[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Wed Mar 3 05:06:32 MST 2010
The branch, master has been updated
via d8ae32e... dns: make dns update script use unbuffered IO
via 8fe783e... s4-posix: allow change ownership of files if the user has the right privileges
from e0726d4... s4-build: fix SMB_LIBRARY and change its name so it didn't collide with s3 one
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d8ae32ec4183b121b207fbfb84d4be726f0cdb8f
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Mar 3 14:28:42 2010 +1100
dns: make dns update script use unbuffered IO
Otherwise we can lose debug output when a timeout happens
commit 8fe783edaf79bcae5c55c9eb5159104537ccf930
Author: Andrew Tridgell <tridge at samba.org>
Date: Wed Mar 3 14:25:39 2010 +1100
s4-posix: allow change ownership of files if the user has the right privileges
When a user has SEC_PRIV_TAKE_OWNERSHIP or SEC_PRIV_RESTORE they have
permission to change the ownership of a file.
This should fix bug 6987
Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source4/ntvfs/posix/pvfs_acl.c | 23 +++++++++++++++++++++--
source4/scripting/bin/samba_dnsupdate | 4 ++++
2 files changed, 25 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index 3336cd0..4cb6fce 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -25,6 +25,7 @@
#include "librpc/gen_ndr/xattr.h"
#include "libcli/security/security.h"
#include "param/param.h"
+#include "../lib/util/unix_privs.h"
#if defined(UID_WRAPPER)
#if !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE)
@@ -392,8 +393,26 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs,
} else {
ret = fchown(fd, new_uid, new_gid);
}
- if (errno == EPERM && uwrap_enabled()) {
- ret = 0;
+ if (errno == EPERM) {
+ if (uwrap_enabled()) {
+ ret = 0;
+ } else {
+ /* try again as root if we have SEC_PRIV_RESTORE or
+ SEC_PRIV_TAKE_OWNERSHIP */
+ if (security_token_has_privilege(req->session_info->security_token,
+ SEC_PRIV_RESTORE) ||
+ security_token_has_privilege(req->session_info->security_token,
+ SEC_PRIV_TAKE_OWNERSHIP)) {
+ void *privs;
+ privs = root_privileges();
+ if (fd == -1) {
+ ret = chown(name->full_name, new_uid, new_gid);
+ } else {
+ ret = fchown(fd, new_uid, new_gid);
+ }
+ talloc_free(privs);
+ }
+ }
}
if (ret == -1) {
return pvfs_map_errno(pvfs, errno);
diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate
index 9eaf3df..d8ad200 100755
--- a/source4/scripting/bin/samba_dnsupdate
+++ b/source4/scripting/bin/samba_dnsupdate
@@ -24,6 +24,10 @@ import sys
import dns.resolver
import tempfile
+# ensure we get messages out immediately, so they get in the samba logs,
+# and don't get swallowed by a timeout
+os.putenv('PYTHONUNBUFFERED', '1')
+
# Find right directory when running from source tree
sys.path.insert(0, "bin/python")
--
Samba Shared Repository
More information about the samba-cvs
mailing list