summaryrefslogtreecommitdiff
path: root/source3/smbd/posix_acls.c
AgeCommit message (Collapse)AuthorFilesLines
2011-03-30Fix bug #7996 - sgid bit lost on folder rename.Jeremy Allison1-1/+1
Refuse to set dos attributes into unix mode bits on such a folder.
2011-03-30s3-auth: smbd needs auth.hGünther Deschner1-0/+1
Guenther
2011-03-30s3: include smbd/smbd.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-passdb: use passdb headers where needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-includes: only include system/filesys.h when needed.Günther Deschner1-0/+1
Guenther
2011-03-30s3-trans2: only include trans2.h where needed.Günther Deschner1-0/+1
Guenther
2011-03-27s3: Fix Coverity ID 2329: RESOURCE_LEAKVolker Lendecke1-0/+1
2011-03-27s3: Fix Coverity ID 2330: RESOURCE_LEAKVolker Lendecke1-0/+1
2011-03-01s3-auth struct security_unix_token replaces UNIX_USER_TOKENAndrew Bartlett1-2/+2
2011-02-05Fix try_chown code. Use new vfs_chown_fsp() which always trys fd first.Jeremy Allison1-75/+42
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Feb 5 03:33:59 CET 2011 on sn-devel-104
2010-12-29Fix bug #7892 - open_file_fchmod() leaves a stale lock.Jeremy Allison1-2/+2
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Dec 29 02:15:23 CET 2010 on sn-devel-104
2010-10-22Revert "Wrap security_token_has_privilege() with a check for ↵Jeremy Allison1-2/+2
lp_enable_privileges(). Needed" Not needed - privileges code prevents "enable privileges = no" from adding privileges anyway. This reverts commit a8b95686a7bde3f96f141b6938e24e101567ef54. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Oct 22 23:41:36 UTC 2010 on sn-devel-104
2010-10-22Wrap security_token_has_privilege() with a check for lp_enable_privileges(). ↵Jeremy Allison1-2/+2
Needed to maintain compatibility with smb.conf manpage. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Oct 22 18:15:48 UTC 2010 on sn-devel-104
2010-10-15Add make_default_filesystem_acl() function to be used in following change to ↵Jeremy Allison1-0/+110
acl_xattr and acl_tdb module.
2010-10-15Fix handling of "NULL" DACL. Map to u/g/w - rwx.Jeremy Allison1-23/+33
Jeremy.
2010-10-15Fix "force unknown ACL user" to strip out foreign SIDs from POSIX ACLs if ↵Jeremy Allison1-0/+8
they can't be mapped.
2010-10-12libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett1-1/+1
This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
2010-10-11Make the posix ACL module cope with a NULL incoming DACL and aJeremy Allison1-0/+31
missing owner/group. Jeremy.
2010-10-08Fix bug 7716 - acl_xattr and acl_tdb modules don't store unmodified copies ↵Jeremy Allison1-1/+13
of security descriptors. As pointed out by an OEM, the code within smbd/posix_acl.c, even though passed a const pointer to a security descriptor, still modifies the ACE entries within it (which are not const pointers). This means ACLs stored in the extended attribute by the acl_xattr module have already been modified by the POSIX acl layer, and are not the original intent of storing the "unmodified" ACL from the client. Use dup_sec_desc to make a copy of the incoming ACL on talloc_tos() - that is what is then modified inside smbd/posix_acl.c, leaving the original ACL to be correctly stored in the xattr. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Oct 8 00:37:53 UTC 2010 on sn-devel-104
2010-09-20s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner1-17/+18
Guenther
2010-09-11s3-privs Convert from user_has_privileges() -> security_token_has_privilege()Andrew Bartlett1-4/+2
This new call is available in the merged privileges code, and takes an enum as the parameter, rather than a bitmask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-06-10s3-smbd: Fix typo in comment.Karolin Seeger1-1/+1
Karolin
2010-06-03s3-security: remove duplicate Extra W2K flags.Günther Deschner1-1/+1
Guenther
2010-06-03s3-security: use shared SECINFO_DACL define.Günther Deschner1-6/+6
Guenther
2010-06-03s3-security: use shared SECINFO_GROUP define.Günther Deschner1-2/+2
Guenther
2010-06-03s3-security: use shared SECINFO_OWNER define.Günther Deschner1-2/+2
Guenther
2010-06-03s3-security: remove some more shared secdesc defines.Günther Deschner1-3/+3
Guenther
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-19/+19
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3-secdesc: remove "typedef struct security_descriptor SEC_DESC".Günther Deschner1-16/+17
Guenther
2010-05-18s3-secdesc: remove "typedef struct security_acl SEC_ACL".Günther Deschner1-2/+2
Guenther
2010-05-18s3-secdesc: remove "typedef struct security_ace SEC_ACE".Günther Deschner1-14/+14
Guenther
2010-03-24Fix valgrind warning when source and dest stat are identical.Jeremy Allison1-1/+3
Jeremy.
2010-03-15Switch over to using get_currect_XXX() accessor functions.Jeremy Allison1-13/+15
Jeremy.
2010-03-15Pass "connection_struct *conn" into functions that currently use ↵Jeremy Allison1-18/+20
"current_user.XXX" Will allow me to replace them with accessor functions. Jeremy.
2010-03-15Rever e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 "Remove more uses of "extern ↵Jeremy Allison1-35/+31
struct current_user current_user;"." As requested by Volker, split this into smaller commits. Jeremy.
2010-03-12Remove more uses of "extern struct current_user current_user;".Jeremy Allison1-31/+35
Use accessor functions to get to this value. Tidies up much of the user context code. Volker, please look at the changes in smbd/uid.c to familiarize yourself with these changes as I think they make the logic in there cleaner. Cause smbd/posix_acls.c code to look at current user context, not stored context on the conn struct - allows correct use of these function calls under a become_root()/unbecome_root() pair. Jeremy.
2010-02-10s3-smbd: update to use new DLIST macrosAndrew Tridgell1-2/+2
(cherry picked from commit 365b408c458c848a818637d9b36a0423aeb1ba54)
2010-01-12Fix bug #6876 - Delete of an object whose parent folder does not have delete ↵Jeremy Allison1-3/+4
rights fails even if the delete right is set on the object. Final fix for the vfs_acl_xattr and vfs_acl_tdb code. Ensure we can delete a file even if the underlying POSIX permissions don't allow it, if the Windows permissions do. Jeremy.
2010-01-08Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"Jeremy Allison1-0/+3
This bug re-occurred for 3.3.x and above. The reason is that to change a NT ACL we now have to open the file requesting WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions in posix_acls doesn't add these bits when "dos filemode = yes", so even though the permission or owner change would be allowed by the POSIX ACL code, the NTCreateX call fails with ACCESS_DENIED now we always check NT permissions first. Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access. Jeremy.
2009-12-23The posix acl version of set_nt_acl() could set the stat_exJeremy Allison1-7/+15
struct in the fsp->fsp_name pointer incorrectly for a directory. Fix this. Make map_canon_ace_perms() public. Jeremy.
2009-11-18s3: Replace some create_synthetic_smb_fname() callsVolker Lendecke1-18/+10
In very hot codepaths like the statcache copy_smb_filename and the subsequent recursive talloc_free is noticable in the CPU load.
2009-11-12Fix bug 6891 - using windows explorer to change ownership on a folder fails ↵Jeremy Allison1-1/+11
with Bad File Descriptor. Jeremy.
2009-11-11Fix bug 6878 - Cannot change ACL's inherit flag.Jeremy Allison1-44/+108
Based on a patch submitted by Tsukasa Hamano <hamano@osstech.co.jp>, this is a change in the POSIX ACL mapping to deal with the lossy mapping for directory ACE entries: We have a lossy mapping: directory ACE entries CREATOR_OWNER ------\ (map to) +---> SMB_ACL_USER_OBJ owning sid ------/ CREATOR_GROUP ------\ (map to) +---> SMB_ACL_GROUP_OBJ primary group sid --/ on set. And on read of a directory ACL SMB_ACL_USER_OBJ ----> CREATOR_OWNER SMB_ACL_GROUP_OBJ ---> CREATOR_GROUP. Deal with this on set by duplicating owning sid and primary group sid ACE entries into the directory ACL. Jeremy.
2009-11-06Fix bug 6841 - "map acl inherit = yes" not working.Jeremy Allison1-8/+29
The code to read the new V2 SAMBA_PAI entries had two errors. Jeremy.
2009-10-02Remove lots of duplicate code and move it into oneJeremy Allison1-26/+6
function vfs_stat_fsp(). Stops code looking at fsp->posix_open except for exceptional circumstances. Jeremy.
2009-10-02Missed one VFS_STAT -> VFS_LSTATJeremy Allison1-1/+1
Jeremy.
2009-10-02Fix more use of VFS_STAT when posix pathnames selected.Jeremy Allison1-18/+44
Jeremy.
2009-08-07s3:smbd: conn_free_internal() can be static nowStefan Metzmacher1-4/+4
metze
2009-08-06Remove a const warning.Jeremy Allison1-1/+1
Jeremy.
2009-07-22s3: Convert some callers of vfs_stat_smb_fname to SMB_VFS_STAT()Tim Prouty1-6/+18