| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Obtain the files_struct from smb2req, persistent_id and
volatile_id.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Make it static. Only called from uid.c now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
read_only flag setting code.
Allows this to be called from both make_connection_snum() as well as check_user_ok().
Gives a consistent share security check function.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Eventually this will be indepentent of conn, just pass in the
readonly flag.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Don't automatically use the one from conn->session_info->security_token.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Return the uint32_t share_access rather than directly
changing the conn struct.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This uses create_conn_struct to correctly call VFS_CONNECT(), but only
if a service has been specified.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
The python bindings do not want the current working directory changed
during operations, so we provide two functions, one providing the
original behaviour, and other providing the python bindings with just
the memory allocation and initilisation stuff.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Get rid of a large chunk of unused code.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Dec 4 11:59:30 CET 2012 on sn-devel-104
|
|
NT4 is long dead, and we should not change which ACL we return based
on what we think the client is. The reason we should not do this, is
that if we are using vfs_acl_xattr then the hash will break if we do.
Additionally, it would require that the python VFS interface set the
global remote_arch to fake up being a modern client.
This instead seems cleaner and removes untested code (the tests are
updated to then handle the results of the modern codepath).
The supporting 'acl compatability' parameter is also removed.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
security_descriptor *.
Internally change the implementation to use SMB_VFS_GET_NT_ACL()
instead of SMB_VFS_FGET_NT_ACL() with a faked-up file struct.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Otherwise smbstatus reports the wrong time for tree connects.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Mon Nov 5 20:43:23 CET 2012 on sn-devel-104
|
|
When we do a become_root()/unbecome_root() pair to temporarily
raise privilege, this NULLs out the NT token. If we're within
a become_root()/unbecome_root() pair then return the previous
token on the stack as our NT token. This is what we should be
using to check against NT ACLs in the file server. This copes
with security context changing when removing a file on close
under the context of another user (when 2 users have a file
open, one sets delete on close and then the other user has
to actually do the delete).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Oct 29 16:26:20 CET 2012 on sn-devel-104
|
|
metze
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
retrieve the server connection from the smbXsrv_session argument instead.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
session_yield()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
This removes one of the last callers of connetions_forall.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
1. This was broken since Samba 3.2. when ipv6 support was
added, it only worked for ipv6 addresses.
2. userspace tools only display the hostname field.
3. This is not really portable
metze
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
This is in preparation of moving sessionid_tdb and conn_tdb
to smbd exclusively.
metze
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
This simply linearlises the SMB_ACL_T (default and access acl for
directories) and the file owner, group and mode into a blob.
It will be useful for an improved vfs_acl_common.c that uses this sets
that, rather than the hash of the NT ACL, in the xattr
This will in turn insulate the stored hash from changes in the ACL
mapping.
Andrew Bartlett
|
|
This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().
As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.
Andrew Bartlett
|
|
|
|
If this is set we should use it in preference to blindly assuming
root can do anything. Currently set to 'false' in (most) callers.
|
|
|
|
We only grant durable handles for CIFS/SMB2 only access,
that means "kernel oplocks", "kernel share modes" and "posix locking"
need to be set to "no".
For now we also don't grant durable handles if delete on close
is active on the handle.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Volker Lendecke <vl@samba.org>
|
|
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
canonicalization.
|
|
|
|
I need to get at the owner, group, DACL and SACL when testing correct
ACL storage.
Andrew Bartlett
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
The core smbd must have taken care of this. If we don't do this properly,
we have a race of the close(2) against a pwrite(2). We might end up
writing to the wrong file.
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 19 03:40:17 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Should help by ensuring complete writes done in sub-thread, not in
the main thread.
|
|
This is in preparation of making us survive base-delaywrite with async I/O activated
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
|
|
instead of internal smbXsrv_tcon0.
|
|
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Jun 30 04:10:02 CEST 2012 on sn-devel-104
|
|
|
|
This makes sure we generate unique persistent file ids,
which are stored in smbXsrv_open_global.tdb.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
metze
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jun 29 21:01:11 CEST 2012 on sn-devel-104
|
|
Pair-Programmed-With: Michael Adam <obnox@samba.org>
metze
|
|
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
|
|
Pair-Programmed-With: Michael Adam <obnox@samba.org>
metze
|
