| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This simply linearlises the SMB_ACL_T (default and access acl for
directories) and the file owner, group and mode into a blob.
It will be useful for an improved vfs_acl_common.c that uses this sets
that, rather than the hash of the NT ACL, in the xattr
This will in turn insulate the stored hash from changes in the ACL
mapping.
Andrew Bartlett
|
|
This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().
As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.
Andrew Bartlett
|
|
This changes from allocation on NULL to allocation on the supplied
memory context.
Currently that supplied context is talloc_tos() at the the final consumer of
the ACL.
Andrew Bartlett
|
|
they are different so should go through a mapping function. Ensure this is so.
Practically this does not matter, as for user permissions the mapping
function is an identity, and the extra bits we may add are ignored
anyway, but this makes the intent clear.
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 6 03:04:14 CEST 2012 on sn-devel-104
|
|
makes the logic clearer.
|
|
|
|
lp_security_mask/lp_force_security_mode/lp_dir_security_mask/lp_force_dir_security_mode
and replace with the normal masks. Now these parameters can be removed.
|
|
and SMB_ACL_GROUP entries.
|
|
|
|
|
|
|
|
Instead, this is just handled with realloc in sys_acl_create_entry()
This allows us to remove the size element from the SMB_ACL_T.
Andrew Bartlett
|
|
I need to get at the owner, group, DACL and SACL when testing correct
ACL storage.
Andrew Bartlett
|
|
This is required because the functions it calls use talloc_tos().
Andrew Bartlett
|
|
This is no longer a VFS call, so will no longer fail in this way.
Andrew Bartlett
|
|
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Aug 15 05:23:18 CEST 2012 on sn-devel-104
|
|
|
|
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
|
|
As the test for a valid posix ACL is based on the unix uid/gid only appearing once in the ACL
the merge process also needs to be UID/GID based.
This is a problem when we have multiple builtin groups mapped to the same POSIX group
as happens in a Samba4 provision.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
This is consistent with the rest of Samba which uses this structure to represent
a unix uid or gid.
World values remain represented by the owner_type being WORLD_ACE in the containing
structure. A -1 value is filled in to the unixid.id in the same way the .world value
was initialised in the union.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
posix_acls
When a user owns a file, but does not have specific permissions on that file, we need to
make up the user permissions. This change ensures that the first thing that we do
is to look up the SID, and confirm it is a user. Then, we avoid the getpwnam()
and directly create the token via the SID.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
This is in preperation for the parameter table being made common.
Andrew Bartlett
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
|
|
This is in preparation of changing fnum to uint64_t
Signed-off-by: Stefan Metzmacher <metze@samba.org>
|
|
ID_TYPE_BOTH The GID ACL entry is what will be mapped in most cases, and so is sufficient.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Thu May 17 05:08:44 CEST 2012 on sn-devel-104
|
|
This code is to ensure that the user does not loose rights when their file
ownership is taken away. If the owner (an IDMAP_BOTH SID) appears as a group
then a duplicate user is not required.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
ownership This will allow groups, such as domain administrators, to own files while correctly handling the rest of the ACL permissions.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
add_current_ace_to_acl() in order for there to be more posix ACL elements than NT ACL elements (so a group SID can own a file, but also get the group permissions that will be honoured)
Andrew Bartlett
Slightly modified by Jeremy to reduce diff size.
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
but must own the file. Based on an original patch by Andrew Bartlett.
|
|
This might happen when we get a SID mapped to IDMAP_BOTH.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
|
|
The issue was a simple copy and paste bug, which casued a duplicate SMB_ACL_GROUP
to be added when we already had one.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed May 9 13:17:29 CEST 2012 on sn-devel-104
|
|
bit with the acl_xattr module.
Error found by Andrew Bartlett <abartlet@samba.org> and Ricky Nance
<ricky.nance@weaubleau.k12.mo.us>.
Don't use a pointer when you really mean a bool flag.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Mar 13 21:56:15 CET 2012 on sn-devel-104
|
|
SMB_ACL_USER_OBJ ACE (the owner ACE entry) has a duplicate
permission entry as an SMB_ACL_USER, and a gid for a
SMB_ACL_GROUP_OBJ ACE (the primary group ACE entry) also has
a duplicate permission entry as an SMB_ACL_GROUP. If not,
then if the ownership or group ownership of this file or
directory gets changed, the user or group can lose their
access.
|
|
|
|
This will make the second tweak to the ACL mapping on set easier.
|
|
|
|
from a DACL
Reported by David Disseldorp. Fix based on a patch by David.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Nov 29 22:32:27 CET 2011 on sn-devel-104
|
