summaryrefslogtreecommitdiff
path: root/source3/modules/nfs4_acls.c
AgeCommit message (Collapse)AuthorFilesLines
2012-11-17s3:modules:nfs4_acls remove unused mem_ctx parameter to smbacl4_fill_ace4Christian Ambach1-3/+1
Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Nov 17 01:11:07 CET 2012 on sn-devel-104
2012-11-16s3:modules:nfs4_acls fix memory hierarchy in smb_create_smb4aclChristian Ambach1-2/+1
the ACEs should be talloc children of the ACL itself and not be placed on talloc_tos() Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2012-10-11smbd: Add mem_ctx to {f,}get_nt_acl VFS callAndrew Bartlett1-5/+13
This makes it clear which context the returned SD is allocated on, as a number of callers do not want it on talloc_tos(). As the ACL transformation allocates and then no longer needs a great deal of memory, a talloc_stackframe() call is used to contain the memory that is not returned further up the stack. Andrew Bartlett
2012-10-09s3: Pass down smb_filename to smbacl4_fill_ace4Volker Lendecke1-6/+6
A full fsp is a bit overkill here Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Oct 9 13:38:49 CEST 2012 on sn-devel-104
2012-09-27s3:nfs4acls filter away inheritance flags on filesChristian Ambach1-0/+11
While it is possible to define inheritance flags on files on Windows, this will be denied by GPFS and UFS (and potentially others). So it will be better to strip of these bits when being set for files instead of failing to set the ACL completely (this is current behavior). Users that want to retain the full SD will have to use acl_xattr (acl_tdb), as other pieces of the SD are also lost when translating to NFSv4. So this should not be a too intrusive change, but allow users to migrate data with such flags instead of failing to migrate the ACL completely.
2012-09-27s3:nfs4acls pass down fsp instead of just the filenameChristian Ambach1-4/+6
2012-08-11s3-nfs4acls: Remove lookup_sid and sidmap from NFSv4 ACL mapping and check ↵Andrew Bartlett1-115/+13
gid first By checking just the IDMAP, and by removing the sidmap and lookup_sid calls, we support IDMAP_BOTH. This is because by checking for a mapping to a GID first, we can rely on the fact that IDMAP_BOTH will resolve to a GID. If the sidmap idea is valued - it allows multiple SIDs to map to a single unix ID, this should be done in the IDMAP layer. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Aug 11 01:17:36 CEST 2012 on sn-devel-104
2012-07-18s3:Really ignore unknown special ids in NFSv4 ACLs.Alexander Werth1-0/+1
Signed-off-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Wed Jul 18 17:45:05 CEST 2012 on sn-devel-104
2012-01-18s3: Add a "lock_order" argument to db_openVolker Lendecke1-1/+2
This will be used to enforce a lock hierarchy between the databases. We have seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb. These should be fixed by refusing a dbwrap_fetch_locked that does not follow a defined lock hierarchy.
2011-10-11s3:vfs: convert nfs4_acls sidmap db code to use dbwrap_wrapper functionsMichael Adam1-2/+4
Avoid direct use of the db_record and db_context structs.
2011-09-16s3: Trim lines in nfs4_acls.cVolker Lendecke1-41/+75
Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Sep 16 01:39:36 CEST 2011 on sn-devel-104
2011-09-16s3: Fix some nonempty blank linesVolker Lendecke1-17/+17
2011-09-08Tidy up previous patch for bug #8442 - NFSv4 DENY ACLs always include ↵Jeremy Allison1-5/+4
SYNCHRONIZE flag - blocking renames. aceType is an enum field, not a bitmask. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Sep 8 03:34:39 CEST 2011 on sn-devel-104
2011-09-07Fix bug #8442 - NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking ↵Ira Cooper1-1/+7
renames. Thanks to Youzhong Yang for discovering this issue. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Sep 7 22:56:06 CEST 2011 on sn-devel-104
2011-07-29s3:dbwrap: move all .c and .h files of dbwrap to lib/dbwrap/Michael Adam1-1/+1
Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Fri Jul 29 13:34:22 CEST 2011 on sn-devel-104
2011-07-29s3:dbwrap: move db_open() to a file dbwrap_open.c of its own.Michael Adam1-0/+1
Also start new folder lib/dbwrap/ where dbwrap_open.c is stored and make the fallbacke implementation functoins non-static and create a dbwrap_private.h header file that contains their prototypes.
2011-07-29s3:modules:nfs4_acls: fix the include of dbwrap.h to not include "include/"Michael Adam1-1/+1
2011-07-28s3:modules:nfs4_acls: improve fix for bug #8330Michael Adam1-4/+2
simplify the check insmbacl4_find_equal_special() Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Thu Jul 28 13:20:38 CEST 2011 on sn-devel-104
2011-07-27s3:modules fix Bug 8330 NFSv4 ACL merging logic is brokenChristian Ambach1-2/+1
we should not merge ACEs with different flags (e.g. CI/OI/I/) Otherwise ACLs get wrong entries and thus wrong semantics Example: ACL:BUILTIN\Users:ALLOWED/0x0/FULL ACL:BUILTIN\Users:ALLOWED/I/READ got merged to ACL:BUILTIN\Users:ALLOWED/I/FULL This is not the same and also leads to wrong displays in the Windows ACL dialog Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Wed Jul 27 16:03:51 CEST 2011 on sn-devel-104
2011-06-29param: Merge param headers into lib/param/loadparm.hAndrew Bartlett1-0/+1
This defines a common table format, so we can in future define a common table. Andrew Bartlett
2011-06-20tdb_compat: Higher level API fixes.Rusty Russell1-1/+1
My previous patches fixed up all direct TDB callers, but there are a few utility functions and the db_context functions which are still using the old -1 / 0 return codes. It's clearer to fix up all the callers of these too, so everywhere is consistent: non-zero means an error. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2011-06-01Split the ACE flag mapping between nfs4 and WindowsJeremy Allison1-14/+59
into two separate functions rather than trying to do it inline. Allows us to carefully control what flags are mapped to what in one place. Modification to bug #8191 - vfs_gpfs dosn't honor ACE_FLAG_INHERITED_ACE
2011-05-30nfs4_acls: pass ACE_FLAG_INHERITED_ACE down from the clientGregor Beck1-0/+3
Signed-off-by: Michael Adam <obnox@samba.org>
2011-05-30nfs4_acls: pass ACE_FLAG_INHERITED_ACE up to the clientGregor Beck1-0/+3
Signed-off-by: Michael Adam <obnox@samba.org>
2011-05-24s3:modules properly terminate enums in nfs4 acl codeChristian Ambach1-1/+3
same issue as with the audit modules: using a wrong parameter leads to smbd crash as lp_enum() will not terminate on last entry of the array Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Tue May 24 20:13:39 CEST 2011 on sn-devel-104
2011-05-06s3: only include tdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-vfs: include smbd/smbd.h in vfs modules.Günther Deschner1-0/+1
Guenther
2011-03-30s3-passdb: use passdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-includes: only include system/filesys.h when needed.Günther Deschner1-0/+1
Guenther
2011-02-08If possible (O_DIRECTORY exists) open an fd for a directory open.Jeremy Allison1-1/+1
Start of the move towards handle-based code for directory access. Currently makes fstat/fchown code work for directories rather than falling back to pathnames. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Feb 8 06:34:41 CET 2011 on sn-devel-104
2011-02-05Fix try_chown code. Use new vfs_chown_fsp() which always trys fd first.Jeremy Allison1-4/+4
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Feb 5 03:33:59 CET 2011 on sn-devel-104
2011-01-13Fix bug #7909 - map SYNCHRONIZE acl permission statically in zfs_acl vfs module.Paul B. Henson1-1/+3
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Jan 13 20:02:32 CET 2011 on sn-devel-104
2010-10-18s3: fix the build of idmap_adex, idmap_tdb2, idmap_hash and several vfs modules.Günther Deschner1-0/+1
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 18 14:39:39 UTC 2010 on sn-devel-104
2010-09-26s3-vfs: fix the build of nfs4_acls.cGünther Deschner1-1/+2
Guenther
2010-08-30s3: Fix the build of the nfs4_acl moduleVolker Lendecke1-0/+1
2010-06-03s3: Fix the build of the nfsv4 acl codeVolker Lendecke1-1/+2
2010-06-03s3-security: use shared "Standard access rights.".Günther Deschner1-1/+1
Guenther
2010-06-03s3-security: use shared "File Object specific access rights".Günther Deschner1-1/+1
Guenther
2010-06-03s3-security: use shared SECINFO_DACL define.Günther Deschner1-2/+2
Guenther
2010-06-03s3-security: use shared SECINFO_GROUP define.Günther Deschner1-2/+2
Guenther
2010-06-03s3-security: use shared SECINFO_OWNER define.Günther Deschner1-2/+2
Guenther
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-8/+8
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3-secdesc: use SD_REVISION from security.idl.Günther Deschner1-1/+1
Guenther
2010-05-18s3-secdesc: remove "typedef struct security_descriptor SEC_DESC".Günther Deschner1-4/+4
Guenther
2010-05-18s3-secdesc: remove "typedef struct security_acl SEC_ACL".Günther Deschner1-2/+2
Guenther
2010-05-18s3-secdesc: remove "typedef struct security_ace SEC_ACE".Günther Deschner1-5/+5
Guenther
2010-03-15Pass "connection_struct *conn" into functions that currently use ↵Jeremy Allison1-1/+1
"current_user.XXX" Will allow me to replace them with accessor functions. Jeremy.
2010-03-15Rever e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 "Remove more uses of "extern ↵Jeremy Allison1-1/+1
struct current_user current_user;"." As requested by Volker, split this into smaller commits. Jeremy.
2010-03-12Remove more uses of "extern struct current_user current_user;".Jeremy Allison1-1/+1
Use accessor functions to get to this value. Tidies up much of the user context code. Volker, please look at the changes in smbd/uid.c to familiarize yourself with these changes as I think they make the logic in there cleaner. Cause smbd/posix_acls.c code to look at current user context, not stored context on the conn struct - allows correct use of these function calls under a become_root()/unbecome_root() pair. Jeremy.
2009-10-02Fix more use of VFS_STAT when posix pathnames selected.Jeremy Allison1-1/+1
Jeremy.
generated by cgit (git 2.34.1) at 2024-07-01 01:26:58 +0000