summaryrefslogtreecommitdiff
path: root/source3/smbd/open.c
AgeCommit message (Collapse)AuthorFilesLines
2011-11-22Move setting the inherited ACL into the main open code path. Next willJeremy Allison1-1/+110
remove it from the ACL modules.
2011-11-22Move the "set SD" code into provided SD and "inherit acls" branches.Jeremy Allison1-29/+32
2011-11-22Only add the SD if it's not a new stream file.Jeremy Allison1-1/+1
2011-11-22Move the add security descriptor code to *after* all the other meta-data isJeremy Allison1-35/+35
updated. We may be adding an SD that restricts our own access.
2011-11-04No longer do the pre-check on DELETE_ACCESS - we're correctly checking the ↵Jeremy Allison1-22/+0
ACL every time now.
2011-11-04Remove can_access_file_acl(). We no longer need this duplicate code (hurrah!).Jeremy Allison1-1/+3
2011-11-04Remove can_access_file_data() - make it use the standard ↵Jeremy Allison1-2/+2
smbd_check_access_rights() instead.
2011-11-04Add const to the smb_filename argument of smbd_check_access_rights().Jeremy Allison1-2/+2
2011-11-04Expose smbd_check_access_rights() to other modules.Jeremy Allison1-1/+1
2011-11-04Rename smbd_check_open_rights() to smbd_check_access_rights() as we're going ↵Jeremy Allison1-15/+15
to remove the static from this.
2011-11-04Replace smb1_file_se_access_check() with just se_access_check().Jeremy Allison1-30/+21
2011-11-04Move root check out of smb1_file_se_access_check() in preparation for ↵Jeremy Allison1-13/+25
deleting this function.
2011-11-04smb1_file_se_access_check() is now static to smbd/open.cJeremy Allison1-1/+1
2011-11-04Revert "Change function signature of check_parent_access() to take char * ↵Jeremy Allison1-6/+6
instead of struct smb_filename." This reverts commit a11c0a41a35aa2b1c14333552045a65e3e50df1e. Not needed.
2011-11-01Change function signature of check_parent_access() to take char * instead of ↵Jeremy Allison1-6/+6
struct smb_filename. Expose it so it can be called from directory code.
2011-10-28Remove the order dependency in parent_override_delete(), just check for & ↵Jeremy Allison1-2/+2
not ==.
2011-10-28Remove unused "struct security_descriptor" parameter from check_parent_access()Jeremy Allison1-8/+2
2011-10-28Finally do all the open checks inside open_file(). Checks insideJeremy Allison1-0/+30
vfs_acl_common can now be removed.
2011-10-28Simplify smbd_check_open_rights() and move all the special casing inside it.Jeremy Allison1-101/+72
2011-10-28Move parent_override_delete() to before I need to use it.Jeremy Allison1-19/+19
2011-10-28Make smbd_check_open_rights() static.Jeremy Allison1-1/+1
2011-10-26Factor out the code checking if a parent should override DELETE_ACCESS into ↵Jeremy Allison1-9/+31
a function. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Oct 26 23:15:05 CEST 2011 on sn-devel-104
2011-10-26Remove another level of indentation - deal with !NT_STATUS_OK individually.Jeremy Allison1-65/+63
2011-10-26Add early return on stat open without O_CREAT if file doesn't exist.Jeremy Allison1-71/+74
Reduces one level of indentation.
2011-10-20Refactor to create check_parent_access() which can be called for file ↵Jeremy Allison1-23/+64
creation too. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Oct 20 20:29:22 CEST 2011 on sn-devel-104
2011-10-20Make mkdir_internal() check the parent ACL for SEC_DIR_ADD_SUBDIR rights.Jeremy Allison1-2/+33
2011-10-20Fix error return to be NT_STATUS_NOT_A_DIRECTORY.Jeremy Allison1-2/+2
2011-10-20Make use of the "dir_exists" we already have on directory open.Jeremy Allison1-8/+28
2011-10-17First part of fix for bug #8419 - Make VFS op "streaminfo" stackable.Frank Lahm1-3/+3
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Mon Oct 17 21:39:32 CEST 2011 on sn-devel-104
2011-10-14Add support for VFS op streaminfo chaining in all relevant VFS modules.Frank Lahm1-3/+3
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Oct 14 03:26:06 CEST 2011 on sn-devel-104
2011-10-05Fix bug #8507 - smbd doesn't correctly honor the "force create mode" bits ↵Jeremy Allison1-6/+6
from a cifsfs create. Don't manipulate the new_dos_attributes bits until we know it's not a POSIX open. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Oct 5 01:19:17 CEST 2011 on sn-devel-104
2011-08-02s3: Pass sconn explicitly to open_was_deferredVolker Lendecke1-1/+1
2011-08-02s3: Explicitly pass sconn to remove_deferred_open_message_smbVolker Lendecke1-1/+1
2011-07-29s3: Make map_open_params_to_ntcreate() available in lib/Volker Lendecke1-147/+0
2011-07-29s3: Make is_executable() available in lib/Volker Lendecke1-17/+0
2011-07-29s3: We only need base_name in map_open_params_to_ntcreateVolker Lendecke1-4/+4
2011-07-20s3-auth Use struct auth_user_info_unix for unix_name and sanitized_usernameAndrew Bartlett1-1/+1
This is closer to the layout of struct auth_session_info in auth.idl Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2011-07-11s3:smbd: check the share level access mask in smbd_calculate_access_mask()Stefan Metzmacher1-0/+17
I think we should reject invalid access early, before we might create new files. Also smbd_check_open_rights() is only called if the file existed. metze
2011-07-11s3:smbd: make smbd_calculate_access_mask() non-staticStefan Metzmacher1-14/+15
metze
2011-07-05s3: Fix bug 8102Volker Lendecke1-0/+8
We can't allow open with access that has been denied via the share security descriptor Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User: Stefan Metzmacher <metze@samba.org> Autobuild-Date: Tue Jul 5 16:21:54 CEST 2011 on sn-devel-104
2011-06-24Fix bug #8254 - "acl check permissions = no" does not work in all casesJeremy Allison1-2/+11
Move lp_acl_check_permissions() into can_delete_file_in_directory() where it makes sense. Remove ACL check when requesting DELETE_ACCESS when lp_acl_check_permissions is false. Thanks to John Janosik @ IBM for noticing this. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Jun 24 01:18:11 CEST 2011 on sn-devel-104
2011-06-09s3-talloc Change TALLOC_ARRAY() to talloc_array()Andrew Bartlett1-2/+2
Using the standard macro makes it easier to move code into common, as TALLOC_ARRAY isn't standard talloc.
2011-06-09Ensure when creating a directory, if we make any changes due to inheritance ↵Jeremy Allison1-0/+12
parameters, we update the stat returned. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Jun 9 00:46:39 CEST 2011 on sn-devel-104
2011-06-08Part 4 of bugfix for #8211 - "inherit owner = yes" doesn't interact ↵Jeremy Allison1-3/+2
correctly with "inherit permissions = yes" and POSIX ACLs We don't need to check mode bits as well as dev/ino to ensure we're in the same place.
2011-06-08Part 3 of bugfix for #8211 - "inherit owner = yes" doesn't interact ↵Jeremy Allison1-17/+43
correctly with "inherit permissions = yes" and POSIX ACLs When changing ownership on a new file make sure we must have a valid stat struct before making the inheritance calls (as they may look at it), and if we make changes we must have a valid stat struct after them. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Jun 8 03:07:04 CEST 2011 on sn-devel-104
2011-06-07Part 2 of bugfix for #8211 - "inherit owner = yes" doesn't interact ↵Jeremy Allison1-0/+2
correctly with "inherit permissions = yes" and POSIX ACLs When changing ownership on a new file make sure we also change the returned stat struct to have the correct uid.
2011-06-07Part 1 of bugfix for #8211 - "inherit owner = yes" doesn't interact ↵Jeremy Allison1-0/+2
correctly with "inherit permissions = yes" and POSIX ACLs When changing ownership on a new directory make sure we also change the returned stat struct to have the correct uid.
2011-06-01Move fd_close on error path to be identical to all other error paths.Jeremy Allison1-2/+1
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Jun 1 22:30:03 CEST 2011 on sn-devel-104
2011-06-01TALLOC_FREE already checks for null.Jeremy Allison1-3/+1
2011-06-01Fix bug #8175 - smbd deadlock.Jeremy Allison1-27/+71
Force the open operation (which is the expensive one anyway) to acquire and release locks in a way compatible with the more common do_lock check. Jeremy.