Age | Commit message (Collapse) | Author | Files | Lines |
|
to ourselves unless that was passed in.
Jeremy.
|
|
ACLs.
If the chown succeeds then the ACL set should also. Ensure this is the case
(refactor some of this code to make it simpler to read also).
Jeremy.
|
|
Simo is completely correct. We should be doing the chown *first*, and fail the
ACL set if this fails. The long standing assumption I made when writing the
initial POSIX ACL code was that Windows didn't control who could chown a file
in the same was as POSIX. In POSIX only root can do this whereas I wasn't sure
who could do this in Windows at the time (I didn't understand the privilege
model). So the assumption was that setting the ACL was more important (early
tests showed many failed ACL set's due to inability to chown). But now we have
privileges in smbd, and we must always fail an ACL set when we can't chown
first. The key that Simo noticed is that the CREATOR_OWNER bits in the ACL
incoming are relative to the *new* owner, not the old one. This is why the old
user owner disappears on ACL set - their access was set via the USER_OBJ in the
creator POSIX ACL and when the ownership changes they lose their access.
Patch is simple - just ensure we do the chown first before evaluating the
incoming ACL re-read the owners. We already have code to do this it just wasn't
rigorously being applied.
Jeremy.
|
|
|
|
This replaces the is_dos_path bool with a more future-proof argument.
The next step is to plumb INTERNAL_OPEN_ONLY through this flag instead
of overridding the oplock_request.
|
|
SMB_VFS_CREATE_FILE
|
|
|
|
that will have to
be fixed another way.
Jeremy.
|
|
|
|
Jeremy.
|
|
module. Inheritance fails at the moment though.
Jeremy.
|
|
Jeremy.
|
|
on the way to get rid of chain_fsp
|
|
Goal is to remove the chain_fsp global variable
|
|
Jeremy.
|
|
ACLs.
Jeremy.
|
|
in fset_nt_acl().
Need to watch the build farm to make sure I haven't broken the AIX or Solaris ACL modules.
Jeremy.
|
|
using the parent security descriptor type and flags instead
of using the passed in SD.
Jeremy.
(This used to be commit 0d824d7188518aaa7b4e890885e6bc42e94397c5)
|
|
"acl group control"
parameter and make it only apply to owning group. Also added man page fix.
Jeremy.
(This used to be commit e98e080bad2c8b9f038a8f2dffcfeba1d5f392ce)
|
|
Without this the changed checks in can_delete_file_in_directory give DELETE
access where there is none. So we can end up granting the ntcreate&x preparing
the unlink where we should not, which leads to a NT_STATUS_ACCESS_DENIED at
close time later, which in turn does *not* give the access denied error message
in the Windows GUI.
can_delete_file_in_directory will grant access now by looking at the directory
permissions.
(This used to be commit 51b5364c2afb3a18df4bec2bc1624760ccc01676)
|
|
Did not measure it, but I think a single write is better than a read and a
conditional branch
(This used to be commit abe1bed665ad8d1dbf9177dcbb9344b25df9594c)
|
|
(This used to be commit 559180f7d30606d1999399d954ceedc798c669a4)
|
|
Jeremy.
(This used to be commit b739c7f1cdb2b19a380b06681b00dcf490d788a9)
|
|
there as it no longer uses explicit POSIX ACL calls.
Jeremy.
(This used to be commit ac1eac9b0d07b7b3d341c06ef1a8fd8f3c05a618)
|
|
ACL interface inside the VFS modules. Will help when moving
to storing NT ACLs.
Jeremy.
(This used to be commit b08ea48f883d1b000f6364c1ff8f62bc25741244)
|
|
Coverity ID 545 falsely classified this as a NULL dereferencing bug.
By putting the loop of walking the list of aces more naturely not using
additional counters, it becomes much more obvious that it is not entered
when dir_ace == NULL.
The same modifications are done for the file_ace loop.
Michael
(This used to be commit 6dab6cf0647d7db01e5e472f8b5cf21395b7dbf0)
|
|
Jeremy.
(This used to be commit c5edf7456955471b8590c2cfa67c7f47a387cdf0)
|
|
NT ACL into a POSIX one, if the group being set is the primary group
of the file, map it into a SMB_ACL_GROUP_OBJ, not a SMB_ACL_GROUP.
Otherwise we get an extra bogus group entry in the POSIX ACL.
Jeremy.
(This used to be commit 4d302254fdfce2c267cf6b21f662d5aa2dc9c72c)
|
|
left to find then I'll back-port to 3.0.28.
Jeremy.
(This used to be commit 3df2f7ca782e418703d82f7a1f3c035a365f9589)
|
|
Jeremy
(This used to be commit 58cfa4b1bdc1ce30cc3befb342cc98ac0e283585)
|
|
Jeremy.
(This used to be commit b628269b3260661cb4eeeab8c533b3129827ba62)
|
|
Jim for testing this.
Jeremy.
(This used to be commit e898789e0d819df05b14bcedfa1d230c7a983440)
|
|
Cope with protected ACL set correctly.
Jeremy.
(This used to be commit f5e50f42e7c79b4f8857602457db5b97886bd19e)
|
|
(from http://samba.org/~tridge/3_0-ctdb)
Signed-off-by: Alexander Bokovoy <ab@samba.org>(This used to be commit 1daad835cbfb4615a8fe7a241f4d578f7e69f214)
|
|
Michael
(This used to be commit 0bd2643463a9160c8a1c7e1c2f8cca7b89060e09)
|
|
Michael
(This used to be commit bfc3b5a27f707d3e4b8d5d66192891e22365fbb3)
|
|
Michael
(This used to be commit 2cb739a82dc6bb194d60718cc74b26ee7c1c46a7)
|
|
Michael
(This used to be commit 9296e93588c0e795cae770765050247ac1474a74)
|
|
Michael
(This used to be commit 7b201c177b3668f54751ba17d6a0b53ed913e7f7)
|
|
Michael
(This used to be commit 42663e8736e1a3dfb57e0aafdcbf5fec880da779)
|
|
Michael
(This used to be commit fbb193db3e0dc51cb000ae406a68bc547f31d9ab)
|
|
Michael
(This used to be commit 0b86c420be94d295f6917a220b5d699f65b46711)
|
|
(This used to be commit 5c392c4c6e277a24d0d477902dc7856b2b46ee53)
|
|
Up to now, get_nt_acl() took a files_struct pointer (fsp) and
a file name. All the underlying functions should need and now
do need (after the previous preparatory work), is a connection_struct
and a file name. The connection_struct is already there in the
vfs_handle passed to the vfs functions. So the files_struct
argument can be eliminated.
This eliminates the need of calling open_file_stat in a couple
of places to produce the fsp needed.
Michael
(This used to be commit b5f600fab53c9d159a958c59795db3ba4a8acc63)
|
|
Replace smbd/posix_acls.c:get_nt_acl() by two funcions:
posix_get_nt_acl() and posix_fget_nt_acl(). The first
takes a connection struct and a file name instead of a
files_struct pointer. This is in preparation of changing
the vfs api for SMB_VFS_GET_NT_ACL.
Michael
(This used to be commit 50c82cc1456736fa634fb656e63555319742f725)
|
|
It can be retrieved from the stat buffer.
Michael
(This used to be commit b0ae830bf57dcaec00b2a2eabfec7221a3b7f791)
|
|
Convert canonicalise_acl() to take connection_struct, is_directory
and file name instead of files_struct pointer.
Michael
(This used to be commit d579a7f84fd47a3f00215725cecd65b21a5ff2e0)
|
|
Convert ensure_canon_entry_valid() to take share_params and an is_directory
flag instead of an files_struct pointer.
Michael
(This used to be commit bdb208124bd703edee03ac4d2a4ec45ecdfc135e)
|
|
This is a first change in a series: Pass what is needed instead of files_struct
pointers to some functions. This is in preparation of introducing two variants
of get_nt_acl - one for fname (which does not need an fsp), one for file
descriptor.
This changes apply_default_perms to take share_params (rather thatn snum)
and an is_directory flag instead of an fsp.
Michael
(This used to be commit d7e2e93758f6598a0459db3255300558618f066e)
|
|
(This used to be commit bb35e794ec129805e874ceba882bcc1e84791a09)
|