IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Signed-off-by: Ralph Boehme <rb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 11 03:54:42 CEST 2014 on sn-devel-104
This avoids asking for the posix ACL on disk twice, and avoids running
a good deal of mapping code if it is not needed.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Where supported by the system ACL backend, this avoids hashing the
result of the ACL mapping, instead hashing the original ACL,
linearlised.
For maximum robustness, the hash of the NT and system ACL are stored,
along with the time and a description of the system ACL. This variety
of extra metadata may assist some future implementation in determining
which hash to validate.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Omission to free the talloc frame causes a panic (at least in developer mode)
in the next main event loop due to "Frame not freed in order."
(Freed frame ../source3/smbd/process.c:3617, expected ../source3/modules/vfs_acl_common.c:534.)
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Dec 4 09:03:25 CET 2012 on sn-devel-104
When we add a new DACL to the security descriptor, we need to use the
SD as the memory context, so we can talloc_move() it as a tree to a
new parent.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 2 22:16:14 CET 2012 on sn-devel-104
This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().
As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.
Andrew Bartlett
This should help us understand why sometimes an ACL set won't stick.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep 11 18:19:53 CEST 2012 on sn-devel-104
This fixes a coredump with a NULL DACL in add_directory_inheritable_components().
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Mar 17 01:05:57 CET 2012 on sn-devel-104
If referring to an fsp sbuf can be left as an uninitialized variable,
causing the 'is_directory' variable to be false when it should be true.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Dec 2 22:13:03 CET 2011 on sn-devel-104
This is what the source4/ntvfs/posix code uses.
It's also used at provision time to setup the sysvol permissions.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Oct 11 14:16:25 CEST 2011 on sn-devel-104
Ensure we always use vfs_ChDir() to keep the singleton cache coherent.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Aug 19 00:43:05 CEST 2011 on sn-devel-104
Fix incorrect interaction when all of
"inherit permissions = yes"
"inherit acls = yes"
"inherit owner = yes"
are set. Found by Björn Jacke. Thanks Björn !
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jun 7 22:32:18 CEST 2011 on sn-devel-104
If "inherit owner = yes", pass in the directory owner and group
owner as the target for CREATOR_OWNER and CREATOR_GROUP substitutions,
and also as the owner and primary group of the new security descriptor
being applied to the object.
Jeremy.
Print child descriptor instead of parent.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Apr 11 11:48:42 CEST 2011 on sn-devel-104
Caused by premature optimisation storing the parent ACL on the
module handle instead of (correctly) on the file fsp. Previous
code wasn't reentrant safe. This is less optimal but doesn't
crash in the specific case :-).
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Apr 9 02:05:15 CEST 2011 on sn-devel-104
this prevents a symbol duplication with the openssl library, which may
be linked in via a secondary library dependency
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
There is no reason for smbd with Windows ACLs to use chmod
or fchmod unless it's a file opened with UNIX extensions or
with posix pathnames.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Apr 2 02:40:43 CEST 2011 on sn-devel-104
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This will allow the auth_serversupplied_info struct to be migrated
to auth_session_info easier.
Adnrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
We were losing the incoming security descriptor revision number and
most importantly the "type" field as sent by the client. Ensure we
correctly store these in the xattr object.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 24 00:18:57 CET 2010 on sn-devel-104
Samba ACL module to ignore mapping to lower POSIX layer. With this
fix Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters
set).
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 16 01:26:31 UTC 2010 on sn-devel-104
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
the "protected" inheritance problem (bleeding up from the POSIX
layer).
Jeremy
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Oct 12 00:57:41 UTC 2010 on sn-devel-104
