Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit ae14905d9522dbdc1709ef110b9933adcb740a26)
|
|
again to kukks for the excellent and detailed bug report
(This used to be commit 7dfffe4ac0d6858ae6848708df1baa11a6819680)
|
|
this to be right.
(This used to be commit e22de9734f66bee3c9eaf8191fcae9fb06a0034f)
|
|
this is mostly just a tidyup, but also adds the privilege_mask, which
I will be using shortly in ACL checking.
note that I had to move the definition of struct security_token out of
security.idl as pidl doesn't yet handle arrays of pointers, and the
usual workaround (to use a intermediate structure) would make things
too cumbersome for this structure, especially given we never encode it
to NDR.
(This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
|
|
(This used to be commit 6da058a28ba44a02964d375c9e390fbd472bc2b6)
|
|
though - I expect we'll need to tweak that some more.
(This used to be commit e3500811b90b8423ee7694609340f394957d1160)
|
|
(This used to be commit 35ca4e1e81c5d927238e90d0c6c09987c11b5d35)
|
|
test. Also added generic mapping bits for pvfs. We don't pass RAW-ACLS
yet, but its close.
(This used to be commit c7cbd966d49a5345ea326732587555d209c531fc)
|
|
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
|
|
(This used to be commit b0f6e21481745d1b2ced28d9ed6f09f6ffd99562)
|
|
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
|
|
in my compile
(This used to be commit 0928b1f5b68c858922c3ea6c27ed03b5091c6221)
|
|
This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and
SEC_RIGHTS_FULL_CONTROL, which are just other names for
SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names
match the new naming conventions in security.idl
Also added names for the generic->specific mappings for files are
directories
(This used to be commit 17a4e0b3aca227b40957ed1e0c57e498debc6ddf)
|
|
work out some way to do a decent test suite for this.
(This used to be commit 9a9a0d0e791e4b64f0a35c921729e623b977af47)
|
|
definitions for security access masks, in security.idl
The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
(This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
|
|
(This used to be commit 01e89697fe837ee76fedda149e1e2b389a7d3889)
|
|
easier
(This used to be commit 54209ed05686a442156f7927c58d8656aa5e4900)
|
|
id->sid mapping
(This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)
|
|
better default NT ACL in pvfs
(This used to be commit 9ff6ecbdb6c08528193f7958d7ea7d9a8df6defd)
|
|
our local domain. Note that this linear mapping does not suffer from
the "foreign sid" problems of the linear mappings we have previously
rejected for the sid->uid problem.
the mapping allows for 1 billion automatically allocated users or
groups for the local domain.
(This used to be commit 8f573439753e2a425305936107442c85cffb9369)
|
|
(This used to be commit 052d91c59f177851b5e0e53c8a033bdd28702f64)
|
|
subsystem. This is in preparation for adding better default ACL
generation in pvfs, which will require uid/gid -> sid mapping.
(This used to be commit b31108e49247495d98cf7c12ee303b12a9e44e92)
|
|
metze
(This used to be commit 234166606dc86b9e98226cff94b3869ec173671e)
|
|
metze
(This used to be commit 7d24b98f3ff55049a7c0d430c15e0a060b4aa2d3)
|
|
metze
(This used to be commit 3bfb732187211d450db842a7533e4c7e915b6ce4)
|
|
- added support for sticky write times after a setfileinfo, by using a
write_time field in the DosAttrib xattr structure.
(This used to be commit 4a52fae82d8305e999f94f1947daa21dab54cdfd)
|
|
This reduces the total size of the samba binaries from 119 Mb to 73 Mb.
Next step will be to have the build system obtain some of this information
by itself, so that we don't have to write ~10 lines per interface manually.
(This used to be commit 16d905f6b0cbec591eebc44ee2ac9516a5730378)
|
|
- fixed revision number on default DACL
- fixed DACL_PRESENT bit in acl query
with these fixes cacls.exe and the GUI ACL editor in w2k both work
against pvfs. The GUI editor is slow as it times out looking up the
SID -> name mappings.
(This used to be commit 4468018cb63fd884920c2b0f5235bded50c6b5db)
|
|
- added support for initial ACLs in pvfs backend
(This used to be commit 05ee9179f74d243aa22fa00be7873c5db76a8ad1)
|
|
- pvfs now passes RAW-ACLS
(This used to be commit 2e19edaa4ebc96b3e95e0b55c4fae8eaefd642b2)
|
|
(This used to be commit 17911eea5995c12a2300dd3928612c77f8f0883e)
|
|
based on the current nttoken, which is completely wrong, but works as a start.
The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL
union with a version number to allow for future expansion.
pvfs does not yet check the ACL for file access. At the moment the ACL
is just query/set.
We also need to do some RPC work to allow the windows ACL editor to be
used. At the moment is queries the ACL fine, but displays an error
when it fails to map the SIDs via rpc.
(This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
|
|
call has an optional sec_desc and ea_list.
(This used to be commit 8379ad14e3d51a848a99865d9ce8d56a301e8a3c)
|
|
(This used to be commit b7e4ec4550dd2d15714784e5fb29789be9ca8623)
|
|
(This used to be commit 8a6fa43156667f75e058c7d44b1c15a6cf7067b2)
|
|
- added a delete-on-close test to RAW-STREAMS
- don't allow rename of streams at the moment (I need to work out if
its supposed to be allowed first)
(This used to be commit f4b2b1311da6e37ac0947a3419d89c77ebbd6b63)
|
|
filesystem attribute reply
- pvfs passes the RAW-STREAMS test
(This used to be commit c1a48a7542a52df734b54031f405d574e4c891e3)
|
|
The trickiest part about this was getting the sharing and locking
rules right, as alternate streams are separate locking spaces from the
main file for the purposes of byte range locking, and separate for
most share violation rules.
I suspect there are still problems with delete on close with alternate
data streams. I'll look at that next.
(This used to be commit b6452c4a2068cf7e837778559da002ae191b508a)
|
|
(the IDL, and the load/save meta-data logic)
- changed pvfs_resolve_name() to default to non-wildcard, needing
PVFS_RESOLVE_WILDCARD to enable wildcards. Most callers don't want
wildcards, so defaulting this way makes more sense.
- fixed deletion of EAs
(This used to be commit e7afd4403cc1b7e0928776929f8988aa6f15640b)
|
|
(This used to be commit ad7815fababe5783df5e8fb4a490921a5af693d6)
|
|
- Re-disable tdbtool (it was building fine on my Debian box but other
machines were having problems)
(This used to be commit 0d7bb2c40b7a9ed59df3f8944133ea562697e814)
|
|
- Use .mk files directly (no need for a SMB_*_MK() macro when adding a new SUBSYSTEM, MODULE or BINARY). This allows addition of new modules and subsystems without running configure
- Add support for generating .dot files with the Samba4 dependency tree (as used by the graphviz and springgraph utilities)
(This used to be commit 64826da834e26ee0488674e27a0eae36491ee179)
|
|
FILE_ATTRIBUTE_DIRECTORY bit
(This used to be commit 5af815ffc3531e4ae4a6844e9f754656d9acf76e)
|
|
(This used to be commit 3d50982f5419b9a5c53f2b82a2313669cdeaaa21)
|
|
- added support for wildcard rename in pvfs
- made more consistent use of pvfs_map_errno()
(This used to be commit e255d1c3a811c480a850452aaf636d9fa36f69fe)
|
|
setpathinfo. pvfs now passes the RAW-SFILEINFO test.
(This used to be commit 31ac31398ba52dfc554e58edaa7ae257caf5fdc6)
|
|
fixes a directory creation problem from WinXP
(This used to be commit 4b3afc6c395b430e7e56d8ebe0ddf85c556a5df5)
|
|
(This used to be commit bdabb3f836d56ab0af9201321c00c8b385e053a5)
|
|
pvfs. This prevents a possible crash due to free ordering on
unexpected disconnect.
(This used to be commit bfca9eb7cb7a2caf3a232d538808ff2ade8e1ca9)
|
|
BASE-DENYDOS test.
- pvfs now passes BASE-DENY1 and BASE-DENYDOS.
(This used to be commit aa09df22ee729c02552638859236d9068e9748ae)
|