summaryrefslogtreecommitdiff
path: root/source4/ntvfs/posix/pvfs_acl.c
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r15774: take care of the SYSTEM_SECURITY flagStefan Metzmacher1-1/+7
metze (This used to be commit 98f58d710a4fe1cd3581b1fb25c4f0c0236b5092)
2007-10-10r15118: - do access checks also when the owner and group are not changedStefan Metzmacher1-19/+28
- only call chown/fchown when we want to change something metze (This used to be commit 46b3096d938331a2339a876649bc6cbfec883cb2)
2007-10-10r15071: fix typoStefan Metzmacher1-1/+1
metze (This used to be commit fde8922947551f5f7d50607c5c83feba062138c8)
2007-10-10r15069: - don't crash on a NULL aclStefan Metzmacher1-1/+9
- add the correct access checks for changing sd->group and sd->dacl metze (This used to be commit 2a61f65cd4084bf690caccf87efaf46551a13aee)
2007-10-10r14860: create libcli/security/security.hStefan Metzmacher1-1/+1
metze (This used to be commit 9ec706238c173992dc938d537bdf1103bf519dbf)
2007-10-10r14487: split smbsrv_request into two parts, one will be moved to ntvfs_requestStefan Metzmacher1-1/+1
but I don't to get the commit to large, to I'll do this tomorrow... metze (This used to be commit 10e627032d7d04f1ebf6efed248c426614f5aa6f)
2007-10-10r14464: Don't include ndr_BASENAME.h files unless strictly required, insteadJelmer Vernooij1-1/+1
try to include just the BASENAME.h files (containing only structs) (This used to be commit 3dd477ca5147f28a962b8437e2611a8222d706bd)
2007-10-10r14173: change smb interface structures to always useStefan Metzmacher1-1/+1
a union smb_file, to abtract - const char *path fot qpathinfo and setpathinfo - uint16_t fnum for SMB - smb2_handle handle for SMB2 the idea is to later add a struct ntvfs_handle *ntvfs so that the ntvfs subsystem don't need to know the difference between SMB and SMB2 metze (This used to be commit 2ef3f5970901b5accdb50f0d0115b5d46b0c788f)
2007-10-10r14157: - pass a struct ntvfs_request to the ntvfs layerStefan Metzmacher1-9/+9
(for now we just do #define ntvfs_request smbsrv_request, but it's the first step...) - rename ntvfs_openfile() -> ntvfs_open() - fix the talloc hierachie in some places in the ntvfs_map_*() code metze (This used to be commit ed9ed1f48f602354810937c0b0de850b44322191)
2007-10-10r13924: Split more prototypes out of include/proto.h + initial work on headerJelmer Vernooij1-0/+1
file dependencies (This used to be commit 122835876748a3eaf5e8d31ad1abddab9acb8781)
2007-10-10r6342: fixed a bad union assumption that caused ACLs to fail on 64 bit machinesAndrew Tridgell1-1/+1
Thanks to lars and agruen for finding this (This used to be commit 2acc06918574b1178eecf3d61026f84f85bb40e1)
2007-10-10r5298: - got rid of pstring.h from includes.h. This at least makes it a bitAndrew Tridgell1-1/+0
less likely that anyone will use pstring for new code - got rid of winbind_client.h from includes.h. This one triggered a huge change, as winbind_client.h was including system/filesys.h and defining the old uint32 and uint16 types, as well as its own pstring and fstring. (This used to be commit 9db6c79e902ec538108d6b7d3324039aabe1704f)
2007-10-10r5050: make sure we translate the generic to the specific bits before doing aAndrew Tridgell1-5/+4
pvfs_access_check_unix(). Fixes a problem with the cifsfs filesystem (This used to be commit 8ebc61a2297176515d767ef0f67ec912293ab905)
2007-10-10r5037: got rid of all of the TALLOC_DEPRECATED stuff. My apologies for theAndrew Tridgell1-4/+4
large commit. I thought this was worthwhile to get done for consistency. (This used to be commit ec32b22ed5ec224f6324f5e069d15e92e38e15c0)
2007-10-10r4615: added acl checking on directory search in pvfsAndrew Tridgell1-4/+5
(This used to be commit 0e61a422bd9a1596a284c176f033e958bbeaa8ce)
2007-10-10r4595: on create check access against parent not child ...Andrew Tridgell1-2/+2
(This used to be commit 5a1a17d3fc771b1e1c61297067f38c87901891d3)
2007-10-10r4584: fix pvfs backend to pass the new enhanced RAW-ACLS test. Easy once I ↵Andrew Tridgell1-2/+32
really the strange behaviour I saw was a w2k3 bug :-) (This used to be commit e729061bcde25d0565a72222e4720ca8074ef23f)
2007-10-10r4501: when copying files it is common for clients to copy the ACL. When theAndrew Tridgell1-2/+8
ACL is the default ACL this menas the copied file would have an xattr but the original would not. Avoid this by checking if the ACL being set is the original ACL, and avoid the copy. (This used to be commit 1df985a49b200a41eed39023aa668afb233f2e53)
2007-10-10r4464: added pvfs backend support for the special CREATOR_OWNER and ↵Andrew Tridgell1-1/+37
CREATOR_GROUP inheritance rules (This used to be commit 0a29fb45c310b4b8c348d187b8ff1833deaac6c3)
2007-10-10r4448: - fixed access_mask checking on acl setAndrew Tridgell1-2/+36
- honor the change ownership requests of acl set, changing the underlying unix owner/group - fix the access mask on file create with SEC_FLAG_MAXIMUM_ALLOWED (This used to be commit 5761fa35ab727b51ef1b52459911bafbdd788755)
2007-10-10r4412: SEC_FILE_READ_ATTRIBUTE is always granted, even if not requested. ↵Andrew Tridgell1-0/+2
This was being done in the full ACL code, but not in the unix access check code, which meant that qfileinfo was failing for some parameters (This used to be commit 96d017e521f5a996a7a274682838855d077834bc)
2007-10-10r4411: when checking for create permissions, we need to check the parent, ↵Andrew Tridgell1-1/+1
not the child! (This used to be commit 30b4c20b1c9aea94dd2a0611b58860797d244e5a)
2007-10-10r4408: added the remaining access check hooks into pvfs. All calls should ↵Andrew Tridgell1-0/+21
now have acl checking, and obey the various inheritance rules. (This used to be commit 5fe51807d6b97e68b65f152c0f405e5c5a025d21)
2007-10-10r4403: - added ACL inheritance in the pvfs backend. ACLs are now inherited onAndrew Tridgell1-1/+163
file and directory creation via ntcreatex. pvfs now passes the inheritance test in RAW-ACLS - cleaned up the error handling a bit in pvfs_open() (This used to be commit f4dfb63d5395a365961a21388639809fcd3112d0)
2007-10-10r4391: bring the default ACL inline with what w2k3 usesAndrew Tridgell1-72/+37
(This used to be commit 16967f7502ea6d2efa0fc08decc955a1516c3a02)
2007-10-10r4314: added ACL checking on unlinkAndrew Tridgell1-0/+13
(This used to be commit f25c469693517ed993e0379d8b07cd7eb235a669)
2007-10-10r4205: fixed the default acl mapping from posix permissions to use the mappedAndrew Tridgell1-33/+33
uid->sid and gid->sid (This used to be commit 590e1a91bfc719c2d84a9a066fb4e0308b6d9803)
2007-10-10r4147: converted from NT_USER_TOKEN to struct security_tokenAndrew Tridgell1-1/+1
this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2007-10-10r4056: modified the access check code based on results from RAW-ACLSAndrew Tridgell1-0/+41
test. Also added generic mapping bits for pvfs. We don't pass RAW-ACLS yet, but its close. (This used to be commit c7cbd966d49a5345ea326732587555d209c531fc)
2007-10-10r4035: more effort on consistent naming of the access mask bits.Andrew Tridgell1-1/+1
This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and SEC_RIGHTS_FULL_CONTROL, which are just other names for SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names match the new naming conventions in security.idl Also added names for the generic->specific mappings for files are directories (This used to be commit 17a4e0b3aca227b40957ed1e0c57e498debc6ddf)
2007-10-10r4026: added NT ACL checking on pvfs_open() for existing files. I need toAndrew Tridgell1-2/+78
work out some way to do a decent test suite for this. (This used to be commit 9a9a0d0e791e4b64f0a35c921729e623b977af47)
2007-10-10r4011: get rid of rpc_secdes.h and replace it with a single sane set ofAndrew Tridgell1-40/+40
definitions for security access masks, in security.idl The previous definitions were inconsistently named, and contained many duplicate and misleading entries. I kept finding myself tripping up while using them. (This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
2007-10-10r3995: improved the default ACL mapping from unix permsAndrew Tridgell1-7/+11
(This used to be commit 01e89697fe837ee76fedda149e1e2b389a7d3889)
2007-10-10r3990: take advantage of the uid->sid and gid->sid code to create a muchAndrew Tridgell1-14/+91
better default NT ACL in pvfs (This used to be commit 9ff6ecbdb6c08528193f7958d7ea7d9a8df6defd)
2007-10-10r3836: - fixed the handling of NT_STATUS_BUFFER_TOO_SMALL in nttrans serverAndrew Tridgell1-0/+1
- fixed revision number on default DACL - fixed DACL_PRESENT bit in acl query with these fixes cacls.exe and the GUI ACL editor in w2k both work against pvfs. The GUI editor is slow as it times out looking up the SID -> name mappings. (This used to be commit 4468018cb63fd884920c2b0f5235bded50c6b5db)
2007-10-10r3833: NTACL is a better xattr name than DosAcl (tpot suggested this)Andrew Tridgell1-5/+5
(This used to be commit 17911eea5995c12a2300dd3928612c77f8f0883e)
2007-10-10r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL isAndrew Tridgell1-0/+193
based on the current nttoken, which is completely wrong, but works as a start. The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL union with a version number to allow for future expansion. pvfs does not yet check the ACL for file access. At the moment the ACL is just query/set. We also need to do some RPC work to allow the windows ACL editor to be used. At the moment is queries the ACL fine, but displays an error when it fails to map the SIDs via rpc. (This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)