| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Feb 5 03:33:59 CET 2011 on sn-devel-104
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Dec 29 02:15:23 CET 2010 on sn-devel-104
|
|
lp_enable_privileges(). Needed"
Not needed - privileges code prevents "enable privileges = no" from adding privileges
anyway.
This reverts commit a8b95686a7bde3f96f141b6938e24e101567ef54.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 23:41:36 UTC 2010 on sn-devel-104
|
|
Needed
to maintain compatibility with smb.conf manpage.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 18:15:48 UTC 2010 on sn-devel-104
|
|
acl_xattr and acl_tdb module.
|
|
Jeremy.
|
|
they can't be mapped.
|
|
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
|
|
missing owner/group.
Jeremy.
|
|
of security descriptors.
As pointed out by an OEM, the code within smbd/posix_acl.c, even though passed
a const pointer to a security descriptor, still modifies the ACE entries within
it (which are not const pointers).
This means ACLs stored in the extended attribute by the acl_xattr module have
already been modified by the POSIX acl layer, and are not the original intent
of storing the "unmodified" ACL from the client.
Use dup_sec_desc to make a copy of the incoming ACL on talloc_tos() - that
is what is then modified inside smbd/posix_acl.c, leaving the original ACL
to be correctly stored in the xattr.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 8 00:37:53 UTC 2010 on sn-devel-104
|
|
Guenther
|
|
This new call is available in the merged privileges code, and
takes an enum as the parameter, rather than a bitmask.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Karolin
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
This matches the structure that new code is being written to,
and removes one more of the old-style named structures, and
the need to know that is is just an alias for struct dom_sid.
Andrew Bartlett
Signed-off-by: Günther Deschner <gd@samba.org>
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Jeremy.
|
|
Jeremy.
|
|
"current_user.XXX"
Will allow me to replace them with accessor functions.
Jeremy.
|
|
struct current_user current_user;"."
As requested by Volker, split this into smaller commits.
Jeremy.
|
|
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.
Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.
Jeremy.
|
|
(cherry picked from commit 365b408c458c848a818637d9b36a0423aeb1ba54)
|
|
rights fails even if the delete right is set on the object.
Final fix for the vfs_acl_xattr and vfs_acl_tdb code.
Ensure we can delete a file even if the underlying POSIX
permissions don't allow it, if the Windows permissions do.
Jeremy.
|
|
This bug re-occurred for 3.3.x and above.
The reason is that to change a NT ACL we now have to open the file requesting
WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions
in posix_acls doesn't add these bits when "dos filemode = yes", so even though
the permission or owner change would be allowed by the POSIX ACL code, the
NTCreateX call fails with ACCESS_DENIED now we always check NT permissions
first.
Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access.
Jeremy.
|
|
struct in the fsp->fsp_name pointer incorrectly for a directory.
Fix this. Make map_canon_ace_perms() public.
Jeremy.
|
|
In very hot codepaths like the statcache copy_smb_filename and the subsequent
recursive talloc_free is noticable in the CPU load.
|
|
with Bad File Descriptor.
Jeremy.
|
|
Based on a patch submitted by Tsukasa Hamano <hamano@osstech.co.jp>,
this is a change in the POSIX ACL mapping to deal with the lossy
mapping for directory ACE entries:
We have a lossy mapping: directory ACE entries
CREATOR_OWNER ------\
(map to) +---> SMB_ACL_USER_OBJ
owning sid ------/
CREATOR_GROUP ------\
(map to) +---> SMB_ACL_GROUP_OBJ
primary group sid --/
on set. And on read of a directory ACL
SMB_ACL_USER_OBJ ----> CREATOR_OWNER
SMB_ACL_GROUP_OBJ ---> CREATOR_GROUP.
Deal with this on set by duplicating
owning sid and primary group sid ACE
entries into the directory ACL.
Jeremy.
|
|
The code to read the new V2 SAMBA_PAI entries had
two errors.
Jeremy.
|
|
function vfs_stat_fsp(). Stops code looking at fsp->posix_open
except for exceptional circumstances.
Jeremy.
|
|
Jeremy.
|
|
Jeremy.
|
|
metze
|
|
Jeremy.
|
|
|
|
|
|
|
|
|
|
|
|
This patch introduces two new temporary helper functions
vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me
to call the new smb_filename version of stat, while avoiding plumbing
it through callers that are still too inconvenient. As the conversion
moves along, I will be able to remove callers of this, with the goal
being to remove all callers.
There was also a bug in create_synthetic_smb_fname_split (also a
temporary utility function) that caused it to incorrectly handle
filenames with ':'s in them when in posix mode. This is now fixed.
|
|
down from above (as const).
Jeremy.
|
|
Fix a couple more unix_convert uses to filename_convert.
Fix bug in acl_group_override() where an uninitialized
struct could be used. Move unix_convert with wildcard
use in SMBsearch reply to boilerplate code.
Jeremy.
|
|
|
|
|
