summaryrefslogtreecommitdiff
path: root/source3/include
AgeCommit message (Collapse)AuthorFilesLines
2012-12-03s3:passdb: factor pdb_sid_to_id_unix_users_and_groups() out of ↵Michael Adam1-0/+3
pdb_default_sid_to_id() The special treatment of the "Unix User" and "Unix Group" pseudo domains can be reused. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
2012-11-20More for #9374 - Allow smb2.acls torture test to pass against smbd with a ↵Jeremy Allison1-2/+1
POSIX ACLs backend. Change can_delete_directory() to can_delete_directory_fsp(), as we only ever call this from an open directory file handle. This allows us to use OpenDir_fsp() instead of OpenDir(). OpenDir() re-checks the ACL on the directory, which may refuse DIR_LIST permissions. OpenDir_fsp() does not. As this is a file-server internal check to see if the directory actually contains any files before setting delete on close, we can ignore the ACL here (Windows does). Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue Nov 20 01:46:28 CET 2012 on sn-devel-104
2012-11-16s3:param: make init_locals() static.Michael Adam1-1/+0
it is only used in loadparm.c Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Fri Nov 16 03:33:34 CET 2012 on sn-devel-104
2012-11-13smbd: Remove NT4 compatability handling in posix -> NT ACL conversionAndrew Bartlett1-1/+0
NT4 is long dead, and we should not change which ACL we return based on what we think the client is. The reason we should not do this, is that if we are using vfs_acl_xattr then the hash will break if we do. Additionally, it would require that the python VFS interface set the global remote_arch to fake up being a modern client. This instead seems cleaner and removes untested code (the tests are updated to then handle the results of the modern codepath). The supporting 'acl compatability' parameter is also removed. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org>
2012-11-08s3fs-popt: Add function to burn the commandline password.Andreas Schneider1-0/+1
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed by: Jeremy Allison <jra@samba.org>
2012-10-19s3:lib: remove unused sessionid_*() functionsGregor Beck1-6/+0
Signed-off-by: Stefan Metzmacher <metze@samba.org> Signed-off-by: Michael Adam <obnox@samba.org>
2012-10-19s3:smbd: use session_global_id as session number for pam and utmpGregor Beck1-20/+0
Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-10-11vfs: Remove type parameter from sys_acl_blob_get_{fd,file}Andrew Bartlett2-8/+10
This interface actually needs to match the get_nt_acl interface in that the system ACL implmenetation may not be posix ACLs, and the blob is not meant to be enforced to be of a particular system ACL structure. Andrew Bartlett
2012-10-11smbd: Add mem_ctx to {f,}get_nt_acl VFS callAndrew Bartlett2-9/+13
This makes it clear which context the returned SD is allocated on, as a number of callers do not want it on talloc_tos(). As the ACL transformation allocates and then no longer needs a great deal of memory, a talloc_stackframe() call is used to contain the memory that is not returned further up the stack. Andrew Bartlett
2012-10-11smbd: Add mem_ctx to sys_acl_init() and all callersAndrew Bartlett3-16/+25
This changes from allocation on NULL to allocation on the supplied memory context. Currently that supplied context is talloc_tos() at the the final consumer of the ACL. Andrew Bartlett
2012-10-04Remove the parameters:Jeremy Allison1-4/+0
security mask force security mode directory security mask force directory security mode and update the docs.
2012-10-04Revert "Add functions to programatically set the security mask and directory ↵Jeremy Allison1-2/+0
security mask parameters." This reverts commit 8f0ecbbbeebff0174579a78827d384067cd4cbb7. Not now needed as part of the move to remove security mask parameters.
2012-10-02Add functions to programatically set the security mask and directory ↵Jeremy Allison1-0/+2
security mask parameters.
2012-09-12Move cached cwd onto conn struct.Jeremy Allison1-0/+2
This enables us to make VFS modules safe for use in root called code when we've changed directory under conn->connectpath.
2012-09-12Avoid overriding default ccache for ads operations.Simo Sorce2-1/+2
Avoid overriding default ccache for ads operations. Nowadays various samba components may need to use GSSAPI and a default cred cache to perform their tasks. This code was completely overriding the whole process default ccache name, thus altering the current credentials and sometimes hijacking them (or getting preemptively hijaked). By using gss_krb5_import_cred we can instead use a private ccache (necessary sometimes to use a different set of credentials fromt he default cifs/fqdn@realm one, for example when contacting foreign DCs using trust credentials) that does not affect the rest of the process. For the kerberos versions which don't have gss_krb5_import_cred we fallback to temp override of KRB5CCNAME and gss_acquire_cred. Signed-off-by: Alexander Bokovoy <ab@samba.org> Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Alexander Bokovoy <ab@samba.org> Autobuild-Date(master): Wed Sep 12 21:18:09 CEST 2012 on sn-devel-104
2012-09-12smbd: Add extra VFS hooks to get the posix ACL as a blobAndrew Bartlett2-0/+28
This will allow us to hash this, rather than the NT ACL it maps to. This will in turn allow us to know if the NT ACL is valid even if we have to change the mapping code. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Sep 12 07:06:01 CEST 2012 on sn-devel-104
2012-09-12smbd: Remove pre-allocation of ACL array in sys_acl_init()Andrew Bartlett1-1/+1
Instead, this is just handled with realloc in sys_acl_create_entry() This allows us to remove the size element from the SMB_ACL_T. Andrew Bartlett
2012-09-10s3:smbd Bump the smbd vfs interface version to 30Christian Ambach1-1/+2
that is what Samba 4.0.0 will ship with Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Mon Sep 10 19:40:01 CEST 2012 on sn-devel-104
2012-09-08s3: introduce a new share config option "durable handles" defaulting to "yes"Michael Adam1-0/+1
This is in order to be able to turn durable handles off and on on a per share basis. Note: This is only used in combination with: kernel share modes = no kernel oplocks = no posix locking = no Which means CIFS/SMB2 only access. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-09-08s3: add an option "kernel share modes" to be able to switch off using kernel ↵Michael Adam1-0/+1
flocks Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-09-08s3:vfs: add durable VFS operationsMichael Adam2-0/+60
This allows a VFS module to implement durable handles in different ways. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
2012-09-07s3-smbldap: use smbldap_ prefix for all functionsAlexander Bokovoy1-4/+4
2012-09-07s3-passdb: wrap secrets.tdb accessors used by PDB modulesAlexander Bokovoy1-0/+11
PDB modules store domain sid and guid in secrets.tdb to cooperate with other parts of smbd. If PDB module is built outside Samba source code it has to be linked against internal libsecrets. Wrap required secrets_* calls to avoid direct linking. libpdb is linked against libsecrets by itself and this is enough.
2012-09-05Add "backup_intent" bool to files_struct.Jeremy Allison1-0/+3
Not used right now but I need this in the VFS to implement open for backup/restore later and don't want to break the ABI once 4.0.0 ships.
2012-08-28s3-secrets: Add helper function to set machine account password from ↵Andrew Bartlett1-0/+6
secrets_tdb_sync secrets_tdb_sync will be a new ldb module designed to sync secrets.ldb entries with the secrets.tdb file. While not ideal to keep two copies of this data, this routine will assist in allowing the samba-tool domain join code to operate correctly in most cases where winbindd and smbd are used. Andrew Bartlett
2012-08-22Remove align_string(). No longer used.Jeremy Allison1-1/+0
Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Aug 22 20:38:50 CEST 2012 on sn-devel-104
2012-08-17s3:lib: implement serverid_equal() as macro of server_id_equal()Stefan Metzmacher2-3/+1
metze
2012-08-17s3:smbd: lp_smb_encrypt() returns SMB_SIGNING_* valuesStefan Metzmacher1-1/+1
metze
2012-08-15s3-sysacls: Remove sys_acl_free_qualifier() as it is a no-opAndrew Bartlett1-1/+0
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 15 05:23:18 CEST 2012 on sn-devel-104
2012-08-15s3-sysacls: Remove sys_acl_free_acl() and replace with TALLOC_FREE()Andrew Bartlett1-1/+0
2012-08-15s3-smbd: Remove sys_acl_*() VFS wrapper functionsAndrew Bartlett2-143/+1
We no longer do struct smb_acl_t manipuations via the VFS layer, which is now reduced to handling the get/set functions. The only backend that implemented these functions (aside from audit) was the vfs_default module calling the sys_acl code. The various ACL implementation modules either worked on the fully initilaised smb_acl_t object or on NT ACLs. This not only makes the operation of the posix ACL code more efficient (as allocation and free is not put via the VFS), it makes it easier to test and removes the fantasy that a module could safely redefine this structure or the behaviour here. The smb_acls.idl now defines the structure, and it is now allocated with talloc. These operations were originally added to the VFS in commit 3bb219161a270f12c27c3bc7e1220829c6e9f284. Andrew Bartlett
2012-08-15s3-smbd: Move smb_acl_t declaration to smb_acl.idlAndrew Bartlett1-34/+3
This will allow us to marshall this into and from an NDR blob on disk, which will allow us to fake up ACL support during make test, and to test the NT ACL emulation using python bindings via the VFS. Andrew Bartlett
2012-08-15s3-smbd: Change allocation of smb_acl_t to talloc()Andrew Bartlett1-1/+1
The acl element is changed to be a talloc child, and is no longer one element longer than requested by virtue of the acl[1] base pointer. This also avoids one of the few remaining cases of over-allocation of a structure. Andrew Bartlett
2012-08-10Revert "s3:smb: include "smbXsrv.h" before "vfs.h""Stefan Metzmacher1-6/+0
This reverts commit db0c233624e633b3cc1a6e0e44dccc09aaa121f2.
2012-08-09Fix strlower_m() to return an error indication.Jeremy Allison1-1/+1
2012-08-09Check error returns on strnorm().Jeremy Allison1-1/+1
2012-08-09Change strupper_m() to return a value.Jeremy Allison1-1/+1
2012-08-07source3/loadparm.c: Move string_set/string_free inside.Rusty Russell1-2/+0
The only user, so make them static inside loadparm.c Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2012-08-01libcli/smb: move some TCON related defines to smb_constants.hStefan Metzmacher1-9/+0
metze
2012-08-01s3:libsmb: remove unused cli_state->user_session_keyStefan Metzmacher1-4/+0
metze
2012-08-01s3:ctdbd_conn: use unitX_t types consistently throughout the moduleMichael Adam1-9/+9
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-08-01Add two flags to allow for handling of Extended Signatures (Session Key ↵Richard Sharpe1-0/+2
Protection) on a TCON_AND_X request and response. Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Wed Aug 1 06:36:37 CEST 2012 on sn-devel-104
2012-07-27lib/param: Rename "socket address" to "nbt client socket address" to clarify ↵Andrew Bartlett1-1/+1
role This parameter is only used in our NBT client code and in nmbd as a fallback when we fail to select a better interface from "interfaces" to use directly. Andrew Bartlett Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Fri Jul 27 12:16:25 CEST 2012 on sn-devel-104
2012-07-25s3:libsmb: remove unused cli_state->smb2.pidStefan Metzmacher1-1/+0
metze
2012-07-25s3:libsmb: remove unused tcon specific elements from cli_state->smb2Stefan Metzmacher1-6/+0
metze
2012-07-25s3:libsmb: remove cli_state->smb2.tidStefan Metzmacher1-1/+0
metze
2012-07-24s3:libsmb: setup a smbXcli_tcon for SMB2Stefan Metzmacher1-0/+1
metze
2012-07-24s3:libsmb: use a smbXcli_tcon instead of uint16_t cli_state->smb1.tidStefan Metzmacher1-1/+1
metze
2012-07-24lib/param: Merge handling of security/domain master/domain logons/server roleAndrew Bartlett1-0/+4
This ensures that the same input parameters always gives the same output values in both loadparm systems. Andrew Bartlett
2012-07-24lib/param: Move all enum declarations to lib/paramAndrew Bartlett4-72/+3
This is in preperation for the parameter table being made common. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>