| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
some of the code in afs.c is needed by wbinfo that lives in the toplevel
nsswitch directory, so move the afs.c file to a new top-level lib/afs
directory. Use the name afs_funcs to avoid collisions with the afs.h
header from OpenAFS
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Kamen Mazdrashki <kamenim@samba.org>
Autobuild-User(master): Kamen Mazdrashki <kamenim@samba.org>
Autobuild-Date(master): Wed Apr 23 01:49:09 CEST 2014 on sn-devel-104
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Git commit 86d1e1db8e2747e30c89627cda123fde1e84f579
fixed share_access not being reset between users,
by changing make_connection_snum() to call a common
function check_user_share_access() in the same way
that change_to_user() (which can be called on any
incoming packet) does.
Unfortunately that bugfix was incorrect and
broke "force user" and "force group" as it
called check_user_share_access() inside
make_connection_snum() using the conn->session_info
pointer instead of the vuser->session_info pointer.
conn->session_info represents the token to use
when actually accessing the file system, and so
is modified by force user and force group.
conn->session_info represents the "pristine"
token of the user logging in, and is never modified
by force user and force group.
Samba 3.6.x checked the share access based on
the "pristine" token of the user logging in,
not the token modified by force user and force group.
This change restores the expected behavior.
Fixes bug #9878 - force user does not work as expected
https://bugzilla.samba.org/show_bug.cgi?id=9878
Signed-off-by: Jeremy Allison <jra@samba.org>
Tested-by: Gerhard Wiesinger <lists@wiesinger.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Mar 18 19:19:31 CET 2014 on sn-devel-104
|
|
|
|
|
|
|
|
| |
Substitution isn't really necessary for this parameter.
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
|
|
|
|
|
|
| |
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
| |
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
| |
"veto_oplock_files"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
| |
"short_preserve_case"
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
| |
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
| |
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
|
|
|
|
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
|
|
|
|
|
|
|
|
|
| |
with docs
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
|
|
|
|
|
|
|
|
|
| |
with docs
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
|
|
|
|
|
|
|
| |
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
|
|
|
|
|
|
|
|
| |
So that logs of make test are not spamed, the code dates from 1999 maybe
at that moment we wanted to have some warning I think nodays it's pretty
stable.
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
| |
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
| |
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
| |
Make it static. Only called from uid.c now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
| |
Ensure make_connection_snum() uses the same logic as
check_user_ok() to decide if a user can access a share.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
| |
Eventually this will be indepentent of conn, just pass in the
readonly flag.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
| |
Don't automatically use the one from conn->session_info->security_token.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
| |
Return the uint32_t share_access rather than directly
changing the conn struct.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
| |
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
|
| |
Otherwise smbstatus reports the wrong time for tree connects.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Mon Nov 5 20:43:23 CET 2012 on sn-devel-104
|
|
|
|
|
|
|
|
|
| |
make_connection_snum/close_cnum()
This was used to maintain the connections.tdb database which is being removed.
We use info from the smbXsrv_tcon instead.
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
|
|
| |
metze
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
|
|
|
|
|
| |
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 27 02:51:42 CEST 2012 on sn-devel-104
|
|
|
|
|
| |
This enables us to make VFS modules safe for use in root called
code when we've changed directory under conn->connectpath.
|
| |
|
| |
|
|
|
|
|
|
|
| |
Use straight talloc strings. This is the only user outside loadparm.c.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
|
|
|
|
|
|
|
|
|
|
| |
They use talloc_tos() internally: hoist that up to the callers, some
of whom don't want to us talloc_tos().
A simple patch, but hits a lot of files.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
|
|
|
|
| |
Pair-Programmed-With: Michael Adam <obnox@samba.org>
metze
|
|
|
|
|
|
|
|
|
| |
The removes the protocol specific smbd_smb2_session and
smbd_smb2_tcon.
Pair-Programmed-With: Michael Adam <obnox@samba.org>
metze
|
|
|
|
| |
metze
|
|
|
|
| |
metze
|
|
|
|
| |
metze
|
|
|
|
|
|
|
| |
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue May 22 16:42:22 CEST 2012 on sn-devel-104
|
| |
|
|
|
|
|
|
|
|
|
|
| |
is set.
When doing a "force user" we need to remember what the "sanitized_username"
was from the original connect.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon Apr 23 19:52:19 CEST 2012 on sn-devel-104
|
|
|
|
| |
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
|
|
|
|
|
|
|
| |
The performance of these is minimal (these days) and they can return
invalid results when used as part of applications that do not use
sys_fork().
Autobuild-User: Jelmer Vernooij <jelmer@samba.org>
Autobuild-Date: Sat Mar 24 21:55:41 CET 2012 on sn-devel-104
|
|
|
|
|
| |
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Fri Mar 23 12:12:51 CET 2012 on sn-devel-104
|
|
|
|
|
|
|
|
|
| |
We only need one notify_ctx per smbd. The notify_array can become quite large.
It's based on absolute paths, so there's no point in having a copy of the
complete array in memory multiple times.
Autobuild-User: Volker Lendecke <vl@samba.org>
Autobuild-Date: Wed Mar 21 14:26:07 CET 2012 on sn-devel-104
|
| |
|
|
|
|
|
|
| |
The server_id is tied to the messaging_context
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
|
|
|
|
|
| |
The callers always supply it. (this is a hold-over from the
security=share removal).
Andrew Bartlett
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch removes security=share, which Samba implemented by matching
the per-share password provided by the client in the Tree Connect with
a selection of usernames supplied by the client, the smb.conf or
guessed from the environment.
The rationale for the removal is that for the bulk of security=share
users, we just we need a very simple way to run a 'trust the network'
Samba server, where users mark shares as guest ok. This is still
supported, and the smb.conf options are documented at
https://wiki.samba.org/index.php/Public_Samba_Server
At the same time, this closes the door on one of the most arcane areas
of Samba authentication.
Naturally, full user-name/password authentication remain available in
security=user and above.
This includes documentation updates for username and only user, which
now only do a small amount of what they used to do.
Andrew Bartlett
--------------
/ \
/ REST \
/ IN \
/ PEACE \
/ \
| SEC_SHARE |
| security=share |
| |
| |
| 5 March |
| |
| 2012 |
*| * * * | *
_________)/\\_//(\/(/\)/\//\/\///|_)_______
|
|
|
|
|
|
|
|
| |
the share security mask, take priviliges into account for the connecting
user.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Feb 28 20:21:26 CET 2012 on sn-devel-104
|