Age | Commit message (Collapse) | Author | Files | Lines |
|
(This used to be commit 5429c495c538e416010cf44e1d6fb771770a72ae)
|
|
a new empty acl in remove_posix_acl if you don't bother
to set it on the file in question :-).
Jeremy.
(This used to be commit 12eccc8fe4ed043698970de42921757eb0448c84)
|
|
Jeremy.
(This used to be commit a28bc614a0eb8409a98b254b32ad17c50c2eec0e)
|
|
Volker
(This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
by saving the UNIX token used to set a delete on close flag,
and using it when doing the delete. libsmbsharemodes.so still
needs updating to cope with this change.
Samba4 torture tests to follow.
Jeremy.
(This used to be commit 23f16cbc2e8cde97c486831e26bcafd4ab4a9654)
|
|
SATOH Fumiyasu <fumiyas@miraclelinux.com>
Jerry please pick this up for 3.0.21b.
Jeremy.
(This used to be commit 3f5860b8fb37e854ccf5d9a80848ef759154f88c)
|
|
Caught by Samba4 oplock torture tester.
Jeremy.
(This used to be commit c2476b2f75f6521700107a46028f54110083aa52)
|
|
for bug #3348. Don't assume owning sticky bit
directory means write access allowed.
Jeremy.
(This used to be commit 1032aa890f53097f87fa97689cb21d908b32093c)
|
|
the name (must be abolute - start with /, must not end in /,
must have ./ and ../ removed). Of course for realpath resolved
paths this won't be the case but for others we need this name
to be canonicalized. This name is going into the sharemode db
for #3303 so needs to be in a normalized format.
Jeremy.
(This used to be commit 22e3300911809692b595f49e87d91e3111923e6a)
|
|
We should only check the S_IWGRP permissions if we haven't already
seen an owning group SMB_ACL_GROUP_OBJ ace entry. If there is an
SMB_ACL_GROUP_OBJ ace entry then the group bits in st_gid are
the same as the SMB_ACL_MASK bits, not the SMB_ACL_GROUP_OBJ
bits. Thanks to Marc Cousin <mcousin@sigma.fr> for pointing
this out.
Jeremy.
(This used to be commit 7e1318e09bd4b155707020142b08776a546a646e)
|
|
(This used to be commit 1bcf7e82ede63a851a244162a3b939373787b693)
|
|
read-only. Noticed by Andrew Bartlett.
Jeremy
(This used to be commit a33f4f0d2afe28ca0e3ab6c9ecfcdbaa267a7fbe)
|
|
* Users with SeRestorePrivilege may chown files to anyone (be it as a
backup software or directly using the ownership-tab in the security
acl editor on xp), while
* Users with SeTakeOwnershipPrivilege only can chown to themselves.
Simo, Jeremy. I think this is correct now.
Guenther
(This used to be commit 1ef7a192eed457d302a08c692bb54a73a1af4afd)
|
|
(not only to the current_user.uid).
Jeremy, please have a look.
Guenther
(This used to be commit 8e48e8936ed59ed8d50b6eaa9954749168de3138)
|
|
deref bug (in unlikely error path) found by Coverity.
Jeremy.
(This used to be commit 9b5cc58f3abdb1945bfad340968ccabdfd040029)
|
|
Jeremy.
(This used to be commit f7b169ed57de81229c3b9089a05f4e73ea39010c)
|
|
Jeremy.
(This used to be commit 4d69a682b3ab4f660455e6ea5a2970481a6ccffc)
|
|
tests on this as it's very late NY time (just wanted to get this work
into the tree). I'll test this over the weekend....
Jerry - in looking at the difference between the two trees there
seem to be some printing/ntprinting.c and registry changes we might
want to examine to try keep in sync.
Jeremy.
(This used to be commit c7fe18761e2c753afbffd3a78abff46472a9b8eb)
|
|
mapping of rwx to full control or not. Requested feature at SambaXP.
Jeremy.
(This used to be commit c870579f4cd91dc9e030134dd367109aed3e3469)
|
|
Jeremy.
(This used to be commit af5fd615b37f555e5f2c7b9fef24299e99952a41)
|
|
Jeremy.
(This used to be commit 000477943c3dd41fd44f2aef3755aa603ba5d595)
|
|
of a file to themself.
Jeremy.
(This used to be commit f3319e224db8f79baa10413e0e2a96d2bc871f38)
|
|
directories
and files. Needed for Volker's coming changes.
Jeremy.
(This used to be commit b257744fdfd0a8d940ae834b3c21f0f298c7d1f9)
|
|
checking for write access in a directory before delete. Also
controls checking for write access before labeling a file read-only
if DOS attributes are not being stored in EA's.
Docuementation to follow.
Jeremy.
(This used to be commit dd1a5e6e499dd721c5bb8d56a61810a7454a3449)
|
|
excel files). Ensures that any missing user ACL entry will be generated
from a union of all group permissions that contain the user.
Awaiting feedback from the reporters.
Jeremy.
(This used to be commit 874353e617b314429359e8e9516898f670bbf539)
|
|
Jeremy.
(This used to be commit 60325ab1281ebbe70665b5f763065ca60ee9f682)
|
|
iterator functions so it can be used easily in a for loop.
Drops duplicated code from posix_acls.c
Jeremy.
(This used to be commit 81f30bf5985f5c6dc8399c4695dfa6f14140fde1)
|
|
Canaonicalise any +ve return to 1.
Jeremy.
(This used to be commit e594222d0ba7713088420f6c6603a74c1d5def8e)
|
|
Eric Stewart <eric@lib.usf.edu> I realised we weren't checking
against the current effective groupid (set by force group) as
well as the group list. Fix this.
Jeremy.
(This used to be commit 0c4058c0732b1faa87ca64b8f95ad2fe3106a69f)
|
|
with this....
Jeremy.
(This used to be commit 11c464268df2a0a5155e93d4a7d053d2920fcff0)
|
|
initializable
statically.
Volker
(This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
|
|
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
|
|
entry never to match - it matches but if doesn't grant access is recorded
so the "other" entry isn't subsequently checked.
Fix the algorithm.
Jeremy.
(This used to be commit e3c7d08bb68f51bc05768467feb0af896a059e91)
|
|
Jeremy.
(This used to be commit 6609b209f513f0859040686a88ee6c7106c06008)
|
|
a "allow" entry of GROUP or GROUP_OBJ, then access is allowed. It doesn't
terminate on the first match. Added debug to show where the match occured
(or didn't).
Jeremy.
(This used to be commit 81fb3372867fa66a092841222e02bd1c104b2d19)
|
|
Jeremy.
(This used to be commit e831cef618d55c362e8d3a8a4c2b9f2ed7d4d7bd)
|
|
"read-only"
issue.
Jeremy.
(This used to be commit 80e788143a6c3d973d3b8e57d91ca5c4a83605b2)
|
|
SMB_ACL_MASK.
Fix bug #2521.
Jeremy.
(This used to be commit 21e3cf2f8f6129324ebb799f959f8d2afe0285d2)
|
|
this is set
then only the owner or root can delete a file. We now use
the same algorithm to check file delete.
Jeremy.
(This used to be commit eb18104d10428a5daef2316088edc3dbaff58708)
|
|
Jeremy.
(This used to be commit ecc134a2e3546ed77ab6f1dafc0249c78897e1f3)
|
|
to a WXPSP2 client we must do permission checking in userspace first
(this is a race condition but what can you do...). Needed for bugid #2227.
Jeremy.
(This used to be commit da23577f162b6bdca7d631fca256a9b3b04043e4)
|
|
allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
|
|
POSIX ACL set. You need to *get* a permset_t pointer from the entry before
any of the permset code will accept it as a valid value
Jeremy.
(This used to be commit 7e78059948612fa9f5d179a1e3f5f59e7ad5e456)
|
|
not an existing one.
Jeremy.
(This used to be commit fbbdb72cf1adfe567112556626f26b031747f440)
|
|
ensure
SE_DESC_DACL_PROTECTED is set if "map acl inherit = no".
Jeremy.
(This used to be commit 934c41b474c8959310389378bfa7d3332bd5ec79)
|
|
Use def_acl everywhere instead of dir_acl.
Jeremy.
(This used to be commit d28611c960f87830aa8449725951984aa155b089)
|
|
How do the share mask/modes fit into this code... Need to think about this.
Jeremy.
(This used to be commit 1aa1c2f489f5b92c3696e7b9123061d91babc34e)
|
|
One part missing - delete file acl (to be added asap). No client
code yet, also needs testing with valgrind.
Jeremy.
(This used to be commit 6101ec2247c182fde6ea3e7e1f64a92b353ec4e8)
|
|
Jeremy
(This used to be commit 089a76f611187e2ba4c3363b657905d04576109e)
|