Age | Commit message (Collapse) | Author | Files | Lines |
|
now done correctly in the main codepath. The vfs_acl_XXXX modules are
now thin shims that simply store/retrieve ACLs as they should be.
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 2 02:13:51 CET 2011 on sn-devel-104
|
|
now handle this.
|
|
the acl_xattr code). Remove the "experimental" tag.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Sep 27 21:00:12 CEST 2011 on sn-devel-104
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_REALLOC_ARRAY isn't standard talloc.
Andrew Bartlett
|
|
This should finally fix the AIX build and allow to remove AIX specific ifdefs.
Guenther
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Apr 21 02:01:20 CEST 2011 on sn-devel-104
|
|
There is no reason for smbd with Windows ACLs to use chmod
or fchmod unless it's a file opened with UNIX extensions or
with posix pathnames.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Apr 2 02:40:43 CEST 2011 on sn-devel-104
|
|
Guenther
|
|
Guenther
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 16 03:36:04 UTC 2010 on sn-devel-104
|
|
Samba ACL module to ignore mapping to lower POSIX layer. With this
fix Samba 3.6.x now passes RAW-ACLs (with certain smb.conf parameters
set).
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Oct 16 01:26:31 UTC 2010 on sn-devel-104
|
|
rights fails even if the delete right is set on the object.
Final fix for the vfs_acl_xattr and vfs_acl_tdb code.
Ensure we can delete a file even if the underlying POSIX
permissions don't allow it, if the Windows permissions do.
Jeremy.
|
|
properly inherit permissions from parent and 6938 - No hook exists to check creation rights when using acl_xattr module
Volker was right (dammit :-). It's much easier to catch
this case in the create_file() vfs call instead of trying
to do everything inside open() and mkdir(). Hook all these
functions to gain the desired effect.
Jeremy.
|
|
module
Fix ACL modules to test for permissions on open/mkdir/opendir.
Ensure that underlying ACLs are returned for directories/files with
no Windows xattr or tdb acls stored.
Jeremy.
|
|
down to NEXT-> before initializing. This allows us to
do cleanup (by calling DISCONNECT) if initialization
fails. Also fix vfs_acl_xattr which was failing to
call the NEXT connect function.
Jeremy.
|
|
inherit acls = yes or xattrs are removed.
We also need dos filemode = true set as well.
Jeremy.
|
|
xattrs are removed.
Jeremy.
|
|
into acl_tdb and acl_xattr. Duplicates the code size, but keeps
the code in common so I don't have to do bug fixes in two places
(which is what I really cared about).
Jeremy.
|
|
Jeremy.
|
|
the hash function selectable. Upgrade version.
Compiles but not fully tested yet (coming). Make
vfs_acl_tdb.c compile - this needs updating to
match acl_xattr (also coming soon).
Jeremy.
|
|
|
|
|
|
an underlying POSIX ACL is changed out from under us.
Passes RAW-ACL test up to "invalid owner" problem when
trying to create a file owned by Everyone. Now needs
porting to modules/vfs_acl_tdb.c
Jeremy.
|
|
This patch introduces two new temporary helper functions
vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me
to call the new smb_filename version of stat, while avoiding plumbing
it through callers that are still too inconvenient. As the conversion
moves along, I will be able to remove callers of this, with the goal
being to remove all callers.
There was also a bug in create_synthetic_smb_fname_split (also a
temporary utility function) that caused it to incorrectly handle
filenames with ':'s in them when in posix mode. This is now fixed.
|
|
This was a little messy because of all of the vfs modules I had to
touch. Most of them were pretty straight forward, but the streams
modules required a little attention to handle smb_filename. Since the
use of smb_filename enables the vfs modules to access the raw,
over-the-wire stream, a little bit of the handling that was being done
by split_ntfs_stream_name has now been shifted into the individual
stream modules. It may be a little more code, but overall it gives
more flexibility to the streams modules, while also allowing correct
stream handling.
|
|
This patch introduces
struct stat_ex {
dev_t st_ex_dev;
ino_t st_ex_ino;
mode_t st_ex_mode;
nlink_t st_ex_nlink;
uid_t st_ex_uid;
gid_t st_ex_gid;
dev_t st_ex_rdev;
off_t st_ex_size;
struct timespec st_ex_atime;
struct timespec st_ex_mtime;
struct timespec st_ex_ctime;
struct timespec st_ex_btime; /* birthtime */
blksize_t st_ex_blksize;
blkcnt_t st_ex_blocks;
};
typedef struct stat_ex SMB_STRUCT_STAT;
It is really large because due to the friendly libc headers playing macro
tricks with fields like st_ino, so I renamed them to st_ex_xxx.
Why this change? To support birthtime, we already have quite a few #ifdef's at
places where it does not really belong. With a stat struct that we control, we
can consolidate the nanosecond timestamps and the birthtime deep in the VFS
stat calls.
At this moment it is triggered by a request to support the birthtime field for
GPFS. GPFS does not extend the system level struct stat, but instead has a
separate call that gets us the additional information beyond posix. Without
being able to do that within the VFS stat calls, that support would have to be
scattered around the main smbd code.
It will very likely break all the onefs modules, but I think the changes will
be reasonably easy to do.
|
|
(caused by the POSIX pathname fixes).
Jeremy.
|
|
Jeremy.
|
|
Jeremy.
|
|
|
|
done for POSIX ACLs.
Jeremy.
|
|
functions here.
Jeremy.
|
|
|
|
Jeremy.
|
|
format is fixed.
Jeremy.
|
|
RAW-ACLS except for the last test which uses a non-POSIX chown. More testing/documentation to follow.
Jeremy.
|
|
RAW-ACL inheritance tests. Only access masks for SD get/set left to fix.
Jeremy.
|
|
Jeremy.
|
|
default ACL in place.
Jeremy.
|
|
Jeremy.
|
|
Jeremy.
|
|
Jeremy.
|
|
Jeremy.
|
|
Jeremy.
|
|
calculation of SEC_FLAG_MAXIMUM_ALLOWED much easier
for files.
Jeremy.
|
|
module. Inheritance fails at the moment though.
Jeremy.
|
|
Jeremy.
|
|
Now to do the same for directories.
Jeremy.
|
|
|
|
ACLs.
Jeremy.
|