Age | Commit message (Collapse) | Author | Files | Lines |
|
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
Non inheriting ACL entries will show mode bits.
With this an file owner change does affect the effective ACL because
the special owner acl will now refer to the new owner.
This could be fixed by updating the ACL on a file owner change.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
This is ignored in nfs4mode special for compatibility.
Also ensure that we drop non inheriting creator owner
aces since these don't contribute to who can access
a file.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
We need the parameters earlier in the code so we move up
the declaration of the params struct. Since reading the
parameters is closely related the definition of the function
smbacl4_get_vfs_params has also been moved up.
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
This ensures the caller knows exactly what the memory lifetime of this
returned object is. This makes the NFSv4 ACL code consistent with the
POSIX and NT ACL code, to avoid supprising developers who have worked
on those other parts of the ACL code.
Most of this patch is adding a memory context to the callers and passing it in.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
This allows the callback to call xattr based storage functions that need this argument.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Nov 17 01:11:07 CET 2012 on sn-devel-104
|
|
the ACEs should be talloc children of the ACL itself and not be placed on talloc_tos()
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().
As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.
Andrew Bartlett
|
|
A full fsp is a bit overkill here
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Oct 9 13:38:49 CEST 2012 on sn-devel-104
|
|
While it is possible to define inheritance flags on files on Windows, this will
be denied by GPFS and UFS (and potentially others).
So it will be better to strip of these bits when being set for files instead of
failing to set the ACL completely (this is current behavior).
Users that want to retain the full SD will have to use acl_xattr (acl_tdb), as
other pieces of the SD are also lost when translating to NFSv4. So this should
not be a too intrusive change, but allow users to migrate data with such flags
instead of failing to migrate the ACL completely.
|
|
|
|
gid first
By checking just the IDMAP, and by removing the sidmap and lookup_sid calls, we support
IDMAP_BOTH. This is because by checking for a mapping to a GID first, we can rely on
the fact that IDMAP_BOTH will resolve to a GID.
If the sidmap idea is valued - it allows multiple SIDs to map to a single unix ID, this should
be done in the IDMAP layer.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 11 01:17:36 CEST 2012 on sn-devel-104
|
|
Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Jul 18 17:45:05 CEST 2012 on sn-devel-104
|
|
This will be used to enforce a lock hierarchy between the databases. We have
seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb.
These should be fixed by refusing a dbwrap_fetch_locked that does not follow a
defined lock hierarchy.
|
|
Avoid direct use of the db_record and db_context structs.
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Sep 16 01:39:36 CEST 2011 on sn-devel-104
|
|
|
|
SYNCHRONIZE flag - blocking renames.
aceType is an enum field, not a bitmask.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Sep 8 03:34:39 CEST 2011 on sn-devel-104
|
|
renames.
Thanks to Youzhong Yang for discovering this issue.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Sep 7 22:56:06 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Fri Jul 29 13:34:22 CEST 2011 on sn-devel-104
|
|
Also start new folder lib/dbwrap/ where dbwrap_open.c is stored and
make the fallbacke implementation functoins non-static and create a
dbwrap_private.h header file that contains their prototypes.
|
|
|
|
simplify the check insmbacl4_find_equal_special()
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Thu Jul 28 13:20:38 CEST 2011 on sn-devel-104
|
|
we should not merge ACEs with different flags (e.g. CI/OI/I/)
Otherwise ACLs get wrong entries and thus wrong semantics
Example:
ACL:BUILTIN\Users:ALLOWED/0x0/FULL
ACL:BUILTIN\Users:ALLOWED/I/READ
got merged to
ACL:BUILTIN\Users:ALLOWED/I/FULL
This is not the same and also leads to wrong displays
in the Windows ACL dialog
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Wed Jul 27 16:03:51 CEST 2011 on sn-devel-104
|
|
This defines a common table format, so we can in future define a
common table.
Andrew Bartlett
|
|
My previous patches fixed up all direct TDB callers, but there are a
few utility functions and the db_context functions which are still
using the old -1 / 0 return codes.
It's clearer to fix up all the callers of these too, so everywhere is
consistent: non-zero means an error.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
|
into two separate functions rather than trying to do
it inline. Allows us to carefully control what flags
are mapped to what in one place. Modification to
bug #8191 - vfs_gpfs dosn't honor ACE_FLAG_INHERITED_ACE
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
same issue as with the audit modules:
using a wrong parameter leads to smbd crash as lp_enum()
will not terminate on last entry of the array
Autobuild-User: Christian Ambach <ambi@samba.org>
Autobuild-Date: Tue May 24 20:13:39 CEST 2011 on sn-devel-104
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Start of the move towards handle-based code for directory access.
Currently makes fstat/fchown code work for directories rather than
falling back to pathnames.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Feb 8 06:34:41 CET 2011 on sn-devel-104
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Feb 5 03:33:59 CET 2011 on sn-devel-104
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jan 13 20:02:32 CET 2011 on sn-devel-104
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Mon Oct 18 14:39:39 UTC 2010 on sn-devel-104
|
|
Guenther
|
|
|
|
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|