Age | Commit message (Collapse) | Author | Files | Lines |
|
The solaris acl() code requires that both ACE_GROUP|ACE_IDENTIFIER_GROUP be
set to indicate the @group permissions.
Otherwise, it would return Invalid Paramter to clients.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
This ensures the caller knows exactly what the memory lifetime of this
returned object is. This makes the NFSv4 ACL code consistent with the
POSIX and NT ACL code, to avoid supprising developers who have worked
on those other parts of the ACL code.
Most of this patch is adding a memory context to the callers and passing it in.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
This allows the callback to call xattr based storage functions that need this argument.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
|
|
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
|
|
This is so we do not query some other module for the ACL blob, as zfs
ACLs are not posix ACLs. We may add a linearisation later.
Andrew Bartlett
|
|
This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().
As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.
Andrew Bartlett
|
|
Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Mon Dec 12 04:58:40 CET 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jul 8 11:22:55 CEST 2011 on sn-devel-104
|
|
Guenther
Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Mar 30 16:00:02 CEST 2011 on sn-devel-104
|
|
Guenther
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Jan 30 12:17:49 CET 2011 on sn-devel-104
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jan 13 20:02:32 CET 2011 on sn-devel-104
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Jan 8 13:42:20 CET 2011 on sn-devel-104
|
|
Guenther
|
|
When setting an ACL without any of the user/group/other entries, ZFS
automatically creates them. This can at times confuse users a lot. This
parameter denies setting such an acl, users explicitly have to for example set
an ACE with everyone allowing nothing. Users need to be educated about this,
but this helps avoid a lot of confusion.
|
|
|
|
|
|
Michael
|
|
This is a proposed fix for Bugs #5135 and #5446.
Signed-off-by: Michael Adam <obnox@samba.org>
|
|
in fset_nt_acl().
Need to watch the build farm to make sure I haven't broken the AIX or Solaris ACL modules.
Jeremy.
|
|
(cherry picked from commit b83beeda44e1c8d485c2ad6bb8ee539cdcbe8bda)
(This used to be commit b46ce28039e8829f5188574ebe84ff3b7d9e65bc)
|
|
this can only be done via fset_nt_acl() using an open
file/directory handle. I'd like to do the same with
get_nt_acl() but am concerned about efficiency
problems with "hide unreadable/hide unwritable" when
doing a directory listing (this would mean opening
every file in the dir on list).
Moving closer to rationalizing the ACL model and
maybe moving the POSIX calls into a posix_acl VFS
module rather than having them as first class citizens
of the VFS.
Jeremy.
(This used to be commit f487f742cb903a06fbf2be006ddc9ce9063339ed)
|
|
Michael
(This used to be commit 4f2d139a186048f08180378a877b69d2f80ad51f)
|
|
Michael
(This used to be commit c0c7c1223da29c68359dac64a340c1c710d5f3d2)
|
|
Up to now, get_nt_acl() took a files_struct pointer (fsp) and
a file name. All the underlying functions should need and now
do need (after the previous preparatory work), is a connection_struct
and a file name. The connection_struct is already there in the
vfs_handle passed to the vfs functions. So the files_struct
argument can be eliminated.
This eliminates the need of calling open_file_stat in a couple
of places to produce the fsp needed.
Michael
(This used to be commit b5f600fab53c9d159a958c59795db3ba4a8acc63)
|
|
Michael
(This used to be commit 1c4f74551f48429ee3af2022101a97679e25cdea)
|
|
Michael
(This used to be commit f6db5a0d0571130f765d8a0fb4e20e61cc8b2487)
|
|
Michael
(This used to be commit 04258231dc654df077638edb7cb08542e39b7547)
|
|
This is the next step in preparation of a get_nt_acl prototype change.
Michael
(This used to be commit 7afeb1c6cb1bdb58d1e61c54ae215d947d8dc3ea)
|
|
There was one caller of smb_get_nt_acl_nfs4() forgotten
in the change of return value.
Michael
(This used to be commit 4d3e84a3b3a39d3d2c9b86affa16c8124b1496e5)
|
|
(This used to be commit dcbe1bf942d017a3cd5084c6ef605a13912f795b)
|
|
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
|
|
This adds the two functions talloc_stackframe() and talloc_tos().
* When a new talloc stackframe is allocated with talloc_stackframe(), then
* the TALLOC_CTX returned with talloc_tos() is reset to that new
* frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse
* happens: The previous talloc_tos() is restored.
*
* This API is designed to be robust in the sense that if someone forgets to
* TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and
* resets the talloc_tos().
The original motivation for this patch was to get rid of the
sid_string_static & friends buffers. Explicitly passing talloc context
everywhere clutters code too much for my taste, so an implicit
talloc_tos() is introduced here. Many of these static buffers are
replaced by a single static pointer.
The intended use would thus be that low-level functions can rather
freely push stuff to talloc_tos, the upper layers clean up by freeing
the stackframe. The more of these stackframes are used and correctly
freed the more exact the memory cleanup happens.
This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and
lp_talloc_ctx (did I forget any?)
So, never do a
tmp_ctx = talloc_init("foo");
anymore, instead, use
tmp_ctx = talloc_stackframe()
:-)
Volker
(This used to be commit 6585ea2cb7f417e14540495b9c7380fe9c8c717b)
|
|
Jeremy.
(This used to be commit 6ba12b6cb9f69297731c73071b627e8d7fbc6d73)
|
|
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
|
|
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
|
|
return to correctly return NT_STATUS_INVALID_OWNER if it
should be disallowed. Matches better what W2K3R3 does.
NFSv4 ACL module owners, please examine these changes.
Jeremy.
(This used to be commit fc6899a5506b272f8cd5f5837ca13300b4e69a5f)
|
|
do not pass through.
(This used to be commit b9d6eee5d4d0894ded88455675a470cbf04d8f45)
|
|
Jeremy.
(This used to be commit bd80db71e71fc05b8b4875c386d8d58612cdbb06)
|