summaryrefslogtreecommitdiff
path: root/source3/smbd/open.c
AgeCommit message (Collapse)AuthorFilesLines
2012-12-02s3:smbd/open: fall back to Builtin_Administrators if SYSTEM doesn't map to a ↵Stefan Metzmacher1-0/+54
group Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-02s3:smbd/open: try the primary sid (user) as group_sid if the token has just ↵Stefan Metzmacher1-1/+5
one sid Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-12-02s3:smbd/open: use Builtin_Administrators as owner of files (if possible)Stefan Metzmacher1-4/+41
We do this if the idmap layer resolves Builtin_Administrators as ID_TYPE_BOTH and if the current token has the Builtin_Administrators SID or it's SYSTEM. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-28s4:smbd/open: add missing TALLOC_FREE(frame) to inherit_new_acl()Stefan Metzmacher1-0/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-11-19Add comments explaining exactly *why* we don't check FILE_READ_ATTRIBUTES ↵Jeremy Allison1-3/+21
when evaluating file/directory ACE's. If we can access the path to this file, by default we have FILE_READ_ATTRIBUTES from the containing directory. See the section. "Algorithm to Check Access to an Existing File" in MS-FSA.pdf. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
2012-10-17s3:smbd: fix brace placements in validate_my_share_entries() for readabilityMichael Adam1-2/+4
according to coding guidelines Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Oct 17 14:37:58 CEST 2012 on sn-devel-104
2012-10-11smbd: Add mem_ctx to {f,}get_nt_acl VFS callAndrew Bartlett1-8/+14
This makes it clear which context the returned SD is allocated on, as a number of callers do not want it on talloc_tos(). As the ACL transformation allocates and then no longer needs a great deal of memory, a talloc_stackframe() call is used to contain the memory that is not returned further up the stack. Andrew Bartlett
2012-10-04Revert "When creating a new file/directory, we need to obey the create ↵Jeremy Allison1-15/+0
mask/directory mask parameters." This reverts commit c251a6b0442abc13bc8be4ff8de324c1d7706a78. Remove this as we're planning to remove the security mask, directory security mask parameters and only use create mask/directory mask.
2012-10-02When creating a new file/directory, we need to obey the create ↵Jeremy Allison1-0/+15
mask/directory mask parameters. Currently we call FSET_NT_ACL to inherit any ACLs on create. However FSET_NT_ACL uses the security mask/directory security mask parameters instead of the create mask/directory mask parameters. Swap them temporarily when creating to ensure the correct masks are applied. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Oct 2 22:27:17 CEST 2012 on sn-devel-104
2012-09-29s3: Fix opening a file under kernel oplocksVolker Lendecke1-0/+79
With the prior code we assumed that we do not have kernel oplocks around when we open a file because we handled samba-internal oplock breaks before the open attempt. Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Sat Sep 29 19:29:36 CEST 2012 on sn-devel-104
2012-09-29s3: Remove a SMB_ASSERTVolker Lendecke1-2/+0
With the simplified logic this became unnecessary
2012-09-29s3: Close the now opened file descriptor in error pathsVolker Lendecke1-0/+3
2012-09-29s3: No code change, just re-indentVolker Lendecke1-188/+187
Look at this with "git diff -b" if you don't believe me :-)
2012-09-29s3: Remove share mode handling before we open the fileVolker Lendecke1-204/+1
This is a significant behaviour change: We do not open the file under the share mode lock anymore. This might lead to more open calls in case of oplock breaks or sharing violations, but those are slow error paths and as such might be not too performance sensitive. The benefit of this patch is a significant reduction of complexity of open_file_ntcreate()
2012-09-29s3: Fix fcb_or_dos_open after logic changeVolker Lendecke1-1/+2
With the new behaviour, we call fcb_or_dos_open after open_file(). It is open_file() that sets up the fsp so that fcb_or_dos_open can find it in the list of fsps. Avoid finding the fsp we are just setting up.
2012-09-29s3: Copy share mode handling from before to after open_fileVolker Lendecke1-17/+124
This is a 1:1 copy&paste of the oplock/sharemode code that we do before an existing file is opened. It is a prerequiste for a patch that removes all of that handling before we open the file.
2012-09-27s3: Fix rejecting mkdir on read-only sharesVolker Lendecke1-1/+1
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-09-26s3: Slightly simplify open_file()Volker Lendecke1-1/+2
The "else" is not necessary. In the if-branch we just returned. Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Sep 26 18:08:03 CEST 2012 on sn-devel-104
2012-09-26s3: Slightly simplify calculate_open_access_flagsVolker Lendecke1-9/+10
2012-09-26s3: Slightly simplify calculate_open_access_flagsVolker Lendecke1-13/+17
2012-09-26s3: Factor out calculate_open_access_flagsVolker Lendecke1-15/+31
Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Wed Sep 26 00:22:56 CEST 2012 on sn-devel-104
2012-09-25s3: Fix a typoVolker Lendecke1-1/+1
2012-09-25s3: Slightly simplify is_stat_openVolker Lendecke1-3/+2
The "access_bits" clause is redundant. is_stat_open says that exactly at least one of the stat_open_bits must be set and none else. Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Sep 25 20:05:06 CEST 2012 on sn-devel-104
2012-09-25s3: Make is_stat_open() a bit more readableVolker Lendecke1-4/+7
2012-09-25s3: Fix indentation of if-expressionsVolker Lendecke1-2/+3
To me this makes open_file_ntcreate a little easier to understand Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Sep 25 10:08:15 CEST 2012 on sn-devel-104
2012-09-25Fix bug #9189 - SMB2 Create doesn't return correct MAX ACCESS access mask in ↵Jeremy Allison1-0/+7
blob. If we aren't already granted DELETE access, check if we have DELETE_CHILD in the containing directory.
2012-09-21s3:smbd: release the share mode lock before calling exit_server() (bug #9191)Stefan Metzmacher1-0/+2
metze Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Fri Sep 21 22:36:57 CEST 2012 on sn-devel-104
2012-09-15Add 'bool use_privs' to smbd_calculate_access_mask().Jeremy Allison1-4/+7
Replaces blanket root allow if set. Set to 'false' for all current callers. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Sep 15 00:37:49 CEST 2012 on sn-devel-104
2012-09-14Fix bad string in debug message (remove it).Jeremy Allison1-4/+2
2012-09-14Add bool use_privs parameter to smbd_check_access_rights()Jeremy Allison1-4/+12
If this is set we should use it in preference to blindly assuming root can do anything. Currently set to 'false' in (most) callers.
2012-09-10s3: delete requests are not specialVolker Lendecke1-16/+0
The only difference between batch and exclusive oplocks is the time of the check: Batch is checked before the share mode check, exclusive after. Signed-off-by: Jeremy Allison <jra@samba.org>
2012-09-08s3:smbd: make fd_open() publicMichael Adam1-4/+4
2012-09-08s3:smbd: don't set kernel flock if "kernel share modes = no"Michael Adam1-1/+1
Signed-off-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Sat Sep 8 13:05:05 CEST 2012 on sn-devel-104
2012-09-08s3:smbd: add disconnected checks to the open code.Stefan Metzmacher1-0/+31
(delay_for_batch_oplocks, open_mode_check, and delay_for_exclusive_oplocks) Pair-Programmed-With: Michael Adam <obnox@samba.org>
2012-09-05Remove an unncessary FTRUNCATE call in the open path. We can rely on O_TRUC.Jeremy Allison1-29/+1
Suggested by Volker.
2012-09-05s3: Slightly simplify fd_open_atomicVolker Lendecke1-8/+7
Replace an if-statement by a direct assignment Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Sep 5 01:56:46 CEST 2012 on sn-devel-104
2012-09-04s3: Put a comment into the right placeVolker Lendecke1-4/+5
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-09-04s3: Factor out disposition_to_open_flagsVolker Lendecke1-24/+57
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-09-04s3: Factor out calculation of clear_adsVolker Lendecke1-5/+17
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-09-04s3: Slightly simplify open_file_ntcreateVolker Lendecke1-5/+5
We have not set flags2 before, so do direct assignment and not |= Signed-off-by: Jeremy Allison <jra@samba.org>
2012-09-04s3: Make "open_match_attributes" staticVolker Lendecke1-6/+6
Signed-off-by: Jeremy Allison <jra@samba.org>
2012-09-01s3: Make an if statement a bit easier to readVolker Lendecke1-2/+3
Fix indentation a bit Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Sep 1 07:07:12 CEST 2012 on sn-devel-104
2012-08-31Change the S3 fileserver over to se_file_access_check().Jeremy Allison1-6/+9
Don't set the priv_open_requested yet until the open-for-backup request is correctly passed in.
2012-08-30Change the other two places where we set a security descriptor given by the ↵Jeremy Allison1-5/+1
client to got through set_sd(), the canonicalize sd function.
2012-07-31s3: Make request_timed_out() staticVolker Lendecke1-2/+2
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-07-18loadparm: make the source3/ lp_ functions take an explicit TALLOC_CTX *.Rusty Russell1-1/+1
They use talloc_tos() internally: hoist that up to the callers, some of whom don't want to us talloc_tos(). A simple patch, but hits a lot of files. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2012-07-12Set fsp->initial_allocation_size before calling open_file_ntcreate().Jeremy Allison1-0/+5
Allows an SMB_VFS_OPEN() vfs module to do something interesting with the request.
2012-07-12Make sure we reset fsp->initial_allocation_size to zero if we didn't create ↵Jeremy Allison1-0/+2
the file. This will become important as we set fsp->initial_allocation_size before create.
2012-07-10Cope with a (non-security) open race we've had for ever as NTCreateX isn't ↵Jeremy Allison1-0/+25
atomic on POSIX. On open without create, the file did exist, but some other (local or NFS) process either renamed/unlinked and re-created the file with different dev/ino after we walked the path, but before we did the open. We could retry the open but it's a rare enough case it's easier to just fail the open to prevent creating any problems in the open file db having the wrong dev/ino key. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Jul 10 21:57:33 CEST 2012 on sn-devel-104
2012-07-10Now we have a guaranteed indication of a file being created, use it to set ↵Jeremy Allison1-12/+8
the create disposition correctly.
generated by cgit (git 2.34.1) at 2024-06-30 03:57:26 +0000