Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
Instead, this is just handled with realloc in sys_acl_create_entry()
This allows us to remove the size element from the SMB_ACL_T.
Andrew Bartlett
|
|
I need to get at the owner, group, DACL and SACL when testing correct
ACL storage.
Andrew Bartlett
|
|
This is required because the functions it calls use talloc_tos().
Andrew Bartlett
|
|
This is no longer a VFS call, so will no longer fail in this way.
Andrew Bartlett
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 15 05:23:18 CEST 2012 on sn-devel-104
|
|
|
|
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
As the test for a valid posix ACL is based on the unix uid/gid only appearing once in the ACL
the merge process also needs to be UID/GID based.
This is a problem when we have multiple builtin groups mapped to the same POSIX group
as happens in a Samba4 provision.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
This is consistent with the rest of Samba which uses this structure to represent
a unix uid or gid.
World values remain represented by the owner_type being WORLD_ACE in the containing
structure. A -1 value is filled in to the unixid.id in the same way the .world value
was initialised in the union.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
posix_acls
When a user owns a file, but does not have specific permissions on that file, we need to
make up the user permissions. This change ensures that the first thing that we do
is to look up the SID, and confirm it is a user. Then, we avoid the getpwnam()
and directly create the token via the SID.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
This is in preperation for the parameter table being made common.
Andrew Bartlett
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
This is in preparation of changing fnum to uint64_t
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
ID_TYPE_BOTH The GID ACL entry is what will be mapped in most cases, and so is sufficient.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu May 17 05:08:44 CEST 2012 on sn-devel-104
|
|
This code is to ensure that the user does not loose rights when their file
ownership is taken away. If the owner (an IDMAP_BOTH SID) appears as a group
then a duplicate user is not required.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
ownership This will allow groups, such as domain administrators, to own files while correctly handling the rest of the ACL permissions.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
add_current_ace_to_acl() in order for there to be more posix ACL elements than NT ACL elements (so a group SID can own a file, but also get the group permissions that will be honoured)
Andrew Bartlett
Slightly modified by Jeremy to reduce diff size.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
but must own the file. Based on an original patch by Andrew Bartlett.
|
|
This might happen when we get a SID mapped to IDMAP_BOTH.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
The issue was a simple copy and paste bug, which casued a duplicate SMB_ACL_GROUP
to be added when we already had one.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed May 9 13:17:29 CEST 2012 on sn-devel-104
|
|
bit with the acl_xattr module.
Error found by Andrew Bartlett <abartlet@samba.org> and Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>.
Don't use a pointer when you really mean a bool flag.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Mar 13 21:56:15 CET 2012 on sn-devel-104
|
|
SMB_ACL_USER_OBJ ACE (the owner ACE entry) has a duplicate
permission entry as an SMB_ACL_USER, and a gid for a
SMB_ACL_GROUP_OBJ ACE (the primary group ACE entry) also has
a duplicate permission entry as an SMB_ACL_GROUP. If not,
then if the ownership or group ownership of this file or
directory gets changed, the user or group can lose their
access.
|
|
|
|
This will make the second tweak to the ACL mapping on set easier.
|
|
|
|
from a DACL
Reported by David Disseldorp. Fix based on a patch by David.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Nov 29 22:32:27 CET 2011 on sn-devel-104
|
|
permissions on incoming ACL change with no user specified.
Be smarter about setting default permissions when a ACL_USER_OBJ isn't given. Use the principle of least surprises for the user.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Sep 9 00:26:08 CEST 2011 on sn-devel-104
|
|
permissions on incoming ACL change with no user specified.
create_default_mode() is not needed - it's taken care of by code
inside ensure_canon_entry_valid().
|
|
for set (Invalid argument)"
This belongs as part of the bugfix for bug #8443 - Default user entry is set to minimal permissions on incoming ACL change with no user specified.
Not as part of #7509.
This reverts commit 2a1453e2318af77a79180f3137f8a8d3f1240233.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Sep 8 08:50:12 CEST 2011 on sn-devel-104
|
|
for set (Invalid argument)"
This reverts commit 17f6e0272370f764d4a0053c8e74f20b0444c721.
Using the existing default permissions for group access is incorrect
when no such permissions are given in the incoming ACL.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Sep 7 03:50:21 CEST 2011 on sn-devel-104
|
|
(Invalid argument)
Be smarter about setting default permissions when a ACL_GROUP_OBJ isn't given. Use the
principle of least surprises for the user.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Sep 3 00:16:05 CEST 2011 on sn-devel-104
|
|
(Invalid argument)
Be smarter about setting default permissions when a ACL_USER_OBJ isn't given. Use the
principle of least surprises for the user.
|
|
(Invalid argument)
Don't call check_owning_objs() to convert ACL_USER->ACL_USER_OBJ and
AC_GROUP->ACL_GROUP_OBJ for default (directory) ACLs, we do this separately
inside ensure_canon_entry_valid().
|
|
(Invalid argument)
Only map CREATOR_OWNER/CREATOR_GROUP to ACL_USER_OBJ/ACL_GROUP_OBJ in
a default(directory) ACL set.
|
|
(Invalid argument)
Remove the code I added for bug "6878 - Cannot change ACL's inherit flag". It is incorrect
and causes the POSIX ACL ACL_USER_OBJ duplication.
|