summaryrefslogtreecommitdiff
path: root/source3/smbd/file_access.c
AgeCommit message (Collapse)AuthorFilesLines
2009-03-04Fix bug #6154 - zfs does not honor admin users.Jeremy Allison1-0/+5
Jeremy
2009-02-02Fix bug #6082 - smbd_gpfs_getacl failed: Windows client can´t rename or ↵Jeremy Allison1-8/+3
delete file This fixes the generic rename/delete problem for 3.3.0 and above. Fixed slightly differently to discussions, user viewable modified ACLs are not a good idea :-). Jeremy.
2008-12-31Rename parent_dirname_talloc() to parent_dirname()Volker Lendecke1-4/+1
2008-10-31Unify se_access_check with the S4 code. Will makeJeremy Allison1-4/+3
calculation of SEC_FLAG_MAXIMUM_ALLOWED much easier for files. Jeremy.
2008-06-19Wrap the unix token info in a unix_user_token in auth_serversupplied_infoVolker Lendecke1-4/+4
No functional change, this is a preparation for more current_user ref removal (This used to be commit dcaedf345e62ab74ea87f0a3fa1e3199c75c5445)
2008-06-19Fix checks in can_delete_file_in_directory()Volker Lendecke1-6/+15
With at least NFSv4 ACLs around the write permission for the owner is a bogus check if we can delete a file in a directory. Like in Windows, there are two ways which can grant us such: First, the DELETE permission on the file itself, or if that does not help, the DELETE_CHILD permission on the directory. It might be a bit more code that runs, but essentially we should end up with the same set of syscalls in the non-acl case. (This used to be commit daa9b056645a45edfb3a70e3536011ebe5678970)
2008-06-18file_access: add a function header comment for can_access_file_acl().Michael Adam1-0/+3
Michael (This used to be commit 7d5fb873bde0a84de522650945effeaf602c759e)
2008-06-17file_access: remove unneeded stat buf parameter from can_access_file_acl().Michael Adam1-3/+3
This is a security descriptor level function only. Michael (This used to be commit 5931540fa1681f026fed42df387d17e43c493c47)
2008-06-15Remove the reference to current_user from file_access.cVolker Lendecke1-8/+6
conn holds the current user info (This used to be commit 093bc5f2b33ebf90e04bc17e51b1695b1b932bf2)
2008-05-02Remove the "stat_open()" function, flag, and all associated code. It was onlyJeremy Allison1-4/+4
being (correctly) used in the can_read/can_write checks for hide unreadable/unwritable and this is more properly done using the functions in smbd/file_access.c. Preparing to do NT access checks on all file access. Jeremy. (This used to be commit 6bfb06ad95963ae2acb67c4694a98282d3b29faa)
2008-05-02Move directory_has_default_acl() to file_access.c, belongsJeremy Allison1-0/+27
there as it no longer uses explicit POSIX ACL calls. Jeremy. (This used to be commit ac1eac9b0d07b7b3d341c06ef1a8fd8f3c05a618)
2007-12-19Change the prototype of the vfs function get_nt_acl().Michael Adam1-62/+5
Up to now, get_nt_acl() took a files_struct pointer (fsp) and a file name. All the underlying functions should need and now do need (after the previous preparatory work), is a connection_struct and a file name. The connection_struct is already there in the vfs_handle passed to the vfs functions. So the files_struct argument can be eliminated. This eliminates the need of calling open_file_stat in a couple of places to produce the fsp needed. Michael (This used to be commit b5f600fab53c9d159a958c59795db3ba4a8acc63)
2007-11-13Fix potential orphaned open files.Michael Adam1-2/+4
Calling can_access_file could lead to orphaned open files when SMB_VFS_GET_NT_ACL returned ENOSYS (not implemented). Michael (This used to be commit f4f700cf0c1657c36e801fab20fe7b1a4efcb714)
2007-11-13Make [f]get_nt_acl return NTSTATUSVolker Lendecke1-8/+7
(This used to be commit dcbe1bf942d017a3cd5084c6ef605a13912f795b)
2007-11-11Cosmetic fixVolker Lendecke1-3/+5
Do directory vs file open before entering open_file_stat (This used to be commit cd62122916defbfb57468c3b82a60b766fc4652e)
2007-11-06Move some access check functions that are not posix-acl specificMichael Adam1-0/+239
to a new source file of their own. Michael (This used to be commit 9dd18bb534bca6b5de6cad9580b48681b36c0832)