd/reply.c | 2 +- source3/smbd/server.c | 74 +++++++++--- source3/smbd/server_reload.c | 20 ++-- source3/smbd/sesssetup.c | 10 +- source3/smbd/smb2_sesssetup.c | 2 +- source3/torture/vfstest.c | 2 +- source3/wscript_build | 2 +- 16 files changed, 232 insertions(+), 249 deletions(-) delete mode 100644 source3/smbd/msg_idmap.c Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index b0c17f6..1389293 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -914,7 +914,7 @@ AUTH_OBJ = auth/auth.o @AUTH_STATIC@ auth/auth_util.o auth/token_util.o \ MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_hash2.o -SMBD_OBJ_MAIN = smbd/server.o smbd/server_exit.o smbd/msg_idmap.o +SMBD_OBJ_MAIN = smbd/server.o smbd/server_exit.o BUILDOPT_OBJ = smbd/build_options.o diff --git a/source3/printing/spoolssd.c b/source3/printing/spoolssd.c index 06ce61b..fa722e2 100644 --- a/source3/printing/spoolssd.c +++ b/source3/printing/spoolssd.c @@ -489,7 +489,8 @@ static void spoolss_handle_client(struct tevent_req *req) extern pid_t background_lpq_updater_pid; static char *bq_logfile; -static void check_updater_child(void) +static void check_updater_child(struct tevent_context *ev_ctx, + struct messaging_context *msg_ctx) { int status; pid_t pid; @@ -501,9 +502,7 @@ static void check_updater_child(void) pid = sys_waitpid(background_lpq_updater_pid, &status, WNOHANG); if (pid > 0) { DEBUG(2, ("The background queue child died... Restarting!\n")); - pid = start_background_queue(server_event_context(), - server_messaging_context(), - bq_logfile); + pid = start_background_queue(ev_ctx, msg_ctx, bq_logfile); background_lpq_updater_pid = pid; } } @@ -543,7 +542,7 @@ static void spoolssd_sigchld_handler(struct tevent_context *ev_ctx, pfh_manage_pool(ev_ctx, msg_ctx, &pf_spoolss_cfg, spoolss_pool); /* also check if the updater child is alive and well */ - check_updater_child(); + check_updater_child(ev_ctx, msg_ctx); } static bool spoolssd_setup_children_monitor(struct tevent_context *ev_ctx, diff --git a/source3/rpc_server/spoolss/srv_spoolss_nt.c b/source3/rpc_server/spoolss/srv_spoolss_nt.c index 1a9111c..87df565 100644 --- a/source3/rpc_server/spoolss/srv_spoolss_nt.c +++ b/source3/rpc_server/spoolss/srv_spoolss_nt.c @@ -417,14 +417,6 @@ static WERROR delete_printer_hook(TALLOC_CTX *ctx, struct security_token *token, if (ret != 0) return WERR_BADFID; /* What to return here? */ - /* go ahead and re-read the services immediately */ - become_root(); - reload_services(msg_ctx, -1, false); - unbecome_root(); - - if ( lp_servicenumber( sharename ) >= 0 ) - return WERR_ACCESS_DENIED; - return WERR_OK; } @@ -6210,6 +6202,16 @@ static WERROR add_port_hook(TALLOC_CTX *ctx, struct security_token *token, const /**************************************************************************** ****************************************************************************/ +static bool spoolss_conn_snum_used(struct smbd_server_connection *sconn, + int snum) +{ + /* + * As we do not know if we are embedded in the file server process + * or not, we have to pretend that all shares are in use. + */ + return true; +} + static bool add_printer_hook(TALLOC_CTX *ctx, struct security_token *token, struct spoolss_SetPrinterInfo2 *info2, const char *remote_machine, @@ -6268,7 +6270,7 @@ static bool add_printer_hook(TALLOC_CTX *ctx, struct security_token *token, /* reload our services immediately */ become_root(); - reload_services(msg_ctx, -1, false); + reload_services(NULL, spoolss_conn_snum_used, false); unbecome_root(); numlines = 0; diff --git a/source3/smbd/globals.c b/source3/smbd/globals.c index 3199a37..ff8c51b 100644 --- a/source3/smbd/globals.c +++ b/source3/smbd/globals.c @@ -104,19 +104,6 @@ bool exit_firsttime = true; struct smbd_server_connection *smbd_server_conn = NULL; -struct smbd_server_connection *msg_ctx_to_sconn(struct messaging_context *msg_ctx) -{ - struct server_id my_id, msg_id; - - my_id = messaging_server_id(smbd_server_conn->msg_ctx); - msg_id = messaging_server_id(msg_ctx); - - if (!procid_equal(&my_id, &msg_id)) { - return NULL; - } - return smbd_server_conn; -} - struct memcache *smbd_memcache(void) { if (!smbd_memcache_ctx) { diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index d5b2de7..3c6aa12 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -614,6 +614,4 @@ struct smbd_server_connection { extern struct smbd_server_connection *smbd_server_conn; -struct smbd_server_connection *msg_ctx_to_sconn(struct messaging_context *msg_ctx); - void smbd_init_globals(void); diff --git a/source3/smbd/msg_idmap.c b/source3/smbd/msg_idmap.c deleted file mode 100644 index 757cac0..0000000 --- a/source3/smbd/msg_idmap.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - * Samba Unix/Linux SMB client library - * - * Copyright (C) Gregor Beck 2011 - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - */ - -#include "includes.h" -#include "smbd/globals.h" -#include "smbd/smbd.h" -#include "../libcli/security/dom_sid.h" -#include "../libcli/security/security_token.h" -#include "idmap_cache.h" -#include "passdb/lookup_sid.h" -#include "auth.h" -#include "messages.h" -#include "lib/id_cache.h" - -static bool uid_in_use(const struct user_struct *user, uid_t uid) -{ - while (user) { - if (user->session_info && - (user->session_info->unix_token->uid == uid)) { - return true; - } - user = user->next; - } - return false; -} - -static bool gid_in_use(const struct user_struct *user, gid_t gid) -{ - while (user) { - if (user->session_info != NULL) { - int i; - struct security_unix_token *utok; - - utok = user->session_info->unix_token; - if (utok->gid == gid) { - return true; - } - for(i=0; i<utok->ngroups; i++) { - if (utok->groups[i] == gid) { - return true; - } - } - } - user = user->next; - } - return false; -} - -static bool sid_in_use(const struct user_struct *user, - const struct dom_sid *psid) -{ - while (user) { - struct security_token *tok; - - if (user->session_info == NULL) { - continue; - } - tok = user->session_info->security_token; - if (tok == NULL) { - /* - * Not sure session_info->security_token can - * ever be NULL. This check might be not - * necessary. - */ - continue; - } - if (security_token_has_sid(tok, psid)) { - return true; - } - user = user->next; - } - return false; -} - -static bool id_in_use(const struct user_struct *user, - const struct id_cache_ref *id) -{ - switch(id->type) { - case UID: - return uid_in_use(user, id->id.uid); - case GID: - return gid_in_use(user, id->id.gid); - case SID: - return sid_in_use(user, &id->id.sid); - default: - break; - } - return false; -} - -static void id_cache_kill(struct messaging_context *msg_ctx, - void *private_data, - uint32_t msg_type, - struct server_id server_id, - DATA_BLOB* data) -{ - const char *msg = (data && data->data) - ? (const char *)data->data : "<NULL>"; - struct smbd_server_connection *sconn; - struct user_struct *validated_users; - struct id_cache_ref id; - - sconn = msg_ctx_to_sconn(msg_ctx); - if (sconn == NULL) { - DEBUG(1, ("could not find sconn\n")); - return; - } - - validated_users = sconn->smb1.sessions.validated_users; - - if (!id_cache_ref_parse(msg, &id)) { - DEBUG(0, ("Invalid ?ID: %s\n", msg)); - return; - } - - if (am_parent) { - messaging_send_to_children(msg_ctx, msg_type, data); - } - - if (id_in_use(validated_users, &id)) { - exit_server_cleanly(msg); - } - id_cache_delete_from_cache(&id); -} - -static void id_cache_flush(struct messaging_context *ctx, - void* data, - uint32_t msg_type, - struct server_id srv_id, - DATA_BLOB* msg_data) -{ - id_cache_flush_message(ctx, data, msg_type, srv_id, msg_data); - - if (am_parent) { - messaging_send_to_children(ctx, msg_type, msg_data); - } -} - -static void id_cache_delete(struct messaging_context *ctx, - void* data, - uint32_t msg_type, - struct server_id srv_id, - DATA_BLOB* msg_data) -{ - id_cache_delete_message(ctx, data, msg_type, srv_id, msg_data); - - if (am_parent) { - messaging_send_to_children(ctx, msg_type, msg_data); - } -} - - -void msg_idmap_register_msg(struct messaging_context *ctx) -{ - messaging_register(ctx, NULL, ID_CACHE_FLUSH, id_cache_flush); - messaging_register(ctx, NULL, ID_CACHE_DELETE, id_cache_delete); - messaging_register(ctx, NULL, ID_CACHE_KILL, id_cache_kill); -} diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c index ae9ce5a..52ef96d 100644 --- a/source3/smbd/negprot.c +++ b/source3/smbd/negprot.c @@ -714,7 +714,7 @@ void reply_negprot(struct smb_request *req) } /* possibly reload - change of architecture */ - reload_services(sconn->msg_ctx, sconn->sock, True); + reload_services(sconn, conn_snum_used, true); /* moved from the netbios session setup code since we don't have that when the client connects to port 445. Of course there is a small @@ -740,7 +740,7 @@ void reply_negprot(struct smb_request *req) if(choice != -1) { fstrcpy(remote_proto,supported_protocols[protocol].short_name); - reload_services(sconn->msg_ctx, sconn->sock, True); + reload_services(sconn, conn_snum_used, true); supported_protocols[protocol].proto_reply_fn(req, choice); DEBUG(3,("Selected protocol %s\n",supported_protocols[protocol].proto_name)); } else { diff --git a/source3/smbd/process.c b/source3/smbd/process.c index b3e4d0d..c448267 100644 --- a/source3/smbd/process.c +++ b/source3/smbd/process.c @@ -36,6 +36,9 @@ #include "rpc_server/spoolss/srv_spoolss_nt.h" #include "libsmb/libsmb.h" #include "../lib/util/tevent_ntstatus.h" +#include "../libcli/security/dom_sid.h" +#include "../libcli/security/security_token.h" +#include "lib/id_cache.h" extern bool global_machine_password_needs_changing; @@ -905,7 +908,7 @@ static void smbd_sig_hup_handler(struct tevent_context *ev, change_to_root_user(); DEBUG(1,("Reloading services after SIGHUP\n")); - reload_services(sconn->msg_ctx, sconn->sock, false); + reload_services(sconn, conn_snum_used, false); } void smbd_setup_sig_hup_handler(struct smbd_server_connection *sconn) @@ -922,6 +925,22 @@ void smbd_setup_sig_hup_handler(struct smbd_server_connection *sconn) } } +static void smbd_conf_updated(struct messaging_context *msg, + void *private_data, + uint32_t msg_type, + struct server_id server_id, + DATA_BLOB *data) +{ + struct smbd_server_connection *sconn = + talloc_get_type_abort(private_data, + struct smbd_server_connection); + + DEBUG(10,("smbd_conf_updated: Got message saying smb.conf was " + "updated. Reloading.\n")); + change_to_root_user(); + reload_services(sconn, conn_snum_used, false); +} + static NTSTATUS smbd_server_connection_loop_once(struct tevent_context *ev_ctx, struct smbd_server_connection *conn) { @@ -2202,7 +2221,7 @@ static void check_reload(struct smbd_server_connection *sconn, time_t t) } if (t >= last_smb_conf_reload_time+SMBD_RELOAD_CHECK) { - reload_services(sconn->msg_ctx, sconn->sock, True); + reload_services(sconn, conn_snum_used, true); last_smb_conf_reload_time = t; } } @@ -2960,6 +2979,109 @@ static NTSTATUS smbd_register_ips(struct smbd_server_connection *sconn, #endif +static bool uid_in_use(const struct user_struct *user, uid_t uid) +{ + while (user) { + if (user->session_info && + (user->session_info->unix_token->uid == uid)) { + return true; + } + user = user->next; + } + return false; +} + +static bool gid_in_use(const struct user_struct *user, gid_t gid) +{ + while (user) { + if (user->session_info != NULL) { + int i; + struct security_unix_token *utok; + + utok = user->session_info->unix_token; + if (utok->gid == gid) { + return true; + } + for(i=0; i<utok->ngroups; i++) { + if (utok->groups[i] == gid) { + return true; + } + } + } + user = user->next; + } + return false; +} + +static bool sid_in_use(const struct user_struct *user, + const struct dom_sid *psid) +{ + while (user) { + struct security_token *tok; + + if (user->session_info == NULL) { + continue; + } + tok = user->session_info->security_token; + if (tok == NULL) { + /* + * Not sure session_info->security_token can + * ever be NULL. This check might be not + * necessary. + */ + continue; + } + if (security_token_has_sid(tok, psid)) { + return true; + } + user = user->next; + } + return false; +} + +static bool id_in_use(const struct user_struct *user, + const struct id_cache_ref *id) +{ + switch(id->type) { + case UID: + return uid_in_use(user, id->id.uid); + case GID: + return gid_in_use(user, id->id.gid); + case SID: + return sid_in_use(user, &id->id.sid); + default: + break; + } + return false; +} + +static void smbd_id_cache_kill(struct messaging_context *msg_ctx, + void *private_data, + uint32_t msg_type, + struct server_id server_id, + DATA_BLOB* data) +{ + const char *msg = (data && data->data) + ? (const char *)data->data : "<NULL>"; + struct user_struct *validated_users; + struct id_cache_ref id; + struct smbd_server_connection *sconn = + talloc_get_type_abort(private_data, + struct smbd_server_connection); + + validated_users = sconn->smb1.sessions.validated_users; + + if (!id_cache_ref_parse(msg, &id)) { + DEBUG(0, ("Invalid ?ID: %s\n", msg)); + return; + } + + if (id_in_use(validated_users, &id)) { + exit_server_cleanly(msg); + } + id_cache_delete_from_cache(&id); +} + /**************************************************************************** Process commands from the client ****************************************************************************/ @@ -3061,7 +3183,7 @@ void smbd_process(struct tevent_context *ev_ctx, /* this is needed so that we get decent entries in smbstatus for port 445 connects */ set_remote_machine_name(remaddr, false); - reload_services(sconn->msg_ctx, sconn->sock, true); + reload_services(sconn, conn_snum_used, true); -- Samba Shared Repository