Age | Commit message (Collapse) | Author | Files | Lines |
|
ownership This will allow groups, such as domain administrators, to own files while correctly handling the rest of the ACL permissions.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
add_current_ace_to_acl() in order for there to be more posix ACL elements than NT ACL elements (so a group SID can own a file, but also get the group permissions that will be honoured)
Andrew Bartlett
Slightly modified by Jeremy to reduce diff size.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
but must own the file. Based on an original patch by Andrew Bartlett.
|
|
This might happen when we get a SID mapped to IDMAP_BOTH.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
The issue was a simple copy and paste bug, which casued a duplicate SMB_ACL_GROUP
to be added when we already had one.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed May 9 13:17:29 CEST 2012 on sn-devel-104
|
|
bit with the acl_xattr module.
Error found by Andrew Bartlett <abartlet@samba.org> and Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>.
Don't use a pointer when you really mean a bool flag.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Mar 13 21:56:15 CET 2012 on sn-devel-104
|
|
SMB_ACL_USER_OBJ ACE (the owner ACE entry) has a duplicate
permission entry as an SMB_ACL_USER, and a gid for a
SMB_ACL_GROUP_OBJ ACE (the primary group ACE entry) also has
a duplicate permission entry as an SMB_ACL_GROUP. If not,
then if the ownership or group ownership of this file or
directory gets changed, the user or group can lose their
access.
|
|
|
|
This will make the second tweak to the ACL mapping on set easier.
|
|
|
|
from a DACL
Reported by David Disseldorp. Fix based on a patch by David.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Nov 29 22:32:27 CET 2011 on sn-devel-104
|
|
permissions on incoming ACL change with no user specified.
Be smarter about setting default permissions when a ACL_USER_OBJ isn't given. Use the principle of least surprises for the user.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Sep 9 00:26:08 CEST 2011 on sn-devel-104
|
|
permissions on incoming ACL change with no user specified.
create_default_mode() is not needed - it's taken care of by code
inside ensure_canon_entry_valid().
|
|
for set (Invalid argument)"
This belongs as part of the bugfix for bug #8443 - Default user entry is set to minimal permissions on incoming ACL change with no user specified.
Not as part of #7509.
This reverts commit 2a1453e2318af77a79180f3137f8a8d3f1240233.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Sep 8 08:50:12 CEST 2011 on sn-devel-104
|
|
for set (Invalid argument)"
This reverts commit 17f6e0272370f764d4a0053c8e74f20b0444c721.
Using the existing default permissions for group access is incorrect
when no such permissions are given in the incoming ACL.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Sep 7 03:50:21 CEST 2011 on sn-devel-104
|
|
(Invalid argument)
Be smarter about setting default permissions when a ACL_GROUP_OBJ isn't given. Use the
principle of least surprises for the user.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Sep 3 00:16:05 CEST 2011 on sn-devel-104
|
|
(Invalid argument)
Be smarter about setting default permissions when a ACL_USER_OBJ isn't given. Use the
principle of least surprises for the user.
|
|
(Invalid argument)
Don't call check_owning_objs() to convert ACL_USER->ACL_USER_OBJ and
AC_GROUP->ACL_GROUP_OBJ for default (directory) ACLs, we do this separately
inside ensure_canon_entry_valid().
|
|
(Invalid argument)
Only map CREATOR_OWNER/CREATOR_GROUP to ACL_USER_OBJ/ACL_GROUP_OBJ in
a default(directory) ACL set.
|
|
(Invalid argument)
Remove the code I added for bug "6878 - Cannot change ACL's inherit flag". It is incorrect
and causes the POSIX ACL ACL_USER_OBJ duplication.
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_ARRAY isn't standard talloc.
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_ZERO_P isn't standard talloc.
|
|
Using the standard macro makes it easier to move code into common, as
TALLOC_P isn't standard talloc.
|
|
Refuse to set dos attributes into unix mode bits on such a
folder.
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
|
|
|
|
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Sat Feb 5 03:33:59 CET 2011 on sn-devel-104
|
|
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Dec 29 02:15:23 CET 2010 on sn-devel-104
|
|
lp_enable_privileges(). Needed"
Not needed - privileges code prevents "enable privileges = no" from adding privileges
anyway.
This reverts commit a8b95686a7bde3f96f141b6938e24e101567ef54.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 23:41:36 UTC 2010 on sn-devel-104
|
|
Needed
to maintain compatibility with smb.conf manpage.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 22 18:15:48 UTC 2010 on sn-devel-104
|
|
acl_xattr and acl_tdb module.
|
|
Jeremy.
|
|
they can't be mapped.
|
|
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
|
|
missing owner/group.
Jeremy.
|
|
of security descriptors.
As pointed out by an OEM, the code within smbd/posix_acl.c, even though passed
a const pointer to a security descriptor, still modifies the ACE entries within
it (which are not const pointers).
This means ACLs stored in the extended attribute by the acl_xattr module have
already been modified by the POSIX acl layer, and are not the original intent
of storing the "unmodified" ACL from the client.
Use dup_sec_desc to make a copy of the incoming ACL on talloc_tos() - that
is what is then modified inside smbd/posix_acl.c, leaving the original ACL
to be correctly stored in the xattr.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 8 00:37:53 UTC 2010 on sn-devel-104
|
|
Guenther
|
|
This new call is available in the merged privileges code, and
takes an enum as the parameter, rather than a bitmask.
Andrew Bartlett
Signed-off-by: Andrew Tridgell <tridge@samba.org>
|
|
Karolin
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|
|
Guenther
|