summaryrefslogtreecommitdiff
path: root/source3/modules/nfs4_acls.c
AgeCommit message (Collapse)AuthorFilesLines
2010-03-12Remove more uses of "extern struct current_user current_user;".Jeremy Allison1-1/+1
Use accessor functions to get to this value. Tidies up much of the user context code. Volker, please look at the changes in smbd/uid.c to familiarize yourself with these changes as I think they make the logic in there cleaner. Cause smbd/posix_acls.c code to look at current user context, not stored context on the conn struct - allows correct use of these function calls under a become_root()/unbecome_root() pair. Jeremy.
2009-10-02Fix more use of VFS_STAT when posix pathnames selected.Jeremy Allison1-1/+1
Jeremy.
2009-08-14Use defined names rather than numeric constants to make codeJeremy Allison1-2/+2
clearer. Jeremy.
2009-08-14gpfs.so: map the file_inherit and dir_inherit flags away for filesMichael Adam1-1/+15
GPFS sets inherits dir_inhert and file_inherit flags to files, too, which confuses windows, and seems to be wrong anyways. So when mapping a nfs4 acl to a windows acl, we map these flags away for files. Michael
2009-07-20s3: Finish plumbing the fsp->fsp_name smb_fname conversion through the modules.Tim Prouty1-18/+16
2009-07-08s3: Plumb smb_filename through dos_mode() and related funtionsTim Prouty1-1/+11
2009-07-06do not merge ACEs with different SMB_ACE4_INHERIT_ONLY_ACE flag, this leads ↵Christian Ambach1-0/+7
to wrong inheritance flags in the ACL e.g. (on GPFS) user:10000036:rwxc:allow (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED group:10000005:rwxc:allow (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED would be merged to user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED so the explicit right for the user on the parent directory will be gone (the InheritOnly flag only accounts to subdirectories) thus leaving the user without access to the directory itself Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2009-06-25Add a \n to a debug message in smbacl4_nfs42winVolker Lendecke1-1/+1
2009-06-24s3: Plumb smb_filename through SMB_VFS_STAT and SMB_VFS_LSTATTim Prouty1-1/+1
This patch introduces two new temporary helper functions vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me to call the new smb_filename version of stat, while avoiding plumbing it through callers that are still too inconvenient. As the conversion moves along, I will be able to remove callers of this, with the goal being to remove all callers. There was also a bug in create_synthetic_smb_fname_split (also a temporary utility function) that caused it to incorrectly handle filenames with ':'s in them when in posix mode. This is now fixed.
2009-05-27Fix the build of nfs4_acls.cVolker Lendecke1-1/+2
2009-05-27Fix a size_t/int warningVolker Lendecke1-1/+1
2009-05-26Introduce "struct stat_ex" as a replacement for SMB_STRUCT_STATVolker Lendecke1-5/+6
This patch introduces struct stat_ex { dev_t st_ex_dev; ino_t st_ex_ino; mode_t st_ex_mode; nlink_t st_ex_nlink; uid_t st_ex_uid; gid_t st_ex_gid; dev_t st_ex_rdev; off_t st_ex_size; struct timespec st_ex_atime; struct timespec st_ex_mtime; struct timespec st_ex_ctime; struct timespec st_ex_btime; /* birthtime */ blksize_t st_ex_blksize; blkcnt_t st_ex_blocks; }; typedef struct stat_ex SMB_STRUCT_STAT; It is really large because due to the friendly libc headers playing macro tricks with fields like st_ino, so I renamed them to st_ex_xxx. Why this change? To support birthtime, we already have quite a few #ifdef's at places where it does not really belong. With a stat struct that we control, we can consolidate the nanosecond timestamps and the birthtime deep in the VFS stat calls. At this moment it is triggered by a request to support the birthtime field for GPFS. GPFS does not extend the system level struct stat, but instead has a separate call that gets us the additional information beyond posix. Without being able to do that within the VFS stat calls, that support would have to be scattered around the main smbd code. It will very likely break all the onefs modules, but I think the changes will be reasonably easy to do.
2009-03-27Fix the build of nfsv4_acls.cVolker Lendecke1-1/+1
.. after adding smb_iconv_convenience to ndr_size_security_descriptor()
2009-02-23Quieten down a boatload of shadowed variable warnings on Solaris.Jeremy Allison1-42/+42
Makes real problems easier to spot. Jeremy.
2009-02-20Fix bug #6133 - Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem.Jeremy Allison1-1/+7
As the NFSv4 ACL mapping code doesn't map write directory into the DELETE_CHILD permission bit (which we require before allowing a delete) no one can delete files without an explicit DELETE_CHILD bit set on the directory. Add this mapping. Jeremy.
2009-01-22Apply same logic fix for #4308 Excel save operation corrupts file ACLsJeremy Allison1-47/+37
to NFSv4 ACL code as this uses the same flawed logic as posix_acls.c. Jeremy.
2008-10-09Remove SEC_ACCESS. It's a uint32_t.Jeremy Allison1-2/+2
Jeremy.
2008-10-07Update vfs version as I've added a const to the security_descriptor paramter ↵Jeremy Allison1-7/+3
in fset_nt_acl(). Need to watch the build farm to make sure I haven't broken the AIX or Solaris ACL modules. Jeremy.
2008-09-08When setting an NFSv4 ACL, map generic bitsVolker Lendecke1-0/+4
(This used to be commit dbe7a61be2beac50d1665e38ac374cefbbabec00)
2008-07-11Fix the build of nfs4_acls.cVolker Lendecke1-1/+2
(This used to be commit 2abb7cd867be307e56c02087e700189b17efb894)
2008-06-17Remove reference to current_user from modules/nfs4_acls.c .Michael Adam1-2/+1
Michael (This used to be commit 50fbfa03483de0059d85967dc96f2896e55e6d04)
2008-01-16Merge latest fixes to vfs_gpfs and NFS4 ACLs from Samba 3.0 CTDB branch ↵Alexander Bokovoy1-36/+151
(from http://samba.org/~tridge/3_0-ctdb) Signed-off-by: Alexander Bokovoy <ab@samba.org>(This used to be commit 1daad835cbfb4615a8fe7a241f4d578f7e69f214)
2008-01-07Remove redundant parameter fd from SMB_VFS_FSTAT().Michael Adam1-1/+1
Michael (This used to be commit 0b86c420be94d295f6917a220b5d699f65b46711)
2007-12-29Remove tiny code duplicationVolker Lendecke1-1/+1
ndr_size_security_descriptor does the same as sec_desc_size (This used to be commit bc3bd7a8e7c6e9e27acb195c86abb92c0f53112f)
2007-12-19Split smb_get_nt_acl_nfs4 into two (f- and non-f-variant).Michael Adam1-9/+35
This is the next step in preparation of a get_nt_acl prototype change. Michael (This used to be commit 7afeb1c6cb1bdb58d1e61c54ae215d947d8dc3ea)
2007-12-19Split smbacl4_GetFileOwner into two (f- and non-f-variant).Michael Adam1-19/+29
This is in preparation of a get_nt_acl prototype change. (This used to be commit e0672a46a2e5e655da32499ca7f52a9156e9b7f0)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke1-6/+5
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-11-13Make [f]get_nt_acl return NTSTATUSVolker Lendecke1-8/+12
(This used to be commit dcbe1bf942d017a3cd5084c6ef605a13912f795b)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-5/+5
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r24809: Consolidate the use of temporary talloc contexts.Volker Lendecke1-4/+4
This adds the two functions talloc_stackframe() and talloc_tos(). * When a new talloc stackframe is allocated with talloc_stackframe(), then * the TALLOC_CTX returned with talloc_tos() is reset to that new * frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse * happens: The previous talloc_tos() is restored. * * This API is designed to be robust in the sense that if someone forgets to * TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and * resets the talloc_tos(). The original motivation for this patch was to get rid of the sid_string_static & friends buffers. Explicitly passing talloc context everywhere clutters code too much for my taste, so an implicit talloc_tos() is introduced here. Many of these static buffers are replaced by a single static pointer. The intended use would thus be that low-level functions can rather freely push stuff to talloc_tos, the upper layers clean up by freeing the stackframe. The more of these stackframes are used and correctly freed the more exact the memory cleanup happens. This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and lp_talloc_ctx (did I forget any?) So, never do a tmp_ctx = talloc_init("foo"); anymore, instead, use tmp_ctx = talloc_stackframe() :-) Volker (This used to be commit 6585ea2cb7f417e14540495b9c7380fe9c8c717b)
2007-10-10r23801: The FSF has moved around a lot. This fixes their Mass Ave address.Andrew Tridgell1-2/+1
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23620: Convert set_nt_acl to return NTSTATUS. Also fix the chownJeremy Allison1-43/+22
return to correctly return NT_STATUS_INVALID_OWNER if it should be disallowed. Matches better what W2K3R3 does. NFSv4 ACL module owners, please examine these changes. Jeremy. (This used to be commit fc6899a5506b272f8cd5f5837ca13300b4e69a5f)
2007-10-10r23302: Refactor vfs_gpfs module, fix problems with chmod Tridge has found ↵Alexander Bokovoy1-35/+17
during ctdb tests (This used to be commit e150e42ac59494a1da12bb5c9da8c9c935780924)
2007-10-10r22592: Fix TALLOC_SIZE to be consistent.Jeremy Allison1-7/+11
Jeremy. (This used to be commit 8044a6482c7c165a64878982cee5ee9756a0a734)
2007-10-10r22542: Move over to using the _strict varients of the tallocJeremy Allison1-5/+5
calls. No functional changes. Looks bigger than it is :-). Jeremy. (This used to be commit f6fa3080fee1b20df9f1968500840a88cf0ee592)
2007-10-10r21885: Chown logic should be activated only if nfs4:chown=yesAlexander Bokovoy1-24/+26
(This used to be commit b10410634f6dac532a867be5506cf79886833828)
2007-10-10r18785: Check in Peter Somogyis build fixVolker Lendecke1-5/+5
(This used to be commit 31c1be90565b2d2d111dddb7f0563fa8c303852b)
2007-10-10r18719: Compile fix from Peter Somogyi.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 867eeaafceaebde030a1d1e2fa39950b898b1846)
2007-10-10r18603: Add in the NFSv4 ACL mapping code from IBM.Jeremy Allison1-0/+668
Sorry for the delay :-). Jeremy. (This used to be commit a52fa218952ffcd784ea31e947aa4d17dfdc8ee0)
2007-10-10r17367: Reverting the ab code. Note I'm not saying thisJeremy Allison1-668/+0
code is wrong or bad or anything, just that it needs to be discussed & reviewed on the samba-technical list before we add a platform-specific NFSv4 mapping. That way lies a lot of future pain :-). Jeremy. (This used to be commit 330899ec30ffceb798e3a8362d20e103e20b2897)
2007-10-10r17358: Re-add JFS2 NFS4 ACLs support, move readme for it into AIX-specific ↵Alexander Bokovoy1-0/+668
examples directory. (This used to be commit c085355c323c65ee782516859eed8a76b53e6035)
2007-10-10r17354: Revert -r 17353 per Volker request while gpfs compatibility layer ↵Alexander Bokovoy1-668/+0
code will be released. (This used to be commit 5b1db0151461af18d994359e86c649922fc6de65)
2007-10-10r17353: Add support for JFS2 NFS4/AIXC and GPFS acls based on NFSv4 ACLs.Alexander Bokovoy1-0/+668
(This used to be commit 72312cb2e255301f978455a559461ad83b13b6cb)