summaryrefslogtreecommitdiff
path: root/source3/modules/vfs_acl_xattr.c
AgeCommit message (Collapse)AuthorFilesLines
2011-09-27These modules are no longer experimental but production-ready (especiallyJeremy Allison1-2/+0
the acl_xattr code). Remove the "experimental" tag. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Sep 27 21:00:12 CEST 2011 on sn-devel-104
2011-06-09s3-talloc Change TALLOC_REALLOC_ARRAY() to talloc_realloc()Andrew Bartlett1-1/+1
Using the standard macro makes it easier to move code into common, as TALLOC_REALLOC_ARRAY isn't standard talloc. Andrew Bartlett
2011-04-21s3-vfs: rename open function to open_fn.Günther Deschner1-1/+1
This should finally fix the AIX build and allow to remove AIX specific ifdefs. Guenther Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Apr 21 02:01:20 CEST 2011 on sn-devel-104
2011-04-02Fix bug #7987 - ACL can get lost when files are being renamed.Jeremy Allison1-0/+4
There is no reason for smbd with Windows ACLs to use chmod or fchmod unless it's a file opened with UNIX extensions or with posix pathnames. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Apr 2 02:40:43 CEST 2011 on sn-devel-104
2011-03-30s3-auth: vfs modules need auth.hGünther Deschner1-0/+1
Guenther
2011-03-30s3-vfs: include smbd/smbd.h in vfs modules.Günther Deschner1-0/+1
Guenther
2010-10-16Ensure we have correct parameters to use Windows ACL modules.Jeremy Allison1-2/+4
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Oct 16 03:36:04 UTC 2010 on sn-devel-104
2010-10-16Add acl_xattr:ignore system acls boolean (normally false) to allowJeremy Allison1-0/+2
Samba ACL module to ignore mapping to lower POSIX layer. With this fix Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters set). Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Oct 16 01:26:31 UTC 2010 on sn-devel-104
2010-01-12Fix bug #6876 - Delete of an object whose parent folder does not have delete ↵Jeremy Allison1-0/+2
rights fails even if the delete right is set on the object. Final fix for the vfs_acl_xattr and vfs_acl_tdb code. Ensure we can delete a file even if the underlying POSIX permissions don't allow it, if the Windows permissions do. Jeremy.
2009-12-07Hopefullt final fix for 6802 - acl_xattr.c module: A created folder does not ↵Jeremy Allison1-35/+1
properly inherit permissions from parent and 6938 - No hook exists to check creation rights when using acl_xattr module Volker was right (dammit :-). It's much easier to catch this case in the create_file() vfs call instead of trying to do everything inside open() and mkdir(). Hook all these functions to gain the desired effect. Jeremy.
2009-11-30Fix bug 6938 : No hook exists to check creation rights when using acl_xattr ↵Jeremy Allison1-0/+1
module Fix ACL modules to test for permissions on open/mkdir/opendir. Ensure that underlying ACLs are returned for directories/files with no Windows xattr or tdb acls stored. Jeremy.
2009-11-30Restructure the connect function code to always callJeremy Allison1-0/+6
down to NEXT-> before initializing. This allows us to do cleanup (by calling DISCONNECT) if initialization fails. Also fix vfs_acl_xattr which was failing to call the NEXT connect function. Jeremy.
2009-11-11Second part of bugfix for 6865 - acl_xattr module: Has dependency that ↵Jeremy Allison1-2/+6
inherit acls = yes or xattrs are removed. We also need dos filemode = true set as well. Jeremy.
2009-11-06Fix bug 6865 - acl_xattr module: Has dependency that inherit acls = yes or ↵Jeremy Allison1-0/+12
xattrs are removed. Jeremy.
2009-07-27Fix the build breakage by #including modules/vfs_acl_common.cJeremy Allison1-3/+6
into acl_tdb and acl_xattr. Duplicates the code size, but keeps the code in common so I don't have to do bug fixes in two places (which is what I really cared about). Jeremy.
2009-07-24Factor out common code into vfs_acl_common.c.Jeremy Allison1-634/+8
Jeremy.
2009-07-24Fix hash function in acl_xattr to be SHA256, makeJeremy Allison1-52/+90
the hash function selectable. Upgrade version. Compiles but not fully tested yet (coming). Make vfs_acl_tdb.c compile - this needs updating to match acl_xattr (also coming soon). Jeremy.
2009-07-24Make the smbd VFS typesafeVolker Lendecke1-18/+10
2009-07-20s3: Finish plumbing the fsp->fsp_name smb_fname conversion through the modules.Tim Prouty1-23/+37
2009-07-10Add hash values to the xattr ACLS to determine whenJeremy Allison1-55/+158
an underlying POSIX ACL is changed out from under us. Passes RAW-ACL test up to "invalid owner" problem when trying to create a file owned by Everyone. Now needs porting to modules/vfs_acl_tdb.c Jeremy.
2009-06-24s3: Plumb smb_filename through SMB_VFS_STAT and SMB_VFS_LSTATTim Prouty1-4/+10
This patch introduces two new temporary helper functions vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me to call the new smb_filename version of stat, while avoiding plumbing it through callers that are still too inconvenient. As the conversion moves along, I will be able to remove callers of this, with the goal being to remove all callers. There was also a bug in create_synthetic_smb_fname_split (also a temporary utility function) that caused it to incorrectly handle filenames with ':'s in them when in posix mode. This is now fixed.
2009-06-17s3: Change SMB_VFS_OPEN to take an smb_filename structTim Prouty1-5/+15
This was a little messy because of all of the vfs modules I had to touch. Most of them were pretty straight forward, but the streams modules required a little attention to handle smb_filename. Since the use of smb_filename enables the vfs modules to access the raw, over-the-wire stream, a little bit of the handling that was being done by split_ntfs_stream_name has now been shifted into the individual stream modules. It may be a little more code, but overall it gives more flexibility to the streams modules, while also allowing correct stream handling.
2009-05-26Introduce "struct stat_ex" as a replacement for SMB_STRUCT_STATVolker Lendecke1-2/+2
This patch introduces struct stat_ex { dev_t st_ex_dev; ino_t st_ex_ino; mode_t st_ex_mode; nlink_t st_ex_nlink; uid_t st_ex_uid; gid_t st_ex_gid; dev_t st_ex_rdev; off_t st_ex_size; struct timespec st_ex_atime; struct timespec st_ex_mtime; struct timespec st_ex_ctime; struct timespec st_ex_btime; /* birthtime */ blksize_t st_ex_blksize; blkcnt_t st_ex_blocks; }; typedef struct stat_ex SMB_STRUCT_STAT; It is really large because due to the friendly libc headers playing macro tricks with fields like st_ino, so I renamed them to st_ex_xxx. Why this change? To support birthtime, we already have quite a few #ifdef's at places where it does not really belong. With a stat struct that we control, we can consolidate the nanosecond timestamps and the birthtime deep in the VFS stat calls. At this moment it is triggered by a request to support the birthtime field for GPFS. GPFS does not extend the system level struct stat, but instead has a separate call that gets us the additional information beyond posix. Without being able to do that within the VFS stat calls, that support would have to be scattered around the main smbd code. It will very likely break all the onefs modules, but I think the changes will be reasonably easy to do.
2009-03-04Fix crashes when running RAW-ACLs against system with tdb ACL modulesJeremy Allison1-1/+1
(caused by the POSIX pathname fixes). Jeremy.
2009-02-25Use fsp->posix_open in preference if we have it.Jeremy Allison1-2/+2
Jeremy.
2009-02-25Ensure ACL modules work with POSIX paths.Jeremy Allison1-2/+10
Jeremy.
2008-12-31Rename parent_dirname_talloc() to parent_dirname()Volker Lendecke1-4/+1
2008-12-18Comment out the parent inheritance code (this is incorrect) as wasJeremy Allison1-0/+2
done for POSIX ACLs. Jeremy.
2008-11-20Fix the build, by some cut-and-paste error I got two versions of the same ↵Jeremy Allison1-50/+0
functions here. Jeremy.
2008-11-19Fix build farm breakage.Jeremy Allison1-1/+1
2008-11-19Add functions to delete NTACL on posix ACL set.Jeremy Allison1-0/+100
Jeremy.
2008-11-13Move v2 from timestamp to 16-byte hash. Got the change in before on disk ↵Jeremy Allison1-20/+10
format is fixed. Jeremy.
2008-11-10Added vfs_acl_tdb.c module to do ACLs completely in userspace. Passes all of ↵Jeremy Allison1-44/+54
RAW-ACLS except for the last test which uses a non-POSIX chown. More testing/documentation to follow. Jeremy.
2008-11-08Fix a subtle logic bug in the adaption of se_create_child_secdesc(), pass ↵Jeremy Allison1-1/+20
RAW-ACL inheritance tests. Only access masks for SD get/set left to fix. Jeremy.
2008-11-06Start factoring out the inheritance differences.Jeremy Allison1-2/+1
Jeremy.
2008-11-06Don't call FSET_NT_ACL on file create if there's no SD to set. Leave the ↵Jeremy Allison1-4/+0
default ACL in place. Jeremy.
2008-11-06Only one more issue with NULL ACL test left to solve.Jeremy Allison1-1/+1
Jeremy.
2008-11-06Fix crash in module, get more of the NULL acl test right.Jeremy Allison1-14/+18
Jeremy.
2008-11-04Pass all of RAW-ACLS except for inheritence. Working on that next.Jeremy Allison1-1/+1
Jeremy.
2008-11-03Pass all the non-inherited S4 RAW-ACL tests.Jeremy Allison1-0/+4
Jeremy.
2008-10-31Get closer to passing S4 RAW-ACLs.Jeremy Allison1-15/+76
Jeremy.
2008-10-31Unify se_access_check with the S4 code. Will makeJeremy Allison1-3/+3
calculation of SEC_FLAG_MAXIMUM_ALLOWED much easier for files. Jeremy.
2008-10-30Start moving us closer to passing S4 RAW-ACL test using the vfs_acl_xattr ↵Jeremy Allison1-0/+51
module. Inheritance fails at the moment though. Jeremy.
2008-10-30Inherit Windows ACLs on a new directory.Jeremy Allison1-13/+55
Jeremy.
2008-10-29Allow a new file to inherit the Windows ACL from its parent.Jeremy Allison1-82/+174
Now to do the same for directories. Jeremy.
2008-10-08Fixed "might be uninitialized" warningTim Prouty1-2/+2
2008-10-08Deal with inheritance from parent directory when setting WindowsJeremy Allison1-0/+16
ACLs. Jeremy.
2008-10-07Fix const warning.Jeremy Allison1-1/+1
Jeremy.
2008-10-07Update vfs version as I've added a const to the security_descriptor paramter ↵Jeremy Allison1-2/+2
in fset_nt_acl(). Need to watch the build farm to make sure I haven't broken the AIX or Solaris ACL modules. Jeremy.
2008-10-07Make map_errno_from_nt_status() a generic call, not just a cli specific one.Jeremy Allison1-22/+36
Remove some unused calls from vfs_acl_xattr. Test for SD's on existing files. Jeremy.