Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
The includes of the UID wrapper headers werent't really efficient according
to metze's post on the technical mailing list (http://lists.samba.org/archive/samba-technical/2010-February/069165.html).
To achieve this move the "uid_wrapper.h" includes into "lib/util/unix_privs.c",
"lib/util/util.c", "ntvfs/posix/pvfs_acl.c" and "ntvfs/unixuid/vfs_unixuid.c".
|
|
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This segfault occoured in cases where we rejected (or never attempted)
the tree connect, so had an invalid private pointer for the logoff
codepath.
Andrew Bartlett
|
|
Changes the order of two commands. First set up the "priv" structure, then
assign it to the "ntvfs" structure.
|
|
This change brings ntvfs_connect into compliance with other ntvfs functions
which take an ntvfs module, an ntvfs request and an smb io union.
It now becomes the responsibility of ntvfs modules to examine
tcon->generic.level themselves and derive the share name and any other
options
directly; e.g.
const char *sharename;
switch (tcon->generic.level) {
case RAW_TCON_TCON:
sharename = tcon->tcon.in.service;
break;
case RAW_TCON_TCONX:
sharename = tcon->tconx.in.path;
break;
case RAW_TCON_SMB2:
default:
return NT_STATUS_INVALID_LEVEL;
}
if (strncmp(sharename, "\\\\", 2) == 0) {
char *p = strchr(sharename+2, '\\');
if (p) {
sharename = p + 1;
}
}
service.c smbsrv_tcon_backend() is called before ntvfs_connect and fills in
some of the tcon->..out values.
For the case of RAW_TCON_TCONX, it filles out tcon->tconx.out.tid and
tcon->tconx.out.options
For the case of RAW_TCON_TCON it fills out tcon->tcon.out.tid and
tcon->tcon.out.max_xmit
Thus the ntvfs_connect function for vfs modules may override these values
if desired, but are not required to.
ntvfs_connect functions are required to fill in the tcon->tconx.out.*_type
fields, for RAW_TCON_TCONX, perhaps something like:
if (tcon->generic.level == RAW_TCON_TCONX) {
tcon->tconx.out.fs_type = ntvfs->ctx->fs_type;
tcon->tconx.out.dev_type = ntvfs->ctx->dev_type;
}
Signed-off-by: Sam Liddicott <sam@liddicott.com>
(I fixed the ntvfs_connect() in the smb_server/smb2/
and the RAW_TCON_SMB2 switch case in the modules)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
backend
The vfs_unixuid module changes the uid of the process when executing
operations on behalf of the user. Within the VFS backend we may rely
on semi-async calls, such as winbind calls, which will call the event
loop again. To cope with this we need to ensure that while inside
those calls we revert the uid to root, then revert back to the
connected user when we have finished with the semi-async calls.
|
|
metze
|
|
|
|
(This used to be commit 2908a77fa5c32e92665775a5785345f704202f0a)
|
|
(This used to be commit 17637e4490e42db6cdef619286c4d5a0982e9d1a)
|
|
up the call stack.
(This used to be commit ba75f1613a9aac69dd5df94dd8a2b37820acd166)
|
|
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
|
|
There are still a few tidyups of old FSF addresses to come (in both s3
and s4). More commits soon.
(This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
|
|
get rid
of compiler warnings in the cifs backend
metze
(This used to be commit 34ef07b1f5acdad27edd80de8de4c6de7f879f9b)
|
|
a nested ntvfs call. The req structure can go away while processing a
ntvfs request
(This used to be commit f62b3c505f71f37a86a76d152d643926e19eb148)
|
|
RAW_NOTIFY_NTTRANS,RAW_NOTIFY_SMB2
- parse SMB2 Notify reponse
metze
(This used to be commit de50e0ccddfad16ad7b254770f4c52c1abe707b9)
|
|
(This used to be commit b6bf6b17cd92a3869c49209bc8ea8ef8c6c25cdd)
|
|
in r15186. I don't think I should be allowed to use quilt and svn at the
same time any more :(
(This used to be commit e0ca5ead27743c84f5d9310a05d6d718862ead1d)
|
|
"." for "..". These express the intention better that strcmp or strequal
and improve searchability via cscope/ctags.
(This used to be commit 7e4ad7e8e5ec266b969e3075c4ad7f021571f24e)
|
|
the version information can be checked when modules are registered.
(This used to be commit 95eb55806339fc5409c0adf137ebd5bffd7098ac)
|
|
- make ntvfs_common a library
- create sys_notify library
metze
(This used to be commit a3e1d56cf7b688c515f5d6d4d43e0b24c2261d15)
|
|
new dependency/proto system :-)
(This used to be commit 63ae3f21e3471895ba83df1c2fdc4147090f7fdb)
|
|
- the process module subsystem should not know about smb_server.h
- the smb_server module should not know about process models
metze
(This used to be commit bac95bb8f4ad35a31ee666f5916ff9b2f292d964)
|
|
(This used to be commit 79af976d189798bb92f5909237202ca18db1789f)
|
|
but I don't to get the commit to large, to I'll do this tomorrow...
metze
(This used to be commit 10e627032d7d04f1ebf6efed248c426614f5aa6f)
|
|
a union smb_file, to abtract
- const char *path fot qpathinfo and setpathinfo
- uint16_t fnum for SMB
- smb2_handle handle for SMB2
the idea is to later add a struct ntvfs_handle *ntvfs
so that the ntvfs subsystem don't need to know the difference between SMB and SMB2
metze
(This used to be commit 2ef3f5970901b5accdb50f0d0115b5d46b0c788f)
|
|
(for now we just do #define ntvfs_request smbsrv_request,
but it's the first step...)
- rename ntvfs_openfile() -> ntvfs_open()
- fix the talloc hierachie in some places in the ntvfs_map_*() code
metze
(This used to be commit ed9ed1f48f602354810937c0b0de850b44322191)
|
|
metze
(This used to be commit 19205b8d89d3d7e99a65938f59412e0c4e8ac5fe)
|
|
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
|
|
(This used to be commit 87f665a1d5ba74289974bf9d8f9441c162e6f1b1)
|
|
non-used memory context
(This used to be commit 127e06492a545940443c93e9aec66eebefa26dc2)
|
|
the ndr_pull/push/print functions for it in the ntacl-lsm module
- fix compiler warnings in the ldap_encode_ndr_* code
metze
(This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
|
|
less likely that anyone will use pstring for new code
- got rid of winbind_client.h from includes.h. This one triggered a
huge change, as winbind_client.h was including system/filesys.h and
defining the old uint32 and uint16 types, as well as its own
pstring and fstring.
(This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
|
|
large commit. I thought this was worthwhile to get done for
consistency.
(This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
|
|
talloc(ctx, 0) call.
- cleaned up some talloc usage in various files
I'd like to get to the point that we have no calls to talloc(), at
which point we will rename talloc_p() to talloc(), to encourage
everyone to use the typesafe functions.
(This used to be commit e6c81d7c9f8a6938947d3c1c8a971a0d6d50b67a)
|
|
and debug privileges
metze
(This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
|
|
this is mostly just a tidyup, but also adds the privilege_mask, which
I will be using shortly in ACL checking.
note that I had to move the definition of struct security_token out of
security.idl as pidl doesn't yet handle arrays of pointers, and the
usual workaround (to use a intermediate structure) would make things
too cumbersome for this structure, especially given we never encode it
to NDR.
(This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
|
|
subsystem. This is in preparation for adding better default ACL
generation in pvfs, which will require uid/gid -> sid mapping.
(This used to be commit b31108e49247495d98cf7c12ee303b12a9e44e92)
|
|
based on the current nttoken, which is completely wrong, but works as a start.
The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL
union with a version number to allow for future expansion.
pvfs does not yet check the ACL for file access. At the moment the ACL
is just query/set.
We also need to do some RPC work to allow the windows ACL editor to be
used. At the moment is queries the ACL fine, but displays an error
when it fails to map the SIDs via rpc.
(This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
|
|
- Re-disable tdbtool (it was building fine on my Debian box but other
machines were having problems)
(This used to be commit 0d7bb2c40b7a9ed59df3f8944133ea562697e814)
|
|
outstanding async operation (triggering an immediate timeout).
pvfs now passes the RAW-MUX test
(This used to be commit 3423e2f41461d054067ef168b9b986f62cc8f77c)
|
|
(This used to be commit 7c4e6ebf05790dd6e29896dd316db0fff613aa4e)
|
|
(This used to be commit 1087ea830e7aead86d54a1836512e88554afc919)
|
|
- tidied up some of the system includes
- moved a few more structures back from misc.idl to netlogon.idl and samr.idl now that pidl
knows about inter-IDL dependencies
(This used to be commit 7b7477ac42d96faac1b0ff361525d2c63cedfc64)
|
|
metze
(This used to be commit 177afd4855c66f46c82899b46f030803be63d52a)
|
|
unix account.
Andrew Bartlett
(This used to be commit fbe932ddd4282c3d8af8a28fdd0cee83d0c8f4f3)
|
|
in the right state when called. For example, when we use the unixuid
handler in the chain of handlers, and a backend decides to continue a
call asynchronously then we need to ensure that the continuation
happens with the right security context.
The solution is to add a new ntvfs operation ntvfs_async_setup(),
which calls all the way down through the layers, setting up anything
that is required, and takes a private pointer. The backend wanting to
make a async calls can use ntvfs_async_setup() to ensure that the
modules above it are called when doing async processing.
(This used to be commit a256e71029727fa1659ade6257085df537308c7d)
|
|
backends to open databases and perform any other privileged
operations that might be needed.
(This used to be commit 54fd395025656d9b264ba1c1fab6e3ce8ca3d357)
|
|
server supplied info structure.
- added SID_WORLD and SID_NETWORK to the foreign sids in the
provisioning, as these are auto-added to the nt_user_token (why is
that done? Andrew?)
(This used to be commit 1dff12fba88827660a2647457867bf4ff6bc8d3d)
|