summaryrefslogtreecommitdiff
path: root/source3/smbd/posix_acls.c
AgeCommit message (Collapse)AuthorFilesLines
2001-12-04Stop using getgrgid() - a very expensive call with winbindd, to look upJeremy Allison1-13/+10
a group name. Jeremy. (This used to be commit b926660e73d4c94c30ec5a365027770acdafe25e)
2001-11-30Renamed sid field in SEC_ACE to trustee to be more in line with MS'sTim Potter1-23/+23
definitions. (This used to be commit 9712d3f15a47155f558d0034ef71fd06afb11301)
2001-09-25Log sys_acl_set_XX at level 2 not zero.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 4a54a633c59a18b387427e89266e294bdddf8574)
2001-09-22Ignore unmappable (NT Authority, BUILTIN etc.) SIDs in an ACL set.Jeremy Allison1-0/+11
Jeremy. (This used to be commit bc7963bd643422cce081b6284e3bdd49ae3a02ab)
2001-09-17move to SAFE_FREE()Simo Sorce1-11/+9
(This used to be commit a95943fde0ad89ae3f2deca2f7ba9cb5ab612b74)
2001-09-07Don't fail if no owner/group owner set. Use existing owners.Jeremy Allison1-3/+7
Jeremy. (This used to be commit 9961c4c1a3b2dbf8d1062bc1fa103488c0d0ba79)
2001-08-30if no ACL elements then use chmod - fixes ability to set read-only bitHerb Lewis1-2/+2
on files that do not have an ACL (This used to be commit 65ea13420c78cf0a8c01f14c08815e4b44ca4abc)
2001-07-26Fix from Michael Davidson <md@caldera.com> for DEC OSF/1 ACLs (ie.Jeremy Allison1-2/+2
Digital UNIX). Jeremy. (This used to be commit 324ba0512ec84bb173c72be3dfd2447e0dc30e26)
2001-07-04The big character set handling changeover!Andrew Tridgell1-6/+6
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)
2001-06-12lib/util_getent.c: removed debug code.Jeremy Allison1-4/+49
smbd/posix_acls.c: Attempt to fix the "lose default acl" problem in Solaris. Needs testing. lib/sysacls.c: Typo fix. Jeremy. (This used to be commit d989f8bd3e1524183a24fb67be1af05b3289f648)
2001-06-09*Wonderful* patch from Andrew Bartlett that will help ensure tdb's areJeremy Allison1-6/+19
cleaned on clients abending connections. Thanks Andrew ! Jeremy. (This used to be commit 1b3977c5367a0b713b194f369abd9872ae01ac2a)
2001-05-10Fixed nasty little bug found by Gerald where we were corrupting the modeJeremy Allison1-2/+15
bits before checking if we should change them on non-acl systems. Jeremy. (This used to be commit aba243ca0867a0787f9f7c7b2cda6143bcc53087)
2001-05-10Made "security XXX" masks apply to ACL set. By default they have no effect.Jeremy Allison1-29/+19
Removed "restrict acl with mask" - redundent. Jeremy. (This used to be commit 0db8a61d71f25ffa0e5c585e02e2fce973867156)
2001-05-07Fix for bad profile perms. Ensure r on files and rwx on directories.Jeremy Allison1-8/+28
Jeremy. (This used to be commit f100e091abc57a9ba983e7c3cf84bfda2dbc2e18)
2001-05-03Fixed SHM_R/SHM_W warnings by moving sys/ipc.h and sys/shm.h into includes.hJeremy Allison1-0/+6
and using autoconf tests. Added "restrict acl with mask" parameter. Jeremy. (This used to be commit 7792e32ba7fd734cc68b354f31c382ac11521fe8)
2001-04-27Tidy up args to DEBUG Statements - found by gcc on Solaris.Jeremy Allison1-1/+1
Jeremy. (This used to be commit a60ecb4e53a6c8a3a6a37a89042ae943202263fe)
2001-04-25Sync with default perm changes in 2.2.Jeremy Allison1-27/+122
Jeremy. (This used to be commit f02e67a096b3bcf84615c4a6949c5e6283e07af0)
2001-04-13Michael Davidson <md@sco.COM> pointed out that acl_get_qualifier can potentiallyJeremy Allison1-0/+2
return a malloced area so added sys_acl_free_qualifier() calls to all supported ACL interfaces to code with this (only Linux needs actual free call). Jeremy. (This used to be commit 5870e6019b82d2088b99acdc0f84e9e4847a1fa5)
2001-03-30Fixed extern ref typo for file generic perms. 2am coding strikes again :-).Jeremy Allison1-1/+1
Jeremy. (This used to be commit fe38692643ad7c163c30d9c031a8bd3dec81ffee)
2001-03-30This is a big, rather ugly patch. Whilst investigating the files not truncatedJeremy Allison1-2/+8
when copying to a full disk problem, I discovered that we were not allowing the delete on close flag to be set properly, this led to other things, and after investigation of the proper delete on close semantics and their relationship to the file_share_delete flag I discovered there were some cases where we weren't doing the deny modes properly. And this after only 5 years working on them..... :-) :-). So here's the latest attempt. I realised the delete on close flag needs to be set across all smbds with a dev/ino pair open - in addition, the delete on close flag, allow share delete and delete access requested all need to be stored in the share mode tdb. The "delete_on_close" entry in the fsp struct is now redundant and should really be removed. This may also mean we can get rid of the "iterate_fsp" calls that I didn't like adding in the first place. Whilst doing this patch, I also discovered we needed to do the se_map_generic() call for file opens and POSIX ACL mapping, so I added that also. This code, although ugly, now passes the deny mode torture tests plus the delete on close tests I added. I do need to add one more multiple connection delete on close test to make sure I got the semantics exactly right, plus we should also (as Andrew suggested) move to random testing here. The good news is that NT should now correctly delete the file on disk full error when copying to a disk :-). Jeremy. (This used to be commit 51987684bd231c744da2e5f3705fd236d5616173)
2001-03-28Fixed the problem Gerald reported. Unfortunately we need to go back toJeremy Allison1-194/+110
reporting imaginary "default" inheritable ACLs on directories, otherwise, when you add an entry and click on apply without noticing there's no default entry associated with it, it applies a null acl on the files within the directory (hey, that's what you told NT you wanted, right ! :-). Also ensure that minimum permissions for a directory are r-x for owner, not just r--. Jeremy. (This used to be commit 4fa8cf68c3921f93a27d290d6dd1ed4423dfcf1c)
2001-03-26smbd/posix_acls.c: Saving and restoring errno here is the wrong place. Moved itJeremy Allison1-11/+2
to the places where [f]chmod_acl is called instead. Jeremy. (This used to be commit 641ada44ae6429761c1fd0dbcafabc69f897fac7)
2001-03-26smbd/posix_acls.c: Sync up with 2.2 changes - don't return deny ACE's.Jeremy Allison1-67/+14
smbd/vfs.c: Don't call [f]chmod_acl if no acl support. Jeremy. (This used to be commit 83f52394e688b4be3ac4cef67d8980a5b8ed3192)
2001-03-23More unused variables.Jeremy Allison1-14/+0
Jeremy. (This used to be commit 38b19fad2851a65268b31c7e0240ed36a8407be4)
2001-03-23groupdb/mapping.c:Jeremy Allison1-1/+7
include/proto.h: Fix missing (void) in proto. rpc_server/srv_samr_nt.c: Fix user private group problem by filtering out groups that clash with users. smbd/posix_acls.c: Ensure default ACE's are sensible. utils/pdbedit.c: Fix from Simo Sorce. Jeremy. (This used to be commit 29414fe0d6665642d9b5f88a35e712426376c47f)
2001-03-23Sync up with 2.2 ACL code.Jeremy Allison1-48/+84
Jeremy. (This used to be commit 5b9a88c2d0da3479f91131f66ff741e88f9760ee)
2001-03-22New POSIX ACL mapping code. Works with UNIX permissions, now for testingJeremy Allison1-338/+684
with real ACLs... Jeremy. (This used to be commit 852b9e15ac245a593460cfff3f629d0333372e41)
2001-03-17lib/system.c (Finally) fixed all insure errors in password caching code. We ↵Jeremy Allison1-3/+20
can't stop libc routines from calling getpwXXX functions, so caching a pointer to them is impossible. This new code now makes two copies of the returned struct passwd struct - one used as a cache, one returned to allow the caller to modify. When doing a lookup we compare against the cached copy. Code is now easier to understand also. smbd/posix_acls.c: If we move the head of the linked list, remember to pass a reference to that pointer..... Jeremy. (This used to be commit af364b93d92f70aa52195c46d3cc516830752609)
2001-03-17I'm happy with the mapping for NT getACL, now for NT setACL.Jeremy Allison1-67/+175
Jeremy. (This used to be commit 7b97ac289ed472e03b2a6e9c51a568478a93562d)
2001-03-15Tidyup return of zero-permissions (map to ACE_DENIED, GENERIC_ALL, Everyone).Jeremy Allison1-12/+32
Jeremy. (This used to be commit 0d6c7dedd261c15697a7781678fe6bed877b61f6)
2001-03-15Last tweak (I promise :-). Fallback to returning our SID if we're a domainJeremy Allison1-3/+12
member but can't get the domain sid. Jeremy. (This used to be commit 45e96777d0eeafbbf40759f02cd3f5e15b12c288)
2001-03-11Merge of new 2.2 code into HEAD (Gerald I hate you :-) :-). Allows new SAMRJeremy Allison1-2/+0
RPC code to merge with new passdb code. Currently rpcclient doesn't compile. I'm working on it... Jeremy. (This used to be commit 0be41d5158ea4e645e93e8cd30617c038416e549)
2001-02-28Move to talloc control of SPOOL_XXX structs. Move to talloc control ofJeremy Allison1-7/+6
security descriptors and pointers. Syncup with 2.2 tree. Jeremy. (This used to be commit 14d5997dc841e78a619e865288486d50c245896d)
2001-02-16configure configure.in smbd/posix_acls.c smbd/dosmode.c: Fix for zero ↵Jeremy Allison1-3/+14
permission W2K profiles. libsmb/cliconnect.c rpc_client/cli_login.c smbd/reply.c: codepage fixes from Tim. Jeremy. (This used to be commit 3ded1e6bd5f79948e437ce5b1799705945f36ad2)
2001-02-12Merge of JohnR's changes to appliance-head, JF's changes to 2.2,Jeremy Allison1-0/+2
updated the POSIX_ACL code to be in sync. Jeremy. (This used to be commit c0517d6f4e3079feca1309fd1ea7b21e83f0de02)
2001-01-24Sync up with POSIX ACL code from 2.2.Jeremy Allison1-11/+47
Jeremy. (This used to be commit e0431672cc54ed09d6c5cf083054db12ccd9dcf6)
2001-01-23include/vfs.h:Jeremy Allison1-15/+304
smbd/vfs-wrap.c: smbd/vfs.c: Added fchmod_acl and chmod_acl. lib/substitute.c: smbd/lanman.c: smbd/open.c: smbd/process.c: smbd/reply.c: smbd/service.c: Removed sessetup_user variable. Added current_user_info struct which conatins domain info etc. Added '%D' for client domain parameter. Jeremy. (This used to be commit 2844ec3d511680609d6794b8718001a1bda9e89f)
2001-01-15Fixes for POSIX ACLS. ACL merge code.Jeremy Allison1-25/+108
Jeremy. (This used to be commit 180e4a9cd05bcadb2f7c4c23d653724e867196f0)
2001-01-15Updated from 2.2.Jeremy Allison1-3/+40
Jeremy. (This used to be commit 6fb5eb8b1eb7972ffafdb8a2b383c3eadf1a96ef)
2001-01-11Fixed typo with acl_set_fd() not needing an ACL_TYPE_T parameter.Jeremy Allison1-2/+2
Ensure HAVE_NO_ACLS is set in configure if ACL support not selected. Jeremy (This used to be commit 523c91935621ec2d200a79385046694806f7c837)
2001-01-11First compiling version of code that sets NT ACLs as POSIX ACLs.Jeremy Allison1-97/+493
Now the debugging starts.... :-). Jeremy. (This used to be commit 2300ac79f5eba84225288a87129b4df5bd471466)
2000-12-19Split set_nt_acls into owner set (which uses chown) and permission setJeremy Allison1-94/+109
(which currently uses chmod) in preparation for ACL creation. Jeremy. (This used to be commit 0f39895ab007a7300aed6c011c487593ee8c91f0)
2000-12-19Split the one sys_acl_free call into sys_acl_free_TYPE calls, to allowJeremy Allison1-3/+3
easier wrapping of non-POSIX ACL interfaces. Jeremy. (This used to be commit 1a31b4eb082b23d60e3d9040b3c0110eef1f9385)
2000-12-18Fix typos in new group sid check.Jeremy Allison1-2/+2
Jeremy. (This used to be commit c48e95297e63c8b6f0c6686e5bcfa52229710dbc)
2000-12-16Fixed chown/chgrp setting from smbcacls.Jeremy Allison1-0/+2
Jeremy. (This used to be commit 43ca0d991cc6489be16722a7ea89e01a42f2ca2f)
2000-12-07Working code to read POSIX ACLs on a Linux system using the bestbitsJeremy Allison1-38/+61
ACL patch from http://acl.bestbits.at/. configure support needs more work (just assumes correct headers at the moment). ACL writing needs adding. Jeremy. (This used to be commit 6ae63e502e6adf3666a34aa87860c74e106fdb84)
2000-12-06Cause smbd to use the new posix_acls code, not the old unix_acls code.Jeremy Allison1-61/+47
Currently does exactly the same thing (returns ACLs the same way). This code is written to try and get a POSIX ACL via the abstract sys_XX interface, then fall back to providing a UNIX based ACL if the calls fail. Seems to work. Next step is to add a --with-posix-acls to configure.in and then check on a POSIX ACL system that a complex ACL is returned correctly as an NT ACL. Note that the ACL set (a more complex problem) is not addressed yet. Jeremy. (This used to be commit 4339e20202a876dbadc07980b731f711463b7299)
2000-12-06Make smbd/posix_acls.c use abstract interface.Jeremy Allison1-11/+10
include/smb_acls.h lib/sysacls.c: Added as interface definitions. Jeremy. (This used to be commit 8359375bba5b3ae24956f66b066dedf11d3583df)
2000-12-06Moving to abstract API interface (sys_get_acl() etc.) to allow systemJeremy Allison1-42/+42
specific ACL calls to be dealt with elsewhere. This file will eventually be able to replace the old UNIX acl interface. Jeremy. (This used to be commit b27cac77628a4b332b529115b0854c71f9eea374)
2000-12-01Code to read & return POSIX ACLs as NT ACLs. Close to test on Linux.Jeremy Allison1-74/+95
Jeremy. (This used to be commit 52e9311bc2a837d1f4791f36c3477c430f841378)