Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 407136abdf45ad832382dba44e1c9a3b4f253f09)
|
|
Without this the changed checks in can_delete_file_in_directory give DELETE
access where there is none. So we can end up granting the ntcreate&x preparing
the unlink where we should not, which leads to a NT_STATUS_ACCESS_DENIED at
close time later, which in turn does *not* give the access denied error message
in the Windows GUI.
can_delete_file_in_directory will grant access now by looking at the directory
permissions.
(This used to be commit 51b5364c2afb3a18df4bec2bc1624760ccc01676)
|
|
With at least NFSv4 ACLs around the write permission for the owner is a bogus
check if we can delete a file in a directory. Like in Windows, there are two
ways which can grant us such: First, the DELETE permission on the file itself,
or if that does not help, the DELETE_CHILD permission on the directory. It
might be a bit more code that runs, but essentially we should end up with the
same set of syscalls in the non-acl case.
(This used to be commit daa9b056645a45edfb3a70e3536011ebe5678970)
|
|
Did not measure it, but I think a single write is better than a read and a
conditional branch
(This used to be commit abe1bed665ad8d1dbf9177dcbb9344b25df9594c)
|
|
(This used to be commit 2eef2c682c18ad37b78214c755b9dd7c8b607cb8)
|
|
(This used to be commit 4f50cb63e9b565ae0747127baa651a1a1874298b)
|
|
Jeremy.
(This used to be commit 8b26afdcddc75d3b9a97309757a97314b406cb59)
|
|
(This used to be commit 0e84e3bb800cec2b63df4692afbf9c40850b108f)
|
|
This reverts commit b1afb31f3cadd4749bf6e3eb5d8935588bf8ebfc.
This one is very strange: I need to investigate why valgrind showed it as
leaking, and why in my initial tests this did not fail.
(cherry picked from commit 24730f5981efb920811e7929a9483bd72bb0984c)
(This used to be commit b1e8e5d173cdaa3fb9c1fb1d9aacf8e665bc5d61)
|
|
In alloc_sub_basic, when expanding '%m', substitute "" instead of
NULL for remote_machine when this is NULL. Else a NULL string
is returned.
Michael
(This used to be commit c65b456c6a145d15b7fd27a2a3440a0709fc3277)
|
|
Michael
(This used to be commit 7d5fb873bde0a84de522650945effeaf602c759e)
|
|
This is not needed anymore since user_can_access_file_acl() ist used.
Michael
(This used to be commit 3c349f773a52e3de693d3bb79f5060c9f1e01e41)
|
|
This is a security descriptor level function only.
Michael
(This used to be commit 5931540fa1681f026fed42df387d17e43c493c47)
|
|
Michael
(This used to be commit b9f6904044889328ded229b7ff04d31218f4fef8)
|
|
Michael
(This used to be commit 6d7f64c3481d3aa7ec6b0d468f3d6218f62cd92e)
|
|
Remove the user from BUILTIN\Administrators at the end of the tests.
Note: BUILTIN\Administrators is not deletet at the end because that
functionality is not implemented.
Michael
(This used to be commit 1734f9305a38eff05f0147d9c7391ef34085e7b2)
|
|
It breaks RPC-SAMBA3-GETUSERNAME for reasons I have not quite
understood yet. Somhow loosing rights fails when the user
belogns to BUILTIN\Administrators at some point.
Michael
(This used to be commit 9fe99c69f35b005b66c1eacb5d999cc73f1bb521)
|
|
Thanks to "No Body is Perfect" from gmail, whoever that is :-)
Volker
(cherry picked from commit 679d8dfa390601f777bfb43c02cd921eae5edcf4)
(This used to be commit b8e1d62b8e8f724b855c8ab9801abee0b2791e36)
|
|
Guenther
(This used to be commit 2351b0845ca78707901daca6a6d0425959c6f28e)
|
|
Guenther
(This used to be commit ad105177686da823ef9cce1c1bedaf0f84a49b8c)
|
|
Guenther
(This used to be commit 32a66131eb56e1c66b89e348141047c6b98cf35e)
|
|
Guenther
(This used to be commit 0bd69df7704789888eba2a07aba505dce037c4eb)
|
|
Guenther
(This used to be commit 383636aaca0e59fef8a010ba697e5edf9ce2648b)
|
|
Guenther
(This used to be commit 12669b12c25a64b02c0e49b3ef96cf317992b18c)
|
|
Guenther
(This used to be commit 4fd6bc61d0034659c5a89bf2eae188a04a3b41eb)
|
|
Guenther
(This used to be commit 2b82779a401dd1d14f5842872ac37b2454efc92b)
|
|
Guenther
(This used to be commit 76877680a8a6400bc2d3b5e3b788b7d5fc683850)
|
|
Guenther
(This used to be commit 1262ab1843a8a8cb794f6bbfb113bd2d99ffba22)
|
|
Guenther
(This used to be commit 78bc98cb55e36ef175f9c0f6fcd943781a514005)
|
|
Guenther
(This used to be commit 782ab0f1c1c0957a1111a76c2c1ea7bd99d38311)
|
|
Guenther
(This used to be commit 8dd1a5fabffaea847a348d1467a75d005a16b0bd)
|
|
Guenther
(This used to be commit e0b117200441f842fbc11cc817ab2cde4d63a22e)
|
|
Guenther
(This used to be commit 7e7f07ec59d23e909809ed32adc8fc399826310d)
|
|
Guenther
(This used to be commit cb7ace209c2051ae02647188715fa6ee324c2bf6)
|
|
Guenther
(This used to be commit ec86852fc6ce2d88ad5835c8fcb337c68fd6f6bc)
|
|
Guenther
(This used to be commit d20353d30c2e08a6c6d67ae8b8c2faa26004249c)
|
|
Guenther
(This used to be commit 132b038581a1a91b4e70c7c44f97f52866609812)
|
|
(This used to be commit 675bb53398ba29c53d2dcf3c7122cf4770c2f938)
|
|
The done: part could access uninitialized memory if intermediate
BAIL_ON_WBC_ERROR fire.
Jerry, please check!
Thanks,
Volker
(cherry picked from commit 31f4c33dcc744e81be54389756378e25aa2bb75e)
(This used to be commit 5b12d8aa510689114e5413be5afe6aeb6ec2d9db)
|
|
If the BAIL_ON_WBC_ERROR directly after wbcRequestResponse kicks in, *domain
and *name have not been initialized yet. So the cleanup routine in the done:
part of the routine (which did not check for domain!=NULL etc) would access
uninitialized memory.
Jerry, please check!
Thanks,
Volker
(cherry picked from commit 3d7e0cc40b1992f4555807acec4f00450e30e2de)
(This used to be commit ac5ba26bb0488c3fb95072d84898c02b72c5b819)
|
|
(This used to be commit a09ed6016a41a9ed45716579e59a646545054f63)
|
|
This test fails if GCC emits any warnings (presumably to detect the
function propertly), but unless we include this message then free()
fail. Why we need to call free in a configure test is probably
something to blame on valgrind...
Andrew Bartlett
(This used to be commit d013f6fadc3e80fabb4a1784207dabc84f9b7dc2)
|
|
(This used to be commit 9c1f334af3111e93bb8dceb661e1bc5519aa94c6)
|
|
(cherry picked from commit 72b381689af9cae83ab08532cffd0188f2da4807)
(This used to be commit 20110ee5f181168dc1cbc08b7c22820d68204960)
|
|
This reverts commit 2ea03a1e95a30e321e390bef9408a1215711de07.
(This used to be commit 80c2e8295a00c3d88372b55b81d03b455feb69b2)
|
|
This reverts commit df8d089bc63c2a52cbdf3504cded8df620a59902.
(This used to be commit 342f8858200ed7c446516c270e1b4284d92010d8)
|
|
Based on patch from Erik van Pienbroek.
Guenther
(This used to be commit 71f4cf773022525ba617f09c495dbff97f8eb2d5)
|
|
Turns out the password hashes are not rid encrypted in the samsync reply.
Guenther
(This used to be commit 7d8d60bcbae79f3cdd55b27217145ffbd19f161d)
|
|
Guenther
(This used to be commit eb4232fec05cd87ea85a781b84a3fbe85f469703)
|
|
Guenther
(This used to be commit e0843e631e379645296a5fe34dfc83bc265ebef3)
|