Age | Commit message (Collapse) | Author | Files | Lines |
|
acl_xattr module.
|
|
Simplify the logic in the unlink/rmdir calls - makes it readable
(and correct).
|
|
inheritable entries on a directory with no stored ACL.
If referring to an fsp sbuf can be left as an uninitialized variable,
causing the 'is_directory' variable to be false when it should be true.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Dec 2 22:13:03 CET 2011 on sn-devel-104
|
|
still set SEC_DESC_DACL_PRESENT in the type field.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 30 04:59:07 CET 2011 on sn-devel-104
|
|
now done correctly in the main codepath. The vfs_acl_XXXX modules are
now thin shims that simply store/retrieve ACLs as they should be.
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 2 02:13:51 CET 2011 on sn-devel-104
|
|
now handle this.
|
|
This is what the source4/ntvfs/posix code uses.
It's also used at provision time to setup the sysvol permissions.
metze
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Oct 11 14:16:25 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Sep 23 22:20:55 CEST 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Sep 18 18:55:48 CEST 2011 on sn-devel-104
|
|
Missing assignment means this loop will never terminate. Need to be applied
to 3.5.x and 3.6.1.
|
|
Ensure we always use vfs_ChDir() to keep the singleton cache coherent.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Aug 19 00:43:05 CEST 2011 on sn-devel-104
|
|
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_ARRAY isn't standard talloc.
|
|
with vfs_acl_xattr or vfs_acl_tdb module.
Fix incorrect interaction when all of
"inherit permissions = yes"
"inherit acls = yes"
"inherit owner = yes"
are set. Found by Björn Jacke. Thanks Björn !
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jun 7 22:32:18 CEST 2011 on sn-devel-104
|
|
|
|
vfs_acl_xattr or vfs_acl_tdb module.
If "inherit owner = yes", pass in the directory owner and group
owner as the target for CREATOR_OWNER and CREATOR_GROUP substitutions,
and also as the owner and primary group of the new security descriptor
being applied to the object.
Jeremy.
|
|
Print child descriptor instead of parent.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Mon Apr 11 11:48:42 CEST 2011 on sn-devel-104
|
|
Caused by premature optimisation storing the parent ACL on the
module handle instead of (correctly) on the file fsp. Previous
code wasn't reentrant safe. This is less optimal but doesn't
crash in the specific case :-).
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Apr 9 02:05:15 CEST 2011 on sn-devel-104
|
|
this prevents a symbol duplication with the openssl library, which may
be linked in via a secondary library dependency
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
|
|
There is no reason for smbd with Windows ACLs to use chmod
or fchmod unless it's a file opened with UNIX extensions or
with posix pathnames.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Apr 2 02:40:43 CEST 2011 on sn-devel-104
|
|
Guenther
|
|
Guenther
|
|
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
This will allow the auth_serversupplied_info struct to be migrated
to auth_session_info easier.
Adnrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Feb 2 15:44:21 CET 2011 on sn-devel-104
|
|
We were losing the incoming security descriptor revision number and
most importantly the "type" field as sent by the client. Ensure we
correctly store these in the xattr object.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 24 00:18:57 CET 2010 on sn-devel-104
|
|
Samba ACL module to ignore mapping to lower POSIX layer. With this
fix Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters
set).
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 16 01:26:31 UTC 2010 on sn-devel-104
|
|
|
|
Jeremy.
|
|
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
|
|
the "protected" inheritance problem (bleeding up from the POSIX
layer).
Jeremy
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Oct 12 00:57:41 UTC 2010 on sn-devel-104
|
|
|
|
This is closer to the struct security_token from security.idl
|
|
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
|
|
get_current_nttok(conn)
Centralize the root check into smb1_file_se_access_check()
so this is used by modules/vfs_acl_common.c also.
Jeremy.
|
|
Ensure we don't use any of the create_options for Samba private
use. Add a new parameter to the VFS_CREATE call (private_flags)
which is only used internally. Renumber NTCREATEX_OPTIONS_PRIVATE_DENY_DOS
and NTCREATEX_OPTIONS_PRIVATE_DENY_FCB to match the S4 code).
Rev. the VFS interface to version 28.
Jeremy.
|
|
Thanks, Volker for the hint - acl_type is a macro on Tru64. Renamed it
to acltype. This fixes #7103.
|
|
does not have delete rights fails even if the delete right is set on the object
Suggested by Volker. Reduce the surface area of the
become_root() unbecome_root() code to reduce the chance
of errors.
Jeremy.
|
|
rights fails even if the delete right is set on the object.
Final fix for the vfs_acl_xattr and vfs_acl_tdb code.
Ensure we can delete a file even if the underlying POSIX
permissions don't allow it, if the Windows permissions do.
Jeremy.
|
|
When returning an underlying ACL on a directory, normally on a
POSIX system it has no inheritable entries, which breaks the
Windows ACL when a user does a get/set of a Windows ACL on a
POSIX directory with no existing stored Windows ACL from
the Windows ACL editor. What happens is any new entry added
by the user gets set inheritable, but none of the others
entries are (as returned by default). So any new files then
only inherit the single new ACE entry (the one marked inheritable
by the ACL editor).
Fix this by faking up a default 3 element inheritable ACL that
represents what a user creating a POSIX file or directory will
get by default from the smbd code.
Jeremy.
|
|
check for it.
Jeremy.
|
|
properly inherit permissions from parent and 6938 - No hook exists to check creation rights when using acl_xattr module
Volker was right (dammit :-). It's much easier to catch
this case in the create_file() vfs call instead of trying
to do everything inside open() and mkdir(). Hook all these
functions to gain the desired effect.
Jeremy.
|