Age | Commit message (Collapse) | Author | Files | Lines |
|
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Oct 11 18:49:15 CEST 2012 on sn-devel-104
|
|
smbd_do_query_security_desc
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 11 15:20:54 CEST 2012 on sn-devel-104
|
|
SMB_VFS_FGET_NT_ACL
This fixes up an error introduced by c8ade07760ae0ccfdf2d875c9f3027926e62321b.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 11 07:53:36 CEST 2012 on sn-devel-104
|
|
|
|
These were missed with the initial conversion to use a talloc context.
Andrew Bartlett
|
|
This avoids this bad style being copied into new modules.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 11 05:10:16 CEST 2012 on sn-devel-104
|
|
This avoids this bad style being copied into new modules.
Andrew Bartlett
|
|
This is so we do not query some other module for the ACL blob, as zfs
ACLs are not posix ACLs. We may add a linearisation later.
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This is important, as we need to avoid asking any lower module for a
possible libear ACL blob. We may implement a linearisation in the
future.
Andrew Bartlett
|
|
This simply linearlises the SMB_ACL_T (default and access acl for
directories) and the file owner, group and mode into a blob.
It will be useful for an improved vfs_acl_common.c that uses this sets
that, rather than the hash of the NT ACL, in the xattr
This will in turn insulate the stored hash from changes in the ACL
mapping.
Andrew Bartlett
|
|
This interface actually needs to match the get_nt_acl interface in
that the system ACL implmenetation may not be posix ACLs, and the blob
is not meant to be enforced to be of a particular system ACL
structure.
Andrew Bartlett
|
|
This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().
As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.
Andrew Bartlett
|
|
This changes from allocation on NULL to allocation on the supplied
memory context.
Currently that supplied context is talloc_tos() at the the final consumer of
the ACL.
Andrew Bartlett
|
|
|
|
enum dcerpc_transport_t is undeclared, include required headers.
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Oct 10 12:41:28 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 9 23:35:50 CEST 2012 on sn-devel-104
|
|
|
|
A full fsp is a bit overkill here
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Oct 9 13:38:49 CEST 2012 on sn-devel-104
|
|
This fixes bug #8769.
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Oct 8 16:11:51 CEST 2012 on sn-devel-104
|
|
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Oct 6 17:16:39 CEST 2012 on sn-devel-104
|
|
they are different so should go through a mapping function. Ensure this is so.
Practically this does not matter, as for user permissions the mapping
function is an identity, and the extra bits we may add are ignored
anyway, but this makes the intent clear.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 6 03:04:14 CEST 2012 on sn-devel-104
|
|
makes the logic clearer.
|
|
|
|
security mask
force security mode
directory security mask
force directory security mode
and update the docs.
|
|
lp_security_mask/lp_force_security_mode/lp_dir_security_mask/lp_force_dir_security_mode
and replace with the normal masks. Now these parameters can be removed.
|
|
security mask parameters."
This reverts commit 8f0ecbbbeebff0174579a78827d384067cd4cbb7.
Not now needed as part of the move to remove security mask parameters.
|
|
mask/directory mask parameters."
This reverts commit c251a6b0442abc13bc8be4ff8de324c1d7706a78.
Remove this as we're planning to remove the security mask,
directory security mask parameters and only use create mask/directory mask.
|
|
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Oct 4 12:06:29 CEST 2012 on sn-devel-104
|
|
|
|
SMB2."
This reverts commit dfd3c31a3f9eea96854b2d22574856368e86b245.
As Metze pointed out:
From MS-SMB2 section 2.2.4:
SMB2_NEGOTIATE_SIGNING_ENABLED
When set, indicates that security signatures are enabled
on the server. The server MUST set this bit, and the client MUST return
STATUS_INVALID_NETWORK_RESPONSE if the flag is missing.
I'll submit a documentation bug to fix #9222 that way.
|
|
smb_panic.
Terminate the connection cleanly instead.
|
|
Still sign if client request is signed, just don't negotiate it in
negprot or sessionsetup.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 3 00:59:42 CEST 2012 on sn-devel-104
|
|
mask/directory mask parameters.
Currently we call FSET_NT_ACL to inherit any ACLs on create. However
FSET_NT_ACL uses the security mask/directory security mask parameters
instead of the create mask/directory mask parameters.
Swap them temporarily when creating to ensure the correct masks
are applied.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 2 22:27:17 CEST 2012 on sn-devel-104
|
|
security mask parameters.
|
|
and SMB_ACL_GROUP entries.
|
|
|
|
|
|
|
|
Guenther
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Oct 2 18:06:17 CEST 2012 on sn-devel-104
|
|
Guenther
|