summaryrefslogtreecommitdiff
path: root/source3/smbd/posix_acls.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r14207: Convert the lp_acl_compatibility() param into an enum.James Peach1-3/+3
(This used to be commit 5429c495c538e416010cf44e1d6fb771770a72ae)
2007-10-10r13759: As pointed out by Volker, it isn't much good creatingJeremy Allison1-0/+15
a new empty acl in remove_posix_acl if you don't bother to set it on the file in question :-). Jeremy. (This used to be commit 12eccc8fe4ed043698970de42921757eb0448c84)
2007-10-10r13497: Fix #3508 from jason@ncac.gwu.eduJeremy Allison1-4/+8
Jeremy. (This used to be commit a28bc614a0eb8409a98b254b32ad17c50c2eec0e)
2007-10-10r13494: Merge the stuff I've done in head the last days.Volker Lendecke1-9/+1
Volker (This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
2007-10-10r13316: Let the carnage begin....Gerald Carter1-5/+5
Sync with trunk as off r13315 (This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
2007-10-10r13293: Rather a big patch I'm afraid, but this should fix bug #3347Jeremy Allison1-15/+15
by saving the UNIX token used to set a delete on close flag, and using it when doing the delete. libsmbsharemodes.so still needs updating to cope with this change. Samba4 torture tests to follow. Jeremy. (This used to be commit 23f16cbc2e8cde97c486831e26bcafd4ab4a9654)
2007-10-10r13125: Very well spotted crash bug fix for #3343 fromJeremy Allison1-2/+0
SATOH Fumiyasu <fumiyas@miraclelinux.com> Jerry please pick this up for 3.0.21b. Jeremy. (This used to be commit 3f5860b8fb37e854ccf5d9a80848ef759154f88c)
2007-10-10r12885: Oops. Missed last part of correct patch for #3348.Jeremy Allison1-1/+0
Caught by Samba4 oplock torture tester. Jeremy. (This used to be commit c2476b2f75f6521700107a46028f54110083aa52)
2007-10-10r12653: Patch from SATOH Fumiyasu <fumiyas@miraclelinux.com>Jeremy Allison1-2/+7
for bug #3348. Don't assume owning sticky bit directory means write access allowed. Jeremy. (This used to be commit 1032aa890f53097f87fa97689cb21d908b32093c)
2007-10-10r12194: Ensure that when we set a connection path we've canonicalizedJeremy Allison1-3/+3
the name (must be abolute - start with /, must not end in /, must have ./ and ../ removed). Of course for realpath resolved paths this won't be the case but for others we need this name to be canonicalized. This name is going into the sharemode db for #3303 so needs to be in a normalized format. Jeremy. (This used to be commit 22e3300911809692b595f49e87d91e3111923e6a)
2007-10-10r11237: Fix acl evaluation bug found by Marc Cousin <mcousin@sigma.fr>Jeremy Allison1-14/+34
We should only check the S_IWGRP permissions if we haven't already seen an owning group SMB_ACL_GROUP_OBJ ace entry. If there is an SMB_ACL_GROUP_OBJ ace entry then the group bits in st_gid are the same as the SMB_ACL_MASK bits, not the SMB_ACL_GROUP_OBJ bits. Thanks to Marc Cousin <mcousin@sigma.fr> for pointing this out. Jeremy. (This used to be commit 7e1318e09bd4b155707020142b08776a546a646e)
2007-10-10r11060: merging new eventlog code from trunkGerald Carter1-0/+55
(This used to be commit 1bcf7e82ede63a851a244162a3b939373787b693)
2007-10-10r10885: Fix bug where read-only share files are always seen asJeremy Allison1-4/+1
read-only. Noticed by Andrew Bartlett. Jeremy (This used to be commit a33f4f0d2afe28ca0e3ab6c9ecfcdbaa267a7fbe)
2007-10-10r9952: Adapt better to the Windows way of taking and assigning ownership:Günther Deschner1-11/+22
* Users with SeRestorePrivilege may chown files to anyone (be it as a backup software or directly using the ownership-tab in the security acl editor on xp), while * Users with SeTakeOwnershipPrivilege only can chown to themselves. Simo, Jeremy. I think this is correct now. Guenther (This used to be commit 1ef7a192eed457d302a08c692bb54a73a1af4afd)
2007-10-10r9946: allow the priv-based chown (se_take_ownership) to chown to other usersGünther Deschner1-1/+0
(not only to the current_user.uid). Jeremy, please have a look. Guenther (This used to be commit 8e48e8936ed59ed8d50b6eaa9954749168de3138)
2007-10-10r9293: Fix error path memory leak bug found by Coverity - also potential NULLJeremy Allison1-20/+28
deref bug (in unlikely error path) found by Coverity. Jeremy. (This used to be commit 9b5cc58f3abdb1945bfad340968ccabdfd040029)
2007-10-10r8615: Added "acl group control". Defaults to off. Docs to follow.Jeremy Allison1-34/+127
Jeremy. (This used to be commit f7b169ed57de81229c3b9089a05f4e73ea39010c)
2007-10-10r8547: Code tidyup from Jason Mader <jason@ncac.gwu.edu>. Bugid #2885.Jeremy Allison1-2/+0
Jeremy. (This used to be commit 4d69a682b3ab4f660455e6ea5a2970481a6ccffc)
2007-10-10r8219: Merge the new open code from HEAD to 3.0. Haven't yet run the tortureJeremy Allison1-20/+20
tests on this as it's very late NY time (just wanted to get this work into the tree). I'll test this over the weekend.... Jerry - in looking at the difference between the two trees there seem to be some printing/ntprinting.c and registry changes we might want to examine to try keep in sync. Jeremy. (This used to be commit c7fe18761e2c753afbffd3a78abff46472a9b8eb)
2007-10-10r7985: Add "acl map full control", true by default, to allow people to changeJeremy Allison1-7/+7
mapping of rwx to full control or not. Requested feature at SambaXP. Jeremy. (This used to be commit c870579f4cd91dc9e030134dd367109aed3e3469)
2007-10-10r7888: Fix use of "protected".Jeremy Allison1-11/+11
Jeremy. (This used to be commit af5fd615b37f555e5f2c7b9fef24299e99952a41)
2007-10-10r7693: Fix from James Peach @ SGI for null pointer ACL free.Jeremy Allison1-2/+6
Jeremy. (This used to be commit 000477943c3dd41fd44f2aef3755aa603ba5d595)
2007-10-10r7662: Allow someone with SeTakeOwnershipPrivilege to chown the userJeremy Allison1-6/+28
of a file to themself. Jeremy. (This used to be commit f3319e224db8f79baa10413e0e2a96d2bc871f38)
2007-10-10r6946: Allow mapping of POSIX ACLs to NT perms to differentiate between ↵Jeremy Allison1-6/+16
directories and files. Needed for Volker's coming changes. Jeremy. (This used to be commit b257744fdfd0a8d940ae834b3c21f0f298c7d1f9)
2007-10-10r6895: Add "acl check permissions" to turn on/off the new behaviour ofJeremy Allison1-9/+10
checking for write access in a directory before delete. Also controls checking for write access before labeling a file read-only if DOS attributes are not being stored in EA's. Docuementation to follow. Jeremy. (This used to be commit dd1a5e6e499dd721c5bb8d56a61810a7454a3449)
2007-10-10r6696: Another attempt to fix the (unreproducible for me) bug #2346 (read-onlyJeremy Allison1-6/+21
excel files). Ensures that any missing user ACL entry will be generated from a union of all group permissions that contain the user. Awaiting feedback from the reporters. Jeremy. (This used to be commit 874353e617b314429359e8e9516898f670bbf539)
2007-10-10r6533: Fix for bad comment from Andreas Gruenbacher <agruen@suse.de>.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 60325ab1281ebbe70665b5f763065ca60ee9f682)
2007-10-10r6385: Convert checking of egid and secondary egid list intoJeremy Allison1-32/+17
iterator functions so it can be used easily in a for loop. Drops duplicated code from posix_acls.c Jeremy. (This used to be commit 81f30bf5985f5c6dc8399c4695dfa6f14140fde1)
2007-10-10r6378: Other systems may not return 1 for checking WRITE permission.Jeremy Allison1-0/+13
Canaonicalise any +ve return to 1. Jeremy. (This used to be commit e594222d0ba7713088420f6c6603a74c1d5def8e)
2007-10-10r6365: Wow, how much worse does this get. From info provided byJeremy Allison1-0/+26
Eric Stewart <eric@lib.usf.edu> I realised we weren't checking against the current effective groupid (set by force group) as well as the group list. Fix this. Jeremy. (This used to be commit 0c4058c0732b1faa87ca64b8f95ad2fe3106a69f)
2007-10-10r6316: Remove over-cautious asserts. Damn wish I'd made the releaseJeremy Allison1-4/+9
with this.... Jeremy. (This used to be commit 11c464268df2a0a5155e93d4a7d053d2920fcff0)
2007-10-10r6263: Get rid of generate_wellknown_sids, they are const static and ↵Volker Lendecke1-8/+3
initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis1-20/+8
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
2007-10-10r6060: It's not quite accurate to say not having write access causes a groupJeremy Allison1-8/+9
entry never to match - it matches but if doesn't grant access is recorded so the "other" entry isn't subsequently checked. Fix the algorithm. Jeremy. (This used to be commit e3c7d08bb68f51bc05768467feb0af896a059e91)
2007-10-10r6057: Don't put the assert in the wrong place :-).Jeremy Allison1-4/+3
Jeremy. (This used to be commit 6609b209f513f0859040686a88ee6c7106c06008)
2007-10-10r6055: Fix algorithm. If any of the primary or supplementary group ids matchJeremy Allison1-2/+18
a "allow" entry of GROUP or GROUP_OBJ, then access is allowed. It doesn't terminate on the first match. Added debug to show where the match occured (or didn't). Jeremy. (This used to be commit 81fb3372867fa66a092841222e02bd1c104b2d19)
2007-10-10r6053: Fixup dfs path with the new wildcard parser code split out.Jeremy Allison1-1/+1
Jeremy. (This used to be commit e831cef618d55c362e8d3a8a4c2b9f2ed7d4d7bd)
2007-10-10r6049: Ensure "dos filetime" checks file ACLs correctly. May fix Excel ↵Jeremy Allison1-32/+102
"read-only" issue. Jeremy. (This used to be commit 80e788143a6c3d973d3b8e57d91ca5c4a83605b2)
2007-10-10r6001: Oops. Checing the wrong tagtype - should have been SMB_ACL_GROUP, not ↵Jeremy Allison1-1/+1
SMB_ACL_MASK. Fix bug #2521. Jeremy. (This used to be commit 21e3cf2f8f6129324ebb799f959f8d2afe0285d2)
2007-10-10r5616: Forgot about the sticky bit on directories (commonly set on /tmp). If ↵Jeremy Allison1-0/+16
this is set then only the owner or root can delete a file. We now use the same algorithm to check file delete. Jeremy. (This used to be commit eb18104d10428a5daef2316088edc3dbaff58708)
2007-10-10r5355: Fill in the access check code for POSIX ACLs to *really* fix bug #2227.Jeremy Allison1-2/+148
Jeremy. (This used to be commit ecc134a2e3546ed77ab6f1dafc0249c78897e1f3)
2007-10-10r5324: In order to process DELETE_ACCESS correctly and return access deniedJeremy Allison1-0/+11
to a WXPSP2 client we must do permission checking in userspace first (this is a race condition but what can you do...). Needed for bugid #2227. Jeremy. (This used to be commit da23577f162b6bdca7d631fca256a9b3b04043e4)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-13/+16
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r4016: Fix for bug found by Steve French client code (cifsfs) onJeremy Allison1-0/+9
POSIX ACL set. You need to *get* a permset_t pointer from the entry before any of the permset code will accept it as a valid value Jeremy. (This used to be commit 7e78059948612fa9f5d179a1e3f5f59e7ad5e456)
2007-10-10r4007: Fix bug #2088 - ensure inherit permissions is only applied on a new file,Jeremy Allison1-1/+1
not an existing one. Jeremy. (This used to be commit fbbdb72cf1adfe567112556626f26b031747f440)
2007-10-10r3951: Fix for bugid #2081 reported by John Janosik <jpjanosi@us.ibm.com> - ↵Jeremy Allison1-1/+3
ensure SE_DESC_DACL_PROTECTED is set if "map acl inherit = no". Jeremy. (This used to be commit 934c41b474c8959310389378bfa7d3332bd5ec79)
2007-10-10r3859: Ensure if num_acls is set to 0xFFFF this field is ignored.Jeremy Allison1-28/+28
Use def_acl everywhere instead of dir_acl. Jeremy. (This used to be commit d28611c960f87830aa8449725951984aa155b089)
2007-10-10r3816: Added fn to remove an ACL from a file. Now need client code to test this.Jeremy Allison1-2/+128
How do the share mask/modes fit into this code... Need to think about this. Jeremy. (This used to be commit 1aa1c2f489f5b92c3696e7b9123061d91babc34e)
2007-10-10r3794: Added set posix acl functionality into the UNIX extensions code.Jeremy Allison1-6/+235
One part missing - delete file acl (to be added asap). No client code yet, also needs testing with valgrind. Jeremy. (This used to be commit 6101ec2247c182fde6ea3e7e1f64a92b353ec4e8)
2007-10-10r3693: Correctly detect errno for no acl/ea support.Jeremy Allison1-14/+6
Jeremy (This used to be commit 089a76f611187e2ba4c3363b657905d04576109e)