[SCM] Samba Shared Repository - branch master updated
Ralph Böhme
slow at samba.org
Fri Jan 26 11:31:01 UTC 2024
The branch, master has been updated
via d63e972aa09 WHATSNEW: Add entry for new save/restore options for smbcacls
via a9028f25e6a WHATSNEW: Add entry for wspsearch client utility
via 49b6137f7c2 s3: Make build of wspsearch client enabled by default
via 697d41420b4 Revert "vfs_acl_xattr.c: prefer capabilities over become_root"
from 39e3300b8d8 smbd: Some README.Coding in smbd_do_qfilepathinfo()
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d63e972aa098a2bd0f76f03734c8d0790857b605
Author: Noel Power <noel.power at suse.com>
Date: Tue Jan 9 11:02:28 2024 +0000
WHATSNEW: Add entry for new save/restore options for smbcacls
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Jan 26 11:30:07 UTC 2024 on atb-devel-224
commit a9028f25e6a7251b104d11aab3c4d0494c086c7b
Author: Noel Power <noel.power at suse.com>
Date: Mon Jan 8 17:01:26 2024 +0000
WHATSNEW: Add entry for wspsearch client utility
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 49b6137f7c2244aeb3cf9b65fc9d46fcf0b8dc55
Author: Noel Power <noel.power at suse.com>
Date: Mon Jan 8 16:45:16 2024 +0000
s3: Make build of wspsearch client enabled by default
Although wspsearch client is experimental it is probably better to
enable its building by default so it gets has some opportunity to be
used/tested by users.
Signed-off-by: Noel Power <noel.power at suse.com>
commit 697d41420b4f4830396acfbc96bd1f1c1f0531f4
Author: Anoop C S <anoopcs at samba.org>
Date: Wed Jan 24 15:06:53 2024 +0530
Revert "vfs_acl_xattr.c: prefer capabilities over become_root"
This reverts commit 0e3836e3961f2b7c39173ce1023d3c92addef630.
With capabilities preferred over become_root() we failed to achieve
the basic goal of storing NT ACLs in xattrs using vfs_acl_xattr. This
is due to the fact that apart from CAP_DAC_OVERRIDE it is manadatory
to have CAP_SYS_ADMIN for write access to xattrs from security
namespace[1]. Despite the option to configure the xattr name within
the module we should not anticipate and miss to consider xattrs from
security namespace which is far more protected even with our default
name "security.NTACL".
Theorotically we could make it work by adding another capability on
top of existing ones. But given the functions designed around this
area we may not be able to come up with a cleaner change which can
handle the fallback mechanism to become_root(). Any failure to set
the very first capability would put us in become_root() path where
further capabilities are mostly not required. Thus reverting to old
behaviour to always become_root() until we have a cleaner approach
to handle the fallback while modifying multiple capabilities at once.
[1] https://www.man7.org/linux/man-pages/man7/xattr.7.html
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 27 +++++++++++++++++++++++++++
source3/modules/vfs_acl_xattr.c | 12 ++++++------
source3/wscript | 2 +-
3 files changed, 34 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index aba6726840c..e2bd54a1d01 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -81,6 +81,33 @@ Supported operations include:
credentials cache with a new command
"samba-tool user get-kerberos-ticket"
+New Windows Search Protocol Client
+----------------------------------
+
+Samba now by default builds new experimental Windows Search Protocol (WSP)
+command line client "wspsearch"
+
+The "wspsearch" cmd-line utility allows a WSP search request to be sent
+to a server (such as a windows server) that has the (WSP)
+Windows Search Protocol service configured and enabled.
+
+For more details see the wspsearch man page.
+
+Allow 'smbcacls' to save/restore DACLs to file
+--------------------------------------------
+
+'smbcacls' has been extended to allow DACLs to be saved and restored
+to/from a file. This feature mimics the functionality that windows cmd
+line tool 'icacls.exe' provides. Additionally files created either
+by 'smbcalcs' or 'icacls.exe' are interchangeable and can be used by
+either tool as the same file format is used.
+
+New options added are:
+ - '--save savefile' Saves DACLs in sddl format to file
+ - '--recurse' Performs the '--save' operation above on directory
+ and all files/directories below.
+ - '--restore savefile' Restores the stored DACLS to files in directory
+
REMOVED FEATURES
================
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index ee247a312f7..1a3ab34d659 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -46,12 +46,12 @@ static ssize_t getxattr_do(vfs_handle_struct *handle,
ssize_t sizeret;
int saved_errno = 0;
- set_effective_capability(DAC_OVERRIDE_CAPABILITY);
+ become_root();
sizeret = SMB_VFS_FGETXATTR(fsp, xattr_name, val, size);
if (sizeret == -1) {
saved_errno = errno;
}
- drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
+ unbecome_root();
if (saved_errno != 0) {
errno = saved_errno;
@@ -132,13 +132,13 @@ static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
DEBUG(10,("store_acl_blob_fsp: storing blob length %u on file %s\n",
(unsigned int)pblob->length, fsp_str_dbg(fsp)));
- set_effective_capability(DAC_OVERRIDE_CAPABILITY);
+ become_root();
ret = SMB_VFS_FSETXATTR(fsp, XATTR_NTACL_NAME,
pblob->data, pblob->length, 0);
if (ret) {
saved_errno = errno;
}
- drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
+ unbecome_root();
if (ret) {
DEBUG(5, ("store_acl_blob_fsp: setting attr failed for file %s"
"with error %s\n",
@@ -175,9 +175,9 @@ static int sys_acl_set_fd_xattr(vfs_handle_struct *handle,
return 0;
}
- set_effective_capability(DAC_OVERRIDE_CAPABILITY);
+ become_root();
SMB_VFS_FREMOVEXATTR(fsp, XATTR_NTACL_NAME);
- drop_effective_capability(DAC_OVERRIDE_CAPABILITY);
+ unbecome_root();
return 0;
}
diff --git a/source3/wscript b/source3/wscript
index 42af1f44975..12394ef84b1 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -100,7 +100,7 @@ def options(opt):
# default = None means autodetection
opt.samba_add_onoff_option('spotlight', with_name="enable", without_name="disable", default=None)
- opt.samba_add_onoff_option('wsp', with_name="enable", without_name="disable", default=False)
+ opt.samba_add_onoff_option('wsp', with_name="enable", without_name="disable", default=True)
def configure(conf):
default_static_modules = []
--
Samba Shared Repository
More information about the samba-cvs
mailing list