summaryrefslogtreecommitdiff
path: root/source3/smbd/posix_acls.c
AgeCommit message (Collapse)AuthorFilesLines
2010-09-11s3-privs Convert from user_has_privileges() -> security_token_has_privilege()Andrew Bartlett1-4/+2
This new call is available in the merged privileges code, and takes an enum as the parameter, rather than a bitmask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
2010-06-10s3-smbd: Fix typo in comment.Karolin Seeger1-1/+1
Karolin
2010-06-03s3-security: remove duplicate Extra W2K flags.Günther Deschner1-1/+1
Guenther
2010-06-03s3-security: use shared SECINFO_DACL define.Günther Deschner1-6/+6
Guenther
2010-06-03s3-security: use shared SECINFO_GROUP define.Günther Deschner1-2/+2
Guenther
2010-06-03s3-security: use shared SECINFO_OWNER define.Günther Deschner1-2/+2
Guenther
2010-06-03s3-security: remove some more shared secdesc defines.Günther Deschner1-3/+3
Guenther
2010-05-21s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett1-19/+19
This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
2010-05-18s3-secdesc: remove "typedef struct security_descriptor SEC_DESC".Günther Deschner1-16/+17
Guenther
2010-05-18s3-secdesc: remove "typedef struct security_acl SEC_ACL".Günther Deschner1-2/+2
Guenther
2010-05-18s3-secdesc: remove "typedef struct security_ace SEC_ACE".Günther Deschner1-14/+14
Guenther
2010-03-24Fix valgrind warning when source and dest stat are identical.Jeremy Allison1-1/+3
Jeremy.
2010-03-15Switch over to using get_currect_XXX() accessor functions.Jeremy Allison1-13/+15
Jeremy.
2010-03-15Pass "connection_struct *conn" into functions that currently use ↵Jeremy Allison1-18/+20
"current_user.XXX" Will allow me to replace them with accessor functions. Jeremy.
2010-03-15Rever e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 "Remove more uses of "extern ↵Jeremy Allison1-35/+31
struct current_user current_user;"." As requested by Volker, split this into smaller commits. Jeremy.
2010-03-12Remove more uses of "extern struct current_user current_user;".Jeremy Allison1-31/+35
Use accessor functions to get to this value. Tidies up much of the user context code. Volker, please look at the changes in smbd/uid.c to familiarize yourself with these changes as I think they make the logic in there cleaner. Cause smbd/posix_acls.c code to look at current user context, not stored context on the conn struct - allows correct use of these function calls under a become_root()/unbecome_root() pair. Jeremy.
2010-02-10s3-smbd: update to use new DLIST macrosAndrew Tridgell1-2/+2
(cherry picked from commit 365b408c458c848a818637d9b36a0423aeb1ba54)
2010-01-12Fix bug #6876 - Delete of an object whose parent folder does not have delete ↵Jeremy Allison1-3/+4
rights fails even if the delete right is set on the object. Final fix for the vfs_acl_xattr and vfs_acl_tdb code. Ensure we can delete a file even if the underlying POSIX permissions don't allow it, if the Windows permissions do. Jeremy.
2010-01-08Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"Jeremy Allison1-0/+3
This bug re-occurred for 3.3.x and above. The reason is that to change a NT ACL we now have to open the file requesting WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions in posix_acls doesn't add these bits when "dos filemode = yes", so even though the permission or owner change would be allowed by the POSIX ACL code, the NTCreateX call fails with ACCESS_DENIED now we always check NT permissions first. Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access. Jeremy.
2009-12-23The posix acl version of set_nt_acl() could set the stat_exJeremy Allison1-7/+15
struct in the fsp->fsp_name pointer incorrectly for a directory. Fix this. Make map_canon_ace_perms() public. Jeremy.
2009-11-18s3: Replace some create_synthetic_smb_fname() callsVolker Lendecke1-18/+10
In very hot codepaths like the statcache copy_smb_filename and the subsequent recursive talloc_free is noticable in the CPU load.
2009-11-12Fix bug 6891 - using windows explorer to change ownership on a folder fails ↵Jeremy Allison1-1/+11
with Bad File Descriptor. Jeremy.
2009-11-11Fix bug 6878 - Cannot change ACL's inherit flag.Jeremy Allison1-44/+108
Based on a patch submitted by Tsukasa Hamano <hamano@osstech.co.jp>, this is a change in the POSIX ACL mapping to deal with the lossy mapping for directory ACE entries: We have a lossy mapping: directory ACE entries CREATOR_OWNER ------\ (map to) +---> SMB_ACL_USER_OBJ owning sid ------/ CREATOR_GROUP ------\ (map to) +---> SMB_ACL_GROUP_OBJ primary group sid --/ on set. And on read of a directory ACL SMB_ACL_USER_OBJ ----> CREATOR_OWNER SMB_ACL_GROUP_OBJ ---> CREATOR_GROUP. Deal with this on set by duplicating owning sid and primary group sid ACE entries into the directory ACL. Jeremy.
2009-11-06Fix bug 6841 - "map acl inherit = yes" not working.Jeremy Allison1-8/+29
The code to read the new V2 SAMBA_PAI entries had two errors. Jeremy.
2009-10-02Remove lots of duplicate code and move it into oneJeremy Allison1-26/+6
function vfs_stat_fsp(). Stops code looking at fsp->posix_open except for exceptional circumstances. Jeremy.
2009-10-02Missed one VFS_STAT -> VFS_LSTATJeremy Allison1-1/+1
Jeremy.
2009-10-02Fix more use of VFS_STAT when posix pathnames selected.Jeremy Allison1-18/+44
Jeremy.
2009-08-07s3:smbd: conn_free_internal() can be static nowStefan Metzmacher1-4/+4
metze
2009-08-06Remove a const warning.Jeremy Allison1-1/+1
Jeremy.
2009-07-22s3: Convert some callers of vfs_stat_smb_fname to SMB_VFS_STAT()Tim Prouty1-6/+18
2009-07-20s3: Change fsp->fsp_name to be an smb_filename struct!Tim Prouty1-134/+113
2009-07-08s3: Plumb smb_filename through dos_mode() and related funtionsTim Prouty1-98/+162
2009-07-08s3: convert unix_mode to take an smb_filenameTim Prouty1-4/+17
2009-06-25s3 file_access: Convert some more functions over to use smb_filneameTim Prouty1-1/+13
2009-06-24s3: Plumb smb_filename through SMB_VFS_STAT and SMB_VFS_LSTATTim Prouty1-5/+8
This patch introduces two new temporary helper functions vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me to call the new smb_filename version of stat, while avoiding plumbing it through callers that are still too inconvenient. As the conversion moves along, I will be able to remove callers of this, with the goal being to remove all callers. There was also a bug in create_synthetic_smb_fname_split (also a temporary utility function) that caused it to incorrectly handle filenames with ':'s in them when in posix mode. This is now fixed.
2009-06-18acl_group_override() doesn't need to call stat. Pass thisJeremy Allison1-28/+17
down from above (as const). Jeremy.
2009-06-18Add some const to the stat struct in the dosmode calls.Jeremy Allison1-9/+22
Fix a couple more unix_convert uses to filename_convert. Fix bug in acl_group_override() where an uninitialized struct could be used. Move unix_convert with wildcard use in SMBsearch reply to boilerplate code. Jeremy.
2009-06-12s3: Plumb smb_filename through SMB_VFS_CREATE_FILETim Prouty1-4/+11
2009-06-10s3: Remove unused stat structs being passed to SMB_VFS_CREATE_FILETim Prouty1-4/+1
2009-05-26Introduce "struct stat_ex" as a replacement for SMB_STRUCT_STATVolker Lendecke1-29/+29
This patch introduces struct stat_ex { dev_t st_ex_dev; ino_t st_ex_ino; mode_t st_ex_mode; nlink_t st_ex_nlink; uid_t st_ex_uid; gid_t st_ex_gid; dev_t st_ex_rdev; off_t st_ex_size; struct timespec st_ex_atime; struct timespec st_ex_mtime; struct timespec st_ex_ctime; struct timespec st_ex_btime; /* birthtime */ blksize_t st_ex_blksize; blkcnt_t st_ex_blocks; }; typedef struct stat_ex SMB_STRUCT_STAT; It is really large because due to the friendly libc headers playing macro tricks with fields like st_ino, so I renamed them to st_ex_xxx. Why this change? To support birthtime, we already have quite a few #ifdef's at places where it does not really belong. With a stat struct that we control, we can consolidate the nanosecond timestamps and the birthtime deep in the VFS stat calls. At this moment it is triggered by a request to support the birthtime field for GPFS. GPFS does not extend the system level struct stat, but instead has a separate call that gets us the additional information beyond posix. Without being able to do that within the VFS stat calls, that support would have to be scattered around the main smbd code. It will very likely break all the onefs modules, but I think the changes will be reasonably easy to do.
2009-05-08Expand the comment explaining why user_in_group_sid isJeremy Allison1-1/+6
not reliable for winbindd users from foreign domains. Jeremy.
2009-05-08s3:smbd: fix posix acls when setting an ACL without explicit ACE for the ↵Stefan Metzmacher1-3/+18
owner (bug#2346) The problem of bug #2346 remains for users exported by winbindd, because create_token_from_username() just fakes the token when the user is not in the local sam domain. This causes user_in_group_sid() to give totally wrong results. In uid_entry_in_group() we need to check if we already have the full unix token in the current_user struct. If so we should use the current_user unix token, instead of doing a very complex user_in_group_sid() which doesn't give reliable results anyway. metze
2009-04-22Fix profile acls in some corner casesSimo Sorce1-3/+18
Always add back the real original owner of the directory in the ACE List after we steal its ACE for the Administrators group.
2009-04-22Avoid duplicate acesSimo Sorce1-7/+48
When adding arbitrary aces to an nt_ace_list we need to make sure we are not actually adding a duplicate. add_or_replace_ace() takes care of doing the right thing.
2009-02-23More warning fixes for Solaris.Jeremy Allison1-26/+26
Jeremy.
2009-02-05Don't try and delete a default ACL from a file.Günter Kukkukk1-4/+8
2009-01-29Upgrade POSIX inheritance storage to a new format (version 2). StoresJeremy Allison1-200/+360
the Windows ACL type and flags if "map acl inherit" is set. Jeremy.
2009-01-22Fix logic error in try_chown - we shouldn't arbitrarily chownJeremy Allison1-6/+9
to ourselves unless that was passed in. Jeremy.
2009-01-22Second part of the attemt to fix #4308 - Excel save operation corrupts file ↵Jeremy Allison1-131/+144
ACLs. If the chown succeeds then the ACL set should also. Ensure this is the case (refactor some of this code to make it simpler to read also). Jeremy.
2009-01-22Another attempt to fix bug #4308 - Excel save operation corrupts file ACLs.Jeremy Allison1-25/+4
Simo is completely correct. We should be doing the chown *first*, and fail the ACL set if this fails. The long standing assumption I made when writing the initial POSIX ACL code was that Windows didn't control who could chown a file in the same was as POSIX. In POSIX only root can do this whereas I wasn't sure who could do this in Windows at the time (I didn't understand the privilege model). So the assumption was that setting the ACL was more important (early tests showed many failed ACL set's due to inability to chown). But now we have privileges in smbd, and we must always fail an ACL set when we can't chown first. The key that Simo noticed is that the CREATOR_OWNER bits in the ACL incoming are relative to the *new* owner, not the old one. This is why the old user owner disappears on ACL set - their access was set via the USER_OBJ in the creator POSIX ACL and when the ownership changes they lose their access. Patch is simple - just ensure we do the chown first before evaluating the incoming ACL re-read the owners. We already have code to do this it just wasn't rigorously being applied. Jeremy.