summaryrefslogtreecommitdiff
path: root/source3/smbd/posix_acls.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r428: add acls debug classHerb Lewis1-0/+3
(This used to be commit b7703799f8899affda205eacb0bf79cf8e2b9362)
2007-10-10r50: Fix bug 1139 as per fix suggested by jdev@panix.com,Jeremy Allison1-3/+3
swap lookups for user and group - group will do an algorithmic lookup if it fails, user won't. Jeremy. (This used to be commit a205c56a75c93c82796fd68687e8c0db26459073)
2004-04-02Added per-share parameter "store dos attributes". When set, will storeJeremy Allison1-1/+1
dos attributes in an EA. Based on an original patch from tridge, but modified somewhat to cover all cases. Jeremy. (This used to be commit ed653cd468213e0be901bc654aa3748ce5837947)
2004-03-31Added support for OS/2 EA's in smbd server. Test with smbtorture eatest.Jeremy Allison1-2/+0
New protocol option "ea support" to turn them on (off by default). Conrad at Apple may like this as it allows MacOS resource forks to be stored on a file. Passes valgrind. Documentation to follow. Jeremy. (This used to be commit 8cc10a6c0550c017a62e8a3790afd2172d173e00)
2003-11-25Patch from Jim McDonough for bug #802. Retrieve the correct ACL group bitsJeremy Allison1-0/+42
if the file has an ACL. Jeremy. (This used to be commit 7bf5ed30ce74ba658ca35059955748c1d8cbd6d2)
2003-11-03Fix more 64-bit printf warnings.Tim Potter1-1/+1
(This used to be commit 23443e3aa079710221557e18158d0ddb8ff48a36)
2003-07-01Fixed the latest complaint from jcmd :-). We were storing -1 for theJeremy Allison1-6/+10
CREATOR_OWNER/CREATOR_GROUP uid/gid entries in the SAMBA_PAI attribute. Creator Owner and Creator group now show up as inherited correctly (I think :-). Jim please test. Jeremy. (This used to be commit dbbd8dd15582f95fb9c160c6c42ce9f0971ac4b7)
2003-06-30Finally ! Fixed the ACL ordering bug reported by jcmd. I realised we wereJeremy Allison1-20/+10
not sorting returned ACE's correctly w.r.t. W2K - implemented the correct algorithm. Jeremy. (This used to be commit fa23a4158ec23c0b8dbdc6c53f29958243107dee)
2003-06-23Fixed the merge_default_aces() code to work correctly with inheritance.Jeremy Allison1-11/+38
Hopefully will fix jcmd bugs :-). Jeremy. (This used to be commit 482e6c79edefc8aaacbb37f807d2076e59b40e26)
2003-06-22Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce1-2/+2
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
2003-06-20Fixed sorting algorithm to prevent problems with W2K clients.Jeremy Allison1-2/+2
Jeremy. (This used to be commit fa8ca20ed440673d02ac5669f8d4c6623c1fdb6d)
2003-06-20Mapping of Windows ACL inheritance and protected bits onto extended attributesJeremy Allison1-16/+461
if available. Adds new parameter "map acl inheritance" (docs coming soon) off by default. Allows W2K acl inheritance dialogs to work correctly on POSIX acls. Jeremy. (This used to be commit a83595e80ae539135fa1a65d6066b10ac94fbad1)
2003-05-30Ensure 'blank' entries show up in both default and normal entries toJeremy Allison1-13/+7
allow them to be changed. Works well with W2K and above. Jeremy. (This used to be commit 685e4e518236079f201650f26152f6f9ad3c61ab)
2003-05-29Change get_nt_acl() to include security_info wanted. Only return this.Jeremy Allison1-138/+145
This gets us closer to W2k+ in what we return for file ACLs. Fix horribly broken make_sec_desc() that screwed up the size when given a SD with no owner or group (how did it get this bad... ?). Jeremy. (This used to be commit 183c9ed4052ab14e269ed1234ca557053f77e77a)
2003-05-28Fix bug brought up by Ken Cross that empty ACE's cause existing ACE's toJeremy Allison1-107/+14
be applied to new ACE set calls. This is incorrect. Don't think this has a bugzilla id. Jeremy. (This used to be commit cb70d8c9e87801c314d1b926d4e43ee451c04135)
2003-05-27Fix shadow parameter warning in free_empty_sys_acl()Tim Potter1-5/+5
(This used to be commit 1b2b7766c8fa89f46f4d1c881ee91c4b0b15773a)
2003-05-17Cope with cumulative permissions sets. This code is #ifdef'ed out at theJeremy Allison1-1/+49
moment as I don't think cumulative permission sets make sense in POSIX even though that's the way Windows works.... Jeremy. (This used to be commit 6ddd5b6ca7dde45ce866f852861e143434c84c7e)
2003-05-14Prefix VFS API macros with SMB_ for consistency and to avoid problems with ↵Alexander Bokovoy1-67/+67
VFS_ macros at system side. We currently have one clash with AIX and its VFS_LOCK. Compiled and tested -- no new functionality or code, just plain rename of macros for yet-unreleased VFS API version. Needs to be done before a24 is out (This used to be commit c2689ed118b490e49497a76ed6a2251262018769)
2003-05-12And finally IDMAP in 3_0Simo Sorce1-6/+4
We really need idmap_ldap to have a good solution with ldapsam, porting it from the prvious code is beeing made, the code is really simple to do so I am confident it is not a problem to commit this code in. Not committing it would have been worst. I really would have been able to finish also the group code, maybe we can put it into a followin release after 3.0.0 even if it may be an upgrade problem. The code has been tested and seem to work right, more testing is needed for corner cases. Currently winbind pdc (working only for users and not for groups) is disabled as I was not able to make a complete group code replacement that works somewhat in a week (I have a complete patch, but there are bugs) Simo. (This used to be commit 0e58085978f984436815114a2ec347cf7899a89d)
2003-05-11Fix VFS layer:Alexander Bokovoy1-67/+67
1. Finally work with cascaded modules with private data storage per module 2. Convert VFS API to macro calls to simplify cascading 3. Add quota support to VFS layer (prepare to NT quota support) Patch by Stefan (metze) Metzemacher, with review of Jelmer and me Tested in past few weeks. Documentation to new VFS API for third-party developers to follow (This used to be commit 91984ef5caa2d13c5d52e1f535bd3bbbae1ec978)
2003-04-19use gid_t for gids not uid_tSimo Sorce1-1/+1
(This used to be commit a369c2ff2637dc808035217eaada4cf923c5cf6d)
2003-04-01Doing janitor work for tridge.Jeremy Allison1-3/+3
"changed the order of checking whether a SID is a UID or a GID in posix acls. This is needed because sid_to_uid always claims that the sid is a user, due ot a change I made some months back. This change was suggested by Chere Zhou, but is really an interim measure. Chere is looking at a longer term solution." REMEMBER - 3.0 is the one we will SHIP ! Jeremy. (This used to be commit a4d7496994b740e074398d98c999a803afff4404)
2003-03-07Missed parentheses around complex logic.Jeremy Allison1-1/+2
Jeremy. (This used to be commit 7f8d3a49b2cebab4b94db3cda54b3923442378c8)
2003-03-07Patch from Michael Steffens. In his own words :Jeremy Allison1-78/+199
------------------------------------------------------------------------- I think there are basically two problem: 1. Windows clients do not always send ACEs for SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, and SMB_ACL_OTHER. The function ensure_canon_entry_valid() is prepared for that, but tries to "guess" values from group or other permissions, respectively, otherwise falling back to minimum r-- for the owner. Even if the owner had full permissions before setting ACL. This is the problem with W2k clients. 2. Function set_nt_acl() always chowns *before* attempting to set POSIX ACLs. This is ok in a take-ownership situation, but must fail if the file is to be given away. This is the problem with XP clients, trying to transfer ownership of the original file to the temp file. The problem with NT4 clients (no ACEs are transferred to the temp file, thus are lost after moving the temp file to the original name) is a client problem. It simply doesn't attempt to. I have played around with that using posic_acls.c from 3.0 merged into 2.2. As a result I can now present two patches, one for each branch. They basically modify: 1. Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or SMB_ACL_OTHER as "preserve current value" instead of attempting to build one ourself. The original code is still in, but only as fallback in case current values can't be retrieved. 2. Rearrange set_nt_acl() such that chown is only done before setting ACLs if there is either no change of owning user, or change of owning user is towards the current user. Otherwise chown is done after setting ACLs. It now seems to produce reasonable results. (Well, as far as it can. If NT4 doesn't even try to transfer ACEs, only deliberate use of named default ACEs and/or "force group" or the crystal ball can help :) ------------------------------------------------------------------------- Jeremy. (This used to be commit 1d3b8c528bebfa1971d1affe454a03453335786e)
2003-02-24Merge of server-side authentication changes to 3.0:Andrew Bartlett1-1/+1
- user_ok() and user_in_group() now take a list of groups, instead of looking for the user in the members of all groups. - The 'server_info' returned from the authentication is now kept around - in future we won't copy the sesion key, username etc, we will just referece them directly. - rhosts upgraded to use the SAM if possible, otherwise fake up based on getpwnam(). - auth_util code to deal with groups upgraded to deal with non-winbind domain members again. Andrew Bartlett (This used to be commit 74b5436c75114170ce7c780c19226103d0df9060)
2003-02-21Added comments to make it clearer when we're assigning a pointer that itJeremy Allison1-0/+12
must not be freed afterwards. Jeremy. (This used to be commit 4015e39d3666dbe240808c9007a8b8faca012a3d)
2003-02-19Fix from Corny.Bondad@hp.com for missing if (setting_acls) on defaultJeremy Allison1-3/+3
perms. Jeremy. (This used to be commit 793609cbc2f657b91a59aec4a3f403bf826c7156)
2003-02-04Merge from HEAD: avoid braindead #define on Tru64.Andrew Bartlett1-2/+2
(This used to be commit 299233fbf2328d08546b3b03dceca67083b68493)
2002-10-23First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>.Jeremy Allison1-106/+419
This is not 100% the same as what SuSE shipped in their Samba, there is a crash bug fix, a race condition fix, and a few logic changes I'd like to discuss with Andreas. Added Andreas to (C) notices for posix_acls.c Jeremy. (This used to be commit 40eafb9dde113af9f7f1808fda22908953f7e8c3)
2002-10-08Fix based on Jim McDonough's code for ACL inheritance problem.Jeremy Allison1-9/+60
Jeremy. (This used to be commit 3343efaaa8b80d5bc549afebbc06e02e125a6af9)
2002-10-07Fix from Andreas Gruenbacher <agruen@suse.de> to prevent ACL set on read-onlyJeremy Allison1-0/+5
share. Jeremy. (This used to be commit 9b8f362abc5abf25f02718774a8aa1f4574f19ff)
2002-09-25sync'ing up for 3.0alpha20 releaseGerald Carter1-2/+28
(This used to be commit 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)
2002-08-17Sync 3.0 branch with headJelmer Vernooij1-1/+1
(This used to be commit 42615b945e2e48e53a21ea47f2e45407913a6a1e)
2002-07-15updated the 3.0 branch from the head branch - ready for alpha18Andrew Tridgell1-50/+130
(This used to be commit 03ac082dcb375b6f3ca3d810a6a6367542bc23ce)
2002-03-12Added POSIX ACL layer into the vfs.Jeremy Allison1-60/+64
Jeremy. (This used to be commit 7d59445b6962547a8938928a9371651a09e26516)
2002-03-11Implemented default ACL patch (set inherit acls = true on a per share basis).Jeremy Allison1-0/+13
Based on code donated by Olaf Fr±czyk <olaf@cbk.poznan.pl>. Further commit will change to sending via vfs interface. Jeremy. (This used to be commit d85133e2697eb22f1573c78447b57791ae63dd6b)
2002-03-09a more informitive debug message when a SID can't be validatedAndrew Tridgell1-1/+2
(This used to be commit c55737fb25dfed4697b93a600e3bd770f84bf464)
2002-01-30Removed version number from file header.Tim Potter1-2/+1
Changed "SMB/Netbios" to "SMB/CIFS" in file header. (This used to be commit 6a58c9bd06d0d7502a24bf5ce5a2faf0a146edfa)
2002-01-25merge from 2.2Gerald Carter1-1/+1
(This used to be commit 7dc1c34145d66f4bbc5c6ce0bca4b224088366af)
2002-01-11fixed a crash in merge_aces()Andrew Tridgell1-0/+1
when we free curr_ace_outer we need to not try to use it again :) (This used to be commit 1c5e19a418136c0ae524e62a4907501212ebac3d)
2001-12-19Allow ACL set to fail gracefully on HP HFS filesystems.Jeremy Allison1-0/+12
Jeremy. (This used to be commit 2d7b81e692ac2bcfd6e31223d3f8545c255cb47c)
2001-12-04Stop using getgrgid() - a very expensive call with winbindd, to look upJeremy Allison1-13/+10
a group name. Jeremy. (This used to be commit b926660e73d4c94c30ec5a365027770acdafe25e)
2001-11-30Renamed sid field in SEC_ACE to trustee to be more in line with MS'sTim Potter1-23/+23
definitions. (This used to be commit 9712d3f15a47155f558d0034ef71fd06afb11301)
2001-09-25Log sys_acl_set_XX at level 2 not zero.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 4a54a633c59a18b387427e89266e294bdddf8574)
2001-09-22Ignore unmappable (NT Authority, BUILTIN etc.) SIDs in an ACL set.Jeremy Allison1-0/+11
Jeremy. (This used to be commit bc7963bd643422cce081b6284e3bdd49ae3a02ab)
2001-09-17move to SAFE_FREE()Simo Sorce1-11/+9
(This used to be commit a95943fde0ad89ae3f2deca2f7ba9cb5ab612b74)
2001-09-07Don't fail if no owner/group owner set. Use existing owners.Jeremy Allison1-3/+7
Jeremy. (This used to be commit 9961c4c1a3b2dbf8d1062bc1fa103488c0d0ba79)
2001-08-30if no ACL elements then use chmod - fixes ability to set read-only bitHerb Lewis1-2/+2
on files that do not have an ACL (This used to be commit 65ea13420c78cf0a8c01f14c08815e4b44ca4abc)
2001-07-26Fix from Michael Davidson <md@caldera.com> for DEC OSF/1 ACLs (ie.Jeremy Allison1-2/+2
Digital UNIX). Jeremy. (This used to be commit 324ba0512ec84bb173c72be3dfd2447e0dc30e26)
2001-07-04The big character set handling changeover!Andrew Tridgell1-6/+6
This commit gets rid of all our old codepage handling and replaces it with iconv. All internal strings in Samba are now in "unix" charset, which may be multi-byte. See internals.doc and my posting to samba-technical for a more complete explanation. (This used to be commit debb471267960e56005a741817ebd227ecfc512a)