summaryrefslogtreecommitdiff
path: root/source4/ntvfs
AgeCommit message (Collapse)AuthorFilesLines
2009-10-18s4-pvfs: more fixes for ACLs on file creationAndrew Tridgell1-11/+12
The passed in SD is not used to limit the access mask allowed on file create.
2009-10-18s4-smb2: fixed SMB2 find commandsAndrew Tridgell1-2/+2
The change to check for invalid \ prefix on SMB2 paths broke the internal SMB2 code.
2009-10-18s4-pvfs: change the handling of access checking on createAndrew Tridgell4-60/+124
Previously when a file was created, we produces the resulting access mask based on an ACL check against the parent. This change means we now calculate the inherited ACL much earlier, and produce the resulting access mask from that ACL, or the user supplied ACL.
2009-10-17s4-pvfs: when uwrap is enabled, ignore chown errorsAndrew Tridgell1-0/+3
chown is expected to fail under uwrap
2009-10-17s4-pvfs: don't auto-apply privilege bits in unix acl handling eitherAndrew Tridgell1-7/+11
2009-10-17s4-pvfs: use privileges rather than "uid == 0" in unix access checkAndrew Tridgell1-6/+12
This makes the unix access check much closer to the full ACL check
2009-10-16s4-pvfs: fixed mask handling for SEC_FLAG_MAXIMUM_ALLOWEDAndrew Tridgell1-2/+2
This matches the sec_access_check() code
2009-10-15s4-pvfs: implement root_fid support in posix backendAndrew Tridgell1-0/+15
Construct the filename from the old handle and the new name.
2009-10-15s4-smb: declare root_fid as a file handleAndrew Tridgell1-1/+1
In order to implement root_fid in the s4 SMB server we need to declare it as a handle type, just as for other fnum values in SMB. This required some extensive (but simple) changes in many bits of code.
2009-10-15s4-pvfs: fixed handling of SEC_FLAG_MAXIMUM_ALLOWEDAndrew Tridgell1-1/+1
The CREATEX_ACCESS test shows that this is used as a bit test, not a equality test
2009-10-02s4: fix various warnings (not "const" related ones)Matthias Dieter Wallnöfer1-3/+3
2009-10-02s4:ntvfs Don't attempt to follow NULL in unixuid_setup_security()Andrew Bartlett1-1/+4
This segfault occoured in cases where we rejected (or never attempted) the tree connect, so had an invalid private pointer for the logoff codepath. Andrew Bartlett
2009-09-18s4-pipes: convert pipe names to lowercase and validateAndrew Tridgell1-0/+19
clients may provide arbitrary names, but we only want lowercase alnum names
2009-09-18s4:ntvfs_ipc: add real named pipe supportStefan Metzmacher2-236/+652
We now open a named via the named_pipe_auth code and process IO via the tstream interface. This means we support byte mode and message mode named pipes. We also correctly issue NT_STATUS_PIPE_BUSY when a smb_trans request comes in and a read or smb_trans is already pending. We also have support for async dcerpc over ncacn_np now, and we now can remove the ncacn_np specific hacks from the rpc_server/ code. metze
2009-09-08s4: fixed some shadowed variable warningsAndrew Tridgell3-9/+9
2009-08-12no need to shout about getting an oplockAndrew Tridgell1-1/+1
2009-08-05fixed a problem with group policy writes causing policy corruptionAndrew Tridgell3-4/+48
This bug was caused by two things: 1) in the unix ACL mapping, we were not taking into account group write permssions for the SEC_STD_DELETE flag 2) when a file is created using OVERWRITE mode, a fchmod() would fail if the user is not the file owner. We resolve that by only doing the fchmod() if the mapped file attribute does not match the desired file attribute
2009-08-05fixed the sense of the pvfs_acl uwrap checkAndrew Tridgell1-1/+1
2009-08-05make the UID_WRAPPER skip checks at runtimeAndrew Tridgell1-7/+7
This fixes two issues pointed out by Andrew. It adds a runtime uwrap_enabled() call that wraps the skips needed for uid emulation. It also makes the skip in the directory_create_or_exist() function only change the uid checking code, not the permissions code
2009-08-05added a uid_wrapper libraryAndrew Tridgell2-1/+9
This library intercepts seteuid and related calls, and simulates them in a manner similar to the nss_wrapper and socket_wrapper libraries. This allows us to enable the vfs_unixuid NTVFS module in the build farm, which means we are more likely to catch errors in the token manipulation. The simulation is not complete, but it is enough for Samba4 for now. The major areas of incompleteness are: - no emulation of setreuid, setresuid or saved uids. These would be needed for use in Samba3 - no emulation of ruid changing. That would also be needed for Samba3 - no attempt to emulate file ownership changing, so code that (for example) tests whether st.st_uid matches geteuid() needs special handling
2009-08-04fixed support for readx greater than 64kAndrew Tridgell1-2/+2
This fixes bug 6547, where smbclient in S3 reads more than 64k at a time with readx.
2009-07-19Cosmetic correctionMatthias Dieter Wallnöfer1-1/+1
Changes the order of two commands. First set up the "priv" structure, then assign it to the "ntvfs" structure.
2009-07-15s4:ntvfs/ipc: replace unnesessary talloc_reference() by a simple talloc_strdup()Stefan Metzmacher1-1/+2
metze
2009-07-15s3:ntvfs/posix: avoid unnesessary talloc_reference()Stefan Metzmacher1-1/+4
This caused the panics on the RAW-SETFILEINFO.RENAME test, because we returned an empty strings. The problem was: ERROR: talloc_steal with references at ntvfs/posix/pvfs_setfileinfo.c:215 reference at ntvfs/posix/pvfs_resolve.c:799 metze
2009-06-26Upgrade ntvfs_map_*info to ntvfs_map_async_setup/ntvfs_map_async_finishSam Liddicott1-33/+80
ntvfs_map_fsinfo, ntvfs_map_qpathinfo, ntvfs_map_qfileinfo used an old synchronous mapping technique, acceptable on the grounds that they were only used by the simple vfs which was synchronous. Other vfs may/do use these functions, and by upgrading them to use the ntvfs_map_async_setup/ntvfs_map_async_finish framework, they can now be used asynchronously. Signed-off-by: Sam Liddicott <sam@liddicott.com> Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-06-05fixed handling of change notify buffer overrunsAndrew Tridgell1-2/+9
When the notify buffer overruns and there are no pending notify requests, the notify buffer doesn't actually get destroyed, it just gets put in a state where new notifies are discarded and the next notify change request will return 0 changes.
2009-05-30libwbclient: Add async call framework.Kai Blin1-1/+1
2009-05-20Have ntvfs_connect() accept union smb_tcon *tcon instead of char* sharenameSam Liddicott11-17/+191
This change brings ntvfs_connect into compliance with other ntvfs functions which take an ntvfs module, an ntvfs request and an smb io union. It now becomes the responsibility of ntvfs modules to examine tcon->generic.level themselves and derive the share name and any other options directly; e.g. const char *sharename; switch (tcon->generic.level) { case RAW_TCON_TCON: sharename = tcon->tcon.in.service; break; case RAW_TCON_TCONX: sharename = tcon->tconx.in.path; break; case RAW_TCON_SMB2: default: return NT_STATUS_INVALID_LEVEL; } if (strncmp(sharename, "\\\\", 2) == 0) { char *p = strchr(sharename+2, '\\'); if (p) { sharename = p + 1; } } service.c smbsrv_tcon_backend() is called before ntvfs_connect and fills in some of the tcon->..out values. For the case of RAW_TCON_TCONX, it filles out tcon->tconx.out.tid and tcon->tconx.out.options For the case of RAW_TCON_TCON it fills out tcon->tcon.out.tid and tcon->tcon.out.max_xmit Thus the ntvfs_connect function for vfs modules may override these values if desired, but are not required to. ntvfs_connect functions are required to fill in the tcon->tconx.out.*_type fields, for RAW_TCON_TCONX, perhaps something like: if (tcon->generic.level == RAW_TCON_TCONX) { tcon->tconx.out.fs_type = ntvfs->ctx->fs_type; tcon->tconx.out.dev_type = ntvfs->ctx->dev_type; } Signed-off-by: Sam Liddicott <sam@liddicott.com> (I fixed the ntvfs_connect() in the smb_server/smb2/ and the RAW_TCON_SMB2 switch case in the modules) Signed-off-by: Stefan Metzmacher <metze@samba.org>
2009-04-23Add a new non-convenience version of push_codepoint.Jelmer Vernooij1-2/+2
2009-03-19use the tevent nesting code to avoid the uid problem in the VFSAndrew Tridgell1-0/+66
backend The vfs_unixuid module changes the uid of the process when executing operations on behalf of the user. Within the VFS backend we may rely on semi-async calls, such as winbind calls, which will call the event loop again. To cope with this we need to ensure that while inside those calls we revert the uid to root, then revert back to the connected user when we have finished with the semi-async calls.
2009-02-13s4:ntvfs_generic: use talloc_get_type() to remote compiler warningsStefan Metzmacher1-3/+5
metze
2009-02-05s4:pvfs_aio: fix compiler warningStefan Metzmacher1-1/+1
metze
2009-02-05s4:pvfs: remove compiler warningStefan Metzmacher1-2/+1
metze
2009-02-05s4:pvfs: use talloc_get_type() to cast from void *Stefan Metzmacher17-49/+102
metze
2009-02-05s4:pvfs: fix some talloc related compiler warningsStefan Metzmacher4-4/+8
metze
2009-02-02s4:libcliraw: s/private/private_dataStefan Metzmacher1-12/+12
metze
2009-02-02s4:ntvfs/unixuid: s/private/privStefan Metzmacher1-23/+23
metze
2009-02-02s4:ntvfs/smb2: s/private/pStefan Metzmacher1-39/+39
metze
2009-02-02s4:ntvfs/simple: s/private/pStefan Metzmacher2-52/+52
metze
2009-02-02s4:ntvfs/posix: s/private/private_dataStefan Metzmacher3-10/+10
metze
2009-02-02s4:ntvfs/nbench: s/private/nprivatesStefan Metzmacher1-4/+4
metze
2009-02-02s4:ntvfs/ipc: s/private/iprivStefan Metzmacher1-44/+44
metze
2009-02-02s4:ntvfs/common: s/private/private_dataStefan Metzmacher3-10/+10
metze
2009-02-02s4:ntvfs/cifs_posix_cli: s/private/pStefan Metzmacher2-52/+52
metze
2009-02-02s4:ntvfs/cifs/: s/private/pStefan Metzmacher1-108/+108
metze
2009-02-02s4:ntvfs: s/private/private_dataStefan Metzmacher2-21/+21
metze
2009-01-30Fix the mess with ldb includes.Simo Sorce3-2/+2
Separate again the public from the private headers. Add a new header specific for modules. Also add service function for modules as now ldb_context and ldb_module are opaque structures for them.
2009-01-07added support for stream renames in Samba4Andrew Tridgell3-18/+285
This allows the RAW-STREAMS test to work again. We still have some limitations though: - renames of a stream to the default stream doesn't work - delete on close handling between streams and the main file is still broken
2009-01-04tevent: move samba4 stuff from libtevent.m4 to samba.m4Stefan Metzmacher2-3/+2
metze
2009-01-03s4:sysdep/inotify: use tevent_fd_set_auto_close()Stefan Metzmacher1-3/+17
metze