summaryrefslogtreecommitdiff
path: root/source3/modules/vfs_afsacl.c
AgeCommit message (Collapse)AuthorFilesLines
2011-02-08If possible (O_DIRECTORY exists) open an fd for a directory open.Jeremy Allison1-1/+1
Start of the move towards handle-based code for directory access. Currently makes fstat/fchown code work for directories rather than falling back to pathnames. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Feb 8 06:34:41 CET 2011 on sn-devel-104
2010-09-20s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner1-9/+9
Guenther
2010-06-03s3-security: use shared "Generic access rights".Günther Deschner1-2/+2
Guenther
2010-06-03s3-security: use shared SECINFO_DACL define.Günther Deschner1-1/+1
Guenther
2010-06-03s3-security: use shared SECINFO_GROUP define.Günther Deschner1-1/+1
Guenther
2010-06-03s3-security: use shared SECINFO_OWNER define.Günther Deschner1-1/+1
Guenther
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-10/+10
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3-secdesc: use SD_REVISION from security.idl.Günther Deschner1-1/+1
Guenther
2010-05-18s3-secdesc: remove "typedef struct security_descriptor SEC_DESC".Günther Deschner1-1/+1
Guenther
2010-05-18s3-secdesc: remove "typedef struct security_acl SEC_ACL".Günther Deschner1-2/+2
Guenther
2010-05-18s3-secdesc: remove "typedef struct security_ace SEC_ACE".Günther Deschner1-6/+6
Guenther
2009-11-30Restructure the connect function code to always callJeremy Allison1-3/+8
down to NEXT-> before initializing. This allows us to do cleanup (by calling DISCONNECT) if initialization fails. Also fix vfs_acl_xattr which was failing to call the NEXT connect function. Jeremy.
2009-10-16Last 2 VFS_STAT -> LSTAT fixes I can see in the modules code.Jeremy Allison1-1/+8
Jeremy.
2009-07-24Make the smbd VFS typesafeVolker Lendecke1-13/+6
2009-07-20s3: Finish plumbing the fsp->fsp_name smb_fname conversion through the modules.Tim Prouty1-12/+23
2009-06-24s3: Plumb smb_filename through SMB_VFS_STAT and SMB_VFS_LSTATTim Prouty1-1/+1
This patch introduces two new temporary helper functions vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me to call the new smb_filename version of stat, while avoiding plumbing it through callers that are still too inconvenient. As the conversion moves along, I will be able to remove callers of this, with the goal being to remove all callers. There was also a bug in create_synthetic_smb_fname_split (also a temporary utility function) that caused it to incorrectly handle filenames with ':'s in them when in posix mode. This is now fixed.
2009-05-26Introduce "struct stat_ex" as a replacement for SMB_STRUCT_STATVolker Lendecke1-3/+3
This patch introduces struct stat_ex { dev_t st_ex_dev; ino_t st_ex_ino; mode_t st_ex_mode; nlink_t st_ex_nlink; uid_t st_ex_uid; gid_t st_ex_gid; dev_t st_ex_rdev; off_t st_ex_size; struct timespec st_ex_atime; struct timespec st_ex_mtime; struct timespec st_ex_ctime; struct timespec st_ex_btime; /* birthtime */ blksize_t st_ex_blksize; blkcnt_t st_ex_blocks; }; typedef struct stat_ex SMB_STRUCT_STAT; It is really large because due to the friendly libc headers playing macro tricks with fields like st_ino, so I renamed them to st_ex_xxx. Why this change? To support birthtime, we already have quite a few #ifdef's at places where it does not really belong. With a stat struct that we control, we can consolidate the nanosecond timestamps and the birthtime deep in the VFS stat calls. At this moment it is triggered by a request to support the birthtime field for GPFS. GPFS does not extend the system level struct stat, but instead has a separate call that gets us the additional information beyond posix. Without being able to do that within the VFS stat calls, that support would have to be scattered around the main smbd code. It will very likely break all the onefs modules, but I think the changes will be reasonably easy to do.
2008-10-09Remove SEC_ACCESS. It's a uint32_t.Jeremy Allison1-4/+2
Jeremy.
2008-10-07Update vfs version as I've added a const to the security_descriptor paramter ↵Jeremy Allison1-5/+5
in fset_nt_acl(). Need to watch the build farm to make sure I haven't broken the AIX or Solaris ACL modules. Jeremy.
2008-05-08Yay ! Remove a VFS entry. Removed the set_nt_acl() call,Jeremy Allison1-10/+0
this can only be done via fset_nt_acl() using an open file/directory handle. I'd like to do the same with get_nt_acl() but am concerned about efficiency problems with "hide unreadable/hide unwritable" when doing a directory listing (this would mean opening every file in the dir on list). Moving closer to rationalizing the ACL model and maybe moving the POSIX calls into a posix_acl VFS module rather than having them as first class citizens of the VFS. Jeremy. (This used to be commit f487f742cb903a06fbf2be006ddc9ce9063339ed)
2008-01-07Remove redundant parameter fd from SMB_VFS_FSTAT().Michael Adam1-1/+1
Michael (This used to be commit 0b86c420be94d295f6917a220b5d699f65b46711)
2008-01-06Remove superfluous parameter fd from SMB_VFS_FSET_NT_ACL().Michael Adam1-1/+1
Michael (This used to be commit 4f2d139a186048f08180378a877b69d2f80ad51f)
2008-01-06Remove superfluous fd parameter from SMB_VFS_FGET_NT_ACL().Michael Adam1-1/+1
Michael (This used to be commit c0c7c1223da29c68359dac64a340c1c710d5f3d2)
2007-12-19Change the prototype of the vfs function get_nt_acl().Michael Adam1-1/+0
Up to now, get_nt_acl() took a files_struct pointer (fsp) and a file name. All the underlying functions should need and now do need (after the previous preparatory work), is a connection_struct and a file name. The connection_struct is already there in the vfs_handle passed to the vfs functions. So the files_struct argument can be eliminated. This eliminates the need of calling open_file_stat in a couple of places to produce the fsp needed. Michael (This used to be commit b5f600fab53c9d159a958c59795db3ba4a8acc63)
2007-12-19Prepare the afs acl module for the api change in get_nt_acl().Michael Adam1-43/+77
This makes both of afsacl_[f]get_nt_acl() more specific, eliminating the need for afs_get_nt_acl(). Instead, split afs_to_nt_acl. Michael (This used to be commit 15caf58c81ce6b68eefa03c8f8510c2ecb5fdeb3)
2007-12-15Replace sid_string_static by sid_string_dbg in DEBUGsVolker Lendecke1-3/+4
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
2007-11-16Remove pstring from modules directory.Jeremy Allison1-4/+10
Jeremy. (This used to be commit 977dc3accb3d440e5fd19591c425da7dc3718d94)
2007-11-13Make [f]get_nt_acl return NTSTATUSVolker Lendecke1-12/+12
(This used to be commit dcbe1bf942d017a3cd5084c6ef605a13912f795b)
2007-10-18RIP BOOL. Convert BOOL -> bool. I found a few interestingJeremy Allison1-13/+13
bugs in various places whilst doing this (places that assumed BOOL == int). I also need to fix the Samba4 pidl generation (next checkin). Jeremy. (This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-10r24809: Consolidate the use of temporary talloc contexts.Volker Lendecke1-6/+6
This adds the two functions talloc_stackframe() and talloc_tos(). * When a new talloc stackframe is allocated with talloc_stackframe(), then * the TALLOC_CTX returned with talloc_tos() is reset to that new * frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse * happens: The previous talloc_tos() is restored. * * This API is designed to be robust in the sense that if someone forgets to * TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and * resets the talloc_tos(). The original motivation for this patch was to get rid of the sid_string_static & friends buffers. Explicitly passing talloc context everywhere clutters code too much for my taste, so an implicit talloc_tos() is introduced here. Many of these static buffers are replaced by a single static pointer. The intended use would thus be that low-level functions can rather freely push stuff to talloc_tos, the upper layers clean up by freeing the stackframe. The more of these stackframes are used and correctly freed the more exact the memory cleanup happens. This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and lp_talloc_ctx (did I forget any?) So, never do a tmp_ctx = talloc_init("foo"); anymore, instead, use tmp_ctx = talloc_stackframe() :-) Volker (This used to be commit 6585ea2cb7f417e14540495b9c7380fe9c8c717b)
2007-10-10r24280: Fix the build of vfs_afsacl.cVolker Lendecke1-5/+5
(This used to be commit c231f7b8f6025e2853eb6ecab43fe87566596234)
2007-10-10r23801: The FSF has moved around a lot. This fixes their Mass Ave address.Andrew Tridgell1-2/+1
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23620: Convert set_nt_acl to return NTSTATUS. Also fix the chownJeremy Allison1-4/+4
return to correctly return NT_STATUS_INVALID_OWNER if it should be disallowed. Matches better what W2K3R3 does. NFSv4 ACL module owners, please examine these changes. Jeremy. (This used to be commit fc6899a5506b272f8cd5f5837ca13300b4e69a5f)
2007-10-10r22675: Simo's patch for 0 size allocation. Still needJeremy Allison1-1/+1
to examine parse_misc.c fix. Jeremy. (This used to be commit 80d981265cd3bc9d73c5da3c514ec736e2dfa73a)
2007-10-10r22589: Make TALLOC_ARRAY consistent across all uses.Jeremy Allison1-3/+7
Jeremy. (This used to be commit 8968808c3b5b0208cbad9ac92eaf948f2c546dd9)
2007-10-10r21151: applying patches for CVE-2007-045[34]Gerald Carter1-1/+1
(This used to be commit 1d46b2ae3447b3521987b2ab1064a6ea314cfa07)
2007-10-10r20261: merge 20260 from samba_3_0_24Herb Lewis1-0/+1
clean up a bunch of no previous prototype warnings (This used to be commit c60687db112405262adf26dbf267804b04074e67)
2007-10-10r18745: Use the Samba4 data structures for security descriptors and security ↵Jelmer Vernooij1-6/+6
descriptor buffers. Make security access masks simply a uint32 rather than a structure with a uint32 in it. (This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
2007-10-10r18271: Big change:Gerald Carter1-3/+3
* autogenerate lsa ndr code * rename 'enum SID_NAME_USE' to 'enum lsa_SidType' * merge a log more security descriptor functions from gen_ndr/ndr_security.c in SAMBA_4_0 The most embarassing thing is the "#define strlen_m strlen" We need a real implementation in SAMBA_3_0 which I'll work on after this code is in. (This used to be commit 3da9f80c28b1e75ef6d46d38fbb81ade6b9fa951)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-2/+1
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16411: Fix compilation of vfs_afsacl, thanks to Greszler Szilard for tryingVolker Lendecke1-23/+31
(This used to be commit 601643a4608cdccf33277cef8900c4da61712268)
2007-10-10r12051: Merge across the lookup_name and lookup_sid work. Lets see how the ↵Volker Lendecke1-27/+8
build farm reacts :-) Volker (This used to be commit 9f99d04a54588cd9d1a1ab163ebb304437f932f7)
2007-10-10r11585: Implement the possibility to have AFS users as SIDs in pts.Volker Lendecke1-0/+24
Volker (This used to be commit 5b1b72ce7b944c7515a605369cb55a2f0171fe6f)
2007-10-10r8366: Root-level files don't have a slash, but acls need to be settable onVolker Lendecke1-4/+6
them. Thanks to Brent Trotter for reminding me to commit this :-) Volker (This used to be commit dfa9eef7b6892ceb0e67b0c4bfb56431ead1ac3d)
2007-10-10r8219: Merge the new open code from HEAD to 3.0. Haven't yet run the tortureJeremy Allison1-2/+2
tests on this as it's very late NY time (just wanted to get this work into the tree). I'll test this over the weekend.... Jerry - in looking at the difference between the two trees there seem to be some printing/ntprinting.c and registry changes we might want to examine to try keep in sync. Jeremy. (This used to be commit c7fe18761e2c753afbffd3a78abff46472a9b8eb)
2007-10-10r8029: Fix bug 2841. Thanks to Brett Trotter.Volker Lendecke1-5/+5
Volker (This used to be commit 2588dd7a272830bfda4e8ffa7d1114af506e36be)
2007-10-10r7904: Fix a memleak in vfs_afsaclVolker Lendecke1-1/+1
(This used to be commit 8fad08db742ea32a3cda3b3d9421454837e2d2a5)
2007-10-10r4291: More *alloc fixes inspired by Albert Chin (china@thewrittenword.com).Jeremy Allison1-3/+3
Jeremy (This used to be commit efc1b688cf9b1a17f1a6bf46d481280ed8bd0c46)
2007-10-10r4251: AFS does not cope with spaces in file names. Implement a stupid ↵Volker Lendecke1-2/+32
mapping that maps the space to another character choosable by afsacl:space. Volker P.S: Who is "OH"? ;-) (This used to be commit e717ff70c6ce15bad7a792a592b42ecd057acc01)