summaryrefslogtreecommitdiff
path: root/source3/smbd/posix_acls.c
AgeCommit message (Collapse)AuthorFilesLines
2012-12-05s3:smbd: don't apply create/directory mask and modes in apply_default_perms()Michael Adam1-77/+11
The mask/mode parameters should only apply to a situation with only pure posix permissions. Once we are dealing with ACLs and inheritance, we need to do it correctly. This fixes bug #9462: Users can not be given write permissions any more by default Signed-off-by: Michael Adam <obnox@samba.org> Reviewed by: Jeremy Allison <jra@samba.org>
2012-12-04Remove unused append_parent_acl().Jeremy Allison1-201/+0
Get rid of a large chunk of unused code. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Tue Dec 4 11:59:30 CET 2012 on sn-devel-104
2012-11-15Another fix needed for bug #9236 - ACL masks incorrectly applied when ↵Jeremy Allison1-7/+10
setting ACLs. Not caught by make test as it's an extreme edge case for strange incoming ACLs. I only found this as I'm making raw.acls and smb2.acls pass against 3.6.x and 4.0.0 with acl_xattr mapped onto a POSIX backend. An incoming inheritable ACE entry containing only one permission, WRITE_DATA maps into a POSIX owner perm of "-w-", which violates the principle that the owner of a file/directory can always read. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Michael Adam <obnox@samba.org> Autobuild-User(master): Michael Adam <obnox@samba.org> Autobuild-Date(master): Thu Nov 15 19:52:52 CET 2012 on sn-devel-104
2012-11-13smbd: Remove NT4 compatability handling in posix -> NT ACL conversionAndrew Bartlett1-107/+1
NT4 is long dead, and we should not change which ACL we return based on what we think the client is. The reason we should not do this, is that if we are using vfs_acl_xattr then the hash will break if we do. Additionally, it would require that the python VFS interface set the global remote_arch to fake up being a modern client. This instead seems cleaner and removes untested code (the tests are updated to then handle the results of the modern codepath). The supporting 'acl compatability' parameter is also removed. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org>
2012-11-13Change get_nt_acl_no_snum() to return an NTSTATUS, not a struct ↵Andrew Bartlett1-40/+22
security_descriptor *. Internally change the implementation to use SMB_VFS_GET_NT_ACL() instead of SMB_VFS_FGET_NT_ACL() with a faked-up file struct. Andrew Bartlett Reviewed by: Jeremy Allison <jra@samba.org>
2012-11-10s3:smbd: Fix typo in got_duplicate_group checkArvid Requate1-1/+1
Reviewed by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Nov 10 20:25:48 CET 2012 on sn-devel-104
2012-10-11vfs: Implement a sys_acl_blob_get_{fd,file} for POSIX ACL backendsAndrew Bartlett1-0/+115
This simply linearlises the SMB_ACL_T (default and access acl for directories) and the file owner, group and mode into a blob. It will be useful for an improved vfs_acl_common.c that uses this sets that, rather than the hash of the NT ACL, in the xattr This will in turn insulate the stored hash from changes in the ACL mapping. Andrew Bartlett
2012-10-11smbd: Add mem_ctx to {f,}get_nt_acl VFS callAndrew Bartlett1-18/+34
This makes it clear which context the returned SD is allocated on, as a number of callers do not want it on talloc_tos(). As the ACL transformation allocates and then no longer needs a great deal of memory, a talloc_stackframe() call is used to contain the memory that is not returned further up the stack. Andrew Bartlett
2012-10-11smbd: Add mem_ctx to sys_acl_init() and all callersAndrew Bartlett1-15/+32
This changes from allocation on NULL to allocation on the supplied memory context. Currently that supplied context is talloc_tos() at the the final consumer of the ACL. Andrew Bartlett
2012-10-06We should never just assign an st_mode to an ace->perms field, theoreticallyJeremy Allison1-2/+2
they are different so should go through a mapping function. Ensure this is so. Practically this does not matter, as for user permissions the mapping function is an identity, and the extra bits we may add are ignored anyway, but this makes the intent clear. Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Oct 6 03:04:14 CEST 2012 on sn-devel-104
2012-10-05Modify ensure_canon_entry_valid() into ensure_canon_entry_valid_on_set() - ↵Jeremy Allison1-154/+141
makes the logic clearer.
2012-10-05Simplify ensure_canon_entry_valid by splitting out the _get codepath.Jeremy Allison1-3/+86
2012-10-04Remove all uses of ↵Jeremy Allison1-8/+8
lp_security_mask/lp_force_security_mode/lp_dir_security_mask/lp_force_dir_security_mode and replace with the normal masks. Now these parameters can be removed.
2012-10-02When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER ↵Jeremy Allison1-0/+10
and SMB_ACL_GROUP entries.
2012-10-02Only apply masks on non-default ACL entries when setting the ACL.Jeremy Allison1-9/+19
2012-10-02Use is_default_acl variable in canonicalise_acl().Jeremy Allison1-2/+3
2012-10-02Reformat spacing to be even.Jeremy Allison1-7/+8
2012-09-12smbd: Remove pre-allocation of ACL array in sys_acl_init()Andrew Bartlett1-3/+3
Instead, this is just handled with realloc in sys_acl_create_entry() This allows us to remove the size element from the SMB_ACL_T. Andrew Bartlett
2012-08-23s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snumAndrew Bartlett1-2/+2
I need to get at the owner, group, DACL and SACL when testing correct ACL storage. Andrew Bartlett
2012-08-23s3-smbd: Add talloc_stackframe() to get_nt_acl_no_snum()Andrew Bartlett1-3/+8
This is required because the functions it calls use talloc_tos(). Andrew Bartlett
2012-08-16s3-smbd: Do not check no_acl_syscall_error(errno) after sys_acl_init()Andrew Bartlett1-11/+2
This is no longer a VFS call, so will no longer fail in this way. Andrew Bartlett
2012-08-15s3-sysacls: Remove sys_acl_free_qualifier() as it is a no-opAndrew Bartlett1-2/+0
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed Aug 15 05:23:18 CEST 2012 on sn-devel-104
2012-08-15s3-sysacls: Remove sys_acl_free_acl() and replace with TALLOC_FREE()Andrew Bartlett1-16/+16
2012-08-15s3-smbd: Remove unused conn argument from convert_permset_to_mode_t()Andrew Bartlett1-3/+3
2012-08-15s3-smbd: Call sys_acl_set_permset() directly rather than via the VFSAndrew Bartlett1-7/+7
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_set_qualifier() directly rather than via the VFSAndrew Bartlett1-3/+3
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_set_tag_type() directly rather than via the VFSAndrew Bartlett1-6/+6
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_create_entry() directly rather than via the VFSAndrew Bartlett1-6/+6
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_add_perm() directly rather than via the VFSAndrew Bartlett1-6/+6
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_clear_perms() directly rather than via the VFSAndrew Bartlett1-2/+2
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_init() directly rather than via the VFSAndrew Bartlett1-3/+3
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_free_acl() directly rather than via the VFSAndrew Bartlett1-16/+16
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_get_entry() directly rather than via the VFSAndrew Bartlett1-6/+6
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFSAndrew Bartlett1-2/+2
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_get_qualifier() directly rather than via the VFSAndrew Bartlett1-2/+2
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_get_tagtype() directly rather than via the VFSAndrew Bartlett1-4/+4
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_get_permset() directly rather than via the VFSAndrew Bartlett1-7/+7
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-15s3-smbd: Call sys_acl_get_perm() directly rather than via the VFSAndrew Bartlett1-6/+6
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer, which will be reduced to handling the get/set functions. Andrew Bartlett
2012-08-10s3-smbd: Merge ACE entries based on mapped UID/GID not SIDAndrew Bartlett1-4/+4
As the test for a valid posix ACL is based on the unix uid/gid only appearing once in the ACL the merge process also needs to be UID/GID based. This is a problem when we have multiple builtin groups mapped to the same POSIX group as happens in a Samba4 provision. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
2012-08-10s3-smbd: Convert posix_acls.c to use struct unixid internallyAndrew Bartlett1-57/+72
This is consistent with the rest of Samba which uses this structure to represent a unix uid or gid. World values remain represented by the owner_type being WORLD_ACE in the containing structure. A -1 value is filled in to the unixid.id in the same way the .world value was initialised in the union. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
2012-08-10s3-smbd: Create a shortcut for building the token of a user by SID for ↵Andrew Bartlett1-10/+2
posix_acls When a user owns a file, but does not have specific permissions on that file, we need to make up the user permissions. This change ensures that the first thing that we do is to look up the SID, and confirm it is a user. Then, we avoid the getpwnam() and directly create the token via the SID. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
2012-07-24lib/param: Move all enum declarations to lib/paramAndrew Bartlett1-0/+1
This is in preperation for the parameter table being made common. Andrew Bartlett Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
2012-06-15s3:smbd: use FNUM_FIELD_INVALID instead of literal -1Michael Adam1-1/+1
This is in preparation of changing fnum to uint64_t Signed-off-by: Stefan Metzmacher <metze@samba.org>
2012-05-17s3-smbd: Avoid creating a UID ACL entry for SIDs that are mapped as ↵Andrew Bartlett1-0/+35
ID_TYPE_BOTH The GID ACL entry is what will be mapped in most cases, and so is sufficient. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Thu May 17 05:08:44 CEST 2012 on sn-devel-104
2012-05-17s3-smbd: Consider a group with the same SID as sufficient duplicationAndrew Bartlett1-0/+7
This code is to ensure that the user does not loose rights when their file ownership is taken away. If the owner (an IDMAP_BOTH SID) appears as a group then a duplicate user is not required. Signed-off-by: Jeremy Allison <jra@samba.org>
2012-05-17s3-smbd: Handle ID_TYPE_BOTH by mapping to both a group ACL entry and file ↵Andrew Bartlett1-39/+109
ownership This will allow groups, such as domain administrators, to own files while correctly handling the rest of the ACL permissions. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
2012-05-17We need to split things up into a new helper function ↵Andrew Bartlett1-172/+184
add_current_ace_to_acl() in order for there to be more posix ACL elements than NT ACL elements (so a group SID can own a file, but also get the group permissions that will be honoured) Andrew Bartlett Slightly modified by Jeremy to reduce diff size. Signed-off-by: Jeremy Allison <jra@samba.org>
2012-05-17This covers a case where an ID_TYPE_BOTH mapping creates group permissions, ↵Jeremy Allison1-2/+5
but must own the file. Based on an original patch by Andrew Bartlett.
2012-05-17s3-smbd: Do not merge UID ACE values with GID ACE values for posix ACLAndrew Bartlett1-5/+12
This might happen when we get a SID mapped to IDMAP_BOTH. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org>
2012-05-09s3-smbd: Fix the creation of duplicate SMB_ACL_GROUP entriesAndrew Bartlett1-2/+2
The issue was a simple copy and paste bug, which casued a duplicate SMB_ACL_GROUP to be added when we already had one. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed May 9 13:17:29 CEST 2012 on sn-devel-104