IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We need to be able to give sensible error messages when a kerberos
calls fails. This propogates the kerberos error up the stack to the
caller.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
The includes of the UID wrapper headers werent't really efficient according
to metze's post on the technical mailing list (http://lists.samba.org/archive/samba-technical/2010-February/069165.html).
To achieve this move the "uid_wrapper.h" includes into "lib/util/unix_privs.c",
"lib/util/util.c", "ntvfs/posix/pvfs_acl.c" and "ntvfs/unixuid/vfs_unixuid.c".
Following a talk with tridge on IRC, this patch allow (pull|push)_xattr_blob to be called without
having a pvfs object. It's handy for programs that wants to manipulate xattr directly.
pvfs can be NULL if the directory a share points to does not exist. In
this case, there would be no open files, so it is safe to just return
from the function.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
bug 6989 is a rare crash that has occurred in production. My best
guess as to the cause is the talloc_free() not being specific enough
as to which parent needs to be freed.
The bug is that sometimes 'streams' is parent for 'new_name'.
With this said, 'new_name' must be dupped before 'streams'
pointer is freed.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Previously when a file was created, we produces the resulting access
mask based on an ACL check against the parent. This change means we
now calculate the inherited ACL much earlier, and produce the
resulting access mask from that ACL, or the user supplied ACL.
In order to implement root_fid in the s4 SMB server we need to declare
it as a handle type, just as for other fnum values in SMB. This
required some extensive (but simple) changes in many bits of code.
This segfault occoured in cases where we rejected (or never attempted)
the tree connect, so had an invalid private pointer for the logoff
codepath.
Andrew Bartlett
We now open a named via the named_pipe_auth
code and process IO via the tstream interface.
This means we support byte mode and message mode
named pipes.
We also correctly issue NT_STATUS_PIPE_BUSY
when a smb_trans request comes in and a read or smb_trans
is already pending.
We also have support for async dcerpc over ncacn_np now,
and we now can remove the ncacn_np specific hacks from the
rpc_server/ code.
metze
This bug was caused by two things:
1) in the unix ACL mapping, we were not taking into account group
write permssions for the SEC_STD_DELETE flag
2) when a file is created using OVERWRITE mode, a fchmod() would
fail if the user is not the file owner. We resolve that by only
doing the fchmod() if the mapped file attribute does not match the
desired file attribute
This fixes two issues pointed out by Andrew. It adds a runtime
uwrap_enabled() call that wraps the skips needed for uid emulation. It
also makes the skip in the directory_create_or_exist() function only
change the uid checking code, not the permissions code
This library intercepts seteuid and related calls, and simulates them
in a manner similar to the nss_wrapper and socket_wrapper
libraries. This allows us to enable the vfs_unixuid NTVFS module in
the build farm, which means we are more likely to catch errors in the
token manipulation.
The simulation is not complete, but it is enough for Samba4 for
now. The major areas of incompleteness are:
- no emulation of setreuid, setresuid or saved uids. These would be
needed for use in Samba3
- no emulation of ruid changing. That would also be needed for Samba3
- no attempt to emulate file ownership changing, so code that (for
example) tests whether st.st_uid matches geteuid() needs special
handling
