summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-05-09vfs: Allow CREATOR GROUP to be used with vfs_zfsaclAndrew Bartlett1-1/+1
The solaris acl() code requires that both ACE_GROUP|ACE_IDENTIFIER_GROUP be set to indicate the @group permissions. Otherwise, it would return Invalid Paramter to clients. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09s4-smbtorture: Run tests for nfs4:modes simple and special.Alexander Werth3-9/+26
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09s3: Update vfs_gpfs man page with new nfs4:mode help text.Alexander Werth1-6/+6
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09s3: Update README.nfs4acls.txtAlexander Werth1-8/+15
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09s3: Use mode bits in some cases in mode simple.Alexander Werth1-0/+46
Non inheriting ACL entries will show mode bits. With this an file owner change does affect the effective ACL because the special owner acl will now refer to the new owner. This could be fixed by updating the ACL on a file owner change. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09s3: Add changes that keep nfs4:mode special behavior.Alexander Werth1-1/+41
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09s3: Mapping of cifs creator owner to nfs owner@ ace.Alexander Werth1-0/+24
This is ignored in nfs4mode special for compatibility. Also ensure that we drop non inheriting creator owner aces since these don't contribute to who can access a file. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09s3: Mapping of special entries to creator owner in mode simple.Alexander Werth1-6/+60
Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09s3: Add params parameter to smbacl4_nfs42win function.Alexander Werth1-12/+27
Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09s3: Change smbacl4_get_vfs_params to use connection_struct instead of fsp.Alexander Werth1-5/+6
Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09s3: Move up declaration of params struct and related function.Alexander Werth1-49/+49
We need the parameters earlier in the code so we move up the declaration of the params struct. Since reading the parameters is closely related the definition of the function smbacl4_get_vfs_params has also been moved up. Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09s4-smbtorture: Set result message when failing the inheritance test.Alexander Werth1-0/+7
Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09vfs: Add inheritance emulation to vfs_nfs4acl_xattr.Alexander Werth2-30/+263
Recursively inherit ACL from parent directory if no acl xattr is found on the current file. Use a default ACL if a non-inheriting ACL is encountered. With this the nfs4acl_xattr.dynamic test passes. But the nfs4acl_xattr.inheritance test results in an error because of warnings that cause the test to pass a failed result. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09selftest: Run raw.acls test against the nfs4acl_xattr moduleAndrew Bartlett3-0/+18
This is the first time we have tested the NFSv4 ACL mapping code. Sadly most tests fail but these can be fixed from here. This at least shows that the code does not segfault. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09librpc: Add special owner/group/other constants to nfs4acl.idlAndrew Bartlett1-0/+4
As per nfs4acl-0.9/lib/nfs4acl.c (the package where this structure is originally defined) Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09build: Add vfs_nfs4acl to the autoconf buildAndrew Bartlett2-1/+4
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09vfs: Add new VFS module vfs_nfs4acl_xattr to use nfs4acl.idlAndrew Bartlett5-2/+430
This uses the xattr format used by the patches at http://users.suse.com/~agruen/nfs4acl/ Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09vfs: Remove unused security_info argument in vfz_zfsacl.cAndrew Bartlett1-3/+1
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09vfs: Fix compile of vfs_gpfs.c.Alexander Werth1-18/+33
Since the smb4acl is now correctly allocated on mem_ctx and not the talloc stack frame we can free the stack frame correctly. And the chmod emulation code now needs the vfs handle since that is now required by the callback function to set the smb4acl. Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09vfs: Allocate SMB4ACL_T on an explict memory contextAndrew Bartlett5-33/+78
This ensures the caller knows exactly what the memory lifetime of this returned object is. This makes the NFSv4 ACL code consistent with the POSIX and NT ACL code, to avoid supprising developers who have worked on those other parts of the ACL code. Most of this patch is adding a memory context to the callers and passing it in. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09vfs: Add vfs_handle_struct argument to smb_set_nt_acl_nfs4 and the callbackAndrew Bartlett5-15/+16
This allows the callback to call xattr based storage functions that need this argument. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09build: Move nfs4acl to the top levelAndrew Bartlett5-9/+7
This is to create IDL-stored NFSv4 ACLs, just as we use for posix ACLs to permit better testing. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-08pidl:NDR/Parser: correctly set $ndr->[relative_highest_]offset for ↵Stefan Metzmacher1-1/+1
relative_short pointers Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed May 8 20:49:55 CEST 2013 on sn-devel-104
2013-05-08Revert "Remove a bunch of "unused variable _relative_save_offset" warnings."Stefan Metzmacher1-4/+2
This reverts commit fa5898b6de797431d5ae9d2ce6dcddcb35a60b66. This is the wrong fix for the warnings, the correct fix will follow. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Günther Deschner <gd@samba.org>
2013-05-08Remove a bunch of "unused variable _relative_save_offset" warnings.Jeremy Allison1-2/+4
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Wed May 8 07:47:45 CEST 2013 on sn-devel-104
2013-05-07Tests processing an oplock break within a compound SMB2 request.Richard Sharpe2-0/+164
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Richard Sharpe <sharpe@samba.org> Autobuild-Date(master): Tue May 7 19:45:36 CEST 2013 on sn-devel-104
2013-05-07Remove the compound_related_in_progress state from the smb2 global state.Jeremy Allison2-12/+0
And also remove the restriction that we can't read a new request whilst we're in this state. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@samba.org>
2013-05-07The core of the fix to allow opens to go async inside a compound request.Jeremy Allison1-43/+53
This is only allowed for opens that cause an oplock break, otherwise it is not allowed. See [MS-SMB2].pdf note <194> on Section 3.3.5.2.7. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-05-07Move a variable into the area of code where it's used.Jeremy Allison1-2/+2
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-05-07Ensure we don't try and cancel anything that is in a compound-related request.Jeremy Allison1-0/+8
Too hard to deal with splitting off the replies. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-05-07Only do the 1 second delay for sharing violations for SMB1, not SMB2.Jeremy Allison1-1/+2
Match Windows behavior. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
2013-05-07Makefile: Fix bug 9868 - Don't know how to make LIBNDR_PREG_OBJ.Volker Lendecke1-1/+1
Thanks to Lucs for finding the issue Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Günther Deschner <gd@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue May 7 17:57:57 CEST 2013 on sn-devel-104
2013-05-07winbind: Fix bug 9854 -- NULL pointer dereferenceVolker Lendecke1-3/+3
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Tue May 7 14:49:07 CEST 2013 on sn-devel-104
2013-05-07Fix up the man pages to explain that "store dos attributes" overrides them.Jeremy Allison5-2/+26
Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Tue May 7 01:24:54 CEST 2013 on sn-devel-104
2013-05-06Allow "store dos attributes" to override the other "map XXX" parameters.Jeremy Allison1-5/+8
Makes us consistent with what is described in the man pages. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-05-06build: default --with-regedit to "auto" instead of "yes"Michael Adam1-1/+1
This means we don't build regedit when there is no ncurses and this is not an error for the overall build. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Kai Blin <kai@samba.org> Autobuild-User(master): Kai Blin <kai@samba.org> Autobuild-Date(master): Mon May 6 20:11:09 CEST 2013 on sn-devel-104
2013-05-06build: fix --with-regedit to properly honour the yes/no/auto schemeMichael Adam2-2/+24
I.e. fail configure when ncurses support is not found but regedit build was requested. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Kai Blin <kai@samba.org>
2013-05-06build: simplify ncurses checks: --with-regedit does not take a path listMichael Adam1-7/+2
--with-regedit is defined using SAMBA3_ADD_OPTION(), and can hence take the values "yes", "no", and "auto". So it is not possible to hand in paths to look for ncurses-config via this option. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Kai Blin <kai@samba.org>
2013-05-06docs: update the description of the formulas in the idmap_autorid manpageMichael Adam1-7/+7
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Mon May 6 18:23:56 CEST 2013 on sn-devel-104
2013-05-06s3:idmap:autorid: add a comment block explaining the calculationsMichael Adam1-0/+51
Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: simplify the id->sid calculationMichael Adam1-7/+13
To make it more intutive. rid = reduced_rid + domain_range_index * range_size where reduced_rid = (id - id_low) % range_size Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: calculate the range's low_id in ↵Michael Adam1-8/+9
idmap_autorid_get_domainrange() This way, the calculation needs to be don only in one central place and the formulas get simpler. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: make calculation in idmap_autorid_sid_to_id much more obviousMichael Adam1-3/+6
This is my attempt to make the sid->unix-id calculation much more obvious. Especially with the introduction of the multi-range support an the originally named "multiplier", the calculation id = low_id + range_size * domain_number + rid - range_size * multiplier was rather opaque to me. What really happens here is this: The rid is split into a reduced_rid part that is < rangesize and a multiple of rangesize. This is given by the formula rid = rid % range_size + (rid / range_size) * range_size We define reduced_rid := rid % range_size and domain_range_index := rid / range_size ( == the original multiplier) and the original formula is equivalent to: id = reduced_rid + low_id + range_number * range_size; and reads id = reduced_rid + range_minvalue if we set range_minvalue := low_id + range_number * range_size. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: rename range.multiplier to domain_range_indexMichael Adam1-15/+17
The name multiplier is very confusing (at least for me). This is an index that is used to reference the various per-domain ranges. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: rename autorid_range_config.sid to domsid, along with ↵Michael Adam1-12/+12
instances Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: rename autorid_domain_config --> autorid_range_config and ↵Michael Adam1-37/+37
instances to "range" This describes it better with the new support for multiple ranges for domains. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06s3:idmap:autorid: rename domainnum to rangenumMichael Adam1-12/+13
Now ranges don't correspond to domains any more, but multiple ranges are associated to a domain. So the name is misleading. Signed-off-by: Michael Adam <obnox@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org>
2013-05-06docs-xml: manpage update for autorid multirange supportAbhidnya Joshi1-12/+22
Signed-off-by: Abhidnya Joshi <achirmul@in.ibm.com> Reviewed-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-05-06s3:winbindd/autorid multiple range supportAbhidnya Joshi1-19/+36
when a mapping request for a RID comes in that is larger than the rangesize, allocate an extension range to be able to map this one This is especially important for large installations which might have large RIDs being used in a trusted domain that the administrator was not aware of when planning for autorid usage and so those objects could not be mapped up to now. As it is not possible to change the rangesize after the first start of autorid, this would lead to big trouble. Signed-off-by: Abhidnya Joshi <achirmul@in.ibm.com> Reviewed-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2013-05-06s3:utils fix wrong usage of PRIu64 in sscanfChristian Ambach1-1/+3
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>