summaryrefslogtreecommitdiff
path: root/source3/smbd
AgeCommit message (Collapse)AuthorFilesLines
2012-08-30Windows does canonicalization of inheritance bits. Do the same.Jeremy Allison1-0/+35
We need to filter out the SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set when an ACE is inherited. Otherwise we zero these bits out. See: http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531 for details.
2012-08-30Change the other two places where we set a security descriptor given by the ↵Jeremy Allison1-5/+1
client to got through set_sd(), the canonicalize sd function.
2012-08-30Re-add set_sd(), called from set_sd_blob(). Allows us to centralize all ACL ↵Jeremy Allison2-14/+28
canonicalization.
2012-08-30Rename set_sd() to set_sd_blob() - this describes what it does.Jeremy Allison3-6/+6
2012-08-28s3-smbd: Fix flooding the logs with records we don't find in pcap.Andreas Schneider1-1/+1
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue Aug 28 16:38:55 CEST 2012 on sn-devel-104
2012-08-28s3-vfs: Indicate the symlink destination when failing check_reduced_nameAndrew Bartlett1-2/+2
2012-08-23s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snumAndrew Bartlett3-6/+6
I need to get at the owner, group, DACL and SACL when testing correct ACL storage. Andrew Bartlett
2012-08-23s3-pysmbd: Fix return type of smbd.get_nt_aclAndrew Bartlett1-1/+1
The security_ prefix is stripped off in the python bindings. Andrew Bartlett
2012-08-23s3-smbd: Add talloc_stackframe() to get_nt_acl_no_snum()Andrew Bartlett1-3/+8
This is required because the functions it calls use talloc_tos(). Andrew Bartlett
2012-08-23param: Add startup checks for valid server role/binary combinationsAndrew Bartlett1-0/+7
This should eliminate confusion from our users about what they can expect to successfully run. Andrew Bartlett
2012-08-23s3-pysmbd: Fix error messageAndrew Bartlett1-2/+2
2012-08-23s3-pysmbd: Allow a mode to be specified for the simple ACLAndrew Bartlett1-27/+32
The additional group for the ACL is now optional. Andrew Bartlett
2012-08-23s3:smb2_break: encrypt OPLOCK BREAK notificationsStefan Metzmacher3-18/+107
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Thu Aug 23 10:01:14 CEST 2012 on sn-devel-104
2012-08-23s3:smb2_server: use smbXsrv_session->nonce_*Stefan Metzmacher2-25/+27
metze
2012-08-23s3:smb2_server: remove dump_data() from smbd_smb2_request_pending_timer()Stefan Metzmacher1-1/+0
This was just for debugging... metze
2012-08-22s3-pysmbd: Correct the python type for smb_acl_tAndrew Bartlett1-2/+2
The t is weird, but the python bindings trim the traditional IDL name prefix of each element, as it is usually rudundent. Andrew Bartlett
2012-08-21s3-pysmbd: Add get/set functions for the posix ACL layerAndrew Bartlett1-0/+89
These will be used to verify that an ACL set as an NT ACL creates the correct posix ACL. Andrew Bartlett
2012-08-21s3-pysmbd: Correct comments in python VFS bindingsAndrew Bartlett1-2/+2
2012-08-21s3-pysmbd: Add hook for a VFS chown()Andrew Bartlett1-0/+53
2012-08-20s3-smbd: ensure we give appropriate errors for EA requests on streamsAndrew Bartlett1-35/+77
2012-08-20s3-smbd: Do not look for EA information on a streamAndrew Bartlett1-6/+8
The estimated EA size needs to be of the main file. However, the fsp may point to the stream, so we need to ignore it if this is the case. This may mean we estimate wrong if there has been a rename. Andrew Bartlett
2012-08-20s3-smbd: Push smb_fname into estimate_ea_sizeAndrew Bartlett1-12/+20
This ensures that we return the ea size of the stream, not the overall file. This is important as if there is an EA on the main file, the raw.streams test was failing. Andrew Bartlett
2012-08-17s3:smb2_negprot: annouce/negotiate SMB3 encryption supportStefan Metzmacher1-0/+8
metze
2012-08-17s3:smb2_server: add SMB3 encryption supportStefan Metzmacher2-49/+353
metze
2012-08-17s3:smbd: don't disconnect the client when a share has "smb encrypt = required"Stefan Metzmacher2-6/+8
It's not the client fault, if he doesn't know that encryption is required. We should just return ACCESS_DENIED and let the client work on other shares and open files on the current SMB connection. metze
2012-08-17s3:smbd: lp_smb_encrypt() returns SMB_SIGNING_* valuesStefan Metzmacher2-6/+6
metze
2012-08-17s3:smbd: make use of ENCRYPTION_REQUIRED()Stefan Metzmacher1-2/+2
metze
2012-08-17s3:smb2_server: try to sign an error response if we have a signing keyStefan Metzmacher1-1/+18
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Aug 17 00:54:01 CEST 2012 on sn-devel-104
2012-08-16s3:smb2_server: verify the signature before the session_statusStefan Metzmacher1-3/+4
metze
2012-08-16s3:smb2_server: add some const to print_req_vectors()Stefan Metzmacher1-1/+1
metze
2012-08-16s3-libsmb: Add a python wrapperVolker Lendecke1-1/+1
Please note that this is not finished and only for internal use. Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-08-16s3-smbd: Do not check no_acl_syscall_error(errno) after sys_acl_init()Andrew Bartlett1-11/+2
This is no longer a VFS call, so will no longer fail in this way. Andrew Bartlett
2012-08-15s3:smb2_server: do calculations based on SMBD_SMB2_NUM_IOV_PER_REQ in ↵Stefan Metzmacher1-3/+3
smbd_smb2_request_validate() metze
2012-08-15s3-sysacls: Remove sys_acl_free_qualifier() as it is a no-opAndrew Bartlett2-4/+0
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 15 05:23:18 CEST 2012 on sn-devel-104
2012-08-15s3-sysacls: Remove sys_acl_free_acl() and replace with TALLOC_FREE()Andrew Bartlett3-41/+41
2012-08-15s3-smbd: Remove sys_acl_*() VFS wrapper functionsAndrew Bartlett1-129/+0
We no longer do struct smb_acl_t manipuations via the VFS layer, which is now reduced to handling the get/set functions. The only backend that implemented these functions (aside from audit) was the vfs_default module calling the sys_acl code. The various ACL implementation modules either worked on the fully initilaised smb_acl_t object or on NT ACLs. This not only makes the operation of the posix ACL code more efficient (as allocation and free is not put via the VFS), it makes it easier to test and removes the fantasy that a module could safely redefine this structure or the behaviour here. The smb_acls.idl now defines the structure, and it is now allocated with talloc. These operations were originally added to the VFS in commit 3bb219161a270f12c27c3bc7e1220829c6e9f284. Andrew Bartlett
2012-08-15s3-smbd: Remove unused conn argument from convert_permset_to_mode_t()Andrew Bartlett1-3/+3
2012-08-15s3-smbd: Call sys_acl_set_permset() directly rather than via the VFSAndrew Bartlett1-7/+7
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_set_qualifier() directly rather than via the VFSAndrew Bartlett1-3/+3
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_set_tag_type() directly rather than via the VFSAndrew Bartlett1-6/+6
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_create_entry() directly rather than via the VFSAndrew Bartlett1-6/+6
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_add_perm() directly rather than via the VFSAndrew Bartlett1-6/+6
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_clear_perms() directly rather than via the VFSAndrew Bartlett1-2/+2
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_init() directly rather than via the VFSAndrew Bartlett1-3/+3
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_free_acl() directly rather than via the VFSAndrew Bartlett2-24/+24
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFSAndrew Bartlett1-2/+2
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_get_entry() directly rather than via the VFSAndrew Bartlett2-8/+8
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFSAndrew Bartlett1-2/+2
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_get_qualifier() directly rather than via the VFSAndrew Bartlett2-4/+4
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_get_tagtype() directly rather than via the VFSAndrew Bartlett2-5/+5
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
generated by cgit (git 2.34.1) at 2024-07-05 07:13:20 +0000