summaryrefslogtreecommitdiff
path: root/source3/smbd/posix_acls.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r25117: The mega-patch Jerry was waiting for. Remove all pstrings fromJeremy Allison1-29/+35
the main server code paths. We should now be able to cope with paths up to PATH_MAX length now. Final job will be to add the TALLOC_CTX * parameter to unix_convert to make it explicit (for Volker). Jeremy. (This used to be commit 7f0db75fb0f24873577dcb758a2ecee74fdc4297)
2007-10-10r24809: Consolidate the use of temporary talloc contexts.Volker Lendecke1-2/+2
This adds the two functions talloc_stackframe() and talloc_tos(). * When a new talloc stackframe is allocated with talloc_stackframe(), then * the TALLOC_CTX returned with talloc_tos() is reset to that new * frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse * happens: The previous talloc_tos() is restored. * * This API is designed to be robust in the sense that if someone forgets to * TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and * resets the talloc_tos(). The original motivation for this patch was to get rid of the sid_string_static & friends buffers. Explicitly passing talloc context everywhere clutters code too much for my taste, so an implicit talloc_tos() is introduced here. Many of these static buffers are replaced by a single static pointer. The intended use would thus be that low-level functions can rather freely push stuff to talloc_tos, the upper layers clean up by freeing the stackframe. The more of these stackframes are used and correctly freed the more exact the memory cleanup happens. This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and lp_talloc_ctx (did I forget any?) So, never do a tmp_ctx = talloc_init("foo"); anymore, instead, use tmp_ctx = talloc_stackframe() :-) Volker (This used to be commit 6585ea2cb7f417e14540495b9c7380fe9c8c717b)
2007-10-10r23914: try to fix the build on Tru64Stefan Metzmacher1-3/+3
/usr/include/sys/acl.h:#define acl_type acl_common.entry_type was the problem... metze (This used to be commit 8557b8b570ac8f8d3d14aaeb894c8b3532558736)
2007-10-10r23784: use the GPLv3 boilerplate as recommended by the FSF and the license textAndrew Tridgell1-2/+1
(This used to be commit b0132e94fc5fef936aa766fb99a306b3628e9f07)
2007-10-10r23779: Change from v2 or later to v3 or later.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10r23724: Reduce access to the global inbuf a tiny bit. Add a struct smb_requestVolker Lendecke1-1/+2
that contains some of the fields from the SMB header, removing the need to access inbuf directly. This right now is used only in the open file code & friends, and creating that header is only done when needed. This needs more work, but it is a start. Jeremy, I'm only checking this into 3_0, please review before I merge it to _26. Volker (This used to be commit ca988f4e79e977160d82e86486972afd15d4acf5)
2007-10-10r23664: Fix incorrect index - should be j not i. How did we everJeremy Allison1-1/+1
live without valgrind :-). Jeremy. (This used to be commit 9b231149c78c8bbfb70c5675cffb652705ba2cd2)
2007-10-10r23663: Fix bug #4308 - Excel save operation corrupts file ACLs.Jeremy Allison1-28/+255
You don't want to know what I discovered about Windows ACLs to make this work :-(. See : http://www.codeproject.com/win32/accessctrl2.asp Search for "Q. How does Inheritance come into this?" for details. Jeremy. (This used to be commit e1d3a80d2bff2e3540637fd741fc149eeca5fb9d)
2007-10-10r23620: Convert set_nt_acl to return NTSTATUS. Also fix the chownJeremy Allison1-56/+33
return to correctly return NT_STATUS_INVALID_OWNER if it should be disallowed. Matches better what W2K3R3 does. NFSv4 ACL module owners, please examine these changes. Jeremy. (This used to be commit fc6899a5506b272f8cd5f5837ca13300b4e69a5f)
2007-10-10r22611: Fix from Jens Nissen <jens.nissen@gmx.net>. Fix badJeremy Allison1-0/+1
memory leak I introduced into acl code, also remove redundent extra check for global_sid_System : global_sid_System == S-1-5-18 which is already included in the check for a domain of global_sid_NT_Authority == S-1-5 Jeremy. (This used to be commit 10649540ac11e679997f414d4a6b12d057bd7913)
2007-10-10r22481: Move check for non-mappable SIDs to after sid_to_uid,Jeremy Allison1-11/+10
sid_to_gid mapping, add LocalSystem to non-mappable list. Jeremy. (This used to be commit 805f01464f3feb30725dbce1f90d4296380dd796)
2007-10-10r21223: Try and fix bug #4361 - Vista backup fails.Jeremy Allison1-2/+24
Based on work from Joe Meadows <jameadows@webopolis.com>. One for the Vista patchset. Jeremy. (This used to be commit 470a4dc30874b00c599806cb6dbc06fe2775144c)
2007-10-10r20873: Some correctness fixes w.r.t. Samba4 torture BASE-DELETE.Jeremy Allison1-0/+5
Allow us to correctly refuse to set delete on close on a non-empty directory. There are still some delete-on-close wrinkles to be fixed, but I understand how to do that better now. I'll fix this tomorrow. Jeremy. (This used to be commit 029635885825a5562e7974a6f5675cce3bf1b5dc)
2007-10-10r20356: Consolidate the calls to parent_dirname() per open to one.Volker Lendecke1-7/+8
This involved passing the dirname as argument to a few routines instead of calling parent_dirname() deep down. Volker (This used to be commit 7977fd78652897bb7d4db1c21c5749043428f911)
2007-10-10r20228: Bring the calling conventions of inherit_access_acl and ↵Volker Lendecke1-3/+3
change_owner_to_parent a bit closer together: Move the lp_inherit_perms() check into the callers. Volker (This used to be commit 0874093e5fff480d8ec442072318525079add633)
2007-10-10r19627: Fix for bug #4211 - logic error in acl_group_override()Jeremy Allison1-2/+2
function. Fix from Jim Wang of Wesoft. Jeremy. (This used to be commit eb78ce1f550377bfb1fd43f550641cf8a606e973)
2007-10-10r18745: Use the Samba4 data structures for security descriptors and security ↵Jelmer Vernooij1-27/+27
descriptor buffers. Make security access masks simply a uint32 rather than a structure with a uint32 in it. (This used to be commit b41c52b9db5fc4a553b20a7a5a051a4afced9366)
2007-10-10r18605: sync dlinklist.h with samba4, that means DLIST_ADD_END()Stefan Metzmacher1-10/+6
and DLIST_DEMOTE() now take the type of the tmp pointer not the tmp pointer itself anymore. metze (This used to be commit 2f58645b7094e81dff3734f11aa183ea2ab53d2d)
2007-10-10r18603: Add in the NFSv4 ACL mapping code from IBM.Jeremy Allison1-3/+3
Sorry for the delay :-). Jeremy. (This used to be commit a52fa218952ffcd784ea31e947aa4d17dfdc8ee0)
2007-10-10r17367: Reverting the ab code. Note I'm not saying thisJeremy Allison1-3/+3
code is wrong or bad or anything, just that it needs to be discussed & reviewed on the samba-technical list before we add a platform-specific NFSv4 mapping. That way lies a lot of future pain :-). Jeremy. (This used to be commit 330899ec30ffceb798e3a8362d20e103e20b2897)
2007-10-10r17358: Re-add JFS2 NFS4 ACLs support, move readme for it into AIX-specific ↵Alexander Bokovoy1-3/+3
examples directory. (This used to be commit c085355c323c65ee782516859eed8a76b53e6035)
2007-10-10r17354: Revert -r 17353 per Volker request while gpfs compatibility layer ↵Alexander Bokovoy1-3/+3
code will be released. (This used to be commit 5b1db0151461af18d994359e86c649922fc6de65)
2007-10-10r17353: Add support for JFS2 NFS4/AIXC and GPFS acls based on NFSv4 ACLs.Alexander Bokovoy1-3/+3
(This used to be commit 72312cb2e255301f978455a559461ad83b13b6cb)
2007-10-10r17348: Some C++ warningsVolker Lendecke1-3/+3
(This used to be commit ae6b9b34e59167e3958bfdb9997fa25340b9a0a3)
2007-10-10r17295: Back out the become_root_uid_only change on the POSIXJeremy Allison1-12/+12
acls code. I'm pretty sure this was safe, but become_root() does other things to the token stack that become_root_uid_only() does not, and as we're going into a vfs redirectred function I decided it wasn't safe for now. Jeremy. (This used to be commit b3e0f45488595aa96c852dab8e1349631a85dded)
2007-10-10r17294: Make the code a little cleaner. Instead of using the twoJeremy Allison1-12/+12
calls make it : become_root_uid_only() operation unbecome_root_uid_only() saving errno across the second call. Most of our internal change calls can be replaced with these simple calls. Jeremy (This used to be commit 4143aa83c029848d8ec741d9218b3fa6e3fd28dd)
2007-10-10r17179: Merge the vl-posixacls tmp branch into mainline. ItJim McDonough1-11/+3
modularizes our interface into the special posix API used on the system. Without this patch the specific API flavor is determined at compile time, something which severely limits usability on systems with more than one file system. Our first targets are AIX with its JFS and JFS2 APIs, at a later stage also GPFS. But it's certainly not limited to IBM stuff, this abstraction is also necessary for anything that copes with NFSv4 ACLs. For this we will check in handling very soon. Major contributions can be found in the copyright notices as well as the checkin log of the vl-posixacls branch. The final merge to 3_0 post-3.0.23 was done by Peter Somogyi <psomogyi@gamax.hu> (This used to be commit ca0c73f281a2a65a988094a46bb3e46a94011a53)
2007-10-10r17125: Drastic problems require drastic solutions. There'sJeremy Allison1-33/+155
no way to get all the cases where kernel oplocks are on and we can't open the file and get the correct semantics (think about the open with truncate with an attribute only open - we'd need a vfs change to add the truncate(fname, len) call). So always drop the share mode lock before doing any real fd opens and then re-acquire it afterwards. We're already dealing with the race in the create case, and we deal with any other races in the same way. Volker, please examine *carefully* :-). This should fix the problems people reported with kernel oplocks being on. Jeremy. (This used to be commit 8171c4c404e9f382880c65daa0232f89e560f399)
2007-10-10r16945: Sync trunk -> 3.0 for 3.0.24 code. Still needJeremy Allison1-3/+9
to do the upper layer directories but this is what everyone is waiting for.... Jeremy. (This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
2007-10-10r16616: Klocwork #2025. Stop null deref. I actually don'tJeremy Allison1-1/+1
think this can happen in real life but the code is too complicated to be sure.... Jerry please merge this for 3.0.23. Jeremy. (This used to be commit 1e5042d4c0d1a0d0a5cfbcb0d47815e1510ee52a)
2007-10-10r14855: Various fixes:Gerald Carter1-7/+9
* depreacte 'acl group control' after discussion with Jeremy and implement functionality as part of 'dos filemode' * fix winbindd on a non-member server to expand local groups * prevent code previously only used by smbd from blindly turning _NO_WINBINDD back on (This used to be commit 4ab372f4cab22225716b5c9a9a08f0c1dbc9928d)
2007-10-10r14357: Try and fix Coverity #169 by making the pointerJeremy Allison1-4/+6
aliasing clearer. This isn't a bug but a code clarification. Jeremy. line, and those below, will be ignored-- M source/smbd/posix_acls.c (This used to be commit b8397c9f33424e0d1ed3ff849e1c99812f978000)
2007-10-10r14207: Convert the lp_acl_compatibility() param into an enum.James Peach1-3/+3
(This used to be commit 5429c495c538e416010cf44e1d6fb771770a72ae)
2007-10-10r13759: As pointed out by Volker, it isn't much good creatingJeremy Allison1-0/+15
a new empty acl in remove_posix_acl if you don't bother to set it on the file in question :-). Jeremy. (This used to be commit 12eccc8fe4ed043698970de42921757eb0448c84)
2007-10-10r13497: Fix #3508 from jason@ncac.gwu.eduJeremy Allison1-4/+8
Jeremy. (This used to be commit a28bc614a0eb8409a98b254b32ad17c50c2eec0e)
2007-10-10r13494: Merge the stuff I've done in head the last days.Volker Lendecke1-9/+1
Volker (This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-5/+5
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13293: Rather a big patch I'm afraid, but this should fix bug #3347Jeremy Allison1-15/+15
by saving the UNIX token used to set a delete on close flag, and using it when doing the delete. libsmbsharemodes.so still needs updating to cope with this change. Samba4 torture tests to follow. Jeremy. (This used to be commit 23f16cbc2e8cde97c486831e26bcafd4ab4a9654)
2007-10-10r13125: Very well spotted crash bug fix for #3343 fromJeremy Allison1-2/+0
SATOH Fumiyasu <fumiyas@miraclelinux.com> Jerry please pick this up for 3.0.21b. Jeremy. (This used to be commit 3f5860b8fb37e854ccf5d9a80848ef759154f88c)
2007-10-10r12885: Oops. Missed last part of correct patch for #3348.Jeremy Allison1-1/+0
Caught by Samba4 oplock torture tester. Jeremy. (This used to be commit c2476b2f75f6521700107a46028f54110083aa52)
2007-10-10r12653: Patch from SATOH Fumiyasu <fumiyas@miraclelinux.com>Jeremy Allison1-2/+7
for bug #3348. Don't assume owning sticky bit directory means write access allowed. Jeremy. (This used to be commit 1032aa890f53097f87fa97689cb21d908b32093c)
2007-10-10r12194: Ensure that when we set a connection path we've canonicalizedJeremy Allison1-3/+3
the name (must be abolute - start with /, must not end in /, must have ./ and ../ removed). Of course for realpath resolved paths this won't be the case but for others we need this name to be canonicalized. This name is going into the sharemode db for #3303 so needs to be in a normalized format. Jeremy. (This used to be commit 22e3300911809692b595f49e87d91e3111923e6a)
2007-10-10r11237: Fix acl evaluation bug found by Marc Cousin <mcousin@sigma.fr>Jeremy Allison1-14/+34
We should only check the S_IWGRP permissions if we haven't already seen an owning group SMB_ACL_GROUP_OBJ ace entry. If there is an SMB_ACL_GROUP_OBJ ace entry then the group bits in st_gid are the same as the SMB_ACL_MASK bits, not the SMB_ACL_GROUP_OBJ bits. Thanks to Marc Cousin <mcousin@sigma.fr> for pointing this out. Jeremy. (This used to be commit 7e1318e09bd4b155707020142b08776a546a646e)
2007-10-10r11060: merging new eventlog code from trunkGerald Carter1-0/+55
(This used to be commit 1bcf7e82ede63a851a244162a3b939373787b693)
2007-10-10r10885: Fix bug where read-only share files are always seen asJeremy Allison1-4/+1
read-only. Noticed by Andrew Bartlett. Jeremy (This used to be commit a33f4f0d2afe28ca0e3ab6c9ecfcdbaa267a7fbe)
2007-10-10r9952: Adapt better to the Windows way of taking and assigning ownership:Günther Deschner1-11/+22
* Users with SeRestorePrivilege may chown files to anyone (be it as a backup software or directly using the ownership-tab in the security acl editor on xp), while * Users with SeTakeOwnershipPrivilege only can chown to themselves. Simo, Jeremy. I think this is correct now. Guenther (This used to be commit 1ef7a192eed457d302a08c692bb54a73a1af4afd)
2007-10-10r9946: allow the priv-based chown (se_take_ownership) to chown to other usersGünther Deschner1-1/+0
(not only to the current_user.uid). Jeremy, please have a look. Guenther (This used to be commit 8e48e8936ed59ed8d50b6eaa9954749168de3138)
2007-10-10r9293: Fix error path memory leak bug found by Coverity - also potential NULLJeremy Allison1-20/+28
deref bug (in unlikely error path) found by Coverity. Jeremy. (This used to be commit 9b5cc58f3abdb1945bfad340968ccabdfd040029)
2007-10-10r8615: Added "acl group control". Defaults to off. Docs to follow.Jeremy Allison1-34/+127
Jeremy. (This used to be commit f7b169ed57de81229c3b9089a05f4e73ea39010c)
2007-10-10r8547: Code tidyup from Jason Mader <jason@ncac.gwu.edu>. Bugid #2885.Jeremy Allison1-2/+0
Jeremy. (This used to be commit 4d69a682b3ab4f660455e6ea5a2970481a6ccffc)