Revert "s4:tls_tstream: allow mode of SSL keyfile to be 0400, not only 0600"
Andrew Bartlett
abartlet at samba.org
Fri Mar 28 14:43:39 MDT 2014
On Fri, 2014-03-28 at 12:38 +0100, Stefan Metzmacher wrote:
> The branch, master has been updated
> via a2c3479 Revert "s4:tls_tstream: allow mode of SSL keyfile to be 0400, not only 0600"
> from 0dd648a s4:librpc/rpc: remember "ncalrpc_dir" on the dcerpc_pipe->binding
>
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>
>
> - Log -----------------------------------------------------------------
> commit a2c34798782a1e4783c258d4e1950a2150d70e18
> Author: Stefan Metzmacher <metze at samba.org>
> Date: Fri Mar 28 10:24:56 2014 +0100
>
> Revert "s4:tls_tstream: allow mode of SSL keyfile to be 0400, not only 0600"
>
> This reverts commit 05c1fe50556e2330e23b7efb38e653428b9bdadf.
>
> This was discussed here:
> https://bugzilla.samba.org/show_bug.cgi?id=10392#c11
>
> This generated warnings like:
> invalid permissions on file
> '/memdisk/metze/W/b138235/samba/bin/ab/promoted_dc/private/tls/key.pem': has
> 0600 should be 0400'.
>
> I think we need a better way. Maybe file_check_permissions()
> should get allow_perms and deny_perms. And we would call it
> with allow_perms = 0400 and deny_perms = 0177. And bits in none
> of them are ignored.
>
> For now we revert this and wait for a better fix.
>
> Signed-off-by: Stefan Metzmacher <metze at samba.org>
> Reviewed-by: Andrew Bartlett <abartlet at samba.org>
>
> Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
> Autobuild-Date(master): Fri Mar 28 12:37:17 CET 2014 on sn-devel-104
Thanks for handling this.
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical
mailing list