Age | Commit message (Collapse) | Author | Files | Lines |
|
security descriptor testing.
|
|
|
|
Don't set the priv_open_requested yet until the open-for-backup
request is correctly passed in.
|
|
bool priv_open_requested parameter.
|
|
anywhere. Remove (can re-add if needed).
Ensure the privilege rights are always specific rights, not generic.
By the time the privilege rights are examined, we've already mapped
from generic to specific in the access_mask.
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Sep 1 05:10:47 CEST 2012 on sn-devel-104
|
|
This can still be improved further, but avoid mentioning reasons that
clearly do not apply in this case.
Andrew Bartlett
|
|
|
|
|
|
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
Andrew Bartlett
|
|
This stops us from potentially being DoSed by tons of TKEYs
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Fri Aug 31 22:46:01 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Lars Müller <lars@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Fri Aug 31 21:05:21 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Aug 31 19:24:47 CEST 2012 on sn-devel-104
|
|
RHEL5 only has autoconf 2.59, so autogen.sh still needs to find autoconf-2.60.m4
somewhere, but it was removed with 5f58359
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Fri Aug 31 12:50:03 CEST 2012 on sn-devel-104
|
|
The name is time_audit:timeout, not time_audit:audit_timeout.
Signed-off-by: Christian Ambach <ambi@samba.org>
|
|
When a operation takes too long, it is useful for debugging to know the
DB and the key.
Signed-off-by: Christian Ambach <ambi@samba.org>
|
|
Autobuild-User(master): Kai Blin <kai@samba.org>
Autobuild-Date(master): Fri Aug 31 10:38:35 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 31 08:06:17 CEST 2012 on sn-devel-104
|
|
These are only needed for as long as the call, and should be children of the
private context.
This was found based on a log provided by Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>. Thanks Ricky!
Andrew Bartlett
|
|
The fact that a password was created here is enough information, so
overwrite with the function name and line.
Andrew Bartlett
|
|
We home beta8 will be the last beta, but to avoid confusion and allow
more releases if required I won't mark it as rc1 until the actual
release candidate.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Aug 31 02:07:23 CEST 2012 on sn-devel-104
|
|
|
|
|
|
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 30 21:38:02 CEST 2012 on sn-devel-104
|
|
into raw.acls to ensure we don't regress.
|
|
|
|
Change se_create_child_secdesc() to handle inheritance correctly.
|
|
We need to filter out the
SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
when an ACE is inherited. Otherwise we zero these bits out.
See:
http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531
for details.
|
|
client to got through set_sd(),
the canonicalize sd function.
|
|
canonicalization.
|
|
|
|
FSCTL_GET_SHADOW_COPY_DATA is a FSCTL, so set the isFsctl marker
otherwise smbclient allinfo will not report snapshots any more with the changes
made for Bug #8311
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu Aug 30 18:57:24 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Aug 30 17:17:55 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
|
This allows a password alone to be used to accept kerberos tickets.
Of course, we need to have got the salt right, but we do not need also
the correct kvno. This allows gensec_gssapi to accept tickets based on
a secrets.tdb entry.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Aug 30 01:26:12 CEST 2012 on sn-devel-104
|
|
So far this confirms that we can accept a ticket using the secrets.tdb
entry.
Andrew Bartlett
|
|
|
|
The query of the fileset quota needs to determine the file set id first.
With the currently available interface, this requires opening the file
to get a file descriptor. For files, this open can fail when a share
mode is set.
Workaround this by querying the fileset id on the directory instead.
The proper solution would be getting an interface for getting the
fileset id that does not require opening the file.
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Aug 29 18:58:34 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Wed Aug 29 16:05:10 CEST 2012 on sn-devel-104
|
|
The lprng printing back-end is truncating the print job filename in the
lpq output, which means that Samba is not able to determine the back-end
job ID for a newly submitted print job.
Remove the unneeded spoolss job ID from the print job file name to
ensure the job filename is not truncated. Also log these warnings at a
higher log level.
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Aug 29 14:25:13 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Aug 29 12:23:37 CEST 2012 on sn-devel-104
|
|
array it returns
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 09:56:27 CEST 2012 on sn-devel-104
|
|
These are printed when Samba has debug level 10, which is often used for debugging.
To indicate that these attributes are secret, we set an opaque.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 06:04:33 CEST 2012 on sn-devel-104
|
|
These are printed when Samba has debug level 10, which is often used for debugging.
Instead, print a note to say that this attribute has been skipped.
Andrew Bartlett
|
|
|
|
By checking first if there is a secrets.tdb record and passing in the password and last change time
we avoid setting one series of values and then replacing them. We also avoid the need to work
around the setting of anonymous.
Andrew Bartlett
|
|
By using a tempoary talloc context this is much tidier and more reliable code.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 29 03:11:10 CEST 2012 on sn-devel-104
|
|
Errors in handling the upgrade case without a matching secrets.tdb caused segfaults
in the server. This essentially tests both sides.
Andrew Bartlett
|