Michael Adam [Wed, 27 Jul 2011 11:07:56 +0000 (13:07 +0200)]
v3-6-ctdb: VERSION: Bump vendor patch level to 16
Michael Adam [Tue, 21 Jun 2011 15:45:49 +0000 (17:45 +0200)]
v3-6-ctdb: bump vendor patch level to 15
Michael Adam [Tue, 21 Jun 2011 15:45:49 +0000 (17:45 +0200)]
v3-6-ctdb: bump vendor patch level to 14
Michael Adam [Thu, 9 Jun 2011 15:16:53 +0000 (17:16 +0200)]
v3-6-ctdb: VERSION bump vendor patch level to 13
Michael Adam [Wed, 30 Mar 2011 14:40:48 +0000 (16:40 +0200)]
v3-6-ctdb: VERSION bump vendor patch level to 12
Volker Lendecke [Mon, 16 May 2011 09:40:46 +0000 (11:40 +0200)]
v3-6-ctdb: VERSION bump vendor patch level to 11
Volker Lendecke [Wed, 27 Apr 2011 12:23:51 +0000 (14:23 +0200)]
v3-6-ctdb: VERSION bump vendor patch level to 10
Volker Lendecke [Mon, 18 Apr 2011 09:44:13 +0000 (11:44 +0200)]
v3-6-ctdb: VERSION bump vendor patch level to 9
Volker Lendecke [Fri, 5 Mar 2010 15:10:49 +0000 (16:10 +0100)]
v3-6-ctdb: packaging(RHEL-CTDB): package the gpfs_prefetch vfs module
Volker Lendecke [Fri, 21 Jan 2011 13:07:15 +0000 (14:07 +0100)]
v3-6-ctdb: s3:vfs: Add a gpfs_prefetch module.
This can not go upstream yet because it uses the gpfs_fcntl call
from the non-GPL libgpfs.
Michael Adam [Wed, 30 Mar 2011 14:40:48 +0000 (16:40 +0200)]
v3-6-ctdb: VERSION bump vendor patch level to 8
Volker Lendecke [Wed, 30 Mar 2011 14:40:48 +0000 (16:40 +0200)]
v3-6-ctdb: VERSION bump vendor patch level to 7
Volker Lendecke [Tue, 29 Mar 2011 10:49:40 +0000 (12:49 +0200)]
v3-6-ctdb: VERSION bump vendor patch level to 6
Michael Adam [Wed, 9 Feb 2011 23:37:30 +0000 (00:37 +0100)]
v3-6-ctdb: VERSION bump vendor patch level to 5
Michael Adam [Wed, 9 Feb 2011 23:37:30 +0000 (00:37 +0100)]
v3-6-ctdb: VERSION bump vendor patch level to 4
Michael Adam [Wed, 9 Feb 2011 23:37:30 +0000 (00:37 +0100)]
v3-6-ctdb: VERSION bump vendor patch level to 3
Michael Adam [Wed, 9 Feb 2011 23:37:30 +0000 (00:37 +0100)]
v3-6-ctdb: VERSION bump vendor patch level to 2
Volker Lendecke [Sun, 14 Dec 2008 23:16:56 +0000 (00:16 +0100)]
v3-6-ctdb: s3: Add the "net groupfilter" command
This is the start of a bad hack for even worse systems: Many Unix systems still
have the NGROUPS problem: A user can not be member of more than a very limited
number of groups. Solaris for example limits this to 16 by default. Many
Windows environments have a *LOT* more groups per user, some even go to
hundreds. Whether that is efficient is debatable, but it's there.
This patch implements the
"net groupfilter"
command with the "addsid", "delsid" and "list" subcommands. If any SIDs are
present according to "net groupfilter list" (they are stored in secrets.tdb),
then only the SIDs in that list are converted to GIDs for a user at login time.
This gives the Administrator the possibility to define a set of groups that are
used on the Unix box, making sure that no user is in more than NGROUPS of those
at a time.
This patch is incomplete in the sense that winbind is not aware of this, only
smbd. So it is kind of an emergency hack for smbd-only machines.
Volker
Signed-off-by: Michael Adam <obnox@samba.org>
Andrew Tridgell [Mon, 21 Apr 2008 16:41:32 +0000 (18:41 +0200)]
v3-6-ctdb: apply patch from v3-0-ctdb to special case root in libnss_winbind
This is needed to ensure the administrator can login to a node even
when ctdbd and winbindd are stuck
Michael Adam [Tue, 18 Jan 2011 12:19:55 +0000 (13:19 +0100)]
v3-6-ctdb: add README.v3-6-ctdb
Michael Adam [Tue, 23 Jun 2009 14:41:38 +0000 (16:41 +0200)]
v3-6-ctdb: VERSION: add vendor-suffix "ctdb" and vendor-patch level "1"
Michael
following the versioning scheme of the v3-2-ctdb branch
Michael
Michael Adam [Wed, 8 Apr 2009 17:28:52 +0000 (19:28 +0200)]
v3-6-ctdb: VERSION: set version to non-snapshot..
Michael Adam [Wed, 27 Jul 2011 12:39:54 +0000 (14:39 +0200)]
packaging(RHEL-CTDB): the ldbtools manpages have been removed. adapt the spec file
Michael Adam [Fri, 27 May 2011 10:35:49 +0000 (12:35 +0200)]
packaging(RHEL-CTDB): Revert "add BuildRequires to ctdb-devel >= 1.2.25"
This reverts commit
a16520b6939cb6d87f5818db0ac3ded228053cee.
There is also a 1.0.114 based branch that has the required capabilities.
If building against an insufficient version, the configure will fail.
Christian Ambach [Thu, 19 May 2011 16:58:25 +0000 (18:58 +0200)]
packaging(RHEL-CTDB): align configure.rpm to the spec file
Signed-off-by: Michael Adam <obnox@samba.org>
Michael Adam [Wed, 18 May 2011 08:35:42 +0000 (10:35 +0200)]
packaging(RHEL-CTDB): honour rpm build target options handed in to makerpms.sh
This allows to call e.g. "makerpms.sh -bs" to only build the source rpm.
Michael Adam [Fri, 6 May 2011 15:22:06 +0000 (17:22 +0200)]
packaging(RHEL-CTDB): adapt configure.rpm
Michael Adam [Fri, 6 May 2011 15:21:10 +0000 (17:21 +0200)]
packaging(RHEL-CTDB): enforce building of libtdb and libtalloc
Michael Adam [Fri, 6 May 2011 10:29:10 +0000 (12:29 +0200)]
packaging(RHEL-CTDB): build libtdb and libtalloc packages ourselves
and add appropriate dependencies to the samba-common package.
It should also be possible to run with appropriate system talloc
and tdb packages.
Michael Adam [Fri, 6 May 2011 16:36:38 +0000 (18:36 +0200)]
packaging(RHEL-CTDB): update configure.rpm (--disable-smbtorture4)
Michael Adam [Fri, 6 May 2011 16:35:55 +0000 (18:35 +0200)]
packaging(RHEL-CTDB): disable smbtorture4 in the rpm build
Michael Adam [Fri, 6 May 2011 10:03:52 +0000 (12:03 +0200)]
packaging(RHEL-CTDB): Remove the packaging of the winbind-32bit compat package
Volker Lendecke [Wed, 27 Apr 2011 08:25:05 +0000 (10:25 +0200)]
packaging(RHEL-CTDB): create the rpm directories
In RHEL6, rpms are built in /root/rpmbuild, and those directories do not
necessarily exist.
Christian Ambach [Wed, 27 Jul 2011 12:46:00 +0000 (14:46 +0200)]
s3:modules fix Bug 8330 NFSv4 ACL merging logic is broken
we should not merge ACEs with different flags (e.g. CI/OI/I/)
Otherwise ACLs get wrong entries and thus wrong semantics
Example:
ACL:BUILTIN\Users:ALLOWED/0x0/FULL
ACL:BUILTIN\Users:ALLOWED/I/READ
got merged to
ACL:BUILTIN\Users:ALLOWED/I/FULL
This is not the same and also leads to wrong displays
in the Windows ACL dialog
Signed-off-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Mon, 25 Jul 2011 10:38:27 +0000 (12:38 +0200)]
s3: Fix MIT trusts
Winbind can't really cope with trusts that don't have a SID associated. This
happens with external MIT trusts for example. This filters them out when
sending the trust list from child to parent.
Gregor Beck [Wed, 6 Jul 2011 13:10:27 +0000 (15:10 +0200)]
s3:testparm: avoid spurious warnings about dos mode mapping and create mask if store dos attributes is set
Volker Lendecke [Mon, 20 Jun 2011 10:09:06 +0000 (12:09 +0200)]
s3: Fix the build, NAME_MAX not universally available
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jun 20 13:45:21 CEST 2011 on sn-devel-104
Volker Lendecke [Mon, 20 Jun 2011 07:52:21 +0000 (09:52 +0200)]
s3: Replace shadow_copy2 with a new implementation
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Mon Jun 20 11:17:47 CEST 2011 on sn-devel-104
Volker Lendecke [Wed, 15 Jun 2011 12:09:50 +0000 (14:09 +0200)]
s3: Fix the return of make_new_server_info_guest
Volker Lendecke [Wed, 15 Jun 2011 12:08:23 +0000 (14:08 +0200)]
s3: Add debug level 0 warnings to make_new_server_info_guest
I've got a backtrace where this must have failed, but it is not clear why. If
this fails, we should really complain because we can't start up.
Volker Lendecke [Tue, 14 Jun 2011 15:52:42 +0000 (17:52 +0200)]
s3: Fix connecting to ctdb as non-root
This is at least one instance which I could identify
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Tue Jun 14 19:06:39 CEST 2011 on sn-devel-104
Volker Lendecke [Tue, 14 Jun 2011 15:50:41 +0000 (17:50 +0200)]
s3: Fix count_current_connections
"False" is not really a valid return value for "int"..
Gregor Beck [Mon, 30 May 2011 07:31:21 +0000 (09:31 +0200)]
s3:net: registry export: close key after recursion returns
Signed-off-by: Michael Adam <obnox@samba.org>
Volker Lendecke [Fri, 20 May 2011 11:07:17 +0000 (13:07 +0200)]
s3: Fork the echo handler only after SMB1 negprot is done
This enables activating the echo responder also if SMB2 is enabled, albeit it
will only be used for SMB1 at this moment.
Volker Lendecke [Wed, 4 May 2011 15:45:34 +0000 (17:45 +0200)]
s3-torture: Add a test for notify upon read&x
This makes sure that when a file is brought online by a read call
we notify the client for FILE_NOTIFY_CHANGE_ATTRIBUTES.
Michael Adam [Fri, 22 Jul 2011 08:11:52 +0000 (10:11 +0200)]
s3:loadparm: fix the reload of the configuration: also reload activated registry shares
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Fri Jul 22 16:53:49 CEST 2011 on sn-devel-104
(cherry picked from commit
efbe1602bd014eada4811f336bdccbf4692d3807)
Michael Adam [Fri, 22 Jul 2011 08:10:43 +0000 (10:10 +0200)]
s3:loadparm: add reload_registry_shares() - reload only those shares already loaded (cherry picked from commit
ec113a58a4dc4e4f3ea03f7818eb312325f69482)
Michael Adam [Mon, 25 Jul 2011 09:46:33 +0000 (11:46 +0200)]
s3:docs: document the smbclient "tid" command
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Mon Jul 25 13:14:57 CEST 2011 on sn-devel-104
(cherry picked from commit
233ba37416551a0b64dcfeb5cd405aadede5418c)
Michael Adam [Mon, 25 Jul 2011 09:44:39 +0000 (11:44 +0200)]
s3:docs: document the smbclient "tdis" command (cherry picked from commit
a8d0e4ddb8730dc176e0589674ec4eaea307119a)
Michael Adam [Mon, 25 Jul 2011 09:42:00 +0000 (11:42 +0200)]
s3:docs: document the smbclient "tcon" command (cherry picked from commit
5ecfcf6cb998f5670895f998c2c917afc86aacfd)
Michael Adam [Mon, 25 Jul 2011 09:39:04 +0000 (11:39 +0200)]
s3:docs: document the smbclient "logoff" command (cherry picked from commit
9724fe303d5f9a3e37a881d025937285668e2dbe)
Michael Adam [Fri, 22 Jul 2011 12:12:13 +0000 (14:12 +0200)]
s3:smbclient: add a "tid" command to view and change the tree id (tid).
This low level command can be used to switch between tree connects in one
session.
Michael Adam [Fri, 22 Jul 2011 12:11:34 +0000 (14:11 +0200)]
s3:smbclient: add a "tdis" command to do a tree disconnect (close a connection to a share) (cherry picked from commit
7327bde81acecf4ae0c09f80cebe21a1312aeb3a)
Michael Adam [Fri, 22 Jul 2011 12:10:38 +0000 (14:10 +0200)]
s3:smbclient: add a "tcon" command to do a tree connect (connect to a share)
Michael Adam [Fri, 22 Jul 2011 12:08:03 +0000 (14:08 +0200)]
s3:smbclient: add "logoff" command to close the session (cherry picked from commit
281c6d02bdcc9988c0f1660a3c77ba4b3db3dc6d)
Michael Adam [Fri, 24 Jun 2011 08:15:02 +0000 (10:15 +0200)]
s3:idmap_tdb2: remove the undocumented option of the silly name "tdb:idmap2.tdb"
In ancient times, when ctdb had not support for persistent databases and
tdb2 was introduced as a two-layer solution and it was more important than
today to be able to change the location of the permanent database file
because it had to reside on shared storage.
But these were times when idmap_tdb2 was not even officially released.
Nowadays, with ctdb handling the persistent idmap2.tdb database, the path
is stripped anyways, so this undocumented option has become unnecessary
and is hence removed.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Jul 27 05:37:57 CEST 2011 on sn-devel-104
(cherry picked from commit
3276060da4e7d495bd5cf5cbf7237e64d948ee77)
Michael Adam [Thu, 9 Jun 2011 11:36:54 +0000 (13:36 +0200)]
s3:idmap_tdb2: remove a legacy comment (cherry picked from commit
67cd2f9d867fad1f7df2d6a6a5cdb723336ac495)
Michael Adam [Thu, 9 Jun 2011 11:35:21 +0000 (13:35 +0200)]
s3:idmap_tdb2: remove legacy comment (cherry picked from commit
4b5ada3d27198b49771acb70ae979087235be783)
Michael Adam [Thu, 9 Jun 2011 11:34:04 +0000 (13:34 +0200)]
s3:idmap_tdb2: remove superfluous initialization with bogus comment (cherry picked from commit
551185573899b6e608863f833633d40ae04458d8)
Michael Adam [Thu, 9 Jun 2011 11:07:54 +0000 (13:07 +0200)]
s3:idmap_tdb2: fix a legacy comment that does not apply any more (cherry picked from commit
7d3dc2164b3929c642127659593e69fc865a6184)
Michael Adam [Fri, 24 Jun 2011 09:38:05 +0000 (11:38 +0200)]
s3:doc: add an example with idmap script to the idmap_tdb2 manpage (cherry picked from commit
86973eee43605a3680fb51470a81ea9ca7f1b515)
Michael Adam [Fri, 24 Jun 2011 09:36:33 +0000 (11:36 +0200)]
s3:docs: remove legacy text from the example in the idmap_tdb2 manpage (cherry picked from commit
2f253c2791ccb2421f26f563e3983ee950da1d05)
Michael Adam [Fri, 24 Jun 2011 09:35:51 +0000 (11:35 +0200)]
s3:doc: clarify the idmap script section in the idmap_tdb2 manpage (cherry picked from commit
4daab85ae60f2821a1d9d98f1edff6a318e8e3c1)
Michael Adam [Fri, 24 Jun 2011 08:59:04 +0000 (10:59 +0200)]
s3:docs:idmap_tdb2: update the documentation of idmap script
to reflect the new variant "idmap config * : script" of configuring the idmap script
(cherry picked from commit
2aa19b4aeb9de43a0e2b94ad1202f2068b29c710)
Michael Adam [Tue, 7 Jun 2011 16:00:36 +0000 (18:00 +0200)]
s3:idmap_tdb2: deprecate the idmap:script parameter and use "idmap config * : script" instead
With this patch, "idmap config * : script" will override "idmap : script".
If "idmap : script" is present, a deprecation warning will be printed in any
case. If "idmap config * : script" is not set, then the value of "idmap :script"
will be used for backwards compatibility.
(cherry picked from commit
b6c82f18f17cdded771d285930566c1d104686aa)
Michael Adam [Tue, 17 May 2011 12:30:13 +0000 (14:30 +0200)]
s3:torture: remove a file accidentially committed with
3b2fe4728d6d916508b677e696ecad88f8b7b9fd
Karolin Seeger [Tue, 26 Jul 2011 20:06:04 +0000 (22:06 +0200)]
WHATSNEW: Update changes since rc2.
Karolin
Christian Ambach [Fri, 15 Jul 2011 13:44:36 +0000 (15:44 +0200)]
s3:utils/net_afs fix compiler warnings
this also fixes the usage displays of net afs
Christian Ambach [Fri, 15 Jul 2011 13:54:25 +0000 (15:54 +0200)]
s3:lib/afs fix the build with --with-vfs-afsacl
This fixes the second piece of Bug #8263
Christian Ambach [Fri, 15 Jul 2011 13:27:07 +0000 (15:27 +0200)]
s3:lib/afs fix the build with --with-fake-kaserver
This fixes one piece of Bug #8263
Jeremy Allison [Fri, 22 Jul 2011 23:42:51 +0000 (16:42 -0700)]
Fix bug 8314] - smbd crash with unknown user.
All other auth modules code with being called with
auth_method->private_data being NULL, make the auth_server
module cope with this too.
Kai Blin [Tue, 12 Jul 2011 06:08:24 +0000 (08:08 +0200)]
s3 swat: Create random nonce in CGI mode
In CGI mode, we don't get access to the user's password, which would
reduce the hash used so far to parameters an attacker can easily guess.
To work around this, read the nonce from secrets.tdb or generate one if
it's not there.
Also populate the C_user field so we can use that for token creation.
Signed-off-by: Kai Blin <kai@samba.org>
Kai Blin [Sat, 9 Jul 2011 07:52:07 +0000 (09:52 +0200)]
s3 swat: Add time component to XSRF token
Signed-off-by: Kai Blin <kai@samba.org>
Kai Blin [Fri, 8 Jul 2011 13:06:13 +0000 (15:06 +0200)]
s3 swat: Add XSRF protection to printer page
Signed-off-by: Kai Blin <kai@samba.org>
Kai Blin [Fri, 8 Jul 2011 13:05:38 +0000 (15:05 +0200)]
s3 swat: Add XSRF protection to password page
Signed-off-by: Kai Blin <kai@samba.org>
Kai Blin [Fri, 8 Jul 2011 13:04:48 +0000 (15:04 +0200)]
s3 swat: Add XSRF protection to shares page
Signed-off-by: Kai Blin <kai@samba.org>
Kai Blin [Fri, 8 Jul 2011 13:04:12 +0000 (15:04 +0200)]
s3 swat: Add XSRF protection to globals page
Signed-off-by: Kai Blin <kai@samba.org>
Kai Blin [Fri, 8 Jul 2011 13:03:44 +0000 (15:03 +0200)]
s3 swat: Add XSRF protection to wizard page
Signed-off-by: Kai Blin <kai@samba.org>
Kai Blin [Fri, 8 Jul 2011 13:03:15 +0000 (15:03 +0200)]
s3 swat: Add XSRF protection to wizard_params page
Signed-off-by: Kai Blin <kai@samba.org>
Kai Blin [Fri, 8 Jul 2011 13:02:53 +0000 (15:02 +0200)]
s3 swat: Add XSRF protection to viewconfig page
Signed-off-by: Kai Blin <kai@samba.org>
Kai Blin [Fri, 8 Jul 2011 10:58:53 +0000 (12:58 +0200)]
s3 swat: Add XSRF protection to status page
Signed-off-by: Kai Blin <kai@samba.org>
Kai Blin [Fri, 8 Jul 2011 10:57:43 +0000 (12:57 +0200)]
s3 swat: Add support for anti-XSRF token
Signed-off-by: Kai Blin <kai@samba.org>
Kai Blin [Fri, 8 Jul 2011 10:56:21 +0000 (12:56 +0200)]
s3 swat: Allow getting the user's HTTP auth password
Signed-off-by: Kai Blin <kai@samba.org>
Karolin Seeger [Sun, 24 Jul 2011 19:09:38 +0000 (21:09 +0200)]
s3-swat: Fix typo.
Thanks to Simo for reporting!
Karolin
(cherry picked from commit
9f73c1990a19daa899fa5345530a867e69a5be94)
(cherry picked from commit
bcb052c29212954a3ed10c9f095c51e4e0a96af5)
Kai Blin [Thu, 7 Jul 2011 08:03:33 +0000 (10:03 +0200)]
s3 swat: Fix possible XSS attack (bug #8289)
Nobuhiro Tsuji of NTT DATA SECURITY CORPORATION reported a possible XSS attack
against SWAT, the Samba Web Administration Tool. The attack uses reflection to
insert arbitrary content into the "change password" page.
This patch fixes the reflection issue by not printing user-specified content on
the website anymore.
Signed-off-by: Kai Blin <kai@samba.org>
Stefan Metzmacher [Tue, 28 Jun 2011 10:52:37 +0000 (12:52 +0200)]
release-scripts/create-tarball: always create a tag in form of samba-${version}
metze
(cherry picked from commit
84d9cdb5112e55ae8a1e525ca2b8cef2ae606f22)
Jeremy Allison [Tue, 19 Jul 2011 20:08:31 +0000 (13:08 -0700)]
Second part of fix for bug 8310 - toupper_ascii() is broken on big-endian systems.
Re-add:
smb_ucs2_t toupper_w(smb_ucs2_t v);
bool isupper_w(smb_ucs2_t v);
smb_ucs2_t tolower_w(smb_ucs2_t v);
bool islower_w(smb_ucs2_t v);
and ensure they are called whenever we are operating on smb_ucs2_t
variables. I'd like to make the definition of smb_ucs2_t incompatible
with int and codepoint_t so they can't be mixed, but that's a patch
for another time.
Jeremy Allison [Tue, 19 Jul 2011 19:21:23 +0000 (12:21 -0700)]
First part of fix for bug 8310 - toupper_ascii() is broken on big-endian systems
Remove
int toupper_ascii(int c);
int tolower_ascii(int c);
int isupper_ascii(int c);
int islower_ascii(int c);
and replace with their _m equivalents, as they are identical.
Jeremy Allison [Sat, 16 Jul 2011 04:36:13 +0000 (21:36 -0700)]
Fix bug #8307 - brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on all locks
Reported by herb@samba.org. Remove the (premature) optimization
on file close.
Karolin Seeger [Wed, 13 Jul 2011 19:52:32 +0000 (21:52 +0200)]
WHATSNEW: Update changes since rc2.
Karolin
Stefan Metzmacher [Sun, 10 Jul 2011 11:09:06 +0000 (13:09 +0200)]
s3:smb2_create: use smbd_calculate_access_mask() instead of smbd_check_open_rights()
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Jul 11 22:45:01 CEST 2011 on sn-devel-104
(cherry picked from commit
f5d320ac0fb74d4ad95a03969366096e9b074379)
The last 10 patches address bug #8102 (domuser can change ACL from his files
over the network).
Stefan Metzmacher [Sun, 10 Jul 2011 11:02:11 +0000 (13:02 +0200)]
s3:smb2_tcon: return the correct maximal_access on the share
metze
(cherry picked from commit
a1046389ffcc476456ac76cb701a4325d1c42ef9)
Stefan Metzmacher [Mon, 11 Jul 2011 14:12:57 +0000 (16:12 +0200)]
s3:smbd: return the real share access mask in the SMBtconX response
metze
(cherry picked from commit
58eed1b295afeff6acfb8c1f10b0bb02280fd491)
Stefan Metzmacher [Sun, 10 Jul 2011 11:59:40 +0000 (13:59 +0200)]
s3:smbd: use smbd_calculate_access_mask() also for fake_files
metze
(cherry picked from commit
581d8fa36b73abab030168dc35fb631ccd42a388)
Stefan Metzmacher [Sun, 10 Jul 2011 11:03:51 +0000 (13:03 +0200)]
s3:smbd: check the share level access mask in smbd_calculate_access_mask()
I think we should reject invalid access early,
before we might create new files.
Also smbd_check_open_rights() is only called if the file existed.
metze
(cherry picked from commit
896f105ed40dc04f83bcbfac367b309c8d957f86)
Stefan Metzmacher [Sun, 10 Jul 2011 11:00:25 +0000 (13:00 +0200)]
s3:smbd: make smbd_calculate_access_mask() non-static
metze
(cherry picked from commit
ce66d4e4a885add09edfa8e6d5eab0f3b5d63081)
Stefan Metzmacher [Tue, 12 Jul 2011 15:31:13 +0000 (17:31 +0200)]
s3:smbd/msdfs: let create_conn_struct() check the share security descriptor
metze
(cherry picked from commit
18f967a24881aa899b39f7676fc70a7f7aaca07b)
Volker Lendecke [Tue, 5 Jul 2011 09:13:07 +0000 (11:13 +0200)]
s3: Fix bug 8102
We can't allow open with access that has been denied via the share
security descriptor
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jul 5 16:21:54 CEST 2011 on sn-devel-104
(cherry picked from commit
4deca5d72804a40e68158a1183f5633dabf24761)
Volker Lendecke [Mon, 4 Jul 2011 16:35:21 +0000 (18:35 +0200)]
s3: Calculate&store the maximum share access mask
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
720fa46f9443ccbe471b265f1c2b9cb9782a3c26)
Volker Lendecke [Mon, 4 Jul 2011 15:02:34 +0000 (17:02 +0200)]
s3: Return "granted" from share_access_check
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
1c022d2e414607633323e65abbc63bb3aeaaa6a4)