Age | Commit message (Collapse) | Author | Files | Lines |
|
into raw.acls to ensure we don't regress.
|
|
|
|
Change se_create_child_secdesc() to handle inheritance correctly.
|
|
We need to filter out the
SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
when an ACE is inherited. Otherwise we zero these bits out.
See:
http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531
for details.
|
|
client to got through set_sd(),
the canonicalize sd function.
|
|
canonicalization.
|
|
|
|
FSCTL_GET_SHADOW_COPY_DATA is a FSCTL, so set the isFsctl marker
otherwise smbclient allinfo will not report snapshots any more with the changes
made for Bug #8311
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu Aug 30 18:57:24 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 30 17:17:55 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
|
This allows a password alone to be used to accept kerberos tickets.
Of course, we need to have got the salt right, but we do not need also
the correct kvno. This allows gensec_gssapi to accept tickets based on
a secrets.tdb entry.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104
|
|
So far this confirms that we can accept a ticket using the secrets.tdb
entry.
Andrew Bartlett
|
|
|
|
The query of the fileset quota needs to determine the file set id first.
With the currently available interface, this requires opening the file
to get a file descriptor. For files, this open can fail when a share
mode is set.
Workaround this by querying the fileset id on the directory instead.
The proper solution would be getting an interface for getting the
fileset id that does not require opening the file.
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Aug 29 18:58:34 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Aug 29 16:05:10 CEST 2012 on sn-devel-104
|
|
The lprng printing back-end is truncating the print job filename in the
lpq output, which means that Samba is not able to determine the back-end
job ID for a newly submitted print job.
Remove the unneeded spoolss job ID from the print job file name to
ensure the job filename is not truncated. Also log these warnings at a
higher log level.
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Aug 29 14:25:13 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Aug 29 12:23:37 CEST 2012 on sn-devel-104
|
|
array it returns
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 09:56:27 CEST 2012 on sn-devel-104
|
|
These are printed when Samba has debug level 10, which is often used for debugging.
To indicate that these attributes are secret, we set an opaque.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 06:04:33 CEST 2012 on sn-devel-104
|
|
These are printed when Samba has debug level 10, which is often used for debugging.
Instead, print a note to say that this attribute has been skipped.
Andrew Bartlett
|
|
|
|
By checking first if there is a secrets.tdb record and passing in the password and last change time
we avoid setting one series of values and then replacing them. We also avoid the need to work
around the setting of anonymous.
Andrew Bartlett
|
|
By using a tempoary talloc context this is much tidier and more reliable code.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 03:11:10 CEST 2012 on sn-devel-104
|
|
Errors in handling the upgrade case without a matching secrets.tdb caused segfaults
in the server. This essentially tests both sides.
Andrew Bartlett
|
|
This pointer is only valid if dbwrap_fetch returned success.
Andrew Bartlett
|
|
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Aug 28 16:38:55 CEST 2012 on sn-devel-104
|
|
We must not reference result before provision(), and do not need
session_info and lp for reading a normal ldap backend anyway.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 28 09:49:39 CEST 2012 on sn-devel-104
|
|
This will ensure the next Samba release requires an ldb with the recent
fixes.
Andrew Bartlett
|
|
|
|
With the ability to handle times a abolute time_t values since 1970
this becomes more important to get absolutly correct.
Andrew Bartlett
|
|
|
|
We actually expect beta7 to be the last beta, but to avoid
confusion I won't mark it as rc1 until the actual release candidate.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Aug 28 01:48:16 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
|
configured
This will allow files to be correctly owned by the idmap that is imported.
This appears to fix an issue that came up after s3fs-compatible ACLs were
merged into provision.
Andrew Bartlett
|
|
This is then used in provision when the passdb backend is forced.
Andrew Bartlett
|
|
recent machine pw
As winbindd will update secrets.tdb but not secrets.ldb, we need to detect this and use secrets.tdb
Andrew Bartlett
|
|
This uses both smbclient binaries to ensure that both work in both environments.
Andrew Bartlett
|
|
workstation and realm
These would otherwise be set during the fetch from the secrets.ldb, but are wiped when that fails.
Andrew Bartlett
|
|
|
|
secrets_tdb_sync is a new ldb module designed to sync secrets.ldb
entries with the secrets.tdb file.
While not ideal to keep two copies of this data, this routine will
assist in allowing the samba-tool domain join code to operate
correctly in most cases where winbindd and smbd are used.
Andrew Bartlett
|
|
|
|
|
|
secrets_tdb_sync
secrets_tdb_sync will be a new ldb module designed to sync secrets.ldb
entries with the secrets.tdb file.
While not ideal to keep two copies of this data, this routine will
assist in allowing the samba-tool domain join code to operate
correctly in most cases where winbindd and smbd are used.
Andrew Bartlett
|
|
|
|
|
|
This allows provision to change the s3 smb.conf settings if required.
Andrew Bartlett
|