The branch, master has been updated via d8ae32e... dns: make dns update script use unbuffered IO via 8fe783e... s4-posix: allow change ownership of files if the user has the right privileges from e0726d4... s4-build: fix SMB_LIBRARY and change its name so it didn't collide with s3 one
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit d8ae32ec4183b121b207fbfb84d4be726f0cdb8f Author: Andrew Tridgell <tri...@samba.org> Date: Wed Mar 3 14:28:42 2010 +1100 dns: make dns update script use unbuffered IO Otherwise we can lose debug output when a timeout happens commit 8fe783edaf79bcae5c55c9eb5159104537ccf930 Author: Andrew Tridgell <tri...@samba.org> Date: Wed Mar 3 14:25:39 2010 +1100 s4-posix: allow change ownership of files if the user has the right privileges When a user has SEC_PRIV_TAKE_OWNERSHIP or SEC_PRIV_RESTORE they have permission to change the ownership of a file. This should fix bug 6987 Pair-Programmed-With: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: source4/ntvfs/posix/pvfs_acl.c | 23 +++++++++++++++++++++-- source4/scripting/bin/samba_dnsupdate | 4 ++++ 2 files changed, 25 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 3336cd0..4cb6fce 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -25,6 +25,7 @@ #include "librpc/gen_ndr/xattr.h" #include "libcli/security/security.h" #include "param/param.h" +#include "../lib/util/unix_privs.h" #if defined(UID_WRAPPER) #if !defined(UID_WRAPPER_REPLACE) && !defined(UID_WRAPPER_NOT_REPLACE) @@ -392,8 +393,26 @@ NTSTATUS pvfs_acl_set(struct pvfs_state *pvfs, } else { ret = fchown(fd, new_uid, new_gid); } - if (errno == EPERM && uwrap_enabled()) { - ret = 0; + if (errno == EPERM) { + if (uwrap_enabled()) { + ret = 0; + } else { + /* try again as root if we have SEC_PRIV_RESTORE or + SEC_PRIV_TAKE_OWNERSHIP */ + if (security_token_has_privilege(req->session_info->security_token, + SEC_PRIV_RESTORE) || + security_token_has_privilege(req->session_info->security_token, + SEC_PRIV_TAKE_OWNERSHIP)) { + void *privs; + privs = root_privileges(); + if (fd == -1) { + ret = chown(name->full_name, new_uid, new_gid); + } else { + ret = fchown(fd, new_uid, new_gid); + } + talloc_free(privs); + } + } } if (ret == -1) { return pvfs_map_errno(pvfs, errno); diff --git a/source4/scripting/bin/samba_dnsupdate b/source4/scripting/bin/samba_dnsupdate index 9eaf3df..d8ad200 100755 --- a/source4/scripting/bin/samba_dnsupdate +++ b/source4/scripting/bin/samba_dnsupdate @@ -24,6 +24,10 @@ import sys import dns.resolver import tempfile +# ensure we get messages out immediately, so they get in the samba logs, +# and don't get swallowed by a timeout +os.putenv('PYTHONUNBUFFERED', '1') + # Find right directory when running from source tree sys.path.insert(0, "bin/python") -- Samba Shared Repository