[SCM] Samba Shared Repository - branch master updated -
1c2e6978b89551828b66c348be361ce9a2b8ddb4
Andrew Tridgell
tridge at samba.org
Tue Sep 23 18:19:06 GMT 2008
The branch, master has been updated
via 1c2e6978b89551828b66c348be361ce9a2b8ddb4 (commit)
via 66092ced5e1dc4d35923a3c90bcb3214a885b17d (commit)
via 9cf29abee296ea2fcdf712687a6ce2cf9fd9d74c (commit)
via 219aa1b4fd2a8b93d5b2e67f26abc7f59fb2e0f2 (commit)
via e3a562b1cd63cbd92c231a3e18b9164f42111e95 (commit)
via 2b6e139206e5f436dd51437599d0228d8db77a78 (commit)
via f4e212323fb7ba2bd226194287602210aa9590ec (commit)
from 353aaf26c5f71d9a94e799a1c1e37449211e7a87 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 1c2e6978b89551828b66c348be361ce9a2b8ddb4
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Sep 23 11:17:43 2008 -0700
fixed problem with ACLs with an empty DACL list
commit 66092ced5e1dc4d35923a3c90bcb3214a885b17d
Merge: 9cf29abee296ea2fcdf712687a6ce2cf9fd9d74c 353aaf26c5f71d9a94e799a1c1e37449211e7a87
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Sep 23 11:15:46 2008 -0700
Merge branch 'master' of ssh://git.samba.org/data/git/samba
commit 9cf29abee296ea2fcdf712687a6ce2cf9fd9d74c
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Sep 23 16:45:55 2008 +1000
test setinfo FULL_EA_INFORMATION in gentest
commit 219aa1b4fd2a8b93d5b2e67f26abc7f59fb2e0f2
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Sep 23 16:45:10 2008 +1000
added FULL_EA_INFORMATION setea call
commit e3a562b1cd63cbd92c231a3e18b9164f42111e95
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Sep 23 15:20:24 2008 +1000
fixed a memory error in change notify handling in gentest
commit 2b6e139206e5f436dd51437599d0228d8db77a78
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Sep 23 15:16:46 2008 +1000
fixed readonly handling in deltree
commit f4e212323fb7ba2bd226194287602210aa9590ec
Author: Andrew Tridgell <tridge at samba.org>
Date: Tue Sep 23 12:09:56 2008 +1000
added some debug code
-----------------------------------------------------------------------
Summary of changes:
source4/libcli/clideltree.c | 17 ++++++++++++++++-
source4/libcli/raw/interfaces.h | 9 +++++++++
source4/libcli/raw/rawsetfileinfo.c | 12 +++++++++++-
source4/libcli/security/access_check.c | 15 ++++++++++++++-
source4/libcli/smb2/util.c | 6 ++++++
source4/ntvfs/ntvfs_generic.c | 2 ++
source4/ntvfs/posix/pvfs_open.c | 2 ++
source4/ntvfs/posix/pvfs_xattr.c | 2 +-
source4/torture/gentest.c | 12 +++++++++---
9 files changed, 70 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/libcli/clideltree.c b/source4/libcli/clideltree.c
index 2c306e5..d59a03f 100644
--- a/source4/libcli/clideltree.c
+++ b/source4/libcli/clideltree.c
@@ -84,6 +84,7 @@ int smbcli_deltree(struct smbcli_tree *tree, const char *dname)
{
char *mask;
struct delete_state dstate;
+ NTSTATUS status;
dstate.tree = tree;
dstate.total_deleted = 0;
@@ -98,6 +99,13 @@ int smbcli_deltree(struct smbcli_tree *tree, const char *dname)
NT_STATUS_EQUAL(smbcli_nt_error(tree), NT_STATUS_NO_SUCH_FILE)) {
return 0;
}
+ if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) {
+ /* it could be read-only */
+ status = smbcli_setatr(tree, dname, FILE_ATTRIBUTE_NORMAL, 0);
+ if (NT_STATUS_IS_OK(smbcli_unlink(tree, dname))) {
+ return 1;
+ }
+ }
asprintf(&mask, "%s\\*", dname);
smbcli_unlink(dstate.tree, mask);
@@ -105,7 +113,14 @@ int smbcli_deltree(struct smbcli_tree *tree, const char *dname)
FILE_ATTRIBUTE_DIRECTORY|FILE_ATTRIBUTE_HIDDEN|FILE_ATTRIBUTE_SYSTEM,
delete_fn, &dstate);
free(mask);
- if (NT_STATUS_IS_ERR(smbcli_rmdir(dstate.tree, dname))) {
+
+ status = smbcli_rmdir(dstate.tree, dname);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) {
+ /* it could be read-only */
+ status = smbcli_setatr(dstate.tree, dname, FILE_ATTRIBUTE_NORMAL, 0);
+ status = smbcli_rmdir(dstate.tree, dname);
+ }
+ if (NT_STATUS_IS_ERR(status)) {
DEBUG(2,("Failed to delete %s - %s\n",
dname, smbcli_errstr(dstate.tree)));
return -1;
diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h
index 537041c..20ed441 100644
--- a/source4/libcli/raw/interfaces.h
+++ b/source4/libcli/raw/interfaces.h
@@ -1112,6 +1112,15 @@ union smb_setfileinfo {
struct security_descriptor *sd;
} in;
} set_secdesc;
+
+ /* RAW_SFILEINFO_FULL_EA_INFORMATION */
+ struct {
+ enum smb_setfileinfo_level level;
+ struct {
+ union smb_handle_or_path file;
+ struct smb_ea_list eas;
+ } in;
+ } full_ea_information;
};
diff --git a/source4/libcli/raw/rawsetfileinfo.c b/source4/libcli/raw/rawsetfileinfo.c
index 5a47067..f7dfb93 100644
--- a/source4/libcli/raw/rawsetfileinfo.c
+++ b/source4/libcli/raw/rawsetfileinfo.c
@@ -37,7 +37,7 @@ bool smb_raw_setfileinfo_passthru(TALLOC_CTX *mem_ctx,
#define NEED_BLOB(n) do { \
*blob = data_blob_talloc(mem_ctx, NULL, n); \
- if (blob->data == NULL) return false; \
+ if (blob->data == NULL && n != 0) return false; \
} while (0)
switch (level) {
@@ -109,6 +109,16 @@ bool smb_raw_setfileinfo_passthru(TALLOC_CTX *mem_ctx,
return true;
}
+ case RAW_SFILEINFO_FULL_EA_INFORMATION:
+ printf("num_eas=%d\n", parms->full_ea_information.in.eas.num_eas);
+ NEED_BLOB(ea_list_size_chained(
+ parms->full_ea_information.in.eas.num_eas,
+ parms->full_ea_information.in.eas.eas, 4));
+ ea_put_list_chained(blob->data,
+ parms->full_ea_information.in.eas.num_eas,
+ parms->full_ea_information.in.eas.eas, 4);
+ return true;
+
/* Unhandled levels */
case RAW_SFILEINFO_PIPE_INFORMATION:
case RAW_SFILEINFO_VALID_DATA_INFORMATION:
diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c
index e2ede05..d5a0a13 100644
--- a/source4/libcli/security/access_check.c
+++ b/source4/libcli/security/access_check.c
@@ -38,6 +38,10 @@ static uint32_t access_check_max_allowed(const struct security_descriptor *sd,
granted |= SEC_STD_DELETE;
}
+ if (sd->dacl == NULL) {
+ return granted & ~denied;
+ }
+
for (i = 0;i<sd->dacl->num_aces; i++) {
struct security_ace *ace = &sd->dacl->aces[i];
@@ -101,10 +105,14 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd,
return NT_STATUS_OK;
}
- /* empty dacl denies access */
+#if 0
+ /* tridge: previously we had empty dacl denying access, but
+ that can lead to undeletable directories, where
+ nobody can change the ACL on a directory */
if (sd->dacl == NULL || sd->dacl->num_aces == 0) {
return NT_STATUS_ACCESS_DENIED;
}
+#endif
/* the owner always gets SEC_STD_WRITE_DAC, SEC_STD_READ_CONTROL and SEC_STD_DELETE */
if ((bits_remaining & (SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE)) &&
@@ -116,6 +124,10 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd,
bits_remaining &= ~SEC_STD_DELETE;
}
+ if (sd->dacl == NULL) {
+ goto done;
+ }
+
/* check each ace in turn. */
for (i=0; bits_remaining && i < sd->dacl->num_aces; i++) {
struct security_ace *ace = &sd->dacl->aces[i];
@@ -143,6 +155,7 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd,
}
}
+done:
if (bits_remaining != 0) {
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source4/libcli/smb2/util.c b/source4/libcli/smb2/util.c
index 311cea9..b149b3d 100644
--- a/source4/libcli/smb2/util.c
+++ b/source4/libcli/smb2/util.c
@@ -197,6 +197,12 @@ int smb2_deltree(struct smb2_tree *tree, const char *dname)
smb2_util_close(tree, create_parm.out.file.handle);
status = smb2_util_rmdir(tree, dname);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_CANNOT_DELETE)) {
+ /* it could be read-only */
+ status = smb2_util_setatr(tree, dname, FILE_ATTRIBUTE_NORMAL);
+ status = smb2_util_rmdir(tree, dname);
+ }
+
if (NT_STATUS_IS_ERR(status)) {
DEBUG(2,("Failed to delete %s - %s\n",
dname, nt_errstr(status)));
diff --git a/source4/ntvfs/ntvfs_generic.c b/source4/ntvfs/ntvfs_generic.c
index c34bb71..554d5c5 100644
--- a/source4/ntvfs/ntvfs_generic.c
+++ b/source4/ntvfs/ntvfs_generic.c
@@ -533,6 +533,8 @@ NTSTATUS ntvfs_map_open(struct ntvfs_module_context *ntvfs,
/* we need to check these bits before we check the private mask */
if (io2->generic.in.create_options & SMB2_CREATE_OPTIONS_NOT_SUPPORTED_MASK) {
+ DEBUG(2,(__location__ " create_options 0x%x not supported\n",
+ io2->generic.in.create_options));
status = NT_STATUS_NOT_SUPPORTED;
break;
}
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index c127885..8dbc674 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -1216,6 +1216,8 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
create_options &= ~create_options_must_ignore_mask;
if (create_options & NTCREATEX_OPTIONS_NOT_SUPPORTED_MASK) {
+ DEBUG(2,(__location__ " create_options 0x%x not supported\n",
+ create_options));
return NT_STATUS_NOT_SUPPORTED;
}
diff --git a/source4/ntvfs/posix/pvfs_xattr.c b/source4/ntvfs/posix/pvfs_xattr.c
index 3cbbcbe..7a2945c 100644
--- a/source4/ntvfs/posix/pvfs_xattr.c
+++ b/source4/ntvfs/posix/pvfs_xattr.c
@@ -50,7 +50,7 @@ static NTSTATUS pull_xattr_blob(struct pvfs_state *pvfs,
if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)||
NT_STATUS_EQUAL(status, NT_STATUS_NOT_IMPLEMENTED)||
NT_STATUS_EQUAL(status, NT_STATUS_INVALID_SYSTEM_SERVICE)) {
- DEBUG(5,("pvfs_xattr: xattr not supported in filesystem: %s\n", nt_errstr(status)));
+ DEBUG(2,("pvfs_xattr: xattr not supported in filesystem: %s\n", nt_errstr(status)));
pvfs->flags &= ~PVFS_FLAG_XATTR_ENABLE;
status = NT_STATUS_NOT_FOUND;
}
diff --git a/source4/torture/gentest.c b/source4/torture/gentest.c
index af5a95e..176fc03 100644
--- a/source4/torture/gentest.c
+++ b/source4/torture/gentest.c
@@ -2166,6 +2166,9 @@ static void gen_setfileinfo(int instance, union smb_setfileinfo *info)
case RAW_SFILEINFO_MODE_INFORMATION:
info->mode_information.in.mode = gen_bits_mask(0xFFFFFFFF);
break;
+ case RAW_SFILEINFO_FULL_EA_INFORMATION:
+ info->full_ea_information.in.eas = gen_ea_list();
+ break;
case RAW_SFILEINFO_GENERIC:
case RAW_SFILEINFO_SEC_DESC:
case RAW_SFILEINFO_UNIX_BASIC:
@@ -2222,7 +2225,8 @@ static void gen_setfileinfo(int instance, union smb_setfileinfo *info)
do {
i = gen_int_range(0, num_levels-1);
} while (ignore_pattern(levels[i].name));
-
+
+ ZERO_STRUCTP(info);
info->generic.level = levels[i].level;
switch (info->generic.level) {
@@ -2279,6 +2283,9 @@ static void gen_setfileinfo(int instance, union smb_setfileinfo *info)
case RAW_SFILEINFO_MODE_INFORMATION:
info->mode_information.in.mode = gen_bits_mask(0xFFFFFFFF);
break;
+ case RAW_SFILEINFO_FULL_EA_INFORMATION:
+ info->full_ea_information.in.eas = gen_ea_list();
+ break;
case RAW_SFILEINFO_GENERIC:
case RAW_SFILEINFO_SEC_DESC:
@@ -2907,12 +2914,11 @@ static int run_test(struct event_context *ev, struct loadparm_context *lp_ctx)
current_op.opnum = op;
current_op.name = gen_ops[which_op].name;
current_op.status = NT_STATUS_OK;
+ talloc_free(current_op.mem_ctx);
current_op.mem_ctx = talloc_named(NULL, 0, "%s", current_op.name);
ret = gen_ops[which_op].handler(instance);
- talloc_free(current_op.mem_ctx);
-
gen_ops[which_op].count++;
if (NT_STATUS_IS_OK(current_op.status)) {
gen_ops[which_op].success_count++;
--
Samba Shared Repository
More information about the samba-cvs
mailing list