summaryrefslogtreecommitdiff
path: root/source3/modules/vfs_acl_common.c
AgeCommit message (Collapse)AuthorFilesLines
2011-02-22s3-auth Rename auth_serversupplied_info varaiables: server_info -> session_infoAndrew Bartlett1-2/+2
These variables, of type struct auth_serversupplied_info were poorly named when added into 2001, and in good consistant practice, this has extended all over the codebase in the years since. The structure is also not ideal for it's current purpose. Originally intended to convey the results of the authentication modules, it really describes all the essential attributes of a session. This rename will reduce the volume of a future patch to replaced these with a struct auth_session_info, with auth_serversupplied_info confined to the lower levels of the auth subsystem, and then eliminated. (The new structure will be the output of create_local_token(), and the change in struct definition will ensure that this is always run, populating local groups and privileges). Andrew Bartlett Signed-off-by: Stefan Metzmacher <metze@samba.org>
2011-02-10s3-auth Rename cryptic 'ptok' to security_tokenAndrew Bartlett1-2/+2
This will allow the auth_serversupplied_info struct to be migrated to auth_session_info easier. Adnrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-02-02s3: Remove superfluous ;Günther Deschner1-2/+2
Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Wed Feb 2 15:44:21 CET 2011 on sn-devel-104
2010-11-24Fix bug #7812 - vfs_acl_xattr/vfs_acl_tdb: ACL inheritance cannot be disabledJeremy Allison1-0/+6
We were losing the incoming security descriptor revision number and most importantly the "type" field as sent by the client. Ensure we correctly store these in the xattr object. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Nov 24 00:18:57 CET 2010 on sn-devel-104
2010-10-16Add acl_xattr:ignore system acls boolean (normally false) to allowJeremy Allison1-11/+35
Samba ACL module to ignore mapping to lower POSIX layer. With this fix Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters set). Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Oct 16 01:26:31 UTC 2010 on sn-devel-104
2010-10-15Add debug message to get_nt_acl_internal() to see what we got.Jeremy Allison1-0/+7
2010-10-15Fix valgrind "uninitialized read" error on "info" when returning !NT_STATUS_OK.Jeremy Allison1-1/+5
Jeremy.
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-0/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-12Make the vfs_acl_xattr and other modules work with NULL SD's. FixJeremy Allison1-41/+29
the "protected" inheritance problem (bleeding up from the POSIX layer). Jeremy Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Oct 12 00:57:41 UTC 2010 on sn-devel-104
2010-09-28s3: Lift smbd_server_conn from file_find_di_firstVolker Lendecke1-1/+2
2010-08-31s3-auth Rename NT_USER_TOKEN user_sids -> sidsAndrew Bartlett1-2/+2
This is closer to the struct security_token from security.idl
2010-08-01s3: Fix an uninitialized variableVolker Lendecke1-1/+1
2010-06-03s3-security: use shared SECINFO_DACL define.Günther Deschner1-10/+10
Guenther
2010-06-03s3-security: use shared SECINFO_SACL define.Günther Deschner1-2/+2
Guenther
2010-06-03s3-security: use shared SECINFO_GROUP define.Günther Deschner1-10/+10
Guenther
2010-06-03s3-security: use shared SECINFO_OWNER define.Günther Deschner1-10/+10
Guenther
2010-05-31s3-build: only use ndr_security.h where needed.Günther Deschner1-0/+2
Guenther
2010-05-18s3-secdesc: use SD_REVISION from security.idl.Günther Deschner1-2/+2
Guenther
2010-05-18s3: Remove use of iconv_convenience.Jelmer Vernooij1-2/+2
2010-03-12Missed a couple more uses of conn->server_info->ptok that need to be ↵Jeremy Allison1-7/+9
get_current_nttok(conn) Centralize the root check into smb1_file_se_access_check() so this is used by modules/vfs_acl_common.c also. Jeremy.
2010-03-05Fix for bug #7189 - Open txt files with notepad on samba shares creates problem.Jeremy Allison1-0/+2
Ensure we don't use any of the create_options for Samba private use. Add a new parameter to the VFS_CREATE call (private_flags) which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code). Rev. the VFS interface to version 28. Jeremy.
2010-02-07s3: fix build issue on Tru64Björn Jacke1-7/+7
Thanks, Volker for the hint - acl_type is a macro on Tru64. Renamed it to acltype. This fixes #7103.
2010-01-16Modification of fix for bug 6876 - Delete of an object whose parent folder ↵Jeremy Allison1-8/+5
does not have delete rights fails even if the delete right is set on the object Suggested by Volker. Reduce the surface area of the become_root() unbecome_root() code to reduce the chance of errors. Jeremy.
2010-01-12Fix bug #6876 - Delete of an object whose parent folder does not have delete ↵Jeremy Allison1-0/+127
rights fails even if the delete right is set on the object. Final fix for the vfs_acl_xattr and vfs_acl_tdb code. Ensure we can delete a file even if the underlying POSIX permissions don't allow it, if the Windows permissions do. Jeremy.
2009-12-23Attempt to fix one of the last two bugs with the full Windows ACL support.Jeremy Allison1-0/+106
When returning an underlying ACL on a directory, normally on a POSIX system it has no inheritable entries, which breaks the Windows ACL when a user does a get/set of a Windows ACL on a POSIX directory with no existing stored Windows ACL from the Windows ACL editor. What happens is any new entry added by the user gets set inheritable, but none of the others entries are (as returned by default). So any new files then only inherit the single new ACE entry (the one marked inheritable by the ACL editor). Fix this by faking up a default 3 element inheritable ACL that represents what a user creating a POSIX file or directory will get by default from the smbd code. Jeremy.
2009-12-07parent_sd can never be null in this function, so don'tJeremy Allison1-1/+5
check for it. Jeremy.
2009-12-07Hopefullt final fix for 6802 - acl_xattr.c module: A created folder does not ↵Jeremy Allison1-182/+166
properly inherit permissions from parent and 6938 - No hook exists to check creation rights when using acl_xattr module Volker was right (dammit :-). It's much easier to catch this case in the create_file() vfs call instead of trying to do everything inside open() and mkdir(). Hook all these functions to gain the desired effect. Jeremy.
2009-12-03Remove smb_fname duplicates that just keep the same information as in ↵Jeremy Allison1-4/+0
fsp->fsp_name. Moving towards making VFS_OPEN/VFS_MKDIR/VFS_RMDIR handle based... Jeremy.
2009-12-02Restructure the ACL code some more, get the internal semanticsJeremy Allison1-169/+130
right. The previous bugs were due to the fact that get_nt_acl_internal() could return an NTSTATUS error if there was no stored ACL blob, but otherwise would return the underlying ACL from the filysystem. Fix this so it always returns a valid acl if it can, and if it does not its an error to be reported back to the client. This then changes the inherit acl code. Previously we were trying to match Windows by setting a minimal ACL on a new file that didn't inherit anything from a parent directory. This is silly - the returned ACL wouldn't match the underlying UNIX permissions. The current code will correctly inherit from a parent if a parent has any inheritable ACE entries that apply to the new object, but will return a mapping from the underlying UNIX permissions if the parent has no inheritable entries. This makes much more sense for new files/directories. Jeremy.
2009-12-02Ensure check_parent_acl_common() only looks at storedJeremy Allison1-2/+16
blobs - returns NT_STATUS_OK if there aren't any. Jeremy.
2009-12-02Ensure get_nt_acl_internal() only looks at the ACL blobs, notJeremy Allison1-18/+22
reads off the underlying filesystem. Ensure that vfs_acl_tdb.c returns NT_STATUS_NOT_FOUND, not NT_STATUS_OBJECT_NAME_NOT_FOUND when it can't find a blob matching the file. Jeremy.
2009-11-30Fix DEBUG 0 -> DEBUG 10 (left over code).Jeremy Allison1-2/+4
Fix opendir status return if access denied. Jeremy.
2009-11-30Fix bug 6938 : No hook exists to check creation rights when using acl_xattr ↵Jeremy Allison1-7/+102
module Fix ACL modules to test for permissions on open/mkdir/opendir. Ensure that underlying ACLs are returned for directories/files with no Windows xattr or tdb acls stored. Jeremy.
2009-11-25Fix bug 6892 - When a chown operation is issued via Windows Explorer, all ↵Jeremy Allison1-15/+36
ACLS are wiped out. Merges existing DACLs when a ACL set operation comes in with only owner or group values set. Jeremy.
2009-10-23Fix bug 6802 - A created folder does not properly inherit permissions from ↵Barry Sabsevitz1-4/+38
parent.
2009-10-02Remove lots of duplicate code and move it into oneJeremy Allison1-17/+13
function vfs_stat_fsp(). Stops code looking at fsp->posix_open except for exceptional circumstances. Jeremy.
2009-07-27Fix the build breakage by #including modules/vfs_acl_common.cJeremy Allison1-15/+20
into acl_tdb and acl_xattr. Duplicates the code size, but keeps the code in common so I don't have to do bug fixes in two places (which is what I really cared about). Jeremy.
2009-07-24Factor out common code into vfs_acl_common.c.Jeremy Allison1-0/+637
Jeremy.