Age | Commit message (Collapse) | Author | Files | Lines |
|
GID list
This presents a potential security problem when ACLs contain DENY ACEs.
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Jul 29 14:42:27 CEST 2013 on sn-devel-104
|
|
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
in case of ID_TYPE_BOTH
This is important for acl checks on the unix level where only a group ace
has been added to the ACL for the user sid, e.g. when accessing Files with
nfs or local unix processes.
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
|
|
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
It is currently only available in MIT. In addition, allow to define custom
filepaths for FILE, WRFILE and DIR pragmas and substitute one occurence of the
%u pattern.
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
rpc_pipe_open_interface just returns okay if the pipe in question is
already open. For this, it needs to read the value.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 23 02:05:19 CEST 2013 on sn-devel-104
|
|
rpc_pipe_open_interface just returns okay if the pipe in question is
already open. For this, it needs to read the value.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
rpc_pipe_open_interface just returns okay if the pipe in question is
already open. For this, it needs to read the value.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
This is needed cause wine already provides a binary with the name
regedit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10040
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Kai Blin <kai@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 22 14:12:38 CEST 2013 on sn-devel-104
|
|
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jul 19 17:53:08 CEST 2013 on sn-devel-104
|
|
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
can return a parameter block with an error code.
This is needed when returning a STATUS_INVALID_NAME result (tested
from Windows 2012).
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Invalid character list probed from Windows Server 2012.
Bug 9992: Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
Reviewed-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 18 03:22:37 CEST 2013 on sn-devel-104
|
|
The mode special substitution now happens in a separate function.
The substitution at this point is unnecessary.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue Jul 16 00:52:26 CEST 2013 on sn-devel-104
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
|
|
We initialize everything later anyway
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
|
|
BUG: https://bugzilla.samba.org/show_bug.cgi?id=9994
Thanks to David Woodhouse <dwmw2@infradead.org>.
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jul 15 12:48:46 CEST 2013 on sn-devel-104
|
|
In the destructor of fsp->aio_requests[0] we put another request into
fsp->aio_requests[0]. Don't overwrite that with TALLOC_FREE.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 11 20:56:42 CEST 2013 on sn-devel-104
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
In order to avoid displayed uid or gid of "4294967295" instead of "-1", we
need to fetch the special case -1.
The id can be -1 if we are reading e.g. incomplete session information.
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 10 01:18:30 CEST 2013 on sn-devel-104
|
|
Part of fix for bug #10003
Pair-programmed-with: Björn Baumbach <bb@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
When trying to read a profile, under certain circumstances Windows tries
to read with its machine account first. The profile previously written
was stored with an ACL that only allows access for the user and not
the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using
the machine account, making it retry with the user account (which would
then succeed).
Samba under these circumstances erroneously gives
NT_STATUS_OBJECT_PATH_NOT_FOUND, which makes Windows give up and not
retry. The reasons is the "dropbox" patch in unix_convert, turning EACCESS
on the last path component to OBJECT_PATH_NOT_FOUND. This patch makes
the dropbox behaviour only kick in when we are creating a file. I think
this is an abstraction violation. unix_convert() should not have to know
about the create_disposition, but given that we have pathname resolution
separated from the core open code right now this is the best we can do.
Signed-off-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
tevent_req_create already initializes "state" to 0
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jul 8 17:04:20 CEST 2013 on sn-devel-104
|
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 2 23:26:24 CEST 2013 on sn-devel-104
|
|
Fix this - we already control tightly what permissions are
on the files we create. Ensure we don't get surprised.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Jun 27 02:02:24 CEST 2013 on sn-devel-104
|
|
Listing individual shares can be quite slow when you have a lot of shares. This
implements a --view-all option that prints something like
[share1]
REVISION:1
OWNER:(NULL SID)
GROUP:(NULL SID)
ACL:S-1-1-0:ALLOWED/0/FULL
[share2]
REVISION:1
OWNER:(NULL SID)
GROUP:(NULL SID)
ACL:S-1-1-0:ALLOWED/0/FULL
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
otherwise we are open for a race condition:
opener 1 opens file and closes it
- during the close, the share mode entry will be removed from
locking.tdb, but share mode in the file system will be dropped later
after delete_on_close and write time updates have been done
opener 2 requests open of same file with file overwrite
- locking.tdb does not list original entry, but file system share mode
is still around
- VFS_FTRUNCATE will fail and error was converted to STATUS_ACCESS_DENIED
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue Jun 25 14:48:44 CEST 2013 on sn-devel-104
|
|
do not return early here, but use the common exit path that will
remove the share mode from the record
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
add ETXTBSY to the errno->STATUS conversion table.
It will be mapped to STATUS_SHARING_VIOLATION
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
This fixes Bug 9957
Bug: https://bugzilla.samba.org/show_bug.cgi?id=9957
Signed-off-by: Daniel Gan-Levi <danielg@il.ibm.com>
Reviewed-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
|
|
DELETE_CHILD parameter on NFSv4/ZFS/GPFS file ACE's.
Windows maps an open request of GENERIC_ALL on files to 0x1FF specific bits, which
includes DELETE_CHILD even though this has no meaning on file ACE's. If a returned
NFSv4 ACE entry for a file has all other specific bits set except for DELETE (which
comes from the containing directory) and DELETE_CHILD (which has no meaning) then
optionally add it into the returned ACE entry.
This is using the same parameter in the same way as it is currently used
in smbd/posix_acls.c. Note that as this parameter is on by default, it
is already being tested in the existing raw.acl tests.
Fixes issue with Microsoft SMB2 torture test suite found at the interop event
in Redmond, WA.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
|
|
smbclient commands can offer tab-completion for local and remote paths.
This behaviour is specified for the first two arguments using the
compl_args entry in the commands struct.
This change fixes a number of incorrectly specified compl_args values.
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Aurélien Aptel <aurelien.aptel@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Mon Jun 24 19:32:54 CEST 2013 on sn-devel-104
|
|
Based on a fix originally from Raghavendra Talur <rtalur@redhat.com>.
When a new document is created in explorer, a check for file_exist is made.
vfs_gluster_get_real_filename was returning 0 even when the file did not
exist.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: "Christopher R. Hertel" <crh@ubiqx.mn.org>
|
|
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jun 21 19:57:06 CEST 2013 on sn-devel-104
|
|
with BUILTIN
when creating a BUILTIN group, make the strategy dependent on passdb backend behavior
1. if passdb is responsible for BUILTIN (normal case), call pdb_create_builtin_alias with gid=0 argument
so it asks winbindd for a gid to be used
2. if passdb is not responsible, ask for a mapping for the group first and let pdb_create_builtin_alias
create the mapping based on the gid that was determined in the mapping request
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun 21 12:49:10 CEST 2013 on sn-devel-104
|
|
make it possible to skip the allocation of a new gid from winbind
by specifying the gid to be used
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
this one first tries to map the principal before
allocating a new gid
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
with tdbsam:map builtin, one can control if tdbsam should
be used to map entries from BUILTIN or not.
By default, they will be mapped (as in older releases)
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
as general passdb code already verifies for which
idmap domains the module is responsible, requests for
other domains should not come in here any more
Pair-Programmed-With: Michael Adam <obnox@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
|