Age | Commit message (Collapse) | Author | Files | Lines |
|
setting ACLs.
Not caught by make test as it's an extreme edge case for strange
incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
pass against 3.6.x and 4.0.0 with acl_xattr mapped onto a POSIX backend.
An incoming inheritable ACE entry containing only one permission,
WRITE_DATA maps into a POSIX owner perm of "-w-", which violates
the principle that the owner of a file/directory can always read.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Nov 15 19:52:52 CET 2012 on sn-devel-104
|
|
it in?
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 14 02:19:46 CET 2012 on sn-devel-104
|
|
Removes some incorrect info from an error message
(probably from its old place when it was copied).
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
NT4 is long dead, and we should not change which ACL we return based
on what we think the client is. The reason we should not do this, is
that if we are using vfs_acl_xattr then the hash will break if we do.
Additionally, it would require that the python VFS interface set the
global remote_arch to fake up being a modern client.
This instead seems cleaner and removes untested code (the tests are
updated to then handle the results of the modern codepath).
The supporting 'acl compatability' parameter is also removed.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
security_descriptor *.
Internally change the implementation to use SMB_VFS_GET_NT_ACL()
instead of SMB_VFS_FGET_NT_ACL() with a faked-up file struct.
Andrew Bartlett
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Change set_nt_acl_no_snum() to correctly set up the fsp.
This does a stat on a real fsp in set_nt_acl_no_snum.
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Samba continues to query a broken DC while the DC did not finish to
rebuild Sysvol (after a Windows crash, for example). It causes end users
to received strange codes while trying to authenticate, even if there is
a secondary DC available.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Nov 12 18:57:18 CET 2012 on sn-devel-104
|
|
Currently in smb_getpwnam() the NetBIOS domain name and the winbind separator
character is always added to the user name returned by Get_Pwnam_alloc() if it
does not contain the winbind separator character. As comments in the code
indicates this is done as a work around if 'winbind use default domain' is set
to yes in the samba configuration.
This make sense if the option is set because otherwise the domain information is
lost from the user name. But it causes errors if other services than winbind are
used for user lookup, e.g. sssd. sssd can handle different kind of fully
qualified user names as input, e.g. user@domain.name or DOM\user, but returns a
canonical name, by default user@domain.name.
While it would be possible to get around this issue with a special configuration
either on the sssd or samba side I think the cleaner solution is to use the work
around only if 'winbind use default domain' is set to yes which is what this
patch does.
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Nov 12 15:54:15 CET 2012 on sn-devel-104
|
|
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 10 20:25:48 CET 2012 on sn-devel-104
|
|
the waf build was missing the --with-dmapi option
and configure checks that are necessary to build the
source3 parts that need DMAPI (e.g. vfs_tsmsm)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9178
Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Fri Nov 9 20:57:31 CET 2012 on sn-devel-104
|
|
access."
This reverts commit ae6a779bf9f816680e724ede37324b7f5355996b.
Bug 9125 analysis from Volker:
The problem is that there are no network calls possible at all that
would do what the samlogon cache does for us. There is just no way to
retrieve the group membership in a complex trusted environment. If you
have just a single domain with Samba as domain controller it might be
possible, but even within a single domain it is not possible to
correctly retrieve all group memberships using LDAP calls due to ACLs on
directory objects. The call to get that is called NetSamLogon on the
NETLOGON pipe. But this call requires user credentials and might trigger
updating counts on the server. So to correctly implement wbinfo -r after
a user has logged in, you have two alternatives: Save the info3 struct
or the PAC in the netsamlogon cache. If you insist on doing network
calls, you need to cache the user credentials somewhere to re-do the
NetSamLogon call every time the wbinfo -r is requested.
Reviewed-by: Andreas Schneider <asn@samba.org>
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 8 21:24:21 CET 2012 on sn-devel-104
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Nov 7 17:18:06 CET 2012 on sn-devel-104
|
|
Otherwise smbstatus reports the wrong time for tree connects.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Mon Nov 5 20:43:23 CET 2012 on sn-devel-104
|
|
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 5 19:01:13 CET 2012 on sn-devel-104
|
|
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 5 03:33:32 CET 2012 on sn-devel-104
|
|
parent
When we add a new DACL to the security descriptor, we need to use the
SD as the memory context, so we can talloc_move() it as a tree to a
new parent.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 2 22:16:14 CET 2012 on sn-devel-104
|
|
Karolin
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Nov 2 15:40:22 CET 2012 on sn-devel-104
|
|
available.
Currently, configure only warns if cluster support is not found.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
by checking if we have the ctdb_protocol.h and including ctdb_private.h otherwise.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
by checking if we have the ctdb_protocol.h and including ctdb_private.h otherwise.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
This is analogous to the earlier patch for tdb.
It temporarily adds the talloc include path to the
includes search list for the ctdb-header configure checks.
Signed-off-by: Michael Adam <obnox@samba.org>
Tested-by: Björn Baumbach <bb@sernet.de>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Nov 2 10:09:36 CET 2012 on sn-devel-104
|
|
We should use the latest supported dialect.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewd-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Nov 1 18:11:27 CET 2012 on sn-devel-104
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
The removal of consumption of the time field from the centry
as "removal of unused variable" in 21528da9cd12a4f5c3792a482a5d18fe946a6f7a
had the side effect of changing the offset for reading the following
nt password hash, so the read password hash was wrong.
This patch re-installs the consumption of the time,
thereby fixing the bug without changing the disk format of the cache.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
This avoids the whole fileserver.conf thing, and simply handles everything in C.
The main challenge is that if s3fs is enabled in a member server
configuration (unlikely) then these options will not be set, and it
overrides any other attempt to set these as globals. (The previous
approach essentially just changed defaults, because the include =
of smb.conf was after the values were set in fileserver.conf).
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Nov 1 11:47:22 CET 2012 on sn-devel-104
|
|
crash smbd.
Ensure we exercise the SeBackup code path on directory listings.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Wed Oct 31 03:21:38 CET 2012 on sn-devel-104
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 30 20:22:46 CET 2012 on sn-devel-104
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed by: Jeremy Allison <jra@samba.org>
|
|
(bug #9341)
Reported-by: Sebastien LAVEZE <sebastien.laveze@mindspeed.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Tested-by: Sebastien LAVEZE <sebastien.laveze@mindspeed.com>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Oct 30 16:49:26 CET 2012 on sn-devel-104
|
|
Reviewed by Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 30 00:05:34 CET 2012 on sn-devel-104
|
|
Reviewed by Jeremy Allison <jra@samba.org>
|
|
This has been done.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Oct 29 20:12:18 CET 2012 on sn-devel-104
|
|
We don't get a realm back from the server which is useable as a realm on
Unix. On Unix they are case sensitive and on Windows they aren't. This
confuses uses and if we write realm they try to use it as it came back
in lowercase.
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Oct 29 18:26:19 CET 2012 on sn-devel-104
|
|
When we do a become_root()/unbecome_root() pair to temporarily
raise privilege, this NULLs out the NT token. If we're within
a become_root()/unbecome_root() pair then return the previous
token on the stack as our NT token. This is what we should be
using to check against NT ACLs in the file server. This copes
with security context changing when removing a file on close
under the context of another user (when 2 users have a file
open, one sets delete on close and then the other user has
to actually do the delete).
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Oct 29 16:26:20 CET 2012 on sn-devel-104
|
|
Autobuild-User(master): Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date(master): Sat Oct 27 19:08:42 CEST 2012 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|