Age | Commit message (Collapse) | Author | Files | Lines |
|
Ensure we process the entire ACE list instead of returning ACCESS_DENIED
and terminating the walk - ensure we only return the exact bits that cause
the access to be denied. Some of the S3 fileserver needs to know if we
are only denied DELETE access before overriding it by looking at the
containing directory ACL.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jan 11 19:24:53 CET 2012 on sn-devel-104
|
|
add the S-1-2 well-known SID family
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Thu Nov 24 19:01:08 CET 2011 on sn-devel-104
|
|
The s3-waf build system is a key component of the top level build, but
with this commit is is no longer available directly. This reduces the
number of build system combinations in master as we prepare for the
Samba 4.0 release.
Andrew Bartlett
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Wed Aug 17 16:46:24 CEST 2011 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
metze
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Jun 18 22:26:15 CEST 2011 on sn-devel-104
|
|
Guenther
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue May 31 23:16:31 CEST 2011 on sn-devel-104
|
|
This code does not rely on lp_ or other source3 only functions, so can
be part of the common library.
Andrew Bartlett
|
|
Guenther
|
|
This returns a pointer to the first non-parsed character, along the lines of
strtoul for example.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
This changes auth_session_info_transport to just be a wrapper, rather
than a copy that has to be kept in sync.
As auth_session_info was already wrapped in python, this required
changes to the existing pyauth wrapper and it's users.
Andrew Bartlett
|
|
by default
In the file server SEC_STD_DELETE is granted on the file/directory
or by FILE_DELETE_CHILD on the parent directory.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Mar 21 23:25:05 CET 2011 on sn-devel-104
|
|
|
|
security.h grouping header.
Guenther
|
|
thanks to Simo for pointing this out
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Wed Mar 16 00:25:10 CET 2011 on sn-devel-104
|
|
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Mar 15 05:07:01 CET 2011 on sn-devel-104
|
|
the bin/default/include/public directory will contain headers that are
ready to install
|
|
|
|
This prints into a fixed buffer with the same overflow semantics as snprintf
has: Return required string length, regardless of whether it fit or not.
|
|
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Mar 1 07:13:43 CET 2011 on sn-devel-104
|
|
This code is now useful in common, as the elements of the
auth_session_info structure have now been defined in common IDL.
Andrew Bartlett
|
|
These strictly need to be "uint32_t" since "acl*->num_aces" has been
defined by this type.
This counter patchset has been reviewed by Andrew Bartlett.
|
|
This strictly needs to be from type "uint32_t" since "privset->count"
is defined with this type.
|
|
Since the privileges are always counted with a signed integer, there is no
reason to specify the upper limit with a "uint32_t".
|
|
This strictly needs to be from type "uint32_t" since "acl->num_aces" is
defined of this type.
|
|
This strictly needs to be of type "uint32_t" due to
"sec_acl->num_aces" which is of type "uint32_t".
|
|
|
|
Some tests showed that these ACEs are not removed if the DACL_PROTECTED flag is provided at the same time.
This is not documented but tests prove it and it has been observerd in deployment.
|
|
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Tue Feb 8 13:16:43 CET 2011 on sn-devel-104
|
|
Logical consequence of the previous commit
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Mon Feb 7 19:24:19 CET 2011 on sn-devel-104
|
|
This aligns it with add_sid_to_array
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
They should be inherited without the IO flag unless they contain generic information.
|
|
Andrew Bartlett
|
|
Autobuild-User: Nadezhda Ivanova <nivanova@samba.org>
Autobuild-Date: Thu Jan 13 15:53:16 CET 2011 on sn-devel-104
|
|
When an ACE gontaining GA, GE, GR, GW, CO or CG is provided by a user or inherited
the final SD actually has to have 2 ACEs, one is an effective expanded one, and the
original one with IO flag added.
|
|
It *always* returned "SID *TYPE* is INVALID".
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Jan 10 12:47:00 CET 2011 on sn-devel-104
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Fri Dec 17 13:56:27 CET 2010 on sn-devel-104
|
|
|
|
|
|
here can be NULL (become_root() sets the current security token to
NULL for example). Ensure we don't crash.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Dec 2 03:26:03 CET 2010 on sn-devel-104
|
|
|
|
The new waf-based build system now has all the same functionality, and
the old build system has been broken for quite some time.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
|
|
|
|
|
|
This was orphaned by changing sec_desc_equal() to the stricter
security_descriptor_equal() by
f4195183a47b0e7c8bc9644d62b123f7880f3fcd in 2009.
(The difference here was that sec_acl_equal allowed for equivilent ordering. I've checked the callers, and this function is only used to skip actual ACL sets, or to reference a cache, so this seems
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Sun Oct 24 22:21:23 UTC 2010 on sn-devel-104
|