[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu Oct 4 16:37:02 MDT 2012
The branch, master has been updated
via 7859490 Ensure the masks don't conflict with the ACL checks.
via 18e07f1 Update WHATSNEW.txt with removed parameters.
via db62a15 Remove the parameters:
via 7622aa1 Remove all uses of lp_security_mask/lp_force_security_mode/lp_dir_security_mask/lp_force_dir_security_mode and replace with the normal masks. Now these parameters can be removed.
via 92fee00 Revert "Add functions to programatically set the security mask and directory security mask parameters."
via 3f5a3b6 Revert "When creating a new file/directory, we need to obey the create mask/directory mask parameters."
from 1bf209d html docs: Remove link to Using Samba.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 78594909b8b22bd07978922b1c85dfd6f6456963
Author: Jeremy Allison <jra at samba.org>
Date: Thu Oct 4 13:50:51 2012 -0700
Ensure the masks don't conflict with the ACL checks.
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Oct 5 00:36:40 CEST 2012 on sn-devel-104
commit 18e07f118c0d79b20a89e5fb566025bf88f72e63
Author: Jeremy Allison <jra at samba.org>
Date: Thu Oct 4 12:03:27 2012 -0700
Update WHATSNEW.txt with removed parameters.
commit db62a159b8833a4f1aee0c9733fd263b6d239d53
Author: Jeremy Allison <jra at samba.org>
Date: Wed Oct 3 16:04:18 2012 -0700
Remove the parameters:
security mask
force security mode
directory security mask
force directory security mode
and update the docs.
commit 7622aa16adeb00bf161a6dd07664c37125391272
Author: Jeremy Allison <jra at samba.org>
Date: Wed Oct 3 14:49:01 2012 -0700
Remove all uses of lp_security_mask/lp_force_security_mode/lp_dir_security_mask/lp_force_dir_security_mode
and replace with the normal masks. Now these parameters can be removed.
commit 92fee007bbc0a5ab3a16c8f1521478d4813d0b79
Author: Jeremy Allison <jra at samba.org>
Date: Wed Oct 3 13:59:43 2012 -0700
Revert "Add functions to programatically set the security mask and directory security mask parameters."
This reverts commit 8f0ecbbbeebff0174579a78827d384067cd4cbb7.
Not now needed as part of the move to remove security mask parameters.
commit 3f5a3b60e267d8342a95fff54428f0b13086ff77
Author: Jeremy Allison <jra at samba.org>
Date: Wed Oct 3 13:58:53 2012 -0700
Revert "When creating a new file/directory, we need to obey the create mask/directory mask parameters."
This reverts commit c251a6b0442abc13bc8be4ff8de324c1d7706a78.
Remove this as we're planning to remove the security mask,
directory security mask parameters and only use create mask/directory mask.
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 4 ++
docs-xml/smbdotconf/security/createmask.xml | 5 +--
docs-xml/smbdotconf/security/directorymask.xml | 8 ++--
.../smbdotconf/security/directorysecuritymask.xml | 32 ++---------------
docs-xml/smbdotconf/security/forcecreatemode.xml | 6 +++
.../smbdotconf/security/forcedirectorymode.xml | 6 +++
.../security/forcedirectorysecuritymode.xml | 38 ++-----------------
docs-xml/smbdotconf/security/forcesecuritymode.xml | 38 +++-----------------
docs-xml/smbdotconf/security/securitymask.xml | 33 ++---------------
examples/scripts/shares/python/smbparm.py | 4 --
lib/param/param_functions.c | 4 --
lib/param/param_table.c | 36 ------------------
selftest/target/Samba3.pm | 3 +-
selftest/target/Samba4.pm | 3 +-
source3/include/proto.h | 6 ---
source3/param/loadparm.c | 18 ---------
source3/smbd/open.c | 15 --------
source3/smbd/posix_acls.c | 16 ++++----
source3/smbd/trans2.c | 14 +------
19 files changed, 51 insertions(+), 238 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index c62676e..f1089db 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -114,9 +114,12 @@ smb.conf changes
client signing Changed default default
dcerpc endpoint servers New
dgram port New 0
+ directory security mask Removed
display charset Removed
dns forwarder New
dns update command New
+ force security mode Removed
+ force directory security mode Removed
homedir map Changed default auto.home
kernel share modes New Yes
kpasswd port New 0
@@ -134,6 +137,7 @@ smb.conf changes
rndc command New
rpc big endian New No
samba kcc command New
+ security mask Removed
send spnego principal Removed
server max protocol New SMB3
server min protocol New LANMAN1
diff --git a/docs-xml/smbdotconf/security/createmask.xml b/docs-xml/smbdotconf/security/createmask.xml
index cf6864c..59e208d 100644
--- a/docs-xml/smbdotconf/security/createmask.xml
+++ b/docs-xml/smbdotconf/security/createmask.xml
@@ -28,9 +28,8 @@
</para>
<para>
- Note that this parameter does not apply to permissions set by Windows NT/2000 ACL editors. If the
- administrator wishes to enforce a mask on access control lists also, they need to set the <smbconfoption
- name="security mask"/>.
+ New in Samba 4.0.0. This mask is applied whenever permissions are changed on a file. To allow clients full control
+ over permission changes it should be set to 0777.
</para>
</description>
diff --git a/docs-xml/smbdotconf/security/directorymask.xml b/docs-xml/smbdotconf/security/directorymask.xml
index 7b67f79..2ebfc16 100644
--- a/docs-xml/smbdotconf/security/directorymask.xml
+++ b/docs-xml/smbdotconf/security/directorymask.xml
@@ -24,14 +24,14 @@
created from this parameter with the value of the <smbconfoption name="force directory mode"/> parameter.
This parameter is set to 000 by default (i.e. no extra mode bits are added).</para>
- <para>Note that this parameter does not apply to permissions
- set by Windows NT/2000 ACL editors. If the administrator wishes to enforce
- a mask on access control lists also, they need to set the <smbconfoption name="directory security mask"/>.</para>
+ <para>
+ New in Samba 4.0.0. This mask is applied whenever permissions are changed on a directory. To allow clients full control
+ over permission changes it should be set to 0777.
+ </para>
</description>
<related>force directory mode</related>
<related>create mask</related>
-<related>directory security mask</related>
<related>inherit permissions</related>
<value type="default">0755</value>
<value type="example">0775</value>
diff --git a/docs-xml/smbdotconf/security/directorysecuritymask.xml b/docs-xml/smbdotconf/security/directorysecuritymask.xml
index 5ed85ae..0bd5d93 100644
--- a/docs-xml/smbdotconf/security/directorysecuritymask.xml
+++ b/docs-xml/smbdotconf/security/directorysecuritymask.xml
@@ -3,37 +3,11 @@
type="string"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
- <para>This parameter controls what UNIX permission bits
- will be set when a Windows NT client is manipulating the UNIX
- permission on a directory using the native NT security dialog
- box.</para>
-
<para>
- This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus resetting
- any bits not in this mask. Make sure not to mix up this parameter with <smbconfoption name="force
- directory security mode"/>, which works similar like this one but uses logical OR instead of AND.
- Essentially, zero bits in this mask are a set of bits that will always be set to zero.
- </para>
-
+ This parameter has been removed for Samba 4.0.0. The parameter
+ <smbconfoption name="directory mask"/> is now used instead to mask
+ any permission bit changes on directories.
<para>
- Essentially, all bits set to zero in this mask will result in setting to zero the corresponding bits on the
- file permissions regardless of the previous status of this bits on the file.
- </para>
-
- <para>If not set explicitly this parameter is set to 0777
- meaning a user is allowed to set all the user/group/world
- permissions on a directory.</para>
-
- <para><emphasis>Note</emphasis> that users who can access the
- Samba server through other means can easily bypass this restriction,
- so it is primarily useful for standalone "appliance" systems.
- Administrators of most normal systems will probably want to leave
- it as the default of <constant>0777</constant>.</para>
</description>
-<related>force directory security mode</related>
-<related>security mask</related>
-<related>force security mode</related>
-<value type="default">0777</value>
-<value type="example">0700</value>
</samba:parameter>
diff --git a/docs-xml/smbdotconf/security/forcecreatemode.xml b/docs-xml/smbdotconf/security/forcecreatemode.xml
index a3f1c2c..5a57a29 100644
--- a/docs-xml/smbdotconf/security/forcecreatemode.xml
+++ b/docs-xml/smbdotconf/security/forcecreatemode.xml
@@ -10,6 +10,12 @@
mode after the mask set in the <parameter moreinfo="none">create mask</parameter>
parameter is applied.</para>
+ <para>
+ New in Samba 4.0.0. This mode is also 'OR'ed into the mode bits whenever
+ permissions are changed on a file, not just when the file is created.
+ This replaces the now removed <parameter moreinfo="none">force security mode</parameter>.
+ </para>
+
<para>The example below would force all newly created files to have read and execute
permissions set for 'group' and 'other' as well as the
read/write/execute bits set for the 'user'.</para>
diff --git a/docs-xml/smbdotconf/security/forcedirectorymode.xml b/docs-xml/smbdotconf/security/forcedirectorymode.xml
index 7effc0e..e5b37ea 100644
--- a/docs-xml/smbdotconf/security/forcedirectorymode.xml
+++ b/docs-xml/smbdotconf/security/forcedirectorymode.xml
@@ -12,6 +12,12 @@
mask in the parameter <parameter moreinfo="none">directory mask</parameter> is
applied.</para>
+ <para>
+ New in Samba 4.0.0. This mode is also 'OR'ed into the mode bits whenever
+ permissions are changed on a directory, not just when the file is created.
+ This replaces the now removed <parameter moreinfo="none">force directory security mode</parameter>.
+ </para>
+
<para>The example below would force all created directories to have read and execute
permissions set for 'group' and 'other' as well as the
read/write/execute bits set for the 'user'.</para>
diff --git a/docs-xml/smbdotconf/security/forcedirectorysecuritymode.xml b/docs-xml/smbdotconf/security/forcedirectorysecuritymode.xml
index 2c15ec2..01e5fe9 100644
--- a/docs-xml/smbdotconf/security/forcedirectorysecuritymode.xml
+++ b/docs-xml/smbdotconf/security/forcedirectorysecuritymode.xml
@@ -4,40 +4,10 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
- This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating
- the UNIX permission on a directory using the native NT security dialog box.
- </para>
-
+ This parameter has been removed for Samba 4.0.0. The parameter
+ <smbconfoption name="force directory mode"/> is now used instead to
+ force any permission changes on directories to include specific UNIX
+ permission bits.
<para>
- This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this
- mask that the user may have modified to be on. Make sure not to mix up this parameter with <smbconfoption
- name="directory security mask"/>, which works in a similar manner to this one, but uses a logical AND instead
- of an OR.
- </para>
-
- <para>
- Essentially, this mask may be treated as a set of bits that, when modifying security on a directory,
- to will enable (1) any flags that are off (0) but which the mask has set to on (1).
- </para>
-
- <para>
- If not set explicitly this parameter is 0000, which allows a user to modify all the user/group/world
- permissions on a directory without restrictions.
- </para>
-
- <note><para>
- Users who can access the Samba server through other means can easily bypass this restriction, so it is
- primarily useful for standalone "appliance" systems. Administrators of most normal systems will
- probably want to leave it set as 0000.
- </para></note>
-
</description>
-
-<value type="default">0</value>
-<value type="example">700</value>
-
-<related>directory security mask</related>
-<related>security mask</related>
-<related>force security mode</related>
-
</samba:parameter>
diff --git a/docs-xml/smbdotconf/security/forcesecuritymode.xml b/docs-xml/smbdotconf/security/forcesecuritymode.xml
index 7451ef9..b6713b1 100644
--- a/docs-xml/smbdotconf/security/forcesecuritymode.xml
+++ b/docs-xml/smbdotconf/security/forcesecuritymode.xml
@@ -4,38 +4,10 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
- This parameter controls what UNIX permission bits can be modified when a Windows NT client is manipulating
- the UNIX permission on a file using the native NT security dialog box.
- </para>
-
- <para>
- This parameter is applied as a mask (OR'ed with) to the changed permission bits, thus forcing any bits in this
- mask that the user may have modified to be on. Make sure not to mix up this parameter with <smbconfoption
- name="security mask"/>, which works similar like this one but uses logical AND instead of OR.
- </para>
-
- <para>
- Essentially, one bits in this mask may be treated as a set of bits that, when modifying security on a file,
- the user has always set to be on.
- </para>
-
- <para>
- If not set explicitly this parameter is set to 0, and allows a user to modify all the user/group/world
- permissions on a file, with no restrictions.
- </para>
-
- <para><emphasis>
- Note</emphasis> that users who can access the Samba server through other means can easily bypass this
- restriction, so it is primarily useful for standalone "appliance" systems. Administrators of most
- normal systems will probably want to leave this set to 0000.
- </para>
-
+ This parameter has been removed for Samba 4.0.0. The parameter
+ <smbconfoption name="force create mode"/> is now used instead to
+ force any permission changes on files to include specific UNIX
+ permission bits.
+ </para>
</description>
-
-<value type="default">0</value>
-<value type="example">700</value>
-
-<related>force directory security mode</related>
-<related>directory security mask</related>
-<related>security mask</related>
</samba:parameter>
diff --git a/docs-xml/smbdotconf/security/securitymask.xml b/docs-xml/smbdotconf/security/securitymask.xml
index 23bc280..d1e78be 100644
--- a/docs-xml/smbdotconf/security/securitymask.xml
+++ b/docs-xml/smbdotconf/security/securitymask.xml
@@ -4,36 +4,9 @@
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
<description>
<para>
- This parameter controls what UNIX permission bits will be set when a Windows NT client is manipulating the
- UNIX permission on a file using the native NT security dialog box.
- </para>
-
- <para>
- This parameter is applied as a mask (AND'ed with) to the incoming permission bits, thus resetting
- any bits not in this mask. Make sure not to mix up this parameter with <smbconfoption name="force
- security mode"/>, which works in a manner similar to this one but uses a logical OR instead of an AND.
- </para>
-
- <para>
- Essentially, all bits set to zero in this mask will result in setting to zero the corresponding bits on the
- file permissions regardless of the previous status of this bits on the file.
- </para>
-
- <para>
- If not set explicitly this parameter is 0777, allowing a user to set all the user/group/world permissions on a file.
+ This parameter has been removed for Samba 4.0.0. The parameter
+ <smbconfoption name="create mask"/> is now used instead to mask
+ any permission bit changes on files.
</para>
-
- <para><emphasis>
- Note</emphasis> that users who can access the Samba server through other means can easily bypass this
- restriction, so it is primarily useful for standalone "appliance" systems. Administrators of
- most normal systems will probably want to leave it set to <constant>0777</constant>.
- </para>
</description>
-
-<related>force directory security mode</related>
-<related>directory security mask</related>
-<related>force security mode</related>
-
-<value type="default">0777</value>
-<value type="example">0770</value>
</samba:parameter>
diff --git a/examples/scripts/shares/python/smbparm.py b/examples/scripts/shares/python/smbparm.py
index 8dca781..f0bc1ec 100644
--- a/examples/scripts/shares/python/smbparm.py
+++ b/examples/scripts/shares/python/smbparm.py
@@ -89,7 +89,6 @@ parm_table = {
"ROOTPREEXEC" : ("root preexec", SambaParmString, P_LOCAL, ""),
"WRITEOK" : ("read only", SambaParmBoolRev, P_LOCAL, "Yes"),
"MAXLOGSIZE" : ("max log size", SambaParmString, P_GLOBAL, "5000"),
- "FORCESECURITYMODE" : ("force security mode", SambaParmString, P_LOCAL, "00"),
"VFSOBJECT" : ("vfs objects", SambaParmString, P_LOCAL, ""),
"CHECKPASSWORDSCRIPT" : ("check password script", SambaParmString, P_GLOBAL, ""),
"DELETEPRINTERCOMMAND" : ("deleteprinter command", SambaParmString, P_GLOBAL, ""),
@@ -102,7 +101,6 @@ parm_table = {
"DOSFILEMODE" : ("dos filemode", SambaParmBool, P_LOCAL, "No"),
"LOGFILE" : ("log file", SambaParmString, P_GLOBAL, ""),
"WORKGROUP" : ("workgroup", SambaParmString, P_GLOBAL, "WORKGROUP"),
- "DIRECTORYSECURITYMASK" : ("directory security mask", SambaParmString, P_LOCAL, "0777"),
"ENCRYPTPASSWORDS" : ("encrypt passwords", SambaParmBool, P_GLOBAL, "Yes"),
"PRINTABLE" : ("printable", SambaParmBool, P_LOCAL, "No"),
"MAXPROTOCOL" : ("max protocol", SambaParmString, P_GLOBAL, "NT1"),
@@ -147,7 +145,6 @@ parm_table = {
"LEVEL2OPLOCKS" : ("level2 oplocks", SambaParmBool, P_LOCAL, "Yes"),
"LARGEREADWRITE" : ("large readwrite", SambaParmBool, P_GLOBAL, "Yes"),
"LDAPREPLICATIONSLEEP" : ("ldap replication sleep", SambaParmString, P_GLOBAL, "1000"),
- "SECURITYMASK" : ("security mask", SambaParmString, P_LOCAL, "0777"),
"LDAPUSERSUFFIX" : ("ldap user suffix", SambaParmString, P_GLOBAL, ""),
"NETBIOSNAME" : ("netbios name", SambaParmString, P_GLOBAL, "PANTHER"),
"LOCKSPINCOUNT" : ("lock spin count", SambaParmString, P_GLOBAL, "3"),
@@ -184,7 +181,6 @@ parm_table = {
"POSIXLOCKING" : ("posix locking", SambaParmBool, P_LOCAL, "Yes"),
"INCLUDE" : ("include", SambaParmString, P_LOCAL, ""),
"ALGORITHMICRIDBASE" : ("algorithmic rid base", SambaParmString, P_GLOBAL, "1000"),
- "FORCEDIRECTORYSECURITYMODE": ("force directory security mode", SambaParmString, P_LOCAL, "00"),
"ANNOUNCEVERSION" : ("announce version", SambaParmString, P_GLOBAL, "4.9"),
"USERNAMEMAP" : ("username map", SambaParmString, P_GLOBAL, ""),
"MANGLEDNAMES" : ("mangled names", SambaParmBool, P_LOCAL, "Yes"),
diff --git a/lib/param/param_functions.c b/lib/param/param_functions.c
index ce2f671..d5cd018 100644
--- a/lib/param/param_functions.c
+++ b/lib/param/param_functions.c
@@ -134,10 +134,6 @@ FN_LOCAL_BOOL(afs_share, bAfs_Share)
FN_LOCAL_BOOL(acl_check_permissions, bAclCheckPermissions)
FN_LOCAL_BOOL(acl_group_control, bAclGroupControl)
FN_LOCAL_BOOL(acl_map_full_control, bAclMapFullControl)
-FN_LOCAL_INTEGER(security_mask, iSecurity_mask)
-FN_LOCAL_INTEGER(force_security_mode, iSecurity_force_mode)
-FN_LOCAL_INTEGER(dir_security_mask, iDir_Security_mask)
-FN_LOCAL_INTEGER(force_dir_security_mode, iDir_Security_force_mode)
FN_LOCAL_INTEGER(defaultcase, iDefaultCase)
FN_LOCAL_INTEGER(minprintspace, iMinPrintSpace)
FN_LOCAL_INTEGER(printing, iPrinting)
diff --git a/lib/param/param_table.c b/lib/param/param_table.c
index 325f295..01f65fe 100644
--- a/lib/param/param_table.c
+++ b/lib/param/param_table.c
@@ -957,24 +957,6 @@ static struct parm_struct parm_table[] = {
.flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE,
},
{
- .label = "security mask",
- .type = P_OCTAL,
- .p_class = P_LOCAL,
- .offset = LOCAL_VAR(iSecurity_mask),
- .special = NULL,
- .enum_list = NULL,
- .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE,
- },
- {
- .label = "force security mode",
- .type = P_OCTAL,
- .p_class = P_LOCAL,
- .offset = LOCAL_VAR(iSecurity_force_mode),
- .special = NULL,
- .enum_list = NULL,
- .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE,
- },
- {
.label = "directory mask",
.type = P_OCTAL,
.p_class = P_LOCAL,
@@ -1002,24 +984,6 @@ static struct parm_struct parm_table[] = {
.flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE,
},
{
- .label = "directory security mask",
- .type = P_OCTAL,
- .p_class = P_LOCAL,
- .offset = LOCAL_VAR(iDir_Security_mask),
- .special = NULL,
- .enum_list = NULL,
- .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE,
- },
- {
- .label = "force directory security mode",
- .type = P_OCTAL,
- .p_class = P_LOCAL,
- .offset = LOCAL_VAR(iDir_Security_force_mode),
- .special = NULL,
- .enum_list = NULL,
- .flags = FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE,
- },
- {
.label = "force unknown acl user",
.type = P_BOOL,
.p_class = P_LOCAL,
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 8404635..5c86612 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -909,7 +909,8 @@ sub provision($$$$$$)
map system = no
map readonly = no
store dos attributes = yes
- create mask = 755
+ create mask = 0777
+ directory mask = 0777
dos filemode = yes
vfs objects = $vfs_modulesdir_abs/acl_xattr.so $vfs_modulesdir_abs/fake_acls.so $vfs_modulesdir_abs/xattr_tdb.so $vfs_modulesdir_abs/streams_depot.so
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index ab46f2a..fbc8117 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1390,7 +1390,8 @@ sub provision_plugin_s4_dc($$)
smbd:sharedelay = 100000
smbd:writetimeupdatedelay = 500000
- create mask = 755
+ create mask = 0777
+ directory mask = 0777
dos filemode = yes
dcerpc endpoint servers = -winreg -srvsvc
diff --git a/source3/include/proto.h b/source3/include/proto.h
index e42c33d..ac3d205 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -1188,8 +1188,6 @@ bool lp_getwd_cache(void);
int lp_srv_maxprotocol(void);
int lp_srv_minprotocol(void);
int lp_security(void);
-int lp_set_security_mask(int snum, int new_val);
-int lp_set_directory_security_mask(int snum, int new_mask);
int lp__server_role(void);
int lp__security(void);
int lp__domain_master(void);
@@ -1332,12 +1330,8 @@ bool lp_acl_map_full_control(int );
bool lp_durable_handles(int);
int lp_create_mask(int );
int lp_force_create_mode(int );
-int lp_security_mask(int );
-int lp_force_security_mode(int );
int lp_dir_mask(int );
int lp_force_dir_mode(int );
-int lp_dir_security_mask(int );
-int lp_force_dir_security_mode(int );
int lp_max_connections(int );
int lp_defaultcase(int );
int lp_minprintspace(int );
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 960a644..42bf11d 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -191,12 +191,8 @@ static struct loadparm_service sDefault =
.iWriteCacheSize = 0,
.iCreate_mask = 0744,
.iCreate_force_mode = 0,
- .iSecurity_mask = 0777,
- .iSecurity_force_mode = 0,
.iDir_mask = 0755,
.iDir_force_mode = 0,
- .iDir_Security_mask = 0777,
- .iDir_Security_force_mode = 0,
.iMaxConnections = 0,
.iDefaultCase = CASE_LOWER,
.iPrinting = DEFAULT_PRINTING,
@@ -5476,17 +5472,3 @@ int lp_security(void)
return lp_find_security(lp__server_role(),
lp__security());
}
-
-int lp_set_security_mask(int snum, int new_val)
-{
- int ret = ServicePtrs[snum]->iSecurity_mask;
- ServicePtrs[snum]->iSecurity_mask = new_val;
- return ret;
-}
-
-int lp_set_directory_security_mask(int snum, int new_val)
-{
- int ret = ServicePtrs[snum]->iDir_Security_mask;
- ServicePtrs[snum]->iDir_Security_mask = new_val;
- return ret;
-}
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index bea4d99..d4babd4 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3436,9 +3436,6 @@ static NTSTATUS inherit_new_acl(files_struct *fsp)
bool inherit_owner = lp_inherit_owner(SNUM(fsp->conn));
bool inheritable_components = false;
size_t size = 0;
- int orig_security_mask = 0;
- int orig_directory_security_mask = 0;
- int snum = SNUM(fsp->conn);
if (!parent_dirname(ctx, fsp->fsp_name->base_name, &parent_name, NULL)) {
return NT_STATUS_NO_MEMORY;
@@ -3509,14 +3506,6 @@ static NTSTATUS inherit_new_acl(files_struct *fsp)
NDR_PRINT_DEBUG(security_descriptor, psd);
}
- /* Temporarily replace the security masks with the create masks,
- as we're actually doing a create here - we only call this
- when we've created a file or directory - but there's no
- way for FSET_NT_ACL to know the difference. */
--
Samba Shared Repository
More information about the samba-cvs
mailing list