Age | Commit message (Collapse) | Author | Files | Lines |
|
group
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
one sid
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
We do this if the idmap layer resolves Builtin_Administrators
as ID_TYPE_BOTH and if the current token has the
Builtin_Administrators SID or it's SYSTEM.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 30 03:27:07 CET 2012 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
this causes each file that is potentially just opened for reading to be
marked as modified and lots of file change notifications will be send
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue Nov 20 21:02:34 CET 2012 on sn-devel-104
|
|
POSIX ACLs backend.
Change can_delete_directory() to can_delete_directory_fsp(), as
we only ever call this from an open directory file handle.
This allows us to use OpenDir_fsp() instead of OpenDir().
OpenDir() re-checks the ACL on the directory, which may
refuse DIR_LIST permissions. OpenDir_fsp() does not. As
this is a file-server internal check to see if the directory
actually contains any files before setting delete on close,
we can ignore the ACL here (Windows does).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Nov 20 01:46:28 CET 2012 on sn-devel-104
|
|
when evaluating file/directory ACE's.
If we can access the path to this file, by
default we have FILE_READ_ATTRIBUTES from the
containing directory. See the section.
"Algorithm to Check Access to an Existing File"
in MS-FSA.pdf.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
setting ACLs.
Not caught by make test as it's an extreme edge case for strange
incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
pass against 3.6.x and 4.0.0 with acl_xattr mapped onto a POSIX backend.
An incoming inheritable ACE entry containing only one permission,
WRITE_DATA maps into a POSIX owner perm of "-w-", which violates
the principle that the owner of a file/directory can always read.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Nov 15 19:52:52 CET 2012 on sn-devel-104
|
|
it in?
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 14 02:19:46 CET 2012 on sn-devel-104
|
|
Removes some incorrect info from an error message
(probably from its old place when it was copied).
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
NT4 is long dead, and we should not change which ACL we return based
on what we think the client is. The reason we should not do this, is
that if we are using vfs_acl_xattr then the hash will break if we do.
Additionally, it would require that the python VFS interface set the
global remote_arch to fake up being a modern client.
This instead seems cleaner and removes untested code (the tests are
updated to then handle the results of the modern codepath).
The supporting 'acl compatability' parameter is also removed.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
security_descriptor *.
Internally change the implementation to use SMB_VFS_GET_NT_ACL()
instead of SMB_VFS_FGET_NT_ACL() with a faked-up file struct.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Change set_nt_acl_no_snum() to correctly set up the fsp.
This does a stat on a real fsp in set_nt_acl_no_snum.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 10 20:25:48 CET 2012 on sn-devel-104
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Nov 7 17:18:06 CET 2012 on sn-devel-104
|
|
Otherwise smbstatus reports the wrong time for tree connects.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Mon Nov 5 20:43:23 CET 2012 on sn-devel-104
|
|
Karolin
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Nov 2 15:40:22 CET 2012 on sn-devel-104
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Nov 2 10:09:36 CET 2012 on sn-devel-104
|
|
(bug #9341)
Reported-by: Sebastien LAVEZE <sebastien.laveze@mindspeed.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Tested-by: Sebastien LAVEZE <sebastien.laveze@mindspeed.com>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Oct 30 16:49:26 CET 2012 on sn-devel-104
|
|
This has been done.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Oct 29 20:12:18 CET 2012 on sn-devel-104
|
|
When we do a become_root()/unbecome_root() pair to temporarily
raise privilege, this NULLs out the NT token. If we're within
a become_root()/unbecome_root() pair then return the previous
token on the stack as our NT token. This is what we should be
using to check against NT ACLs in the file server. This copes
with security context changing when removing a file on close
under the context of another user (when 2 users have a file
open, one sets delete on close and then the other user has
to actually do the delete).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Oct 29 16:26:20 CET 2012 on sn-devel-104
|
|
|
|
|
|
If we do not provide a way to remove files from xattr.tdb, we can re-use the inode.
Andrew Bartlett
|
|
vfs_default_durable_reconnect_check_stat()
This makes vfs_default_durable_reconnect() simpler to read
and it reduces code duplication in the failure case handling.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 25 23:03:13 CEST 2012 on sn-devel-104
|
|
It is clearly too long since Computer Science 101... ;-)
Andrew Bartlett
|
|
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Oct 20 09:06:12 CEST 2012 on sn-devel-104
|
|
|
|
reconnect.
At durable reconnect, we check the stat info stored in the cookie against the
current stat data from the file we just opened. If any detail differs, we deny
the durable reconnect, because in that case it is very likely that someone
opened the file while the handle was disconnected, which has to be interpreted
as an oplock break.
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Oct 19 18:56:19 CEST 2012 on sn-devel-104
|
|
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Oct 19 17:12:29 CEST 2012 on sn-devel-104
|
|
If we close the low level FD, we should better update the write_time
if needed.
It's not unlikely that the client doesn't reclaim the durable handle,
in that case we may not close the after the durable timeout.
In such a case we should make sure that we at least update the write time
on disconnect, this makes sure backup applications notice that
the file was changed.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
file
We need to call the pending write time update handler immediately.
Which means we don't wait exactly 2 seconds before updating the write time
after the first write.
metze
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
metze
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
make_connection_snum/close_cnum()
This was used to maintain the connections.tdb database which is being removed.
We use info from the smbXsrv_tcon instead.
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
metze
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
We use data from new smbXsrv_session instead.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
shutdown other smbds
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
retrieve the server connection from the smbXsrv_session argument instead.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
session_yield()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
This removes one of the last callers of connetions_forall.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
1. This was broken since Samba 3.2. when ipv6 support was
added, it only worked for ipv6 addresses.
2. userspace tools only display the hostname field.
3. This is not really portable
metze
Signed-off-by: Michael Adam <obnox@samba.org>
|