search for: access_check

...se > int acl_check(const char *aclname, const struct sockaddr_storage *addr) > { > struct acl_t *tmp; > @@ -88,9 +112,14 @@ > > return 0; /* not found */ > } > +#endif > > /* return ACCEPT/REJECT based on source address */ > +#ifndef HAVE_IPV6 > +int access_check(const struct sockaddr_in *addr) > +#else > int access_check(const struct sockaddr_storage *addr) > +#endif > { > struct access_t *tmp; > int ret; > @@ -147,6 +176,23 @@ > tmp = tmp->next; > } > > +#ifndef HAVE_IPV6 > + tmp = xmalloc(sizeof(struct...

I've been trying to run a .NET app on Windows 2008 against a Samba v3.6.1 server running on OpenSuse x64 v12.1 but keep running into problems. What the .NET app is doing is trying to read the ACL for a directory using UNC path pointing to a directory below the "users" share on the samba server. The app is running as user Administrator. On the samba side the Administrator user has

Hello there, I have been trying to make the patch work for libwrap(TCP Wrappers) posted on http://dovecot.org/patches <http://dovecot.org/patches%20Patch%20of%201.1> Patch of 1.1 but could not get it work. Any help will be highly appreciated. After compiling and running it I get error "Error: login_tcp_wrappers can't be used because Dovecot wasn't built with

...gt; - > + if (!strcmp(tmp->name, aclname)) > + if (mask_cmp (addr, tmp->mask, &tmp->addr)) > + return 1; > tmp = tmp->next; > } > - > + > return 0; /* not found */ > } > > /* return ACCEPT/REJECT based on source address */ > -int access_check(const struct sockaddr_in *addr) > +int access_check(const struct sockaddr_storage *addr) > { > struct access_t *tmp; > int ret; > @@ -108,21 +147,83 @@ > tmp = tmp->next; > } > > + /* memset (&saddr, 0, sizeof (struct sockaddr_storage)); */ > tmp =...

...0: SAMR_ACCESS_CREATE_DOMAIN 0: SAMR_ACCESS_ENUM_DOMAINS 0: SAMR_ACCESS_LOOKUP_DOMAIN [2013/11/06 11:37:19.018811, 5] rpc_server/samr/srv_samr_nt.c:3932(_samr_Connect2) _samr_Connect2: 3932 [2013/11/06 11:37:19.018834, 10] ../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f003f [2013/11/06 11:37:19.018855, 4] rpc_server/srv_access_check.c:83(access_check_object) _samr_Connect2: ACCESS should be DENIED (requested: 0x000f003f) but overritten by euid == sec_initial_uid() [2013/11/06 11:37:19....

...se_proctitle, verbose_ssl, verbose_auth, auth_debug; +bool verbose_proctitle, verbose_ssl, verbose_auth, auth_debug, tcp_wrappers; bool ssl_require_client_cert; const char *greeting, *log_format; const char *const *log_format_elements; @@ -75,6 +83,45 @@ io_loop_stop(ioloop); } +static void access_check(int fd, const struct ip_addr *ip, bool ssl) +{ +#ifdef HAVE_LIBWRAP + struct request_info req; + char *daemon; + string_t *process_name_ssl; + + if (!tcp_wrappers) + return; + if (!process_per_connection) + i_fatal("Tried to use TCP wrapers with process_per_connection=no"); + + if (ssl)...

...bbb [2020/06/05 16:40:40.672840, 10, pid=2781, effective(0, 0), real(0, 0)] ../../source3/smbd/share_access.c:271(is_share_read_only is_share_read_only_for_user: share IPC$ is read-only for unix user bbb [2020/06/05 16:40:40.672868, 10, pid=2781, effective(0, 0), real(0, 0)] ../../libcli/security/access_check.c:366(se_file_access_ se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff [2020/06/05 16:40:40.672915, 4, pid=2781, effective(0, 0), real(0, 0)] ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) setting sec ctx (1003, 101) - sec_ctx_stack_ndx = 0 [2020/06/05 16:40:40.672941,...

...igate into the directory. It turns out, that this is a (possibly intended ...) feature of the windows 7 explorer. It seems to evaluate the reply from the samba (4.0.1) server differently than older windows. Looking into the samba code i found, that it interprets the access permissions (function se_access_check in libcli/security/access_check.c) and does not succeed for the NFS4 ACLs (because this is not implemented). So i wonder, why the samba server should try to interpret the access permissions itself. As we do not want any windows specialties be in effect (nor do we want to modify the ACLs on the Uni...

...0:40.672840, 10, pid=2781, effective(0, 0), real(0, 0)] > ../../source3/smbd/share_access.c:271(is_share_read_only > is_share_read_only_for_user: share IPC$ is read-only for unix user bbb > [2020/06/05 16:40:40.672868, 10, pid=2781, effective(0, 0), real(0, 0)] > ../../libcli/security/access_check.c:366(se_file_access_ > se_file_access_check: MAX desired = 0x2000000 mapped to 0x1f01ff > [2020/06/05 16:40:40.672915, 4, pid=2781, effective(0, 0), real(0, 0)] > ../../source3/smbd/sec_ctx.c:320(set_sec_ctx_internal) > setting sec ctx (1003, 101) - sec_ctx_stack_ndx = 0 > [202...

...0: SAMR_ACCESS_LOOKUP_DOMAIN [2019/02/28 10:33:22.388966, 5, pid=18451, effective(0, 0), real(0, 0), class=rpc_srv] ../../source3/rpc_server/samr/srv_samr_nt.c:3889(_samr_Connect2) _samr_Connect2: 3889 [2019/02/28 10:33:22.389011, 10, pid=18451, effective(0, 0), real(0, 0)] ../../libcli/security/access_check.c:58(se_map_generic) se_map_generic(): mapped mask 0xb0000000 to 0x000f003f [2019/02/28 10:33:22.389047, 4, pid=18451, effective(0, 0), real(0, 0)] ../../source3/rpc_server/srv_access_check.c:95(access_check_object) _samr_Connect2: ACCESS should be DENIED (requested: 0x000f003f) but overrit...

Am 23.02.19 um 22:23 schrieb Rowland Penny via samba: > On Sat, 23 Feb 2019 21:54:31 +0100 > Alexander Spannagel via samba <samba at lists.samba.org> wrote: > >> Am 23.02.19 um 15:48 schrieb Rowland Penny via samba: >>>>>>>>> If you have, as you have, 'files sss winbind' in the the >>>>>>>>> passwd & group line

..../lib/tevent/tevent_queue.c Compiling ../lib/tevent/tevent_standard.c Compiling ../lib/tevent/tevent_select.c Compiling ../lib/tevent/tevent_poll.c Compiling ../lib/tevent/tevent_epoll.c Compiling lib/server_contexts.c Compiling lib/ldap_escape.c Compiling lib/secdesc.c Compiling ../libcli/security/access_check.c Compiling ../libcli/security/secace.c Compiling ../libcli/security/object_tree.c Compiling ../libcli/security/sddl.c Compiling ../libcli/security/secacl.c Compiling lib/fncall.c Compiling libads/krb5_errs.c Compiling lib/system_smbd.c Compiling lib/audit.c Compiling ../librpc/ndr/ndr_basic.c Comp...

Hello, I have a question because POSIX ACL with SMB2 max protocol does not work properly.Did you test VFS xattr acls with SMB2 max protocol? Is it working corectly? Best regards/Adrian Berlin --

...dr_ntsvcs.c Partially linking bin/mergedobj/ndr_standard.o Compiling ../librpc/gen_ndr/ndr_security.c Compiling ../librpc/ndr/ndr_sec_helper.c Compiling librpc/gen_ndr/ndr_server_id.c Partially linking bin/mergedobj/ndr_security.o Compiling libcli/security/security_token.c Compiling libcli/security/access_check.c Compiling libcli/security/privilege.c Compiling libcli/security/create_descriptor.c libcli/security/create_descriptor.c:250: warning: ?cr_descr_log_acl? defined but not used Compiling libcli/security/object_tree.c Partially linking bin/mergedobj/security.o Compiling ../libcli/security/dom_sid.c C...