Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-03-05 | s4-pvfs_sys: talloc_free should be before errno restore | Andrew Tridgell | 1 | -13/+13 | |
talloc can potentially change the errno | |||||
2010-03-05 | s4-pvfs: use pvfs_sys_fchmod() | Andrew Tridgell | 3 | -4/+4 | |
2010-03-05 | s4-pvfs: set default for perm override based on system features | Andrew Tridgell | 1 | -1/+9 | |
If the system has O_NOFOLLOW and O_DIRECTORY then we allow for overrides by default. If not, then we disable by default, as we will be more vulnerable to symlink attacks | |||||
2010-03-05 | s4-pvfs: use O_FOLLOW one level at a time for security overrides | Andrew Tridgell | 1 | -37/+357 | |
To prevent symlink attacks we need to use O_NOFOLLOW one level at a time when processing a root security override | |||||
2010-03-05 | s4-pvfs: use pvfs_sys_*() functions to wrap posix calls | Andrew Tridgell | 5 | -20/+20 | |
This allows for root override, which fixes many problems with mismatches between NT ACL permissions and unix permissions. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-03-05 | s4-pvfs: new pvfs_sys module | Andrew Tridgell | 2 | -0/+301 | |
The pvfs_sys_*() calls provide wrapper functions for posix file functions which use root privileges to override EACCES failures if PVFS_FLAG_PERM_OVERRIDE is set Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-03-05 | s4-pvfs: added new pvfs flag PVFS_FLAG_PERM_OVERRIDE | Andrew Tridgell | 2 | -0/+4 | |
This flag indicates that we should use root privileges to override unix permissions when the NT ACLs indicate that access should be granted Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-03-05 | s4-pvfs: log more error conditions in NTVFS backend | Andrew Tridgell | 3 | -0/+31 | |
This should make is easier to track down some bug reports Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-03-05 | s4-pvfs: move the private ntcreatex flags to private_flags | Andrew Tridgell | 3 | -6/+12 | |
Re-using two of the create_options bits was bound to eventually cause problems, and indeed, Windows7 now uses one of those bits when opening text files. Fixes bug 7189 | |||||
2010-03-03 | s4-posix: allow change ownership of files if the user has the right privileges | Andrew Tridgell | 1 | -2/+21 | |
When a user has SEC_PRIV_TAKE_OWNERSHIP or SEC_PRIV_RESTORE they have permission to change the ownership of a file. This should fix bug 6987 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-02-26 | s4-krb5: propogate errors from a lot more kerberos functions | Andrew Tridgell | 1 | -1/+2 | |
We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org> | |||||
2010-02-13 | s4-ntvfs: use TYPESAFE_QSORT() in notify code | Andrew Tridgell | 1 | -3/+2 | |
2010-02-11 | s4: Switch to S3-style id mapping data types. | Kai Blin | 3 | -22/+22 | |
2010-02-09 | s4:Remove "Py_RETURN_NONE" compatibility code | Matthias Dieter Wallnöfer | 2 | -8/+0 | |
This was needed only by Python 2.3 which we no longer support. | |||||
2010-02-05 | s4:UID wrapper - Fix includes | Matthias Dieter Wallnöfer | 2 | -0/+18 | |
The includes of the UID wrapper headers werent't really efficient according to metze's post on the technical mailing list (http://lists.samba.org/archive/samba-technical/2010-February/069165.html). To achieve this move the "uid_wrapper.h" includes into "lib/util/unix_privs.c", "lib/util/util.c", "ntvfs/posix/pvfs_acl.c" and "ntvfs/unixuid/vfs_unixuid.c". | |||||
2010-02-02 | Change uint_t to unsigned int in source4 | Matt Kraai | 13 | -37/+37 | |
Signed-off-by: Stefan Metzmacher <metze@samba.org> | |||||
2010-01-25 | pyxattr: Move to the same directory as the xattr code. | Jelmer Vernooij | 3 | -0/+259 | |
2010-01-21 | s4: ntvfs, create push_xattr_blob_tdb_raw and pull_xattr_blob_tdb_raw that ↵ | Matthieu Patou | 1 | -27/+49 | |
do not depend on pvfs objects Following a talk with tridge on IRC, this patch allow (pull|push)_xattr_blob to be called without having a pvfs object. It's handy for programs that wants to manipulate xattr directly. | |||||
2009-12-17 | s4-ntvfs: check if pvfs is NULL in pvfs_logoff | brendan powers | 1 | -0/+5 | |
pvfs can be NULL if the directory a share points to does not exist. In this case, there would be no open files, so it is safe to just return from the function. Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2009-12-16 | s4-ntvfs: try to fix bug 6989 | Andrew Tridgell | 1 | -2/+2 | |
bug 6989 is a rare crash that has occurred in production. My best guess as to the cause is the talloc_free() not being specific enough as to which parent needs to be freed. | |||||
2009-12-08 | s4/smbstreams: Fix memory use after free. | Kamen Mazdrashki | 1 | -4/+8 | |
The bug is that sometimes 'streams' is parent for 'new_name'. With this said, 'new_name' must be dupped before 'streams' pointer is freed. Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2009-12-03 | s4:ntvfs/posix/pvfs_streams - Fix "discard const" warning | Matthias Dieter Wallnöfer | 1 | -1/+1 | |
I removed one "const" in front of a string declaration to achieve this. Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2009-12-03 | s4:ntvfs/posix/pvfs_resolve - Fix "discard const" warning | Matthias Dieter Wallnöfer | 2 | -4/+4 | |
I removed two "const"s in front of string declarations to achieve this. Signed-off-by: Andrew Tridgell <tridge@samba.org> | |||||
2009-11-27 | s4-ntvfs: win7 does not check for the NONE smb2 lock flag on unlock | Andrew Tridgell | 1 | -1/+2 | |
2009-11-27 | s4-ntvfs: move valid lock range test from smb2 layer to generic code | Andrew Tridgell | 2 | -6/+19 | |
win7 also fails invalid lock ranges on SMB | |||||
2009-11-27 | s4-pvfs: fixed access check failure in SFILEINFO test | Andrew Tridgell | 1 | -8/+5 | |
matching windows behaviour is not always the right thing to do! | |||||
2009-11-27 | s4-smb2: SMB2 uses NT_STATUS_CANCELLED for cancelled locks | Andrew Tridgell | 1 | -1/+5 | |
2009-11-27 | s4-smb2: check for invalid SMB2 lock ranges | Andrew Tridgell | 1 | -0/+6 | |
2009-11-27 | s4-smb2: check for an invalid lock flags combination | Andrew Tridgell | 1 | -0/+3 | |
UNLOCK with FAIL_IMMEDIATELY is not allowed | |||||
2009-11-20 | s4:ntvfs/posix/pvfs_acl - Remove unused variable "token" | Matthias Dieter Wallnöfer | 1 | -1/+0 | |
2009-11-18 | s4:ntvfs_generic: check for valid SMB2_LOCK flags | Stefan Metzmacher | 1 | -0/+8 | |
metze | |||||
2009-11-07 | s4:vfs_ipc - fix "ipc_open" for NTTRANS create requests | Matthias Dieter Wallnöfer | 1 | -2/+2 | |
2009-10-19 | s4-pvfs: fill in alignment_requirement (valgrind error) | Andrew Tridgell | 1 | -0/+1 | |
2009-10-19 | s4-pvfs: another uninitialised variable | Andrew Tridgell | 1 | -1/+1 | |
thanks to valgrind for this one | |||||
2009-10-19 | s4-pvfs: fixed uninitialised variable | Andrew Tridgell | 1 | -1/+1 | |
This caused havoc on the build farm. Interestingly, it only affected gcc 4.3.3, not gcc 4.4.1 | |||||
2009-10-18 | s4-streams: fixed handling of stream rename and overwrite | Andrew Tridgell | 3 | -9/+21 | |
2009-10-18 | s4-pvfs: rename with full name gives SHARING_VIOLATION | Andrew Tridgell | 1 | -1/+3 | |
2009-10-18 | s4-pvfs: when reporting the file name, don't include the :$DATA suffix | Andrew Tridgell | 1 | -0/+10 | |
2009-10-18 | s4-pvfs: the STREAM_INFORMATION calls don't need any access flags | Andrew Tridgell | 1 | -0/+5 | |
2009-10-18 | s4-pvfs: fixed update of stream sizes | Andrew Tridgell | 1 | -1/+1 | |
The data_blob_free() was changing the size we set the stream to | |||||
2009-10-18 | s4-pvfs: more fixes for ACLs on file creation | Andrew Tridgell | 1 | -11/+12 | |
The passed in SD is not used to limit the access mask allowed on file create. | |||||
2009-10-18 | s4-smb2: fixed SMB2 find commands | Andrew Tridgell | 1 | -2/+2 | |
The change to check for invalid \ prefix on SMB2 paths broke the internal SMB2 code. | |||||
2009-10-18 | s4-pvfs: change the handling of access checking on create | Andrew Tridgell | 4 | -60/+124 | |
Previously when a file was created, we produces the resulting access mask based on an ACL check against the parent. This change means we now calculate the inherited ACL much earlier, and produce the resulting access mask from that ACL, or the user supplied ACL. | |||||
2009-10-17 | s4-pvfs: when uwrap is enabled, ignore chown errors | Andrew Tridgell | 1 | -0/+3 | |
chown is expected to fail under uwrap | |||||
2009-10-17 | s4-pvfs: don't auto-apply privilege bits in unix acl handling either | Andrew Tridgell | 1 | -7/+11 | |
2009-10-17 | s4-pvfs: use privileges rather than "uid == 0" in unix access check | Andrew Tridgell | 1 | -6/+12 | |
This makes the unix access check much closer to the full ACL check | |||||
2009-10-16 | s4-pvfs: fixed mask handling for SEC_FLAG_MAXIMUM_ALLOWED | Andrew Tridgell | 1 | -2/+2 | |
This matches the sec_access_check() code | |||||
2009-10-15 | s4-pvfs: implement root_fid support in posix backend | Andrew Tridgell | 1 | -0/+15 | |
Construct the filename from the old handle and the new name. | |||||
2009-10-15 | s4-smb: declare root_fid as a file handle | Andrew Tridgell | 1 | -1/+1 | |
In order to implement root_fid in the s4 SMB server we need to declare it as a handle type, just as for other fnum values in SMB. This required some extensive (but simple) changes in many bits of code. | |||||
2009-10-15 | s4-pvfs: fixed handling of SEC_FLAG_MAXIMUM_ALLOWED | Andrew Tridgell | 1 | -1/+1 | |
The CREATEX_ACCESS test shows that this is used as a bit test, not a equality test |