Age | Commit message (Collapse) | Author | Files | Lines |
|
code is wrong or bad or anything, just that it
needs to be discussed & reviewed on the samba-technical
list before we add a platform-specific NFSv4 mapping.
That way lies a lot of future pain :-).
Jeremy.
(This used to be commit 330899ec30ffceb798e3a8362d20e103e20b2897)
|
|
examples directory.
(This used to be commit c085355c323c65ee782516859eed8a76b53e6035)
|
|
code will be released.
(This used to be commit 5b1db0151461af18d994359e86c649922fc6de65)
|
|
(This used to be commit 72312cb2e255301f978455a559461ad83b13b6cb)
|
|
(This used to be commit ae6b9b34e59167e3958bfdb9997fa25340b9a0a3)
|
|
acls code. I'm pretty sure this was safe, but become_root()
does other things to the token stack that become_root_uid_only()
does not, and as we're going into a vfs redirectred function
I decided it wasn't safe for now.
Jeremy.
(This used to be commit b3e0f45488595aa96c852dab8e1349631a85dded)
|
|
calls make it :
become_root_uid_only()
operation
unbecome_root_uid_only()
saving errno across the second call. Most of our internal
change calls can be replaced with these simple calls.
Jeremy
(This used to be commit 4143aa83c029848d8ec741d9218b3fa6e3fd28dd)
|
|
modularizes our interface into the special posix API used on
the system. Without this patch the specific API flavor is
determined at compile time, something which severely limits
usability on systems with more than one file system. Our
first targets are AIX with its JFS and JFS2 APIs, at a later
stage also GPFS. But it's certainly not limited to IBM
stuff, this abstraction is also necessary for anything that
copes with NFSv4 ACLs. For this we will check in handling
very soon.
Major contributions can be found in the copyright notices as
well as the checkin log of the vl-posixacls branch. The
final merge to 3_0 post-3.0.23 was done by Peter Somogyi
<psomogyi@gamax.hu>
(This used to be commit ca0c73f281a2a65a988094a46bb3e46a94011a53)
|
|
no way to get all the cases where kernel oplocks are
on and we can't open the file and get the correct
semantics (think about the open with truncate with
an attribute only open - we'd need a vfs change to
add the truncate(fname, len) call). So always drop
the share mode lock before doing any real fd opens and
then re-acquire it afterwards. We're already dealing
with the race in the create case, and we deal with
any other races in the same way. Volker, please
examine *carefully* :-). This should fix the problems
people reported with kernel oplocks being on.
Jeremy.
(This used to be commit 8171c4c404e9f382880c65daa0232f89e560f399)
|
|
to do the upper layer directories but this is what
everyone is waiting for....
Jeremy.
(This used to be commit 9dafb7f48ca3e7af956b0a7d1720c2546fc4cfb8)
|
|
think this can happen in real life but the code is
too complicated to be sure....
Jerry please merge this for 3.0.23.
Jeremy.
(This used to be commit 1e5042d4c0d1a0d0a5cfbcb0d47815e1510ee52a)
|
|
* depreacte 'acl group control' after discussion with Jeremy
and implement functionality as part of 'dos filemode'
* fix winbindd on a non-member server to expand local groups
* prevent code previously only used by smbd from blindly
turning _NO_WINBINDD back on
(This used to be commit 4ab372f4cab22225716b5c9a9a08f0c1dbc9928d)
|
|
aliasing clearer. This isn't a bug but a code
clarification.
Jeremy.
line, and those below, will be ignored--
M source/smbd/posix_acls.c
(This used to be commit b8397c9f33424e0d1ed3ff849e1c99812f978000)
|
|
(This used to be commit 5429c495c538e416010cf44e1d6fb771770a72ae)
|
|
a new empty acl in remove_posix_acl if you don't bother
to set it on the file in question :-).
Jeremy.
(This used to be commit 12eccc8fe4ed043698970de42921757eb0448c84)
|
|
Jeremy.
(This used to be commit a28bc614a0eb8409a98b254b32ad17c50c2eec0e)
|
|
Volker
(This used to be commit bb40e544de68f01a6e774753f508e69373b39899)
|
|
Sync with trunk as off r13315
(This used to be commit 17e63ac4ed8325c0d44fe62b2442449f3298559f)
|
|
by saving the UNIX token used to set a delete on close flag,
and using it when doing the delete. libsmbsharemodes.so still
needs updating to cope with this change.
Samba4 torture tests to follow.
Jeremy.
(This used to be commit 23f16cbc2e8cde97c486831e26bcafd4ab4a9654)
|
|
SATOH Fumiyasu <fumiyas@miraclelinux.com>
Jerry please pick this up for 3.0.21b.
Jeremy.
(This used to be commit 3f5860b8fb37e854ccf5d9a80848ef759154f88c)
|
|
Caught by Samba4 oplock torture tester.
Jeremy.
(This used to be commit c2476b2f75f6521700107a46028f54110083aa52)
|
|
for bug #3348. Don't assume owning sticky bit
directory means write access allowed.
Jeremy.
(This used to be commit 1032aa890f53097f87fa97689cb21d908b32093c)
|
|
the name (must be abolute - start with /, must not end in /,
must have ./ and ../ removed). Of course for realpath resolved
paths this won't be the case but for others we need this name
to be canonicalized. This name is going into the sharemode db
for #3303 so needs to be in a normalized format.
Jeremy.
(This used to be commit 22e3300911809692b595f49e87d91e3111923e6a)
|
|
We should only check the S_IWGRP permissions if we haven't already
seen an owning group SMB_ACL_GROUP_OBJ ace entry. If there is an
SMB_ACL_GROUP_OBJ ace entry then the group bits in st_gid are
the same as the SMB_ACL_MASK bits, not the SMB_ACL_GROUP_OBJ
bits. Thanks to Marc Cousin <mcousin@sigma.fr> for pointing
this out.
Jeremy.
(This used to be commit 7e1318e09bd4b155707020142b08776a546a646e)
|
|
(This used to be commit 1bcf7e82ede63a851a244162a3b939373787b693)
|
|
read-only. Noticed by Andrew Bartlett.
Jeremy
(This used to be commit a33f4f0d2afe28ca0e3ab6c9ecfcdbaa267a7fbe)
|
|
* Users with SeRestorePrivilege may chown files to anyone (be it as a
backup software or directly using the ownership-tab in the security
acl editor on xp), while
* Users with SeTakeOwnershipPrivilege only can chown to themselves.
Simo, Jeremy. I think this is correct now.
Guenther
(This used to be commit 1ef7a192eed457d302a08c692bb54a73a1af4afd)
|
|
(not only to the current_user.uid).
Jeremy, please have a look.
Guenther
(This used to be commit 8e48e8936ed59ed8d50b6eaa9954749168de3138)
|
|
deref bug (in unlikely error path) found by Coverity.
Jeremy.
(This used to be commit 9b5cc58f3abdb1945bfad340968ccabdfd040029)
|
|
Jeremy.
(This used to be commit f7b169ed57de81229c3b9089a05f4e73ea39010c)
|
|
Jeremy.
(This used to be commit 4d69a682b3ab4f660455e6ea5a2970481a6ccffc)
|
|
tests on this as it's very late NY time (just wanted to get this work
into the tree). I'll test this over the weekend....
Jerry - in looking at the difference between the two trees there
seem to be some printing/ntprinting.c and registry changes we might
want to examine to try keep in sync.
Jeremy.
(This used to be commit c7fe18761e2c753afbffd3a78abff46472a9b8eb)
|
|
mapping of rwx to full control or not. Requested feature at SambaXP.
Jeremy.
(This used to be commit c870579f4cd91dc9e030134dd367109aed3e3469)
|
|
Jeremy.
(This used to be commit af5fd615b37f555e5f2c7b9fef24299e99952a41)
|
|
Jeremy.
(This used to be commit 000477943c3dd41fd44f2aef3755aa603ba5d595)
|
|
of a file to themself.
Jeremy.
(This used to be commit f3319e224db8f79baa10413e0e2a96d2bc871f38)
|
|
directories
and files. Needed for Volker's coming changes.
Jeremy.
(This used to be commit b257744fdfd0a8d940ae834b3c21f0f298c7d1f9)
|
|
checking for write access in a directory before delete. Also
controls checking for write access before labeling a file read-only
if DOS attributes are not being stored in EA's.
Docuementation to follow.
Jeremy.
(This used to be commit dd1a5e6e499dd721c5bb8d56a61810a7454a3449)
|
|
excel files). Ensures that any missing user ACL entry will be generated
from a union of all group permissions that contain the user.
Awaiting feedback from the reporters.
Jeremy.
(This used to be commit 874353e617b314429359e8e9516898f670bbf539)
|
|
Jeremy.
(This used to be commit 60325ab1281ebbe70665b5f763065ca60ee9f682)
|
|
iterator functions so it can be used easily in a for loop.
Drops duplicated code from posix_acls.c
Jeremy.
(This used to be commit 81f30bf5985f5c6dc8399c4695dfa6f14140fde1)
|
|
Canaonicalise any +ve return to 1.
Jeremy.
(This used to be commit e594222d0ba7713088420f6c6603a74c1d5def8e)
|
|
Eric Stewart <eric@lib.usf.edu> I realised we weren't checking
against the current effective groupid (set by force group) as
well as the group list. Fix this.
Jeremy.
(This used to be commit 0c4058c0732b1faa87ca64b8f95ad2fe3106a69f)
|
|
with this....
Jeremy.
(This used to be commit 11c464268df2a0a5155e93d4a7d053d2920fcff0)
|
|
initializable
statically.
Volker
(This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
|
|
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
|
|
entry never to match - it matches but if doesn't grant access is recorded
so the "other" entry isn't subsequently checked.
Fix the algorithm.
Jeremy.
(This used to be commit e3c7d08bb68f51bc05768467feb0af896a059e91)
|
|
Jeremy.
(This used to be commit 6609b209f513f0859040686a88ee6c7106c06008)
|
|
a "allow" entry of GROUP or GROUP_OBJ, then access is allowed. It doesn't
terminate on the first match. Added debug to show where the match occured
(or didn't).
Jeremy.
(This used to be commit 81fb3372867fa66a092841222e02bd1c104b2d19)
|
|
Jeremy.
(This used to be commit e831cef618d55c362e8d3a8a4c2b9f2ed7d4d7bd)
|