1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-12 09:18:10 +03:00
Commit Graph

136085 Commits

Author SHA1 Message Date
Douglas Bagnall
15fcf9b769 libcl/security:sddl_decode_acl: expand a comment
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 22:07:35 +00:00
Douglas Bagnall
01f8b61035 libcli/security:sddl_decode_ace: fix ';' count message
The wrong number of semicolons is usually one less than count (which
counts sections separated by semicolons), except when count is zero.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 22:07:35 +00:00
Douglas Bagnall
dd41357fcd libcl/security:sddl_decode_acl: add a message
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 22:07:35 +00:00
Douglas Bagnall
206db403b4 libcli/security:sddl_decode_ace: add more messages
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 22:07:35 +00:00
Douglas Bagnall
f712f8d371 libcli/security: adjust log verbosity in sddl_decode
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 22:07:35 +00:00
Douglas Bagnall
74c6cf44b9 libcli/security:sddl_decode_ace: turn DBG_WARNINGs into messages
This allows the messages to be more reliably presented by client tools
in a useful way.

The messages lose the trailing \n, and some were slightly tweaked (e.g.
s/Resource ACE/Resource Attribute ACE/).

They will still show up in logs for callers of sddl_decode(), but at
NOTICE level rather than WARNING.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 22:07:35 +00:00
Douglas Bagnall
23a83d37df pytest:samba-tool domain auth policy: expect error message detail
The knownfail will stay around for a few commits, because the message
we get is slightly wrong.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 22:07:35 +00:00
Douglas Bagnall
b18fe675c0 libcli/security:sddl_decode_err_msg(): don't pretend msg is optional (CID1548624)
Having it optionally NULL just complicates the code, and Coverity
rightly complained.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 22:07:35 +00:00
Christof Schmitt
12e5c15a97 vfs_zfsacl: Call stat CAP_DAC_OVERRIDE functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>

Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Wed Nov 15 19:55:07 UTC 2023 on atb-devel-224
2023-11-15 19:55:07 +00:00
Christof Schmitt
9cac915421 vfs_aixacl2: Call stat DAC_CAP_OVERRIDE functions
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2023-11-15 18:54:11 +00:00
Christof Schmitt
bffd8bd8c3 nfs4_acls: Make fstat_with_cap_dac_override static
No other module is calling this function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2023-11-15 18:54:11 +00:00
Christof Schmitt
0f664f0162 nfs4_acls: Make stat_with_cap_dac_override static
No other module is calling this function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2023-11-15 18:54:11 +00:00
Christof Schmitt
8831eeca1d nfs4_acls: Make fstatat_with_cap_dac_override static
No other module is calling this function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2023-11-15 18:54:11 +00:00
Christof Schmitt
5fd73e93af vfs_gpfs: Move vfs_gpfs_fstatat to nfs4_acls.c and rename function
All stat DAC_CAP_OVERRIDE code is being moved to nfs4_acls.c to allow
reuse. Move the vfs_gpfs_fstatat function and rename it to the more
generic name nfs4_acl_fstat.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2023-11-15 18:54:11 +00:00
Christof Schmitt
2c1195678d vfs_gpfs: Move vfs_gpfs_lstat to nfs4_acls.c and rename function
All stat CAP_DAC_OVERRIDE code is being moved to nf4_acls.c to allow
reuse. Move the vfs_gpfs_lstat function and rename to the more generic
name nfs4_acl_lstat.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2023-11-15 18:54:11 +00:00
Christof Schmitt
f9301871c6 vfs_gpfs: Move vfs_gpfs_fstat to nfs4_acls.c and rename function
All stat DAC_CAP_OVERRIDE code is moving to nfs4_acls.c to allow reuse.
Move the vfs_gpfs_fstat function and rename to the more generic name
nfs4_acl_fstat.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2023-11-15 18:54:11 +00:00
Christof Schmitt
f8a23d960e vfs_gpfs: Move vfs_gpfs_stat to nfs4_acls.c and rename function
All stat DAC_CAP_OVERRIDE code is moving to nfs4_acls.c to allow reuse
by other file system modules. Also rename the function to the more
generic name nfs4_acl_stat.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2023-11-15 18:54:11 +00:00
Christof Schmitt
6b1e066c4f vfs_gpfs: Move stat_with_capability to nfs4_acls.c and rename function
All stat CAP_DAC_OVERRIDE code is moving to nfs4_acls.c to allow reuse
by other filesystem modules. Also rename the function to the slightly
more precise name stat_with_cap_dac_overide.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2023-11-15 18:54:11 +00:00
Christof Schmitt
316c96ea83 vfs_gpfs: Move fstatat_with_cap_dac_override to nfs4_acls.c
All stat DAC_CAP_OVERRIDE code is being moved to nfs4_acls.c to allow
reuse by other filesystem modules.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2023-11-15 18:54:11 +00:00
Christof Schmitt
05f1ee1ae2 nfs4_acls: Implement fstat with DAC_CAP_OVERRIDE
AT_EMTPY_PATH does not exist on AIX. Address this by implementing an
override for fstat.  Implement the new override function in nfs4_acls.c
since all stat functions with DAC_CAP_OVERRIDE will be moved there to
allow reuse by other filesystems.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
2023-11-15 18:54:11 +00:00
Anoop C S
9898ca65e9 docs-xml: Fix a usage for case sensitive parameter
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 15 18:52:16 UTC 2023 on atb-devel-224
2023-11-15 18:52:16 +00:00
Anoop C S
2b1a687a6f vfs_ceph: Replace libceph with libcephfs in comments
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 17:48:42 +00:00
Anoop C S
e091febb0c vfs_ceph: Fix the comment quoting module usage
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 17:48:42 +00:00
Anoop C S
149734409a vfs_ceph: Fix a comment in cephwrap_fchmod()
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 17:48:42 +00:00
Anoop C S
5572400a97 vfs_ceph: Add path based fallback mechanism for SMB_VFS_CHOWN
Fallback mechanism was missing in cephwrap_fchown() for path based call.

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 17:48:42 +00:00
Volker Lendecke
4e585186f2 smbd: Get the symlink mode for posix through fdos_mode()
fdos_mode() has special code to deal with symlinks, so we don't have
to replicate that logic here.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Nov 15 06:10:38 UTC 2023 on atb-devel-224
2023-11-15 06:10:38 +00:00
Volker Lendecke
aaa73cce1d smbd: Centralize fdos_mode() in smbd_dirptr_get_entry()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 05:10:35 +00:00
Volker Lendecke
80c98acbf0 smbd: Centralize wiping the ".." stat info
Make sure this also happens for symlinks etc.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 05:10:35 +00:00
Volker Lendecke
c96010a2a9 smbd: Simplify smbd_dirptr_get_entry()
This uses the much simpler openat_pathef_fsp_lcomp, avoiding
non_widelink_open where we don't need it. The only case where we still
have to call openat_pathref_fsp() in its full capacity is to find out
whether a symlink we found is dangling or not.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 05:10:35 +00:00
Volker Lendecke
6b0cfcdbc3 smbd: Remove a pointless NULL check
We've dereferenced smb_fname before, and talloc_move() never fails.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 05:10:35 +00:00
Volker Lendecke
5991f4e66b smbd: Slightly simplify smbd_dirptr_get_entry()
Check for dirptr being toplevel just once.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 05:10:35 +00:00
Volker Lendecke
901c7cc6aa smbd: Move mask_match_search() to smb1_reply.c
Only called there.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 05:10:35 +00:00
Volker Lendecke
b1e5ed4490 smbd: Simplify smbd_dirptr_get_entry()
Both mode_fn's are now the same. Fold them into smbd_dirptr_get_entry()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 05:10:35 +00:00
Volker Lendecke
47f36e0b1d smbd: Simplify smbd_dirptr_8_3_mode_fn()
Do the smb1-specific code directly in smb1-code. Don't tunnel it
through generic smb1/smb2 code.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 05:10:35 +00:00
Volker Lendecke
f905384f5d smbd: Rename "fsp" to "dirfsp" in smbd_smb2_query_directory_state
Makes it clearer to me what we have there.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 05:10:35 +00:00
Volker Lendecke
f195df4e65 smbd: Directly print errno in openat_pathref_fsp_lcomp()
This is where the error came from.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 05:10:35 +00:00
Volker Lendecke
46372997a0 smbd: Remove a NULL check that became obsolete
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 05:10:35 +00:00
Volker Lendecke
15648b5da5 smbd: Modernize a DEBUG statement
Avoid casts

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-11-15 05:10:35 +00:00
Rob van der Linde
b6661e77de netcmd: docs: update docs for silo member grant + revoke
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 15 05:00:58 UTC 2023 on atb-devel-224
2023-11-15 05:00:58 +00:00
Rob van der Linde
88ea6b17e1 netcmd: tests: update silo member grant and revoke docstings and comments
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
9708209d75 netcmd: tests: rename silo member tests to grant + revoke
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
2ee86e78cf netcmd: tests: rename add_silo_member and remove_silo_member methods in test
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
d9552dc08d netcmd: silo member: update docstrings comments and print statements for grant + revoke
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
becb0ecf35 netcmd: silo member: update command line options help text for grant + revoke
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
fb2453d1a3 netcmd: silo member: rename add and remove commands to grant and revoke
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
047ddb1001 netcmd: silo member: update model docstrings and exception text
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
abc3b50831 netcmd: silo member: rename model methods to grant and revoke
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
19613057d9 netcmd: silo member: rename exceptions to grant and revoke
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
422cc1d17d netcmd: models: fix incorrect return type should not be User
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00
Rob van der Linde
42be08c192 netcmd: models: Model.query method makes use of Query class
Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-11-15 04:05:34 +00:00