summaryrefslogtreecommitdiff
path: root/source3/modules
AgeCommit message (Collapse)AuthorFilesLines
2009-08-19Make refusal of SEC_DESC_DACL_PROTECTED configurableVolker Lendecke1-1/+3
This adds a parameter "gpfs:refuse_dacl_protected" that defaults to false. GPFS has no place to store the SEC_DESC_DACL_PROTECTED ACL bit. With this parameter we give customers an option to either ignore this bit or refuse setting an ACL with it.
2009-08-14Use defined names rather than numeric constants to make codeJeremy Allison1-2/+2
clearer. Jeremy.
2009-08-14gpfs.so: map the file_inherit and dir_inherit flags away for filesMichael Adam1-1/+15
GPFS sets inherits dir_inhert and file_inherit flags to files, too, which confuses windows, and seems to be wrong anyways. So when mapping a nfs4 acl to a windows acl, we map these flags away for files. Michael
2009-08-12When mapping EA's into a TDB, don't remove the EAJeremy Allison1-0/+9
until the last link to the file is gone (fixes the build farm RAW-RENAME test with xattr's in tdb's). Jeremy.
2009-08-12Add "store create time" parameter (docs to follow)Jeremy Allison1-0/+9
that stores the create time in the user.DosTimestamps EA. Jeremy.
2009-08-12Fix some warnings in the AIX ACL code.Jeremy Allison1-4/+3
Jeremy.
2009-08-07Move the checks for null timestamps down below the VFS_NTIMESJeremy Allison1-0/+15
layer (as it's done in onefs). This simplifies greatly the code in smb_set_file_time() w.r.t. changenotify messages. Jeremy.
2009-08-02Fix breakage for connect function after API change (connect -> connect_fn)Alexander Bokovoy2-2/+2
2009-07-29s3: Attempt to fix hpuxacl moduleTim Prouty2-5/+13
2009-07-29shadow_copy2: The system getrealfilename() can't deal with a 0-length fnameVolker Lendecke1-0/+3
This fixes viewing the content of snapshots in the share root directory. We have to treat the filename that *just* consists of "@GMT-YYYY.MM.DD-HH.MM.SS" like the share root, which is the current working directory.
2009-07-27Fix the build breakage by #including modules/vfs_acl_common.cJeremy Allison3-21/+31
into acl_tdb and acl_xattr. Duplicates the code size, but keeps the code in common so I don't have to do bug fixes in two places (which is what I really cared about). Jeremy.
2009-07-25Cleanup patch after "new VFS"Volker Lendecke1-1/+1
2009-07-25Cleanup patch after "struct stat_ex"Volker Lendecke1-2/+2
2009-07-24s3 onefs: Fix the onefs modules after the big refactoringTim Prouty4-10/+10
2009-07-24Factor out common code into vfs_acl_common.c.Jeremy Allison3-1272/+653
Jeremy.
2009-07-24Make acl_tdb match acl_xattr. Large duplication ofJeremy Allison1-68/+225
code here needs tidying up. Compiles but not yet tested. Jeremy.
2009-07-24Fix hash function in acl_xattr to be SHA256, makeJeremy Allison2-62/+100
the hash function selectable. Upgrade version. Compiles but not fully tested yet (coming). Make vfs_acl_tdb.c compile - this needs updating to match acl_xattr (also coming soon). Jeremy.
2009-07-24Move the "enum _vfs_op_type" to full_auditVolker Lendecke1-0/+142
It's only used there now. Someone should now go in and simplify full_audit... :-)
2009-07-24Make the smbd VFS typesafeVolker Lendecke43-1587/+710
2009-07-24Some more VFS type errorsVolker Lendecke1-2/+2
2009-07-24Fix some C++ warningsVolker Lendecke1-4/+7
2009-07-21s3: Remove unnecessary callers of get_full_smb_filenameTim Prouty1-40/+18
This often times means explicitly denying certain operations on a stream as they are not supported or don't make sense at a particular level. At some point in the future these can be enabled, but for now it's better to remove ambiguity
2009-07-20s3: Finish plumbing the fsp->fsp_name smb_fname conversion through the modules.Tim Prouty21-252/+300
2009-07-19Fix a few type errors in VFS modulesVolker Lendecke6-10/+18
2009-07-14reject ACLs with DESC_DACL_PROTECTED on GPFSChristian Ambach1-0/+5
as GPFS does not support the ACE4_FLAG_NO_PROPAGATE NFSv4 flag (which would be the mapping for the DESC_DACL_PROTECTED flag), the status of this flag is currently silently ignored by Samba. That means that if you deselect the "Allow inheritable permissions..." checkbox in Windows' ACL dialog and then apply the ACL, the flag will be back immediately. To make sure that automatic migration with e.g. robocopy does not lead to ACLs silently (and unintentionally) changed, this patch adds an explicit check for this flag and if set, it will return NT_STATUS_NOT_SUPPORTED so errors are shown up on the Windows side and the Administrator is aware of the ACLs not being settable like intended Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2009-07-10Add hash values to the xattr ACLS to determine whenJeremy Allison1-55/+158
an underlying POSIX ACL is changed out from under us. Passes RAW-ACL test up to "invalid owner" problem when trying to create a file owned by Everyone. Now needs porting to modules/vfs_acl_tdb.c Jeremy.
2009-07-08s3: Prepare open.c to switch fsp_name to an smb_filename structTim Prouty1-12/+15
2009-07-08s3: Change the share_mode_lock struct to store a base_name and stream_nameTim Prouty1-15/+7
2009-07-08s3: Remove is_ntfs_stream_name() and split_ntfs_stream_name()Tim Prouty2-57/+12
Actually I moved split_ntfs_stream_name into torture.c which is the one consumer of it. This could probably be changed at some point.
2009-07-08s3: Plumb smb_filename through dos_mode() and related funtionsTim Prouty2-3/+12
2009-07-08s3: convert unix_mode to take an smb_filenameTim Prouty2-5/+16
2009-07-07s3 onefs: Fix a few bugs from the smb_filename migrationTim Prouty3-49/+35
2009-07-07Attempt to fix the build of vfs_catia.c -- Tim, please check!Volker Lendecke1-2/+2
2009-07-06s3: Update streaminfo implementations now that only base names are passed ↵Tim Prouty4-21/+20
through the vfs
2009-07-06s3 audit: Fix a memory leakTim Prouty1-4/+4
2009-07-06s3: Plumb smb_filename through SMB_VFS_NTIMESTim Prouty8-39/+91
2009-07-06s3 catia: Remove pointless VOPs from catiaTim Prouty1-84/+0
2009-07-06s3: Plumb smb_filename around SMB_VFS_CHFLAGSTim Prouty3-25/+0
SMB_VFS_CHFLAGS isn't actually getting the smb_filename struct for now since it only operates on the basefile. This is the strategy for all path-based operations that will never actually operate on a stream. By clarifying the meaning of path based operations that don't take an smb_filename struct, modules that implement streams such as vfs_onefs no longer need to implement SMB_VFS_CHFLAGS to ensure it's only called on the base_name.
2009-07-06s3: Plumb smb_filename through SMB_VFS_UNLINKTim Prouty16-213/+370
2009-07-06s3 audit: Remove some recently introduced memory leaks in the audit modulesTim Prouty2-12/+45
2009-07-06s3 audit: Remove the usesless static function declarations from the audit ↵Tim Prouty3-641/+308
modules
2009-07-06s3 onefs: Fix failure in POSIX smbtorture testTim Prouty1-2/+2
The return value of readlink was a bool instead of an int, which caused the length of the returned value to never be >1.
2009-07-06s3: Plumb smb_filename through SMB_VFS_RENAMETim Prouty15-202/+355
2009-07-06do not merge ACEs with different SMB_ACE4_INHERIT_ONLY_ACE flag, this leads ↵Christian Ambach1-0/+7
to wrong inheritance flags in the ACL e.g. (on GPFS) user:10000036:rwxc:allow (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED group:10000005:rwxc:allow (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED would be merged to user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED so the explicit right for the user on the parent directory will be gone (the InheritOnly flag only accounts to subdirectories) thus leaving the user without access to the directory itself Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2009-07-01s3:onefs_open: remove unused variable passed to parent_dirname()Stefan Metzmacher1-2/+1
metze
2009-06-25s3 onefs: Plumb smb_filename through onefs createfile pathTim Prouty4-221/+322
2009-06-25Add a \n to a debug message in smbacl4_nfs42winVolker Lendecke1-1/+1
2009-06-24s3: Plumb smb_filename through SMB_VFS_STAT and SMB_VFS_LSTATTim Prouty17-255/+524
This patch introduces two new temporary helper functions vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me to call the new smb_filename version of stat, while avoiding plumbing it through callers that are still too inconvenient. As the conversion moves along, I will be able to remove callers of this, with the goal being to remove all callers. There was also a bug in create_synthetic_smb_fname_split (also a temporary utility function) that caused it to incorrectly handle filenames with ':'s in them when in posix mode. This is now fixed.
2009-06-17s3 onefs: Remove dfs resolution from create_file() now that it's being done ↵Tim Prouty1-22/+1
at a higher level
2009-06-17s3: Change SMB_VFS_OPEN to take an smb_filename structTim Prouty17-117/+352
This was a little messy because of all of the vfs modules I had to touch. Most of them were pretty straight forward, but the streams modules required a little attention to handle smb_filename. Since the use of smb_filename enables the vfs modules to access the raw, over-the-wire stream, a little bit of the handling that was being done by split_ntfs_stream_name has now been shifted into the individual stream modules. It may be a little more code, but overall it gives more flexibility to the streams modules, while also allowing correct stream handling.