IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
This library was tiny - containing just two public functions than were
themselves trivial. The amount of overhead this causes isn't really worth the
benefits of sharing the code with other projects like OpenChange. In addition, this code
isn't really generically useful anyway, as it can only load from the module path
set for Samba at configure time.
Adding a new library was breaking the API/ABI anyway, so OpenChange had to be
updated to cope with the new situation one way or another. I've added a simpler
(compatible) routine for loading modules to OpenChange, which is less than 100 lines of code.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Dec 3 08:36:33 CET 2011 on sn-devel-104
This disables the posix permission override if the calculated
permissions did not come from a NT ACL.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Dec 1 05:14:49 CET 2011 on sn-devel-104
Currently there are a lot of duplicate ioctl function field definitions
between source3 and source4.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
This passes down a struct loadparm_context to allow these
parameters to be checked. This may be s3 or s4 context, allowing the
#if _SAMBA_BUILD_ macro to go away safely.
Andrew Bartlett
This is done so that the lpcfg_ functions are available across the whole
build, either with the struct loadparm_context loaded from an smb.conf directly
or as a wrapper around the source3 param code.
This is not the final, merged loadparm, but simply one step to make
it easier to solve other problems while we make our slow progress
on this difficult problem.
Andrew Bartlett
Note: this doesn't work against a Samba4 KDC yet.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed Jun 22 18:17:43 CEST 2011 on sn-devel-104
TDB2 returns a negative error number on failure. This is compatible
if we always check for != 0 instead of == -1.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
TDB2 returns a negative error number on failure. This is compatible
if we always check for != 0 instead of == -1.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We change all the headers and wscript files to use tdb_compat; this
means we have one place to decide whether to use TDB1 or TDB2.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
The two error tables need to be combined, but for now seperate the names.
(As the common parts of the tree now use the _common function,
errmap_unix.c must be included in the s3 autoconf build).
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Mon Jun 20 08:12:03 CEST 2011 on sn-devel-104
Now that we don't allow the smb.conf to change the modules dir, many
functions that simply load modules or initialise a subsytem that may
load modules no longer need an lp_ctx.
Andrew Bartlett
Several places want "microseconds from current time", and several were
simply handing "usecs" values which could be over a million.
Using a helper to do this is safer and more readable.
I didn't replace any obviously correct callers (ie. constants).
I also renamed wait_nsec in source3/lib/util_sock.c; it's actually
microseconds not nanoseconds (introduced with this code in Volker's
19b783cc Async wrapper for open_socket_out_send/recv).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Several places want "milliseconds from current time", and several were
simply doing "msec * 1000" which can (and does in one place) result in
a usec value over 1 a million.
Using a helper to do this is safer and more readable.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is a configuration problem on the server, no invalid parameter
from the client.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Wed May 18 08:49:00 CEST 2011 on sn-devel-104
This #if _SAMBA_BUILD == 3 is very unfortunate, as it means that in
the top level build, these options are not available for these
databases. However, having two different tdb_wrap lists is a worse
fate, so this will do for now.
Andrew Bartlett
This function is problematic because a string may expand in size when
changed into upper or lower case. This will then push characters off
the end of the string in the s3 implementation, or panic in the former
s4 implementation.
Andrew Bartlett
That's why we have the 'container' parameter to indicate
the caller wants to create a directory.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Mar 22 17:39:11 CET 2011 on sn-devel-104
This changes the structure being used to convey the current user state
from the netlogon-derived 'netr_SamInfo3' structure to a purpose-built
structure that matches the internals of the Samba auth subsystem and
contains the final group list, as well as the final privilege set and
session key.
These previously had to be re-created on the server side of the pipe
each time.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
This changes auth_serversupplied_info into the IDL-defined struct
auth_user_info_dc. This then in turn contains a struct
auth_user_info, which is the only part of the structure that is
mainted into the struct session_info.
The idea here is to avoid keeping the incomplete results of the
authentication (such as session keys, lists of SID memberships etc) in
a namespace where it may be confused for the finalised results.
Andrew Barltett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Sun Jan 9 15:47:01 CET 2011 on sn-devel-104
the IPC$ share is only used by the ntvfs backends, and doesn't need to
be created on every load of smb.conf. This fixes a problem with
testparm showing the ipc$ share when it isn't defined in smb.conf.
This also removes the admin$ share, which really shouldn't be on by
default. The admin$ share is used for remote software installation,
and normally exposes the c:\windows directory on a windows
server. That makes no sense on Samba. If for some reason a admin$
share is needed, then the admin can create one as usual. Exposing /tmp
via admin$ by default seems like a bad idea.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
The new waf-based build system now has all the same functionality, and
the old build system has been broken for quite some time.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sun Oct 31 02:01:44 UTC 2010 on sn-devel-104
this allows us to remove a dependency on the dcerpc_server from code
that uses rpc forwarding
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Only link to nss_wrapper when it is enabled.
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Oct 23 23:05:44 UTC 2010 on sn-devel-104
build rules should not list dependencies on python modules. Instead,
if code needs the module it should use the python API import calls to
access the module.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This makes the structure much more like NT_USER_TOKEN in the source3/
code. (The remaining changes are that privilages still need to be merged)
Andrew Bartlett
This simply askes IDMAP about all the user SIDs, rather than the user
and group sid, followed by all but the first two sids from the token.
Andrew Bartlett
this converts all callers that use the Samba4 loadparm lp_ calling
convention to use the lpcfg_ prefix.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
This IDL is almost common, but the source3 version has a
hand-marshalled server_id. The s3compat build has problems with two
different idl files of the same name.
Andrew Bartlett
I would love for notify.idl to be shared between Samba4 and Samba3
some day, and this seems to be the point at which the structure is
initialised.
Andrew Bartlett
I would love for notify.idl to be shared between Samba4 and Samba3
some day, and this seems to be the point at which the structure is
initialised.
Andrew Bartlett
If the system has O_NOFOLLOW and O_DIRECTORY then we allow for
overrides by default. If not, then we disable by default, as we will
be more vulnerable to symlink attacks
This allows for root override, which fixes many problems with
mismatches between NT ACL permissions and unix permissions.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
The pvfs_sys_*() calls provide wrapper functions for posix file
functions which use root privileges to override EACCES failures if
PVFS_FLAG_PERM_OVERRIDE is set
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
This flag indicates that we should use root privileges to override
unix permissions when the NT ACLs indicate that access should be
granted
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
Re-using two of the create_options bits was bound to eventually
cause problems, and indeed, Windows7 now uses one of those bits
when opening text files.
Fixes bug 7189
When a user has SEC_PRIV_TAKE_OWNERSHIP or SEC_PRIV_RESTORE they have
permission to change the ownership of a file.
This should fix bug 6987
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
We need to be able to give sensible error messages when a kerberos
calls fails. This propogates the kerberos error up the stack to the
caller.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
The includes of the UID wrapper headers werent't really efficient according
to metze's post on the technical mailing list (http://lists.samba.org/archive/samba-technical/2010-February/069165.html).
To achieve this move the "uid_wrapper.h" includes into "lib/util/unix_privs.c",
"lib/util/util.c", "ntvfs/posix/pvfs_acl.c" and "ntvfs/unixuid/vfs_unixuid.c".
Following a talk with tridge on IRC, this patch allow (pull|push)_xattr_blob to be called without
having a pvfs object. It's handy for programs that wants to manipulate xattr directly.
pvfs can be NULL if the directory a share points to does not exist. In
this case, there would be no open files, so it is safe to just return
from the function.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
bug 6989 is a rare crash that has occurred in production. My best
guess as to the cause is the talloc_free() not being specific enough
as to which parent needs to be freed.
The bug is that sometimes 'streams' is parent for 'new_name'.
With this said, 'new_name' must be dupped before 'streams'
pointer is freed.
Signed-off-by: Andrew Tridgell <tridge@samba.org>
Previously when a file was created, we produces the resulting access
mask based on an ACL check against the parent. This change means we
now calculate the inherited ACL much earlier, and produce the
resulting access mask from that ACL, or the user supplied ACL.
In order to implement root_fid in the s4 SMB server we need to declare
it as a handle type, just as for other fnum values in SMB. This
required some extensive (but simple) changes in many bits of code.
This segfault occoured in cases where we rejected (or never attempted)
the tree connect, so had an invalid private pointer for the logoff
codepath.
Andrew Bartlett
We now open a named via the named_pipe_auth
code and process IO via the tstream interface.
This means we support byte mode and message mode
named pipes.
We also correctly issue NT_STATUS_PIPE_BUSY
when a smb_trans request comes in and a read or smb_trans
is already pending.
We also have support for async dcerpc over ncacn_np now,
and we now can remove the ncacn_np specific hacks from the
rpc_server/ code.
metze
This bug was caused by two things:
1) in the unix ACL mapping, we were not taking into account group
write permssions for the SEC_STD_DELETE flag
2) when a file is created using OVERWRITE mode, a fchmod() would
fail if the user is not the file owner. We resolve that by only
doing the fchmod() if the mapped file attribute does not match the
desired file attribute
This fixes two issues pointed out by Andrew. It adds a runtime
uwrap_enabled() call that wraps the skips needed for uid emulation. It
also makes the skip in the directory_create_or_exist() function only
change the uid checking code, not the permissions code
This library intercepts seteuid and related calls, and simulates them
in a manner similar to the nss_wrapper and socket_wrapper
libraries. This allows us to enable the vfs_unixuid NTVFS module in
the build farm, which means we are more likely to catch errors in the
token manipulation.
The simulation is not complete, but it is enough for Samba4 for
now. The major areas of incompleteness are:
- no emulation of setreuid, setresuid or saved uids. These would be
needed for use in Samba3
- no emulation of ruid changing. That would also be needed for Samba3
- no attempt to emulate file ownership changing, so code that (for
example) tests whether st.st_uid matches geteuid() needs special
handling
This caused the panics on the RAW-SETFILEINFO.RENAME test,
because we returned an empty strings.
The problem was:
ERROR: talloc_steal with references at ntvfs/posix/pvfs_setfileinfo.c:215
reference at ntvfs/posix/pvfs_resolve.c:799
metze
ntvfs_map_fsinfo, ntvfs_map_qpathinfo, ntvfs_map_qfileinfo used an
old synchronous mapping technique, acceptable on the grounds that
they were only used by the simple vfs which was synchronous.
Other vfs may/do use these functions, and by upgrading them to use the
ntvfs_map_async_setup/ntvfs_map_async_finish framework, they can now be
used asynchronously.
Signed-off-by: Sam Liddicott <sam@liddicott.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
When the notify buffer overruns and there are no pending notify
requests, the notify buffer doesn't actually get destroyed, it just
gets put in a state where new notifies are discarded and the next
notify change request will return 0 changes.
This change brings ntvfs_connect into compliance with other ntvfs functions
which take an ntvfs module, an ntvfs request and an smb io union.
It now becomes the responsibility of ntvfs modules to examine
tcon->generic.level themselves and derive the share name and any other
options
directly; e.g.
const char *sharename;
switch (tcon->generic.level) {
case RAW_TCON_TCON:
sharename = tcon->tcon.in.service;
break;
case RAW_TCON_TCONX:
sharename = tcon->tconx.in.path;
break;
case RAW_TCON_SMB2:
default:
return NT_STATUS_INVALID_LEVEL;
}
if (strncmp(sharename, "\\\\", 2) == 0) {
char *p = strchr(sharename+2, '\\');
if (p) {
sharename = p + 1;
}
}
service.c smbsrv_tcon_backend() is called before ntvfs_connect and fills in
some of the tcon->..out values.
For the case of RAW_TCON_TCONX, it filles out tcon->tconx.out.tid and
tcon->tconx.out.options
For the case of RAW_TCON_TCON it fills out tcon->tcon.out.tid and
tcon->tcon.out.max_xmit
Thus the ntvfs_connect function for vfs modules may override these values
if desired, but are not required to.
ntvfs_connect functions are required to fill in the tcon->tconx.out.*_type
fields, for RAW_TCON_TCONX, perhaps something like:
if (tcon->generic.level == RAW_TCON_TCONX) {
tcon->tconx.out.fs_type = ntvfs->ctx->fs_type;
tcon->tconx.out.dev_type = ntvfs->ctx->dev_type;
}
Signed-off-by: Sam Liddicott <sam@liddicott.com>
(I fixed the ntvfs_connect() in the smb_server/smb2/
and the RAW_TCON_SMB2 switch case in the modules)
Signed-off-by: Stefan Metzmacher <metze@samba.org>
backend
The vfs_unixuid module changes the uid of the process when executing
operations on behalf of the user. Within the VFS backend we may rely
on semi-async calls, such as winbind calls, which will call the event
loop again. To cope with this we need to ensure that while inside
those calls we revert the uid to root, then revert back to the
connected user when we have finished with the semi-async calls.
