summaryrefslogtreecommitdiff
path: root/source4/ntvfs/unixuid
AgeCommit message (Collapse)AuthorFilesLines
2009-08-05added a uid_wrapper libraryAndrew Tridgell1-1/+1
This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-07-19Cosmetic correctionMatthias Dieter Wallnöfer1-1/+1
Changes the order of two commands. First set up the "priv" structure, then assign it to the "ntvfs" structure.
2009-05-20Have ntvfs_connect() accept union smb_tcon *tcon instead of char* sharenameSam Liddicott1-2/+2
This change brings ntvfs_connect into compliance with other ntvfs functions which take an ntvfs module, an ntvfs request and an smb io union. It now becomes the responsibility of ntvfs modules to examine tcon->generic.level themselves and derive the share name and any other options directly; e.g. const char *sharename; switch (tcon->generic.level) { case RAW_TCON_TCON: sharename = tcon->tcon.in.service; break; case RAW_TCON_TCONX: sharename = tcon->tconx.in.path; break; case RAW_TCON_SMB2: default: return NT_STATUS_INVALID_LEVEL; } if (strncmp(sharename, "\\\\", 2) == 0) { char *p = strchr(sharename+2, '\\'); if (p) { sharename = p + 1; } } service.c smbsrv_tcon_backend() is called before ntvfs_connect and fills in some of the tcon->..out values. For the case of RAW_TCON_TCONX, it filles out tcon->tconx.out.tid and tcon->tconx.out.options For the case of RAW_TCON_TCON it fills out tcon->tcon.out.tid and tcon->tcon.out.max_xmit Thus the ntvfs_connect function for vfs modules may override these values if desired, but are not required to. ntvfs_connect functions are required to fill in the tcon->tconx.out.*_type fields, for RAW_TCON_TCONX, perhaps something like: if (tcon->generic.level == RAW_TCON_TCONX) { tcon->tconx.out.fs_type = ntvfs->ctx->fs_type; tcon->tconx.out.dev_type = ntvfs->ctx->dev_type; } Signed-off-by: Sam Liddicott <sam@liddicott.com> (I fixed the ntvfs_connect() in the smb_server/smb2/ and the RAW_TCON_SMB2 switch case in the modules) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-03-19use the tevent nesting code to avoid the uid problem in the VFSAndrew Tridgell1-0/+66
backend The vfs_unixuid module changes the uid of the process when executing operations on behalf of the user. Within the VFS backend we may rely on semi-async calls, such as winbind calls, which will call the event loop again. To cope with this we need to ensure that while inside those calls we revert the uid to root, then revert back to the connected user when we have finished with the semi-async calls.
2009-02-02s4:ntvfs/unixuid: s/private/privStefan Metzmacher1-23/+23
metze
2008-10-24Remove unused include param/param.h.Jelmer Vernooij1-1/+0
2008-05-18Use variables for source directory in a couple more places.Jelmer Vernooij1-1/+1
(This used to be commit c41bd3005f5f0b9cfd3709fc9217b4a401d265b4)
2008-04-08Merge branch 'v4-0-test' of ssh://git.samba.org/data/git/samba into v4-0-gmake3Jelmer Vernooij1-22/+50
Conflicts: source/auth/credentials/config.mk source/auth/gensec/config.mk source/build/smb_build/makefile.pm source/heimdal_build/config.mk source/lib/events/config.mk source/lib/nss_wrapper/config.mk source/lib/policy/config.mk source/lib/registry/config.mk source/lib/socket_wrapper/config.mk source/lib/tdb/config.mk source/lib/tls/config.mk source/lib/util/config.mk source/libcli/config.mk source/libcli/ldap/config.mk source/libnet/config.mk source/librpc/config.mk source/param/config.mk source/rpc_server/config.mk source/scripting/ejs/config.mk source/smbd/process_model.mk (This used to be commit 760378e0294dd0cd4523a83448328478632d7e3d)
2008-04-02ntvfs: Use wbclient in vsf_unixuid, not sidmapKai Blin1-22/+50
(This used to be commit 2908a77fa5c32e92665775a5785345f704202f0a)
2008-03-03Move object file lists to the Makefile.Jelmer Vernooij1-2/+2
(This used to be commit a7e6d2a1832db388fdafa1279f84c9a8bbfc87d6)
2007-12-21r26353: Remove use of global_loadparm.Jelmer Vernooij1-1/+1
(This used to be commit 17637e4490e42db6cdef619286c4d5a0982e9d1a)
2007-12-21r26228: Store loadparm context in auth context, move more loadparm_contexts ↵Jelmer Vernooij1-1/+2
up the call stack. (This used to be commit ba75f1613a9aac69dd5df94dd8a2b37820acd166)
2007-12-21r25839: use nss_wrapper code in samba4 ifStefan Metzmacher1-1/+1
--enable-nss-wrapper or --enable-developer is given metze (This used to be commit f8bc6b9ad0eec60bff7fdc5653397efd9a044a29)
2007-10-10r25554: Convert last instances of BOOL, True and False to the standard types.Jelmer Vernooij1-2/+2
(This used to be commit 566aa14139510788548a874e9213d91317f83ca9)
2007-10-10r23792: convert Samba4 to GPLv3Andrew Tridgell1-3/+2
There are still a few tidyups of old FSF addresses to come (in both s3 and s4). More commits soon. (This used to be commit fcf38a38ac691abd0fa51b89dc951a08e89fdafa)
2007-10-10r23067: use 'const union smb_search_data *file' also in the server code to ↵Stefan Metzmacher1-2/+2
get rid of compiler warnings in the cifs backend metze (This used to be commit 34ef07b1f5acdad27edd80de8de4c6de7f879f9b)
2007-10-10r22406: this dependencies should also be privateStefan Metzmacher1-1/+1
metze (This used to be commit 7f07895cac3e933b39f81bf67812834352184af0)
2007-10-10r21214: fixed a valgrind error that can be caused by a semi-async call insideAndrew Tridgell1-1/+4
a nested ntvfs call. The req structure can go away while processing a ntvfs request (This used to be commit f62b3c505f71f37a86a76d152d643926e19eb148)
2007-10-10r16980: - make struct smb_notify a union and add levels ↵Stefan Metzmacher1-1/+1
RAW_NOTIFY_NTTRANS,RAW_NOTIFY_SMB2 - parse SMB2 Notify reponse metze (This used to be commit de50e0ccddfad16ad7b254770f4c52c1abe707b9)
2007-10-10r15826: ensure we don't dereference sec when NULLAndrew Tridgell1-1/+2
(This used to be commit b6bf6b17cd92a3869c49209bc8ea8ef8c6c25cdd)
2007-10-10r15572: Trim build/m4/rewrite.m4 a bit more, remove unused tests.Jelmer Vernooij1-0/+1
(This used to be commit d72c5c8f755277eb22e1f6834d98202f00c09934)
2007-10-10r15207: Introduce PRIVATE_DEPENDENCIES and PUBLIC_DEPENDENCIES as replacementJelmer Vernooij1-1/+1
for REQUIRED_SUBSYSTEMS. (This used to be commit adc8a019b6da256f104abed1b82bfde6998a2ac9)
2007-10-10r15188: Restore svn rev. 15183, 15184 and 15185, which I inadvertantly clobberedJames Peach1-3/+4
in r15186. I don't think I should be allowed to use quilt and svn at the same time any more :( (This used to be commit e0ca5ead27743c84f5d9310a05d6d718862ead1d)
2007-10-10r15186: Introduce ISDOT and ISDOTDOT macros for testing whether a filename isJames Peach1-4/+3
"." for "..". These express the intention better that strcmp or strequal and improve searchability via cscope/ctags. (This used to be commit 7e4ad7e8e5ec266b969e3075c4ad7f021571f24e)
2007-10-10r15185: Force all NTVFS modules to provide a critical sizes structure soJames Peach1-3/+4
the version information can be checked when modules are registered. (This used to be commit 95eb55806339fc5409c0adf137ebd5bffd7098ac)
2007-10-10r14964: - move sidmap code from ntvfs_common to SAMDBStefan Metzmacher2-1/+2
- make ntvfs_common a library - create sys_notify library metze (This used to be commit a3e1d56cf7b688c515f5d6d4d43e0b24c2261d15)
2007-10-10r14838: fix the build. Looks like I still haven't quite got the hang of theAndrew Tridgell1-0/+1
new dependency/proto system :-) (This used to be commit 63ae3f21e3471895ba83df1c2fdc4147090f7fdb)
2007-10-10r14736: - the ntvfs subsystem should not know about smb_server.hStefan Metzmacher1-1/+0
- the process module subsystem should not know about smb_server.h - the smb_server module should not know about process models metze (This used to be commit bac95bb8f4ad35a31ee666f5916ff9b2f292d964)
2007-10-10r14615: add notify to unixuid ntvfs moduleAndrew Tridgell1-0/+14
(This used to be commit 79af976d189798bb92f5909237202ca18db1789f)
2007-10-10r14487: split smbsrv_request into two parts, one will be moved to ntvfs_requestStefan Metzmacher1-4/+4
but I don't to get the commit to large, to I'll do this tomorrow... metze (This used to be commit 10e627032d7d04f1ebf6efed248c426614f5aa6f)
2007-10-10r14173: change smb interface structures to always useStefan Metzmacher1-4/+8
a union smb_file, to abtract - const char *path fot qpathinfo and setpathinfo - uint16_t fnum for SMB - smb2_handle handle for SMB2 the idea is to later add a struct ntvfs_handle *ntvfs so that the ntvfs subsystem don't need to know the difference between SMB and SMB2 metze (This used to be commit 2ef3f5970901b5accdb50f0d0115b5d46b0c788f)
2007-10-10r14157: - pass a struct ntvfs_request to the ntvfs layerStefan Metzmacher1-37/+36
(for now we just do #define ntvfs_request smbsrv_request, but it's the first step...) - rename ntvfs_openfile() -> ntvfs_open() - fix the talloc hierachie in some places in the ntvfs_map_*() code metze (This used to be commit ed9ed1f48f602354810937c0b0de850b44322191)
2007-10-10r13960: Generate makefile rules for installing/removing shared modules.Jelmer Vernooij1-1/+1
(This used to be commit 2c746980328431ab04852dc668899e3eb042da99)
2007-10-10r13658: More moving around of files:Jelmer Vernooij1-2/+0
- Collect the generic utility functions into a lib/util/ (a la GLib is for the GNOME folks) - Remove even more files from include/ (This used to be commit ba62880f5b05c2a505dc7f54676b231197a7e707)
2007-10-10r13129: fix the memory hierachieStefan Metzmacher1-1/+2
metze (This used to be commit 19205b8d89d3d7e99a65938f59412e0c4e8ac5fe)
2007-10-10r12608: Remove some unused #include lines.Jelmer Vernooij1-1/+0
(This used to be commit 70e7449318aa0e9d2639c76730a7d1683b2f4981)
2007-10-10r12528: Add seperate proto headers for ntvfs, tdr, smb_server and nbt_server.Jelmer Vernooij1-0/+1
(This used to be commit 87f665a1d5ba74289974bf9d8f9441c162e6f1b1)
2007-10-10r12498: Eliminate INIT_OBJ_FILES and ADD_OBJ_FILES. We were not usingJelmer Vernooij1-1/+1
the difference between these at all, and in the future the fact that INIT_OBJ_FILES include smb_build.h will be sufficient to have recompiles at the right time. (This used to be commit b24f2583edee38abafa58578d8b5c4b43e517def)
2007-10-10r11244: Relative path names in .mk filesJelmer Vernooij1-1/+1
(This used to be commit 24e10300906c380919d2d631bfb3b8fd6b3f54ba)
2007-10-10r11214: Remove scons files (see ↵Jelmer Vernooij1-3/+0
http://lists.samba.org/archive/samba-technical/2005-October/043443.html) (This used to be commit 7fffc5c9178158249be632ac0ca179c13bd1f98f)
2007-10-10r10586: Add MergedObject() builder. Default to Library() ratherJelmer Vernooij1-1/+1
then StaticLibrary() (This used to be commit b53313dc517986c69a4e4cb8fe3885b696f8faa1)
2007-10-10r10348: Add scons scripts for remaining subsystems. Most subsystems build now,Jelmer Vernooij1-0/+3
but final linking still fails (as does generating files asn1, et, idl and proto files) (This used to be commit 4f0d7f75b99c7f4388d8acb0838577d86baf68b5)
2007-10-10r9369: an attempt to fix the build on HPUX. This is based on work by DonAndrew Tridgell1-57/+0
McCall, but takes a slightly different approach that I hope will be more generic (This used to be commit e8260a81cf99be2ccae64135ca0572c8a6ae62ad)
2007-10-10r9320: Fix premature dereference bug found by Coverty and also get rid of ↵Alexander Bokovoy1-6/+3
non-used memory context (This used to be commit 127e06492a545940443c93e9aec66eebefa26dc2)
2007-10-10r9240: - move struct security_token to the idl file, with this we canStefan Metzmacher1-1/+1
the ndr_pull/push/print functions for it in the ntacl-lsm module - fix compiler warnings in the ldap_encode_ndr_* code metze (This used to be commit 83d65d0d7ed9c240ad44aa2c881c1f07212bfda4)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell1-0/+2
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-5/+5
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4547: - added talloc_new(ctx) macro that is a neater form of the common ↵Andrew Tridgell1-1/+1
talloc(ctx, 0) call. - cleaned up some talloc usage in various files I'd like to get to the point that we have no calls to talloc(), at which point we will rename talloc_p() to talloc(), to encourage everyone to use the typesafe functions. (This used to be commit e6c81d7c9f8a6938947d3c1c8a971a0d6d50b67a)
2007-10-10r4419: move security_token stuff to the libcli/security/Stefan Metzmacher1-0/+1
and debug privileges metze (This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
2007-10-10r4147: converted from NT_USER_TOKEN to struct security_tokenAndrew Tridgell1-9/+9
this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)