summaryrefslogtreecommitdiff
path: root/source4/ntvfs/posix
AgeCommit message (Collapse)AuthorFilesLines
2007-10-10r4412: SEC_FILE_READ_ATTRIBUTE is always granted, even if not requested. ↵Andrew Tridgell1-0/+2
This was being done in the full ACL code, but not in the unix access check code, which meant that qfileinfo was failing for some parameters (This used to be commit 96d017e521f5a996a7a274682838855d077834bc)
2007-10-10r4411: when checking for create permissions, we need to check the parent, ↵Andrew Tridgell1-1/+1
not the child! (This used to be commit 30b4c20b1c9aea94dd2a0611b58860797d244e5a)
2007-10-10r4410: pvfs_rename_one() should not check for create permissions, as the renameAndrew Tridgell1-14/+7
is always in the same directory (This used to be commit babf3480a4c29ce28d9a4525c4174a3d765dcbab)
2007-10-10r4409: fixed handling of zero access masks for the POSITION_INFORMATION ↵Andrew Tridgell2-2/+2
query/set levels (This used to be commit 75e7229476e1af6ab78fa5b41a7bb67df8e3d2dd)
2007-10-10r4408: added the remaining access check hooks into pvfs. All calls should ↵Andrew Tridgell6-7/+159
now have acl checking, and obey the various inheritance rules. (This used to be commit 5fe51807d6b97e68b65f152c0f405e5c5a025d21)
2007-10-10r4406: - don't call the xattr unlink hook on unlink unless the link count is ↵Andrew Tridgell2-9/+9
1, otherwise the xattrs of the remaining link are removed - fix the handling of attribute set on directories (This used to be commit fa44e3cce00b75656c85378c7825960540d2f282)
2007-10-10r4405: added acl inheritance to the mkdir and t2mkdir backends.Andrew Tridgell1-0/+14
(This used to be commit b44d4d17df8af4941740e5d5e0842ca01d8f403c)
2007-10-10r4403: - added ACL inheritance in the pvfs backend. ACLs are now inherited onAndrew Tridgell3-44/+287
file and directory creation via ntcreatex. pvfs now passes the inheritance test in RAW-ACLS - cleaned up the error handling a bit in pvfs_open() (This used to be commit f4dfb63d5395a365961a21388639809fcd3112d0)
2007-10-10r4391: bring the default ACL inline with what w2k3 usesAndrew Tridgell2-74/+39
(This used to be commit 16967f7502ea6d2efa0fc08decc955a1516c3a02)
2007-10-10r4314: added ACL checking on unlinkAndrew Tridgell5-9/+31
(This used to be commit f25c469693517ed993e0379d8b07cd7eb235a669)
2007-10-10r4313: fixed a bug in handling new xattrs in the tdb xattr backendAndrew Tridgell1-2/+1
(This used to be commit c66b5a100c1b83adf034087fe2ce49fc77d84161)
2007-10-10r4264: fix acl handling on systems without xattr supportAndrew Tridgell1-11/+15
(This used to be commit 89845388ea82d9bfbdc6ca8da40f47437a270400)
2007-10-10r4263: added support for the trans2 RAW_SEARCH_EA_LIST informationAndrew Tridgell2-5/+26
level. This is quite a strange level that we've never seen before, but is used by the os2 workplace shell. note w2k screws up this level when unicode is negotiated, so it only passes the RAW-SEARCH test when you force non-unicode (This used to be commit 25189b8fbf6515d573e3398dc9fca56505dc37b9)
2007-10-10r4262: a sniff from kukks showed that the FILE_ATTRIBUTE_NORMAL handling inAndrew Tridgell2-12/+0
pvfs was not correct. This should fix a xcopy bug on OS/2. (This used to be commit 7251f1fcdd8980e9c49a58e665374025e07bb8d0)
2007-10-10r4261: added the RAW_FILEINFO_EA_LIST trans2 qfileinfo and qpathinfoAndrew Tridgell1-6/+52
level. Interestingly, this level did now show up on our trans2 scanner previously as we didn't have the FLAGS2_EXTENDED_ATTRIBUTES bit set in the client code. Now that we set that bit, new levels appear in windows servers. (This used to be commit 0b76d405a73e924dc2706f28bbf1084a59c9b393)
2007-10-10r4247: two more places that need the unlink hookAndrew Tridgell1-0/+5
(This used to be commit 795897b64f3c63baaf53a36eb1611293c2fd8974)
2007-10-10r4244: add more calls to pvfs_xattr_unlink_hook() on file/dir create, to try ↵Andrew Tridgell1-0/+4
to beat race conditions in the tdb xattr backend (This used to be commit 3ac840159881ce6eeac27ff0dc324e4d6ac0a70a)
2007-10-10r4243: a sniff from kukks showed that the ea_set interface in trans2 ↵Andrew Tridgell3-35/+58
setfileinfo allows for multiple EAs to be set at once. This fixes all the ea code to allow for that. (This used to be commit b26828bef5d55e5eef0e34a164e76292df45e207)
2007-10-10r4242: added support for storing xattrs in a tdb. This allows all advanced NTAndrew Tridgell8-68/+425
attributes (streams, EAs, NT ACLs, timestamps etc) to be used on filesystems that don't support xattrs. It also allows for large streams, although they are very inefficient. I won't enable this by default, as I really wrote it as a way of testing large stream support while still using ext3, but perhaps with a bit more work this could be generally usable. To enable this use: posix:eadb = /home/test/myeas.tdb (This used to be commit 0c927d912cb65754351189d3a0442004a14aa5c6)
2007-10-10r4230: now that we set the FLAGS2_EXTENDED_ATTRIBUTES flag, we should markAndrew Tridgell1-1/+1
empty EAs as being of size 4, not size 0 (This used to be commit 76bd6476785e4145437768caa702c01a7801590e)
2007-10-10r4205: fixed the default acl mapping from posix permissions to use the mappedAndrew Tridgell1-33/+33
uid->sid and gid->sid (This used to be commit 590e1a91bfc719c2d84a9a066fb4e0308b6d9803)
2007-10-10r4182: fixed trans2 mkdir, allowing mkdir with an initial EA listAndrew Tridgell1-0/+52
(This used to be commit 7d981c29c28391813c7f93245f64b3ee108378a4)
2007-10-10r4173: - new t2open code, that can cope with "create with EAs". Many thanksAndrew Tridgell1-36/+0
to kukks on #samba-technical for the sniffs that allowed me to work this out - much simpler ntvfs open generic mapping code - added t2open create with EA torture test to RAW-OPEN test (This used to be commit a56d95ad89b4f32a05974c4fe9a816d67aa369e3)
2007-10-10r4165: added a 100 element name cache to cope with some amount of seekingAndrew Tridgell2-23/+50
back to filenames that have been deleted. This fixes the new os/2 delete test. (This used to be commit 6d471db13ab132655a07e11533a559446e56fc00)
2007-10-10r4163: 2nd attempt at fixing the OS/2 "del *" problemAndrew Tridgell1-6/+0
(This used to be commit ae14905d9522dbdc1709ef110b9933adcb740a26)
2007-10-10r4162: this should fix the delete/findnext problem from OS/2 clients. ThanksAndrew Tridgell2-1/+7
again to kukks for the excellent and detailed bug report (This used to be commit 7dfffe4ac0d6858ae6848708df1baa11a6819680)
2007-10-10r4147: converted from NT_USER_TOKEN to struct security_tokenAndrew Tridgell1-1/+1
this is mostly just a tidyup, but also adds the privilege_mask, which I will be using shortly in ACL checking. note that I had to move the definition of struct security_token out of security.idl as pidl doesn't yet handle arrays of pointers, and the usual workaround (to use a intermediate structure) would make things too cumbersome for this structure, especially given we never encode it to NDR. (This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
2007-10-10r4067: no matches in findnext is not an errorAndrew Tridgell1-5/+0
(This used to be commit 6da058a28ba44a02964d375c9e390fbd472bc2b6)
2007-10-10r4062: the RAW-ACLS test now passes. The SEC_STD_DELETE bit is rather strangeAndrew Tridgell1-0/+10
though - I expect we'll need to tweak that some more. (This used to be commit e3500811b90b8423ee7694609340f394957d1160)
2007-10-10r4056: modified the access check code based on results from RAW-ACLSAndrew Tridgell1-0/+41
test. Also added generic mapping bits for pvfs. We don't pass RAW-ACLS yet, but its close. (This used to be commit c7cbd966d49a5345ea326732587555d209c531fc)
2007-10-10r4037: fixed a bunch of "might be uninitialised" warnings after enabling -O1 ↵Andrew Tridgell1-2/+2
in my compile (This used to be commit 0928b1f5b68c858922c3ea6c27ed03b5091c6221)
2007-10-10r4035: more effort on consistent naming of the access mask bits.Andrew Tridgell1-1/+1
This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and SEC_RIGHTS_FULL_CONTROL, which are just other names for SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names match the new naming conventions in security.idl Also added names for the generic->specific mappings for files are directories (This used to be commit 17a4e0b3aca227b40957ed1e0c57e498debc6ddf)
2007-10-10r4026: added NT ACL checking on pvfs_open() for existing files. I need toAndrew Tridgell2-16/+90
work out some way to do a decent test suite for this. (This used to be commit 9a9a0d0e791e4b64f0a35c921729e623b977af47)
2007-10-10r4011: get rid of rpc_secdes.h and replace it with a single sane set ofAndrew Tridgell5-57/+60
definitions for security access masks, in security.idl The previous definitions were inconsistently named, and contained many duplicate and misleading entries. I kept finding myself tripping up while using them. (This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
2007-10-10r3995: improved the default ACL mapping from unix permsAndrew Tridgell1-7/+11
(This used to be commit 01e89697fe837ee76fedda149e1e2b389a7d3889)
2007-10-10r3990: take advantage of the uid->sid and gid->sid code to create a muchAndrew Tridgell3-14/+97
better default NT ACL in pvfs (This used to be commit 9ff6ecbdb6c08528193f7958d7ea7d9a8df6defd)
2007-10-10r3983: posix:fakeoplocks should default to False, not True !Andrew Tridgell1-1/+1
(This used to be commit 052d91c59f177851b5e0e53c8a033bdd28702f64)
2007-10-10r3982: split out the sid -> uid/gid mapping routines into a ntvfs_sidmapAndrew Tridgell1-4/+2
subsystem. This is in preparation for adding better default ACL generation in pvfs, which will require uid/gid -> sid mapping. (This used to be commit b31108e49247495d98cf7c12ee303b12a9e44e92)
2007-10-10r3939: - added "posix:fakeoplocks" option for testing with oplocks forced onAndrew Tridgell6-24/+88
- added support for sticky write times after a setfileinfo, by using a write_time field in the DosAttrib xattr structure. (This used to be commit 4a52fae82d8305e999f94f1947daa21dab54cdfd)
2007-10-10r3881: Split up the LIBNDR_GEN subsystem into NDR_* and RPC_NDR_* subsystems.Jelmer Vernooij1-0/+1
This reduces the total size of the samba binaries from 119 Mb to 73 Mb. Next step will be to have the build system obtain some of this information by itself, so that we don't have to write ~10 lines per interface manually. (This used to be commit 16d905f6b0cbec591eebc44ee2ac9516a5730378)
2007-10-10r3836: - fixed the handling of NT_STATUS_BUFFER_TOO_SMALL in nttrans serverAndrew Tridgell1-0/+1
- fixed revision number on default DACL - fixed DACL_PRESENT bit in acl query with these fixes cacls.exe and the GUI ACL editor in w2k both work against pvfs. The GUI editor is slow as it times out looking up the SID -> name mappings. (This used to be commit 4468018cb63fd884920c2b0f5235bded50c6b5db)
2007-10-10r3835: - added testing of setting an initial ACL on a file using NTTRANS createAndrew Tridgell1-0/+16
- added support for initial ACLs in pvfs backend (This used to be commit 05ee9179f74d243aa22fa00be7873c5db76a8ad1)
2007-10-10r3834: - fixed XATTR_NTACL_NAMEAndrew Tridgell1-2/+2
- pvfs now passes RAW-ACLS (This used to be commit 2e19edaa4ebc96b3e95e0b55c4fae8eaefd642b2)
2007-10-10r3833: NTACL is a better xattr name than DosAcl (tpot suggested this)Andrew Tridgell2-9/+9
(This used to be commit 17911eea5995c12a2300dd3928612c77f8f0883e)
2007-10-10r3832: added NT ACL query/set to the posix NTVFS backend. The default ACL isAndrew Tridgell6-3/+250
based on the current nttoken, which is completely wrong, but works as a start. The ACL is stored in the xattr system.DosAcl, using a NDR encoded IDL union with a version number to allow for future expansion. pvfs does not yet check the ACL for file access. At the moment the ACL is just query/set. We also need to do some RPC work to allow the windows ACL editor to be used. At the moment is queries the ACL fine, but displays an error when it fails to map the SIDs via rpc. (This used to be commit 3a1f20d874ab2d8b2a2f2485b7a705847abf1263)
2007-10-10r3806: added support to smb_server and pvfs for the NTTRANS Create call. ThisAndrew Tridgell4-5/+31
call has an optional sec_desc and ea_list. (This used to be commit 8379ad14e3d51a848a99865d9ce8d56a301e8a3c)
2007-10-10r3803: fixed detection of xattr supportAndrew Tridgell1-0/+1
(This used to be commit b7e4ec4550dd2d15714784e5fb29789be9ca8623)
2007-10-10r3801: added allocation size rounding. This is needed for ifstest.Andrew Tridgell5-6/+23
(This used to be commit 8a6fa43156667f75e058c7d44b1c15a6cf7067b2)
2007-10-10r3800: - fixed delete-on-close behaviour for streamsAndrew Tridgell2-2/+19
- added a delete-on-close test to RAW-STREAMS - don't allow rename of streams at the moment (I need to work out if its supposed to be allowed first) (This used to be commit f4b2b1311da6e37ac0947a3419d89c77ebbd6b63)
2007-10-10r3799: - added the bit for FS_ATTR_NAMED_STREAMS support into qfsinfo ↵Andrew Tridgell4-2/+19
filesystem attribute reply - pvfs passes the RAW-STREAMS test (This used to be commit c1a48a7542a52df734b54031f405d574e4c891e3)