search for: nt_status_is_ok

...(conn, fname, file_attributes, bad_path, True); + status = can_delete(conn, fname, file_attributes, bad_path, True, False); /* We're only going to fail here if it's access denied, as that's the only error we care about for "can we delete this ?" questions. */ if (!NT_STATUS_IS_OK(status) && (NT_STATUS_EQUAL(status,NT_STATUS_ACCESS_DENIED) || @@ -1281,7 +1281,7 @@ /* Setting FILE_SHARE_DELETE is the hint. */ if (lp_acl_check_permissions(SNUM(conn)) && (share_access & FILE_SHARE_DELETE) && (access_mask & DELETE_ACCESS)) { #endif - status...

...(conn, fname, file_attributes, bad_path, True); + status = can_delete(conn, fname, file_attributes, bad_path, True, False); /* We're only going to fail here if it's access denied, as that's the only error we care about for "can we delete this ?" questions. */ if (!NT_STATUS_IS_OK(status) && (NT_STATUS_EQUAL(status,NT_STATUS_ACCESS_DENIED) || @@ -1281,7 +1281,7 @@ /* Setting FILE_SHARE_DELETE is the hint. */ if (lp_acl_check_permissions(SNUM(conn)) && (share_access & FILE_SHARE_DELETE) && (access_mask & DELETE_ACCESS)) { #endif - status...

...cl_internal: ACL blob hash type " 699 "(%u) unexpected for file %s\n", 700 (unsigned int)hash_type, 701 smb_fname->base_name)); 702 TALLOC_FREE(psd_blob); 768 if (!NT_STATUS_IS_OK(status)) { 769 DEBUG(10, ("get_nt_acl_internal: get_next_acl for file %s " 770 "returned %s\n", 771 smb_fname->base_name, 772 nt_errstr(status)...

On Fri, Aug 26, 2016 at 06:33:26PM +0200, Ralph Böhme via samba wrote: > On Thu, Aug 25, 2016 at 12:14:00PM -0700, Jeremy Allison wrote: > > On Wed, Aug 24, 2016 at 04:06:42PM +0200, Ralph Böhme via samba wrote: > > > > > > Yeah, as much as I'd like to avoid adding a new option, I guess we > > > have to do something about it, my latest take on this is >

...*psd_blob = NULL; > struct security_descriptor *pdesc_next = NULL; > const struct smb_filename *smb_fname = NULL; > bool ignore_file_system_acl = lp_parm_bool(SNUM(handle->conn), > @@ -509,25 +509,25 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, > if (!NT_STATUS_IS_OK(status)) { > DEBUG(10, ("get_nt_acl_internal: get_acl_blob returned %s\n", > nt_errstr(status))); > - psd = NULL; > + psd_blob = NULL; > goto out; > } else { > - status = parse_acl_blob(&blob, mem_ctx, &psd, > + status = parse_acl_blob(&...

On Fri, Aug 26, 2016 at 04:03:49PM -0700, Jeremy Allison wrote: > On Fri, Aug 26, 2016 at 02:46:19PM -0700, Jeremy Allison via samba wrote: > > On Fri, Aug 26, 2016 at 06:44:05PM +0200, Ralph Böhme wrote: > > > > > > Cheerio! > > > -slow > > > > Still reviewing this - but a few things that will need changing: > > > > When adding the

...hould be plugable/selectable (different > backends should be allowed here) > > and the backend should decide how to handle unmapped id's. > > comments please > > /* idmap api */ > NT_STATUS idmap_sid_to_id(DOM_SID *sid, int *id, BOOL *group); > { > if (NT_STATUS_IS_OK(idmap_cache_sid_to_id(sid,id,group))) > { > return NT_STATUS_OK; > } > > if (!NT_STATUS_IS_OK(idmap_central_sid_to_id(sid,id,group))) > { > return NT_STATUS_UNSUCCESFUL; > } > > i...

...---------------------------------------------- beginning of pdb_ldap.c.patch --------------------------------------------------------- --- passdb/pdb_ldap.c.orig 2004-01-06 22:08:40.000000000 +0100 +++ passdb/pdb_ldap.c 2004-01-19 12:44:41.000000000 +0100 @@ -1910,10 +1910,16 @@ if (NT_STATUS_IS_OK(ldapsam_getgrgid(methods, &dummy, map->gid))) { - DEBUG(0, ("ldapsam_add_group_mapping_entry: Group %ld already exists in LDAP\n", (unsigned long)map->gid)); + DEBUG(0, ("ldapsam_add_group_mapping_entr...

...IN/administrators:*:3000000:3000000::/home/BUILTIN/administrators:/bin/false > > The issue is that after the mkdir, we run: > > } else if (lp_inherit_acls(SNUM(conn))) { > /* Inherit from parent. Errors here are not fatal. */ > status = inherit_new_acl(fsp); > if (!NT_STATUS_IS_OK(status)) { > > while in the other process that is doing the open of the existing > directory, we do: > > if (SMB_VFS_LSTAT(conn, smb_dname) > == -1) { > DEBUG(2, ("Could not stat " > "directory '%s' just " > &q...

...me, const char *domain, struct auth_serversupplied_info **server_info, const struct netr_SamInfo3 *info3) The problem is this bit: nt_status = check_account(tmp_ctx,   nt_domain,   nt_username,   &found_username,   &pwd,   &username_was_mapped); if (!NT_STATUS_IS_OK(nt_status)) { /* Handle 'map to guest = Bad Uid */ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) &&     (lp_security() == SEC_ADS || lp_security() == SEC_DOMAIN) &&     lp_map_to_guest() == MAP_TO_GUEST_ON_BAD_UID) { DBG_NOTICE("Try to map %s to guest ac...

...gration in smbpass won't work without an /etc/passwd entry, and I don't want to potentially have to add 8000 users from a constantly changing database. Is there any workaround for this? I've noticed in the source that the check for this is done in passdb/passdb.c approx line 947 if (!NT_STATUS_IS_OK(pdb_init_sam_new(&sam_pass, user_name, 0))) But this is in the function local_password_change() -- If this is modifying the smbpasswd database, why would it need to check /etc/passwd? Is this just a sanity check, or do I have my samba configs incorrect? Call me naive, but could I just commen...

...tus from smbd_check_access_rights() and only checks if it is OK, and if not, then fails, also classifying other error statuses as access denied. Meanwhile, smbd_check_access_rights() in source3/smbd/open.c indeed returns NT_STATUS_ACCESS_DENIED in some way. I wonder if we change the line if (!NT_STATUS_IS_OK(status)) { in check_access_snapdir() in source3/modules/vfs_shadow_copy2.c to if (status == NT_STATUS_ACCESS_DENIED) { would result in more accurate outcomes and avoid other statuses such as NT_STATUS_NOT_SUPPORTED ending up access denied. -- 裘佺 (QIU Quan) <jackqq at gmail.com>

Hello I would like to use plaintext backend with a simple Samba 3.0.6 configuration to get rid of the system of double passwords and rely just on the plain old unix /etc/passwd ones. However I couldn't find any information about it in 1) man smb.conf 2) online Samba official HOWTO I tried putting passdb backend = plaintext into a smb.conf file with security=share and the Samba server

...bin/wbinfo --uid-info=3000000 BUILTIN/administrators:*:3000000:3000000::/home/BUILTIN/administrators:/bin/false The issue is that after the mkdir, we run: } else if (lp_inherit_acls(SNUM(conn))) { /* Inherit from parent. Errors here are not fatal. */ status = inherit_new_acl(fsp); if (!NT_STATUS_IS_OK(status)) { while in the other process that is doing the open of the existing directory, we do: if (SMB_VFS_LSTAT(conn, smb_dname) == -1) { DEBUG(2, ("Could not stat " "directory '%s' just " "opened: %s\n", smb_fname_str_...

Hi list, Since I've upgraded from samba 3.0.23c to 3.0.25c my ACL's don't work as expected anymore. I'm not sure where the problem is, however. The symptoms are simple: with 3.0.23c, I could grant and revoke user, group and world write access to and from files in a share. With 3.0.25c, I can't do that anymore. When I deselect group or world read access and apply the

...base.\n")); + return False; + } + /* Open password database for update */ + if(!pdb_setsampwent(True)) { + DEBUG(0,("update_users_primgroup_sid: Cannot open password database.\n")); + return False; + } + + while (NT_STATUS_IS_OK(pdb_init_sam(&sam_pwent)) && pdb_getsampwent(sam_pwent)) { + fstrcpy(usrname,pdb_get_username(sam_pwent)); + if(!(pass = Get_Pwnam(usrname))) { + DEBUG(0,("update_users_primgroup_sid: Cannot find Unix account for %s.\n", usrnam...

...or forced primary group */=0A= + if (!lp_winbind_force_primary()) {=0A= + =0A= + /* only set primary group to primary_group if member */=0A= + status =3D domain->methods->lookup_usergroups(domain, mem_ctx, = (*info)[i].user_rid, &num_groups, &user_gids);=0A= + if (NT_STATUS_IS_OK(status)) {=0A= +=0A= + /* loop through group list */=0A= + for (k =3D 0; k < num_groups; k++) {=0A= + DEBUG(3,("%d is member of %d\n", (*info)[i].user_rid, = user_gids[k]));=0A= + if (user_gids[k] =3D=3D lp_winbind_primary_group()) {=0A= + (*info)[i].group_...

I created the well known group Domain Admins pointing to a local group, but I am not able to add users to the group -- it claims I can only add users to local or global groups... But I only see local, domain ,well-known, builtin. There are no global groups unless one would include all groups that are not local (i.e. domain, well-known, and builtin).... So why doesn't it want to let me add

Hello all, after the upgarde from Samba 4.10.7 to 4.11.2 we get lots of these in our logfiles: 2019-11-28T20:40:44+01:00 lx-sv-09 smbd_audit: [2019/11/28 20:40:44.886615, 1] ../../source3/locking/share_mode_lock.c:597(get_share_mode_lock) 2019-11-28T20:40:44+01:00 lx-sv-09 smbd_audit: get_share_mode_lock: get_static_share_mode_data failed: NT_STATUS_NO_MEMORY There are no symptoms accept

Hi, I'm using samba-4.7.x I have some confusions over "map to guest=" options with setting SMB Signing 1. Set "*Server signing =auto*", "*map to guest=bad uid*" and set "client signing in windows 2k12 server group policy" to "Microsoft network client: Digitally sign communications (Always)” = *Disable*" SMB_Server is joined to Windows 2k12