IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This isn't worth a bug backport as right now the only flag that
could be overwritten is the UCF_POSIX_PATHNAMES flag, and for
a POSIX connection the client will use posix rename, not an
ntrename.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
The "ea support" configuration variable determines whether smbd
should attempt to manipulate extended attributes via SMB protocol.
It does not pertain to the underlying storage and its support for
extended attributes.
get_ea_names_from_file() is being used also by vfs_streams_xattr -
a module which has nothing to do with client-visible extended
attributes. As such, vfs_streams_xattr should be able to operate
irrespective of the value of "ea support".
This patch moves the check for ea support to the callers.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This fixes a regression introduced by commit
f98d10af2a
(smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open)
The main problem was that Windows client seem to verify
the access to user.V2\ntuser.ini is rejected with NT_STATUS_ACCESS_DENIED,
using the machine credentials.
Passing UCF_PREP_CREATEFILE to filename_convert() triggers a code path
that implements a dropbox behaviour. A dropbox is a directory with only -wx permissions,
so get_real_filename fails with EACCESS, it needs to list the directory.
EACCESS is ignored with UCF_PREP_CREATEFILE.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 25 05:33:36 CEST 2016 on sn-devel-144
Fixup commit 0e01ed06a4
Add a missing return statement after generating error response to
the request.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Now that the VFS follows the convention that get-quota
returns error only on error condition, and success
with zero quota if there is no quota assigned,
reply with an error if failing to obtain a user's
quota.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Check the smb_filename->flags field, or req->posix_pathnames
instead, depending on what is available.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
External uses will be replaced by checks on struct smb_filename flags.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Prepare for changing vfs_streaminfo to do the same.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Mar 7 21:12:56 CET 2016 on sn-devel-144
Processing of NT_TRANSACT_GET_USER_QUOTA involves a security check to
see the user is an admin, allow this check to run in unit-testing mode.
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This will allow us to move lp_posix_pathnames() out of unix_convert()
later.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
Prepare to remove lp_posix_pathnames() out of ms_has_wild().
Check before calls to ms_has_wild().
Fixup reply_ntrename().
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We marshall into a binary buffer, uint8_t better reflects that.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 27 00:40:58 CEST 2015 on sn-devel-104
sid_parse takes a binary blob, uint8_t reflects this a bit
better than char * does
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Sometimes Windows clients doesn't filter SECINFO_[UN]PROTECTED_[D|S]ACL flags
before sending the security_information to the server.
security_information = SECINFO_PROTECTED_DACL| SECINFO_DACL
results in a NULL dacl being returned from an GetSecurityDecriptor
request. This happens because posix_get_nt_acl_common()
has the following logic:
if ((security_info & SECINFO_DACL) && !(security_info & SECINFO_PROTECTED_DACL)) {
... create DACL ...
}
I'm not sure if the logic is correct or wrong in this place (I guess it's
wrong...).
But what I know is that the SMB server should filter the given
security_information flags before passing to the filesystem.
[MS-SMB2] 3.3.5.20.3 Handling SMB2_0_INFO_SECURITY
...
The server MUST ignore any flag value in the AdditionalInformation field that
is not specified in section 2.2.37.
Section 2.2.37 lists:
OWNER_SECURITY_INFORMATION
GROUP_SECURITY_INFORMATION
DACL_SECURITY_INFORMATION
SACL_SECURITY_INFORMATION
LABEL_SECURITY_INFORMATION
ATTRIBUTE_SECURITY_INFORMATION
SCOPE_SECURITY_INFORMATION
BACKUP_SECURITY_INFORMATION
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10773
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This prepares the structures for multi-channel support.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
This prepares the structures for multi-channel support.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 9 21:02:21 CET 2013 on sn-devel-104
This is a performance improvement for heavily contended files, in
particular in a cluster. The separate call to get_file_infos makes us
pull the locking.tdb record twice per open. For a contended file this
can be a performance penalty, this gets the # of record accesses for
the open/close cycle down from 3 to 2.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 23 00:40:49 CET 2013 on sn-devel-104
Windows 8 tries to set 'ATTRIBUTE_SECURITY_INFORMATION' on some
dirs. Ignoring it makes roaming profiles work again.
Just like w2k3 gracefully ignore all the other bits.
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 1 20:58:25 CEST 2013 on sn-devel-104
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Bug 9992 - Windows error 0x800700FE when copying files with xattr names containing ":"
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
When trying to read a profile, under certain circumstances Windows tries
to read with its machine account first. The profile previously written
was stored with an ACL that only allows access for the user and not
the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using
the machine account, making it retry with the user account (which would
then succeed).
Samba under these circumstances erroneously gives
NT_STATUS_OBJECT_PATH_NOT_FOUND, which makes Windows give up and not
retry. The reasons is the "dropbox" patch in unix_convert, turning EACCESS
on the last path component to OBJECT_PATH_NOT_FOUND. This patch makes
the dropbox behaviour only kick in when we are creating a file. I think
this is an abstraction violation. unix_convert() should not have to know
about the create_disposition, but given that we have pathname resolution
separated from the core open code right now this is the best we can do.
Signed-off-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>
This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().
As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.
Andrew Bartlett
They use talloc_tos() internally: hoist that up to the callers, some
of whom don't want to us talloc_tos().
A simple patch, but hits a lot of files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>