summaryrefslogtreecommitdiff
path: root/source3/smbd/posix_acls.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r11237: Fix acl evaluation bug found by Marc Cousin <mcousin@sigma.fr>Jeremy Allison1-14/+34
We should only check the S_IWGRP permissions if we haven't already seen an owning group SMB_ACL_GROUP_OBJ ace entry. If there is an SMB_ACL_GROUP_OBJ ace entry then the group bits in st_gid are the same as the SMB_ACL_MASK bits, not the SMB_ACL_GROUP_OBJ bits. Thanks to Marc Cousin <mcousin@sigma.fr> for pointing this out. Jeremy. (This used to be commit 7e1318e09bd4b155707020142b08776a546a646e)
2007-10-10r11060: merging new eventlog code from trunkGerald Carter1-0/+55
(This used to be commit 1bcf7e82ede63a851a244162a3b939373787b693)
2007-10-10r10885: Fix bug where read-only share files are always seen asJeremy Allison1-4/+1
read-only. Noticed by Andrew Bartlett. Jeremy (This used to be commit a33f4f0d2afe28ca0e3ab6c9ecfcdbaa267a7fbe)
2007-10-10r9952: Adapt better to the Windows way of taking and assigning ownership:Günther Deschner1-11/+22
* Users with SeRestorePrivilege may chown files to anyone (be it as a backup software or directly using the ownership-tab in the security acl editor on xp), while * Users with SeTakeOwnershipPrivilege only can chown to themselves. Simo, Jeremy. I think this is correct now. Guenther (This used to be commit 1ef7a192eed457d302a08c692bb54a73a1af4afd)
2007-10-10r9946: allow the priv-based chown (se_take_ownership) to chown to other usersGünther Deschner1-1/+0
(not only to the current_user.uid). Jeremy, please have a look. Guenther (This used to be commit 8e48e8936ed59ed8d50b6eaa9954749168de3138)
2007-10-10r9293: Fix error path memory leak bug found by Coverity - also potential NULLJeremy Allison1-20/+28
deref bug (in unlikely error path) found by Coverity. Jeremy. (This used to be commit 9b5cc58f3abdb1945bfad340968ccabdfd040029)
2007-10-10r8615: Added "acl group control". Defaults to off. Docs to follow.Jeremy Allison1-34/+127
Jeremy. (This used to be commit f7b169ed57de81229c3b9089a05f4e73ea39010c)
2007-10-10r8547: Code tidyup from Jason Mader <jason@ncac.gwu.edu>. Bugid #2885.Jeremy Allison1-2/+0
Jeremy. (This used to be commit 4d69a682b3ab4f660455e6ea5a2970481a6ccffc)
2007-10-10r8219: Merge the new open code from HEAD to 3.0. Haven't yet run the tortureJeremy Allison1-20/+20
tests on this as it's very late NY time (just wanted to get this work into the tree). I'll test this over the weekend.... Jerry - in looking at the difference between the two trees there seem to be some printing/ntprinting.c and registry changes we might want to examine to try keep in sync. Jeremy. (This used to be commit c7fe18761e2c753afbffd3a78abff46472a9b8eb)
2007-10-10r7985: Add "acl map full control", true by default, to allow people to changeJeremy Allison1-7/+7
mapping of rwx to full control or not. Requested feature at SambaXP. Jeremy. (This used to be commit c870579f4cd91dc9e030134dd367109aed3e3469)
2007-10-10r7888: Fix use of "protected".Jeremy Allison1-11/+11
Jeremy. (This used to be commit af5fd615b37f555e5f2c7b9fef24299e99952a41)
2007-10-10r7693: Fix from James Peach @ SGI for null pointer ACL free.Jeremy Allison1-2/+6
Jeremy. (This used to be commit 000477943c3dd41fd44f2aef3755aa603ba5d595)
2007-10-10r7662: Allow someone with SeTakeOwnershipPrivilege to chown the userJeremy Allison1-6/+28
of a file to themself. Jeremy. (This used to be commit f3319e224db8f79baa10413e0e2a96d2bc871f38)
2007-10-10r6946: Allow mapping of POSIX ACLs to NT perms to differentiate between ↵Jeremy Allison1-6/+16
directories and files. Needed for Volker's coming changes. Jeremy. (This used to be commit b257744fdfd0a8d940ae834b3c21f0f298c7d1f9)
2007-10-10r6895: Add "acl check permissions" to turn on/off the new behaviour ofJeremy Allison1-9/+10
checking for write access in a directory before delete. Also controls checking for write access before labeling a file read-only if DOS attributes are not being stored in EA's. Docuementation to follow. Jeremy. (This used to be commit dd1a5e6e499dd721c5bb8d56a61810a7454a3449)
2007-10-10r6696: Another attempt to fix the (unreproducible for me) bug #2346 (read-onlyJeremy Allison1-6/+21
excel files). Ensures that any missing user ACL entry will be generated from a union of all group permissions that contain the user. Awaiting feedback from the reporters. Jeremy. (This used to be commit 874353e617b314429359e8e9516898f670bbf539)
2007-10-10r6533: Fix for bad comment from Andreas Gruenbacher <agruen@suse.de>.Jeremy Allison1-2/+2
Jeremy. (This used to be commit 60325ab1281ebbe70665b5f763065ca60ee9f682)
2007-10-10r6385: Convert checking of egid and secondary egid list intoJeremy Allison1-32/+17
iterator functions so it can be used easily in a for loop. Drops duplicated code from posix_acls.c Jeremy. (This used to be commit 81f30bf5985f5c6dc8399c4695dfa6f14140fde1)
2007-10-10r6378: Other systems may not return 1 for checking WRITE permission.Jeremy Allison1-0/+13
Canaonicalise any +ve return to 1. Jeremy. (This used to be commit e594222d0ba7713088420f6c6603a74c1d5def8e)
2007-10-10r6365: Wow, how much worse does this get. From info provided byJeremy Allison1-0/+26
Eric Stewart <eric@lib.usf.edu> I realised we weren't checking against the current effective groupid (set by force group) as well as the group list. Fix this. Jeremy. (This used to be commit 0c4058c0732b1faa87ca64b8f95ad2fe3106a69f)
2007-10-10r6316: Remove over-cautious asserts. Damn wish I'd made the releaseJeremy Allison1-4/+9
with this.... Jeremy. (This used to be commit 11c464268df2a0a5155e93d4a7d053d2920fcff0)
2007-10-10r6263: Get rid of generate_wellknown_sids, they are const static and ↵Volker Lendecke1-8/+3
initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
2007-10-10r6225: get rid of warnings from my compiler about nested externsHerb Lewis1-20/+8
(This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
2007-10-10r6060: It's not quite accurate to say not having write access causes a groupJeremy Allison1-8/+9
entry never to match - it matches but if doesn't grant access is recorded so the "other" entry isn't subsequently checked. Fix the algorithm. Jeremy. (This used to be commit e3c7d08bb68f51bc05768467feb0af896a059e91)
2007-10-10r6057: Don't put the assert in the wrong place :-).Jeremy Allison1-4/+3
Jeremy. (This used to be commit 6609b209f513f0859040686a88ee6c7106c06008)
2007-10-10r6055: Fix algorithm. If any of the primary or supplementary group ids matchJeremy Allison1-2/+18
a "allow" entry of GROUP or GROUP_OBJ, then access is allowed. It doesn't terminate on the first match. Added debug to show where the match occured (or didn't). Jeremy. (This used to be commit 81fb3372867fa66a092841222e02bd1c104b2d19)
2007-10-10r6053: Fixup dfs path with the new wildcard parser code split out.Jeremy Allison1-1/+1
Jeremy. (This used to be commit e831cef618d55c362e8d3a8a4c2b9f2ed7d4d7bd)
2007-10-10r6049: Ensure "dos filetime" checks file ACLs correctly. May fix Excel ↵Jeremy Allison1-32/+102
"read-only" issue. Jeremy. (This used to be commit 80e788143a6c3d973d3b8e57d91ca5c4a83605b2)
2007-10-10r6001: Oops. Checing the wrong tagtype - should have been SMB_ACL_GROUP, not ↵Jeremy Allison1-1/+1
SMB_ACL_MASK. Fix bug #2521. Jeremy. (This used to be commit 21e3cf2f8f6129324ebb799f959f8d2afe0285d2)
2007-10-10r5616: Forgot about the sticky bit on directories (commonly set on /tmp). If ↵Jeremy Allison1-0/+16
this is set then only the owner or root can delete a file. We now use the same algorithm to check file delete. Jeremy. (This used to be commit eb18104d10428a5daef2316088edc3dbaff58708)
2007-10-10r5355: Fill in the access check code for POSIX ACLs to *really* fix bug #2227.Jeremy Allison1-2/+148
Jeremy. (This used to be commit ecc134a2e3546ed77ab6f1dafc0249c78897e1f3)
2007-10-10r5324: In order to process DELETE_ACCESS correctly and return access deniedJeremy Allison1-0/+11
to a WXPSP2 client we must do permission checking in userspace first (this is a race condition but what can you do...). Needed for bugid #2227. Jeremy. (This used to be commit da23577f162b6bdca7d631fca256a9b3b04043e4)
2007-10-10r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison1-13/+16
allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
2007-10-10r4016: Fix for bug found by Steve French client code (cifsfs) onJeremy Allison1-0/+9
POSIX ACL set. You need to *get* a permset_t pointer from the entry before any of the permset code will accept it as a valid value Jeremy. (This used to be commit 7e78059948612fa9f5d179a1e3f5f59e7ad5e456)
2007-10-10r4007: Fix bug #2088 - ensure inherit permissions is only applied on a new file,Jeremy Allison1-1/+1
not an existing one. Jeremy. (This used to be commit fbbdb72cf1adfe567112556626f26b031747f440)
2007-10-10r3951: Fix for bugid #2081 reported by John Janosik <jpjanosi@us.ibm.com> - ↵Jeremy Allison1-1/+3
ensure SE_DESC_DACL_PROTECTED is set if "map acl inherit = no". Jeremy. (This used to be commit 934c41b474c8959310389378bfa7d3332bd5ec79)
2007-10-10r3859: Ensure if num_acls is set to 0xFFFF this field is ignored.Jeremy Allison1-28/+28
Use def_acl everywhere instead of dir_acl. Jeremy. (This used to be commit d28611c960f87830aa8449725951984aa155b089)
2007-10-10r3816: Added fn to remove an ACL from a file. Now need client code to test this.Jeremy Allison1-2/+128
How do the share mask/modes fit into this code... Need to think about this. Jeremy. (This used to be commit 1aa1c2f489f5b92c3696e7b9123061d91babc34e)
2007-10-10r3794: Added set posix acl functionality into the UNIX extensions code.Jeremy Allison1-6/+235
One part missing - delete file acl (to be added asap). No client code yet, also needs testing with valgrind. Jeremy. (This used to be commit 6101ec2247c182fde6ea3e7e1f64a92b353ec4e8)
2007-10-10r3693: Correctly detect errno for no acl/ea support.Jeremy Allison1-14/+6
Jeremy (This used to be commit 089a76f611187e2ba4c3363b657905d04576109e)
2007-10-10r3496: Fix calling of get_acl_group_bits().Günther Deschner1-1/+1
Guenther (This used to be commit 3acc74eef5dae16d7e2792206640904265c42494)
2007-10-10r3296: Fix to ensure entries are stored in correct order. Bug #1498. Patch fromJeremy Allison1-2/+2
SATOH Fumiyasu <fumiya@samba.gr.jp>. Jeremy. (This used to be commit 7e35900bc6894d69f83c99ac6eb260d7cc35683a)
2007-10-10r3117: Fix from Tom Lackemann <cessnatomny@yahoo.com> for bug #1954.Jeremy Allison1-3/+6
Memory leak in posix acl code. Jeremy. (This used to be commit c97aab7ee6bf1f385b445b4b0eb0e1df7e9a56f5)
2007-10-10r1681: Ensure we return the same ACL revision on the wire that W2K3 does.Jeremy Allison1-1/+1
Jeremy. (This used to be commit 31505acf033c7d76592bb5b4ef80b29a00658c49)
2007-10-10r1314: Restore the 2.2 'force unknown acl user' parameter. When getting a ↵Volker Lendecke1-19/+23
security descriptor for a file, if the owner sid is not known, the owner uid is set to the current uid. Same for group sid. This makes xcopy /o possible for files that are owned by local users/groups (local administrators for example). Thanks to Guenther for his persistence :-) Volker (This used to be commit 80e57d27909a9a1edad962e3f43c2178d2da2a92)
2007-10-10r786: Memory leak fixes in (mostly) error code paths fromJeremy Allison1-1/+3
kawasa_r@itg.hitachi.co.jp. A couple of mem leak fixes in mainline code paths though :-). Jeremy. (This used to be commit 4695cc95fe576b6da0d0cb0686f208fc306b2646)
2007-10-10r428: add acls debug classHerb Lewis1-0/+3
(This used to be commit b7703799f8899affda205eacb0bf79cf8e2b9362)
2007-10-10r50: Fix bug 1139 as per fix suggested by jdev@panix.com,Jeremy Allison1-3/+3
swap lookups for user and group - group will do an algorithmic lookup if it fails, user won't. Jeremy. (This used to be commit a205c56a75c93c82796fd68687e8c0db26459073)
2004-04-02Added per-share parameter "store dos attributes". When set, will storeJeremy Allison1-1/+1
dos attributes in an EA. Based on an original patch from tridge, but modified somewhat to cover all cases. Jeremy. (This used to be commit ed653cd468213e0be901bc654aa3748ce5837947)
2004-03-31Added support for OS/2 EA's in smbd server. Test with smbtorture eatest.Jeremy Allison1-2/+0
New protocol option "ea support" to turn them on (off by default). Conrad at Apple may like this as it allows MacOS resource forks to be stored on a file. Passes valgrind. Documentation to follow. Jeremy. (This used to be commit 8cc10a6c0550c017a62e8a3790afd2172d173e00)