Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
The data_blob_free() was changing the size we set the stream to
|
|
The passed in SD is not used to limit the access mask allowed on file
create.
|
|
The change to check for invalid \ prefix on SMB2 paths broke the
internal SMB2 code.
|
|
Previously when a file was created, we produces the resulting access
mask based on an ACL check against the parent. This change means we
now calculate the inherited ACL much earlier, and produce the
resulting access mask from that ACL, or the user supplied ACL.
|
|
chown is expected to fail under uwrap
|
|
|
|
This makes the unix access check much closer to the full ACL check
|
|
This matches the sec_access_check() code
|
|
Construct the filename from the old handle and the new name.
|
|
The CREATEX_ACCESS test shows that this is used as a bit test, not a
equality test
|
|
|
|
This bug was caused by two things:
1) in the unix ACL mapping, we were not taking into account group
write permssions for the SEC_STD_DELETE flag
2) when a file is created using OVERWRITE mode, a fchmod() would
fail if the user is not the file owner. We resolve that by only
doing the fchmod() if the mapped file attribute does not match the
desired file attribute
|
|
|
|
This fixes two issues pointed out by Andrew. It adds a runtime
uwrap_enabled() call that wraps the skips needed for uid emulation. It
also makes the skip in the directory_create_or_exist() function only
change the uid checking code, not the permissions code
|
|
This library intercepts seteuid and related calls, and simulates them
in a manner similar to the nss_wrapper and socket_wrapper
libraries. This allows us to enable the vfs_unixuid NTVFS module in
the build farm, which means we are more likely to catch errors in the
token manipulation.
The simulation is not complete, but it is enough for Samba4 for
now. The major areas of incompleteness are:
- no emulation of setreuid, setresuid or saved uids. These would be
needed for use in Samba3
- no emulation of ruid changing. That would also be needed for Samba3
- no attempt to emulate file ownership changing, so code that (for
example) tests whether st.st_uid matches geteuid() needs special
handling
|
|
This fixes bug 6547, where smbclient in S3 reads more than 64k at a
time with readx.
|
|
This caused the panics on the RAW-SETFILEINFO.RENAME test,
because we returned an empty strings.
The problem was:
ERROR: talloc_steal with references at ntvfs/posix/pvfs_setfileinfo.c:215
reference at ntvfs/posix/pvfs_resolve.c:799
metze
|
|
When the notify buffer overruns and there are no pending notify
requests, the notify buffer doesn't actually get destroyed, it just
gets put in a state where new notifies are discarded and the next
notify change request will return 0 changes.
|
|
|
|
This change brings ntvfs_connect into compliance with other ntvfs functions
which take an ntvfs module, an ntvfs request and an smb io union.
It now becomes the responsibility of ntvfs modules to examine
tcon->generic.level themselves and derive the share name and any other
options
directly; e.g.
const char *sharename;
switch (tcon->generic.level) {
case RAW_TCON_TCON:
sharename = tcon->tcon.in.service;
break;
case RAW_TCON_TCONX:
sharename = tcon->tconx.in.path;
break;
case RAW_TCON_SMB2:
default:
return NT_STATUS_INVALID_LEVEL;
}
if (strncmp(sharename, "\\\\", 2) == 0) {
char *p = strchr(sharename+2, '\\');
if (p) {
sharename = p + 1;
}
}
service.c smbsrv_tcon_backend() is called before ntvfs_connect and fills in
some of the tcon->..out values.
For the case of RAW_TCON_TCONX, it filles out tcon->tconx.out.tid and
tcon->tconx.out.options
For the case of RAW_TCON_TCON it fills out tcon->tcon.out.tid and
tcon->tcon.out.max_xmit
Thus the ntvfs_connect function for vfs modules may override these values
if desired, but are not required to.
ntvfs_connect functions are required to fill in the tcon->tconx.out.*_type
fields, for RAW_TCON_TCONX, perhaps something like:
if (tcon->generic.level == RAW_TCON_TCONX) {
tcon->tconx.out.fs_type = ntvfs->ctx->fs_type;
tcon->tconx.out.dev_type = ntvfs->ctx->dev_type;
}
Signed-off-by: Sam Liddicott <sam@liddicott.com>
(I fixed the ntvfs_connect() in the smb_server/smb2/
and the RAW_TCON_SMB2 switch case in the modules)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
metze
|
|
Separate again the public from the private headers.
Add a new header specific for modules.
Also add service function for modules as now ldb_context and ldb_module are
opaque structures for them.
|
|
This allows the RAW-STREAMS test to work again. We still have some
limitations though:
- renames of a stream to the default stream doesn't work
- delete on close handling between streams and the main file
is still broken
|
|
metze
|
|
list=""
list="$list event_context:tevent_context"
list="$list fd_event:tevent_fd"
list="$list timed_event:tevent_timer"
for s in $list; do
o=`echo $s | cut -d ':' -f1`
n=`echo $s | cut -d ':' -f2`
r=`git grep "struct $o" |cut -d ':' -f1 |sort -u`
files=`echo "$r" | grep -v source3 | grep -v nsswitch | grep -v packaging4`
for f in $files; do
cat $f | sed -e "s/struct $o/struct $n/g" > $f.tmp
mv $f.tmp $f
done
done
metze
|
|
metze
|
|
|
|
We should only include events.h where we really need it
and prefer forward declarations of 'struct event_context'
metze
|
|
metze
|
|
metze
|
|
metze
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
metze
(This used to be commit 3c6cadf76861d6522c5ec41953df1ba2fac4910d)
|
|
(This used to be commit 4f6646f06988b1fb8be9e0c8ae833bb9792184af)
|
|
(This used to be commit 341f64834e13cdbc7d4742a4652ae39b70a4231f)
|