Age | Commit message (Collapse) | Author | Files | Lines |
|
them
|
|
Rewrote wafsamba using a new dependency handling system, and started
adding the waf test code
|
|
|
|
|
|
talloc can potentially change the errno
|
|
|
|
If the system has O_NOFOLLOW and O_DIRECTORY then we allow for
overrides by default. If not, then we disable by default, as we will
be more vulnerable to symlink attacks
|
|
To prevent symlink attacks we need to use O_NOFOLLOW one level at a
time when processing a root security override
|
|
This allows for root override, which fixes many problems with
mismatches between NT ACL permissions and unix permissions.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
The pvfs_sys_*() calls provide wrapper functions for posix file
functions which use root privileges to override EACCES failures if
PVFS_FLAG_PERM_OVERRIDE is set
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This flag indicates that we should use root privileges to override
unix permissions when the NT ACLs indicate that access should be
granted
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
This should make is easier to track down some bug reports
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
Re-using two of the create_options bits was bound to eventually
cause problems, and indeed, Windows7 now uses one of those bits
when opening text files.
Fixes bug 7189
|
|
When a user has SEC_PRIV_TAKE_OWNERSHIP or SEC_PRIV_RESTORE they have
permission to change the ownership of a file.
This should fix bug 6987
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
This was needed only by Python 2.3 which we no longer support.
|
|
The includes of the UID wrapper headers werent't really efficient according
to metze's post on the technical mailing list (http://lists.samba.org/archive/samba-technical/2010-February/069165.html).
To achieve this move the "uid_wrapper.h" includes into "lib/util/unix_privs.c",
"lib/util/util.c", "ntvfs/posix/pvfs_acl.c" and "ntvfs/unixuid/vfs_unixuid.c".
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
do not depend on pvfs objects
Following a talk with tridge on IRC, this patch allow (pull|push)_xattr_blob to be called without
having a pvfs object. It's handy for programs that wants to manipulate xattr directly.
|
|
pvfs can be NULL if the directory a share points to does not exist. In
this case, there would be no open files, so it is safe to just return
from the function.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
bug 6989 is a rare crash that has occurred in production. My best
guess as to the cause is the talloc_free() not being specific enough
as to which parent needs to be freed.
|
|
The bug is that sometimes 'streams' is parent for 'new_name'.
With this said, 'new_name' must be dupped before 'streams'
pointer is freed.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
I removed one "const" in front of a string declaration to achieve this.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
I removed two "const"s in front of string declarations to achieve this.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
matching windows behaviour is not always the right thing to do!
|
|
|
|
|
|
|
|
thanks to valgrind for this one
|
|
This caused havoc on the build farm. Interestingly, it only affected
gcc 4.3.3, not gcc 4.4.1
|
|
|
|
|
|
|
|
|
|
The data_blob_free() was changing the size we set the stream to
|
|
The passed in SD is not used to limit the access mask allowed on file
create.
|
|
The change to check for invalid \ prefix on SMB2 paths broke the
internal SMB2 code.
|
|
Previously when a file was created, we produces the resulting access
mask based on an ACL check against the parent. This change means we
now calculate the inherited ACL much earlier, and produce the
resulting access mask from that ACL, or the user supplied ACL.
|
|
chown is expected to fail under uwrap
|
|
|
|
This makes the unix access check much closer to the full ACL check
|
|
This matches the sec_access_check() code
|
|
Construct the filename from the old handle and the new name.
|
|
The CREATEX_ACCESS test shows that this is used as a bit test, not a
equality test
|
|
|
|
This bug was caused by two things:
1) in the unix ACL mapping, we were not taking into account group
write permssions for the SEC_STD_DELETE flag
2) when a file is created using OVERWRITE mode, a fchmod() would
fail if the user is not the file owner. We resolve that by only
doing the fchmod() if the mapped file attribute does not match the
desired file attribute
|
|
|
|
This fixes two issues pointed out by Andrew. It adds a runtime
uwrap_enabled() call that wraps the skips needed for uid emulation. It
also makes the skip in the directory_create_or_exist() function only
change the uid checking code, not the permissions code
|
|
This library intercepts seteuid and related calls, and simulates them
in a manner similar to the nss_wrapper and socket_wrapper
libraries. This allows us to enable the vfs_unixuid NTVFS module in
the build farm, which means we are more likely to catch errors in the
token manipulation.
The simulation is not complete, but it is enough for Samba4 for
now. The major areas of incompleteness are:
- no emulation of setreuid, setresuid or saved uids. These would be
needed for use in Samba3
- no emulation of ruid changing. That would also be needed for Samba3
- no attempt to emulate file ownership changing, so code that (for
example) tests whether st.st_uid matches geteuid() needs special
handling
|