Age | Commit message (Collapse) | Author | Files | Lines |
|
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This needs to be more async, and give less scary errors.
Andrew Bartlett
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
acl_check_access_on_attribute should never be called with attr=NULL
because we don't check access on an attribute in that case
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
Autobuild-User(master): Matthieu Patou <mat@samba.org>
Autobuild-Date(master): Thu Jan 17 11:21:10 CET 2013 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
|
|
The inherited_type is only used to decide if aces should be inherited
effectively or not (INHERIT_ONLY) for the specified object.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
|
|
First we check for a special dn, then for system access.
All allocations happen after this checks in order to avoid
allocations we won't use.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
|
|
shouldn't see
This fix frequent reindexing when using python script with a
user that is not system.
The reindexing is caused by ACL module hidding (removing) attributes in
the search request for all attributes in dn=@ATTRIBUTES and because
dsdb_schema_set_indices_and_attributes checks that the list of
attributes that it just calculated from the schema is the same as the
list written in @ATTRIBUTES, if not the list is replaced and a
reindexing is triggered.
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
|
|
Check that the copychunk ioctl request maximum output specified by the
client is large enough to hold copychunk response data.
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 17 00:59:44 CET 2013 on sn-devel-104
|
|
Treat the response data independent to the status.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
[MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request, specifies
that the copychunk destination file handle be granted FILE_WRITE_DATA
and FILE_READ_DATA access.
FILE_READ_DATA access must also be granted on the copychunk source file,
which may be done implicitly with execute permission.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Allow for large files in test_setup_copy_chunk():
Write test data in 1M IOs, rather than attempting to do the whole
thing in one go.
Add copychunk bad resume key test:
Send a copy chunk request with an intentionally bogus resume key
(source key handle).
Add copychunk src=dest test:
Test copychunk requests where the source and destination handles refer
to the same file.
Add copychunk src=dest overlap test.
Add desired access args to test_setup_copy_chunk().
Add copychunk_bad_access test:
Open the copychunk source and destination files with differing
desired_access values. Confirm copychunk response matches 2k8 and 2k12
behaviour.
Add copy_chunk_src_exceed test:
Attempts to copy more data than is present in the copychunk source
file.
Add copy_chunk_src_exceed_multi test:
Test whether the first chunk in a multi-chunk copychunk request is
written to disk, where the second chunk is invalid due to src file
overrun.
Add copy_chunk_sparse_dest test:
Issue a request where the target offset exceeds the file size, resulting
in a sparse region.
Add copy_chunk_max_output_sz test.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
A null fsp is dereferenced on VFS call.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Also change test_ioctl_get_shadow_copy() to use torture_skip(), and
clean up test output.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
For each chunk in a copychunk request, take a read and write lock on
the source and destination files respectively.
Also change the resume key format to use a combination of the persistent
and volatile handles. Thanks to Metze for his help on this.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Obtain the files_struct from smb2req, persistent_id and
volatile_id.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
If FSCTL_SRV_ENUM_SNAPS fails with NT_STATUS_NOT_SUPPORTED then skip the
test, this means we can run the full ioctl test suite as part of
autobuild.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
These tests are now expected to pass with copy-chunk support now
implemented.
This effectively reverts 632b1042aed94a71d810613fcdbbfecf615a25fa.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
MS-SMB2 3.3.4.4 documents cases where a ntstatus indicating an error
should not be considered a failure. In such a case the output data
buffer should be sent to the client rather than an error response
packet.
Add a new fsctl copy_chunk test to confirm field limits are sent back
in response to an oversize chunk request.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
SMB2 clients can issue FSCTL_SRV_COPYCHUNK requests in order to copy
data between files on the server side only, rather than reading data
then writing back from the client. FSCTL_SRV_COPYCHUNK is used by
default for Explorer SMB2 file copies on Windows Server 2012.
2.2.32.1 SRV_COPYCHUNK_RESPONSE in [MS-SMB2] describes the requirement
for the server to provide maximum copychunk request size limits in ioctl
responses carrying STATUS_INVALID_PARAMETER.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
copy_chunk copies n bytes from a source file at a specific offset to a
destination file at a given offset. This interface will be used in
handling smb2 FSCTL_SRV_COPYCHUNK ioctl requests.
Use a pread/pwrite loop in vfs_default, so that requests referring to
the same src and dest file are possible.
Provide send and receive hooks for copy chunk VFS interface, allowing
asynchronous behaviour.
Check whether the request source offset + length exceeds the current
size. Return STATUS_INVALID_VIEW_SIZE under such a condition, matching
Windows server behaviour.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Use existing ioctl IDL infrastructure for marshalling. Support for this
ioctl is a prerequisite for FSCTL_SRV_COPYCHUNK handling.
The client-opaque resume key is constructed using the server side
dev/inode file identifier.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Add per device type ioctl handler source files for FSCTL_DFS,
FSCTL_FILESYSTEM, FSCTL_NAMED_PIPE and FSCTL_NETWORK_FILESYSTEM.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
The global wildcard match is automatically added by the parsing code
if the global match list is empty. Specifying an explicit '*' as the only
global match lets the parsing code add a second '*' to the local list,
which is an error tolerated on my linux by ld (the GNU linker), but
not by the stricter GNU ELF linker "gold".
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Wed Jan 16 21:31:00 CET 2013 on sn-devel-104
|
|
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 16 13:26:53 CET 2013 on sn-devel-104
|
|
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Jan 15 16:31:35 CET 2013 on sn-devel-104
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
This changes the default for dbwrap_tool to open a DB as non-persistent.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
These are comprised by the popt.common.samba entity and the stdarg.server.debug
or the stdarg.client.debut entity, respectively.
The difference is only in the default value of the debug level setting.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
This makes the appearance equal to the other options like --debuglevel or
--log-basename.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Add additional "/usr/local/share/xml/catalog" catalog file
platforms (used by freebsd).
Fix manual page build on freebsd.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
And fix the format.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
And fix the format.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
"<example>" is no child of "<para>". So these examples were not visible.
Using a varlist instead may be not the best way but it does look nice.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
(bug #9554 - CVE-2013-0172)
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 8bafe0871526cd5d5e7fdbe123ab661379f64cb1)
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 15 14:03:47 CET 2013 on sn-devel-104
|
|
#9554 - CVE-2013-0172)
This seems inefficient, but is needed for correctness. The
alternative might be to have the sec_access_check_ds code confirm that
*all* of the nodes in the object tree have been cleared to
node->remaining_bits == 0.
Otherwise, I fear that write access to one attribute will become write
access to all attributes.
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit d776fd807e0c9a62f428ce666ff812655f98bc47)
|