Age | Commit message (Collapse) | Author | Files | Lines |
|
We can't allow open with access that has been denied via the share
security descriptor
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User: Stefan Metzmacher <metze@samba.org>
Autobuild-Date: Tue Jul 5 16:21:54 CEST 2011 on sn-devel-104
|
|
Move lp_acl_check_permissions() into can_delete_file_in_directory()
where it makes sense. Remove ACL check when requesting DELETE_ACCESS
when lp_acl_check_permissions is false.
Thanks to John Janosik @ IBM for noticing this.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Jun 24 01:18:11 CEST 2011 on sn-devel-104
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_ARRAY isn't standard talloc.
|
|
parameters, we update the stat returned.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jun 9 00:46:39 CEST 2011 on sn-devel-104
|
|
correctly with "inherit permissions = yes" and POSIX ACLs
We don't need to check mode bits as well as dev/ino to
ensure we're in the same place.
|
|
correctly with "inherit permissions = yes" and POSIX ACLs
When changing ownership on a new file make sure we
must have a valid stat struct before making the inheritance
calls (as they may look at it), and if we make changes we
must have a valid stat struct after them.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jun 8 03:07:04 CEST 2011 on sn-devel-104
|
|
correctly with "inherit permissions = yes" and POSIX ACLs
When changing ownership on a new file make sure we
also change the returned stat struct to have the correct uid.
|
|
correctly with "inherit permissions = yes" and POSIX ACLs
When changing ownership on a new directory make sure we
also change the returned stat struct to have the correct uid.
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Jun 1 22:30:03 CEST 2011 on sn-devel-104
|
|
|
|
Force the open operation (which is the expensive one anyway) to
acquire and release locks in a way compatible with the more common
do_lock check.
Jeremy.
|
|
In the oplock refactoring, the algorithm underwent an unnoticed change.
In 3.5.x stat_opens were silently (i.e. no explicit code had comments
explaining this) ignored when looking for oplock breaks and share mode
violations. After the refactoring, the function find_oplock_types()
no longer ignored stat_open entries in the share mode table when looking
for batch and exclusive oplocks. This patch adds two changes to find_oplock_types()
to ignore the case where the incoming open request is a stat open being
tested against existing opens, and also when the incoming open request
is a non-stat open being tested against existing stat opens. Neither
of these cause an oplock break or share mode violation. Thanks a *lot*
to Volker, who persevered in reproducing this problem.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Mon May 16 22:38:20 CEST 2011 on sn-devel-104
|
|
table entries.
|
|
This means we use just one constant for this file attribute.
Andrew Bartlett
|
|
This means we use just one constant for this file attribute.
Andrew Bartlett
|
|
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Apr 14 23:39:55 CEST 2011 on sn-devel-104
|
|
Don't do the chown if the owner is already correct.
|
|
change_file_owner_to_parent(). Remove "goto" in change_dir_owner_to_parent().
|
|
SMB1 with raw.acls.
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
metze
|
|
|
|
From the Microsoft test suite @ Connectathon:
Test Case: TestSuite_ScenarioNo009GrantedAccessTestS0
File created with access = 0x7 (Read, Write, Delete)
Query Info on file returns 0x87 (Read, Write, Delete, Read Attributes)
Jeremy.
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Feb 24 21:44:50 CET 2011 on sn-devel-104
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Feb 24 04:17:49 CET 2011 on sn-devel-104
|
|
We need to revalidate the pathname once re-constructed from a root fsp.
Jeremy.
|
|
These variables, of type struct auth_serversupplied_info were poorly
named when added into 2001, and in good consistant practice, this has
extended all over the codebase in the years since.
The structure is also not ideal for it's current purpose. Originally
intended to convey the results of the authentication modules, it
really describes all the essential attributes of a session. This
rename will reduce the volume of a future patch to replaced these with
a struct auth_session_info, with auth_serversupplied_info confined to
the lower levels of the auth subsystem, and then eliminated.
(The new structure will be the output of create_local_token(), and the
change in struct definition will ensure that this is always run, populating
local groups and privileges).
Andrew Bartlett
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Feb 9 22:06:05 CET 2011 on sn-devel-104
|
|
|
|
|
|
that opendir knows about.
|
|
Start of the move towards handle-based code for directory access.
Currently makes fstat/fchown code work for directories rather than
falling back to pathnames.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Feb 8 06:34:41 CET 2011 on sn-devel-104
|
|
|
|
where we're making oplock decisions.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Feb 5 01:18:14 CET 2011 on sn-devel-104
|
|
make it comprehensible.
delay_for_oplocks() did 4 things.
1). Validation of existing oplock types.
2). Check for compatibility with batch oplocks (pass 1).
3). Check for compatibility with exclusive oplocks (pass 2).
4). Set the correct oplock type from the requested value.
Refactor into 4 separate functions:
1). find_oplock_types() - does validation of oplock types and
returns pointers to specific values.
2). delay_for_batch_oplocks() - the pass 1 phase above.
3). delay_for_exclusive_oplocks() - the pass 2 phase above
4). grant_fsp_oplock_type() - Set the correct oplock type from the requested value.
Now separated out this code should be much easier to understand
and modify. This also fixes an erroneous SMB_ASSERT which was
hidden by the previous complexity of the single delay_for_oplocks()
code.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Feb 2 01:52:21 CET 2011 on sn-devel-104
|
|
We should not grant levelII oplocks on a file with existing
byte range locks.
|
|
Do this by keeping a linked list of delete on close tokens, one for
each filename that identifies a path to the dev/inode. Use the
jenkins hash of the pathname to identify the correct token.
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Dec 29 02:15:23 CET 2010 on sn-devel-104
|
|
strict allocation on sparse files. Files opened as POSIX opens are always
sparse.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Dec 21 04:12:22 CET 2010 on sn-devel-104
|
|
Jeremy.
|
|
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Thu Nov 4 17:44:09 UTC 2010 on sn-devel-104
|
|
lp_enable_privileges(). Needed"
Not needed - privileges code prevents "enable privileges = no" from adding privileges
anyway.
This reverts commit a8b95686a7bde3f96f141b6938e24e101567ef54.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 23:41:36 UTC 2010 on sn-devel-104
|
|
Needed
to maintain compatibility with smb.conf manpage.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 18:15:48 UTC 2010 on sn-devel-104
|
|
open and get/set NT security descriptor code.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Oct 21 00:15:57 UTC 2010 on sn-devel-104
|
|
neglect to apply appropriate create masks.
Jeremy.
|