Age | Commit message (Collapse) | Author | Files | Lines |
|
- honor the change ownership requests of acl set, changing the underlying
unix owner/group
- fix the access mask on file create with SEC_FLAG_MAXIMUM_ALLOWED
(This used to be commit 5761fa35ab727b51ef1b52459911bafbdd788755)
|
|
metze
(This used to be commit c44f4d44b51789916e50c9da93046d0a15245edc)
|
|
and debug privileges
metze
(This used to be commit c981808ed4cfa63c7ba7c4f9190b6b14f74bab40)
|
|
This was being done
in the full ACL code, but not in the unix access check code, which meant that qfileinfo
was failing for some parameters
(This used to be commit 96d017e521f5a996a7a274682838855d077834bc)
|
|
not the child!
(This used to be commit 30b4c20b1c9aea94dd2a0611b58860797d244e5a)
|
|
is always in the same directory
(This used to be commit babf3480a4c29ce28d9a4525c4174a3d765dcbab)
|
|
query/set levels
(This used to be commit 75e7229476e1af6ab78fa5b41a7bb67df8e3d2dd)
|
|
now have acl checking,
and obey the various inheritance rules.
(This used to be commit 5fe51807d6b97e68b65f152c0f405e5c5a025d21)
|
|
1, otherwise
the xattrs of the remaining link are removed
- fix the handling of attribute set on directories
(This used to be commit fa44e3cce00b75656c85378c7825960540d2f282)
|
|
(This used to be commit b44d4d17df8af4941740e5d5e0842ca01d8f403c)
|
|
file and directory creation via ntcreatex. pvfs now passes the
inheritance test in RAW-ACLS
- cleaned up the error handling a bit in pvfs_open()
(This used to be commit f4dfb63d5395a365961a21388639809fcd3112d0)
|
|
(This used to be commit 16967f7502ea6d2efa0fc08decc955a1516c3a02)
|
|
(This used to be commit f25c469693517ed993e0379d8b07cd7eb235a669)
|
|
(This used to be commit c66b5a100c1b83adf034087fe2ce49fc77d84161)
|
|
sensible.
(This used to be commit b2e29756c2084f11d841d027e7d32952daae18d0)
|
|
(This used to be commit 89845388ea82d9bfbdc6ca8da40f47437a270400)
|
|
level. This is quite a strange level that we've never seen before, but
is used by the os2 workplace shell.
note w2k screws up this level when unicode is negotiated, so it only
passes the RAW-SEARCH test when you force non-unicode
(This used to be commit 25189b8fbf6515d573e3398dc9fca56505dc37b9)
|
|
pvfs was not correct. This should fix a xcopy bug on OS/2.
(This used to be commit 7251f1fcdd8980e9c49a58e665374025e07bb8d0)
|
|
level. Interestingly, this level did now show up on our trans2 scanner
previously as we didn't have the FLAGS2_EXTENDED_ATTRIBUTES bit set in
the client code. Now that we set that bit, new levels appear in
windows servers.
(This used to be commit 0b76d405a73e924dc2706f28bbf1084a59c9b393)
|
|
(This used to be commit 795897b64f3c63baaf53a36eb1611293c2fd8974)
|
|
to beat race
conditions in the tdb xattr backend
(This used to be commit 3ac840159881ce6eeac27ff0dc324e4d6ac0a70a)
|
|
setfileinfo allows
for multiple EAs to be set at once. This fixes all the ea code to allow for that.
(This used to be commit b26828bef5d55e5eef0e34a164e76292df45e207)
|
|
attributes (streams, EAs, NT ACLs, timestamps etc) to be used on
filesystems that don't support xattrs. It also allows for large
streams, although they are very inefficient.
I won't enable this by default, as I really wrote it as a way of
testing large stream support while still using ext3, but perhaps with
a bit more work this could be generally usable.
To enable this use:
posix:eadb = /home/test/myeas.tdb
(This used to be commit 0c927d912cb65754351189d3a0442004a14aa5c6)
|
|
empty EAs as being of size 4, not size 0
(This used to be commit 76bd6476785e4145437768caa702c01a7801590e)
|
|
uid->sid and gid->sid
(This used to be commit 590e1a91bfc719c2d84a9a066fb4e0308b6d9803)
|
|
(This used to be commit 7d981c29c28391813c7f93245f64b3ee108378a4)
|
|
to kukks on #samba-technical for the sniffs that allowed me to work
this out
- much simpler ntvfs open generic mapping code
- added t2open create with EA torture test to RAW-OPEN test
(This used to be commit a56d95ad89b4f32a05974c4fe9a816d67aa369e3)
|
|
back to filenames that have been deleted. This fixes the new os/2
delete test.
(This used to be commit 6d471db13ab132655a07e11533a559446e56fc00)
|
|
(This used to be commit ae14905d9522dbdc1709ef110b9933adcb740a26)
|
|
again to kukks for the excellent and detailed bug report
(This used to be commit 7dfffe4ac0d6858ae6848708df1baa11a6819680)
|
|
this to be right.
(This used to be commit e22de9734f66bee3c9eaf8191fcae9fb06a0034f)
|
|
this is mostly just a tidyup, but also adds the privilege_mask, which
I will be using shortly in ACL checking.
note that I had to move the definition of struct security_token out of
security.idl as pidl doesn't yet handle arrays of pointers, and the
usual workaround (to use a intermediate structure) would make things
too cumbersome for this structure, especially given we never encode it
to NDR.
(This used to be commit 7b446af09b8050746bfc2c50e9d56aa94397cc1a)
|
|
(This used to be commit 6da058a28ba44a02964d375c9e390fbd472bc2b6)
|
|
though - I expect we'll need to tweak that some more.
(This used to be commit e3500811b90b8423ee7694609340f394957d1160)
|
|
(This used to be commit 35ca4e1e81c5d927238e90d0c6c09987c11b5d35)
|
|
test. Also added generic mapping bits for pvfs. We don't pass RAW-ACLS
yet, but its close.
(This used to be commit c7cbd966d49a5345ea326732587555d209c531fc)
|
|
(This used to be commit eec698254f67365f27b4b7569fa982e22472aca1)
|
|
(This used to be commit b0f6e21481745d1b2ced28d9ed6f09f6ffd99562)
|
|
(This used to be commit 80d15fa3402a9d1183467463f6b21c0b674bc442)
|
|
in my compile
(This used to be commit 0928b1f5b68c858922c3ea6c27ed03b5091c6221)
|
|
This removes the duplicate named SEC_RIGHTS_MAXIMUM_ALLOWED and
SEC_RIGHTS_FULL_CONTROL, which are just other names for
SEC_FLAG_MAXIMUM_ALLOWED and SEC_RIGHTS_FILE_ALL. The latter names
match the new naming conventions in security.idl
Also added names for the generic->specific mappings for files are
directories
(This used to be commit 17a4e0b3aca227b40957ed1e0c57e498debc6ddf)
|
|
work out some way to do a decent test suite for this.
(This used to be commit 9a9a0d0e791e4b64f0a35c921729e623b977af47)
|
|
definitions for security access masks, in security.idl
The previous definitions were inconsistently named, and contained many
duplicate and misleading entries. I kept finding myself tripping up
while using them.
(This used to be commit 01c0fa722f80ceeb3f81f01987de95f365a2ed3d)
|
|
(This used to be commit 01e89697fe837ee76fedda149e1e2b389a7d3889)
|
|
easier
(This used to be commit 54209ed05686a442156f7927c58d8656aa5e4900)
|
|
id->sid mapping
(This used to be commit e61140510905b6bbe57ad35dad8e4dd68d1f6bd8)
|
|
better default NT ACL in pvfs
(This used to be commit 9ff6ecbdb6c08528193f7958d7ea7d9a8df6defd)
|
|
our local domain. Note that this linear mapping does not suffer from
the "foreign sid" problems of the linear mappings we have previously
rejected for the sid->uid problem.
the mapping allows for 1 billion automatically allocated users or
groups for the local domain.
(This used to be commit 8f573439753e2a425305936107442c85cffb9369)
|
|
(This used to be commit 052d91c59f177851b5e0e53c8a033bdd28702f64)
|
|
subsystem. This is in preparation for adding better default ACL
generation in pvfs, which will require uid/gid -> sid mapping.
(This used to be commit b31108e49247495d98cf7c12ee303b12a9e44e92)
|