summaryrefslogtreecommitdiff
path: root/source3/smbd/posix_acls.c
AgeCommit message (Collapse)AuthorFilesLines
2009-06-25s3 file_access: Convert some more functions over to use smb_filneameTim Prouty1-1/+13
2009-06-24s3: Plumb smb_filename through SMB_VFS_STAT and SMB_VFS_LSTATTim Prouty1-5/+8
This patch introduces two new temporary helper functions vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me to call the new smb_filename version of stat, while avoiding plumbing it through callers that are still too inconvenient. As the conversion moves along, I will be able to remove callers of this, with the goal being to remove all callers. There was also a bug in create_synthetic_smb_fname_split (also a temporary utility function) that caused it to incorrectly handle filenames with ':'s in them when in posix mode. This is now fixed.
2009-06-18acl_group_override() doesn't need to call stat. Pass thisJeremy Allison1-28/+17
down from above (as const). Jeremy.
2009-06-18Add some const to the stat struct in the dosmode calls.Jeremy Allison1-9/+22
Fix a couple more unix_convert uses to filename_convert. Fix bug in acl_group_override() where an uninitialized struct could be used. Move unix_convert with wildcard use in SMBsearch reply to boilerplate code. Jeremy.
2009-06-12s3: Plumb smb_filename through SMB_VFS_CREATE_FILETim Prouty1-4/+11
2009-06-10s3: Remove unused stat structs being passed to SMB_VFS_CREATE_FILETim Prouty1-4/+1
2009-05-26Introduce "struct stat_ex" as a replacement for SMB_STRUCT_STATVolker Lendecke1-29/+29
This patch introduces struct stat_ex { dev_t st_ex_dev; ino_t st_ex_ino; mode_t st_ex_mode; nlink_t st_ex_nlink; uid_t st_ex_uid; gid_t st_ex_gid; dev_t st_ex_rdev; off_t st_ex_size; struct timespec st_ex_atime; struct timespec st_ex_mtime; struct timespec st_ex_ctime; struct timespec st_ex_btime; /* birthtime */ blksize_t st_ex_blksize; blkcnt_t st_ex_blocks; }; typedef struct stat_ex SMB_STRUCT_STAT; It is really large because due to the friendly libc headers playing macro tricks with fields like st_ino, so I renamed them to st_ex_xxx. Why this change? To support birthtime, we already have quite a few #ifdef's at places where it does not really belong. With a stat struct that we control, we can consolidate the nanosecond timestamps and the birthtime deep in the VFS stat calls. At this moment it is triggered by a request to support the birthtime field for GPFS. GPFS does not extend the system level struct stat, but instead has a separate call that gets us the additional information beyond posix. Without being able to do that within the VFS stat calls, that support would have to be scattered around the main smbd code. It will very likely break all the onefs modules, but I think the changes will be reasonably easy to do.
2009-05-08Expand the comment explaining why user_in_group_sid isJeremy Allison1-1/+6
not reliable for winbindd users from foreign domains. Jeremy.
2009-05-08s3:smbd: fix posix acls when setting an ACL without explicit ACE for the ↵Stefan Metzmacher1-3/+18
owner (bug#2346) The problem of bug #2346 remains for users exported by winbindd, because create_token_from_username() just fakes the token when the user is not in the local sam domain. This causes user_in_group_sid() to give totally wrong results. In uid_entry_in_group() we need to check if we already have the full unix token in the current_user struct. If so we should use the current_user unix token, instead of doing a very complex user_in_group_sid() which doesn't give reliable results anyway. metze
2009-04-22Fix profile acls in some corner casesSimo Sorce1-3/+18
Always add back the real original owner of the directory in the ACE List after we steal its ACE for the Administrators group.
2009-04-22Avoid duplicate acesSimo Sorce1-7/+48
When adding arbitrary aces to an nt_ace_list we need to make sure we are not actually adding a duplicate. add_or_replace_ace() takes care of doing the right thing.
2009-02-23More warning fixes for Solaris.Jeremy Allison1-26/+26
Jeremy.
2009-02-05Don't try and delete a default ACL from a file.Günter Kukkukk1-4/+8
2009-01-29Upgrade POSIX inheritance storage to a new format (version 2). StoresJeremy Allison1-200/+360
the Windows ACL type and flags if "map acl inherit" is set. Jeremy.
2009-01-22Fix logic error in try_chown - we shouldn't arbitrarily chownJeremy Allison1-6/+9
to ourselves unless that was passed in. Jeremy.
2009-01-22Second part of the attemt to fix #4308 - Excel save operation corrupts file ↵Jeremy Allison1-131/+144
ACLs. If the chown succeeds then the ACL set should also. Ensure this is the case (refactor some of this code to make it simpler to read also). Jeremy.
2009-01-22Another attempt to fix bug #4308 - Excel save operation corrupts file ACLs.Jeremy Allison1-25/+4
Simo is completely correct. We should be doing the chown *first*, and fail the ACL set if this fails. The long standing assumption I made when writing the initial POSIX ACL code was that Windows didn't control who could chown a file in the same was as POSIX. In POSIX only root can do this whereas I wasn't sure who could do this in Windows at the time (I didn't understand the privilege model). So the assumption was that setting the ACL was more important (early tests showed many failed ACL set's due to inability to chown). But now we have privileges in smbd, and we must always fail an ACL set when we can't chown first. The key that Simo noticed is that the CREATOR_OWNER bits in the ACL incoming are relative to the *new* owner, not the old one. This is why the old user owner disappears on ACL set - their access was set via the USER_OBJ in the creator POSIX ACL and when the ownership changes they lose their access. Patch is simple - just ensure we do the chown first before evaluating the incoming ACL re-read the owners. We already have code to do this it just wasn't rigorously being applied. Jeremy.
2008-12-31Rename parent_dirname_talloc() to parent_dirname()Volker Lendecke1-4/+1
2008-12-03s3: Change SMB_VFS_CREATE_FILE to take a create_file_flags argumentTim Prouty1-1/+1
This replaces the is_dos_path bool with a more future-proof argument. The next step is to plumb INTERNAL_OPEN_ONLY through this flag instead of overridding the oplock_request.
2008-12-03s3: Modify direct callers of open_file_ntcreate and open_directory to call ↵Tim Prouty1-11/+18
SMB_VFS_CREATE_FILE
2008-11-30Make nt4_compatible_acls() non-static for use by VFS ACL modules.Steven Danneman1-1/+1
2008-11-24Fix bug #5873 - ACL inheritance cannot be broken. This regresses #4308, but ↵Jeremy Allison1-0/+8
that will have to be fixed another way. Jeremy.
2008-11-06Convert to use VFS layer.Herb Lewis1-1/+1
2008-11-05Add reference to bug #4308 to remind me to add regression test to smbtorture.Jeremy Allison1-1/+1
Jeremy.
2008-10-30Start moving us closer to passing S4 RAW-ACL test using the vfs_acl_xattr ↵Jeremy Allison1-1/+1
module. Inheritance fails at the moment though. Jeremy.
2008-10-14Note url explaining this code.Jeremy Allison1-0/+4
Jeremy.
2008-10-13Pass struct smb_request to file_freeVolker Lendecke1-2/+2
on the way to get rid of chain_fsp
2008-10-13Pass struct smb_request to file_newVolker Lendecke1-1/+1
Goal is to remove the chain_fsp global variable
2008-10-09Remove SEC_ACCESS. It's a uint32_t.Jeremy Allison1-19/+7
Jeremy.
2008-10-08Deal with inheritance from parent directory when setting WindowsJeremy Allison1-1/+1
ACLs. Jeremy.
2008-10-07Update vfs version as I've added a const to the security_descriptor paramter ↵Jeremy Allison1-25/+26
in fset_nt_acl(). Need to watch the build farm to make sure I haven't broken the AIX or Solaris ACL modules. Jeremy.
2008-09-10Fix bug #5052 - not work cancel inheritance on share. We wereJeremy Allison1-3/+10
using the parent security descriptor type and flags instead of using the passed in SD. Jeremy. (This used to be commit 0d824d7188518aaa7b4e890885e6bc42e94397c5)
2008-07-03Patch from SATOH Fumiyasu <fumiyas@osstech.co.jp> for bug #5202. Re-activate ↵Jeremy Allison1-14/+26
"acl group control" parameter and make it only apply to owning group. Also added man page fix. Jeremy. (This used to be commit e98e080bad2c8b9f038a8f2dffcfeba1d5f392ce)
2008-06-19RWX on a file does not imply DELETE accessVolker Lendecke1-1/+1
Without this the changed checks in can_delete_file_in_directory give DELETE access where there is none. So we can end up granting the ntcreate&x preparing the unlink where we should not, which leads to a NT_STATUS_ACCESS_DENIED at close time later, which in turn does *not* give the access denied error message in the Windows GUI. can_delete_file_in_directory will grant access now by looking at the directory permissions. (This used to be commit 51b5364c2afb3a18df4bec2bc1624760ccc01676)
2008-06-19Remove some codeVolker Lendecke1-12/+4
Did not measure it, but I think a single write is better than a read and a conditional branch (This used to be commit abe1bed665ad8d1dbf9177dcbb9344b25df9594c)
2008-05-05Remove connection_struct->mem_ctx, connection_struct is its own parentVolker Lendecke1-14/+13
(This used to be commit 559180f7d30606d1999399d954ceedc798c669a4)
2008-05-02Rename inherit_access_acl() -> inherit_access_posix_acl() to make use clear.Jeremy Allison1-4/+4
Jeremy. (This used to be commit b739c7f1cdb2b19a380b06681b00dcf490d788a9)
2008-05-02Move directory_has_default_acl() to file_access.c, belongsJeremy Allison1-25/+0
there as it no longer uses explicit POSIX ACL calls. Jeremy. (This used to be commit ac1eac9b0d07b7b3d341c06ef1a8fd8f3c05a618)
2008-05-01Start to ensure we use the NT ACL interface, keep the POSIXJeremy Allison1-21/+46
ACL interface inside the VFS modules. Will help when moving to storing NT ACLs. Jeremy. (This used to be commit b08ea48f883d1b000f6364c1ff8f62bc25741244)
2008-03-27posix_acls: clarify loop condition code, removing unneeded counter variable.Michael Adam1-7/+2
Coverity ID 545 falsely classified this as a NULL dereferencing bug. By putting the loop of walking the list of aces more naturely not using additional counters, it becomes much more obvious that it is not entered when dir_ace == NULL. The same modifications are done for the file_ace loop. Michael (This used to be commit 6dab6cf0647d7db01e5e472f8b5cf21395b7dbf0)
2008-01-24Fix the same bug with user -> user_obj.Jeremy Allison1-1/+7
Jeremy. (This used to be commit c5edf7456955471b8590c2cfa67c7f47a387cdf0)
2008-01-24Fix a really subtle old, old bug :-). When canonicalizing theJeremy Allison1-3/+9
NT ACL into a POSIX one, if the group being set is the primary group of the file, map it into a SMB_ACL_GROUP_OBJ, not a SMB_ACL_GROUP. Otherwise we get an extra bogus group entry in the POSIX ACL. Jeremy. (This used to be commit 4d302254fdfce2c267cf6b21f662d5aa2dc9c72c)
2008-01-24Correctly set flags in ACE's inherited from parent. Still one bugJeremy Allison1-3/+35
left to find then I'll back-port to 3.0.28. Jeremy. (This used to be commit 3df2f7ca782e418703d82f7a1f3c035a365f9589)
2008-01-24Make explicit in debug we're ignoring flags from the parent SD.Jeremy Allison1-6/+10
Jeremy (This used to be commit 58cfa4b1bdc1ce30cc3befb342cc98ac0e283585)
2008-01-24Add debug messages to trace this if needed.Jeremy Allison1-0/+14
Jeremy. (This used to be commit b628269b3260661cb4eeeab8c533b3129827ba62)
2008-01-24The checks for OI and CI were just wrong.... Fix them. Thanks toJeremy Allison1-9/+4
Jim for testing this. Jeremy. (This used to be commit e898789e0d819df05b14bcedfa1d230c7a983440)
2008-01-24First part of fix for bug #4929 - worked out by jmcd.Jeremy Allison1-80/+29
Cope with protected ACL set correctly. Jeremy. (This used to be commit f5e50f42e7c79b4f8857602457db5b97886bd19e)
2008-01-16Merge latest fixes to vfs_gpfs and NFS4 ACLs from Samba 3.0 CTDB branch ↵Alexander Bokovoy1-1/+30
(from http://samba.org/~tridge/3_0-ctdb) Signed-off-by: Alexander Bokovoy <ab@samba.org>(This used to be commit 1daad835cbfb4615a8fe7a241f4d578f7e69f214)
2008-01-08Remove redundant parameter fd from SMB_VFS_FSETXATTR().Michael Adam1-1/+1
Michael (This used to be commit 0bd2643463a9160c8a1c7e1c2f8cca7b89060e09)
2008-01-08Remove redundant parameter fd from SMB_VFS_FREMOVEXATTR().Michael Adam1-1/+1
Michael (This used to be commit bfc3b5a27f707d3e4b8d5d66192891e22365fbb3)