summaryrefslogtreecommitdiff
path: root/source4/ntvfs
AgeCommit message (Collapse)AuthorFilesLines
2010-04-06build: ntvfs/sysdep configure checksAndrew Tridgell1-0/+7
2010-03-05s4-pvfs_sys: build on systems without O_NOFOLLOW or O_DIRECTORYAndrew Tridgell1-4/+22
2010-03-05s4-pvfs_sys: talloc_free should be before errno restoreAndrew Tridgell1-13/+13
talloc can potentially change the errno
2010-03-05s4-pvfs: use pvfs_sys_fchmod()Andrew Tridgell3-4/+4
2010-03-05s4-pvfs: set default for perm override based on system featuresAndrew Tridgell1-1/+9
If the system has O_NOFOLLOW and O_DIRECTORY then we allow for overrides by default. If not, then we disable by default, as we will be more vulnerable to symlink attacks
2010-03-05s4-pvfs: use O_FOLLOW one level at a time for security overridesAndrew Tridgell1-37/+357
To prevent symlink attacks we need to use O_NOFOLLOW one level at a time when processing a root security override
2010-03-05s4-pvfs: use pvfs_sys_*() functions to wrap posix callsAndrew Tridgell5-20/+20
This allows for root override, which fixes many problems with mismatches between NT ACL permissions and unix permissions. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-pvfs: new pvfs_sys module Andrew Tridgell2-0/+301
The pvfs_sys_*() calls provide wrapper functions for posix file functions which use root privileges to override EACCES failures if PVFS_FLAG_PERM_OVERRIDE is set Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-pvfs: added new pvfs flag PVFS_FLAG_PERM_OVERRIDEAndrew Tridgell2-0/+4
This flag indicates that we should use root privileges to override unix permissions when the NT ACLs indicate that access should be granted Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-pvfs: log more error conditions in NTVFS backendAndrew Tridgell3-0/+31
This should make is easier to track down some bug reports Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-03-05s4-pvfs: move the private ntcreatex flags to private_flagsAndrew Tridgell3-6/+12
Re-using two of the create_options bits was bound to eventually cause problems, and indeed, Windows7 now uses one of those bits when opening text files. Fixes bug 7189
2010-03-03s4-posix: allow change ownership of files if the user has the right privilegesAndrew Tridgell1-2/+21
When a user has SEC_PRIV_TAKE_OWNERSHIP or SEC_PRIV_RESTORE they have permission to change the ownership of a file. This should fix bug 6987 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-26s4-krb5: propogate errors from a lot more kerberos functionsAndrew Tridgell1-1/+2
We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-13s4-ntvfs: use TYPESAFE_QSORT() in notify codeAndrew Tridgell1-3/+2
2010-02-11s4: Switch to S3-style id mapping data types.Kai Blin3-22/+22
2010-02-09s4:Remove "Py_RETURN_NONE" compatibility codeMatthias Dieter Wallnöfer2-8/+0
This was needed only by Python 2.3 which we no longer support.
2010-02-05s4:UID wrapper - Fix includesMatthias Dieter Wallnöfer2-0/+18
The includes of the UID wrapper headers werent't really efficient according to metze's post on the technical mailing list (http://lists.samba.org/archive/samba-technical/2010-February/069165.html). To achieve this move the "uid_wrapper.h" includes into "lib/util/unix_privs.c", "lib/util/util.c", "ntvfs/posix/pvfs_acl.c" and "ntvfs/unixuid/vfs_unixuid.c".
2010-02-02Change uint_t to unsigned int in source4Matt Kraai13-37/+37
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-25pyxattr: Move to the same directory as the xattr code.Jelmer Vernooij3-0/+259
2010-01-21s4: ntvfs, create push_xattr_blob_tdb_raw and pull_xattr_blob_tdb_raw that ↵Matthieu Patou1-27/+49
do not depend on pvfs objects Following a talk with tridge on IRC, this patch allow (pull|push)_xattr_blob to be called without having a pvfs object. It's handy for programs that wants to manipulate xattr directly.
2009-12-17s4-ntvfs: check if pvfs is NULL in pvfs_logoffbrendan powers1-0/+5
pvfs can be NULL if the directory a share points to does not exist. In this case, there would be no open files, so it is safe to just return from the function. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-16s4-ntvfs: try to fix bug 6989Andrew Tridgell1-2/+2
bug 6989 is a rare crash that has occurred in production. My best guess as to the cause is the talloc_free() not being specific enough as to which parent needs to be freed.
2009-12-08s4/smbstreams: Fix memory use after free.Kamen Mazdrashki1-4/+8
The bug is that sometimes 'streams' is parent for 'new_name'. With this said, 'new_name' must be dupped before 'streams' pointer is freed. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-03s4:ntvfs/posix/pvfs_streams - Fix "discard const" warningMatthias Dieter Wallnöfer1-1/+1
I removed one "const" in front of a string declaration to achieve this. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-03s4:ntvfs/posix/pvfs_resolve - Fix "discard const" warningMatthias Dieter Wallnöfer2-4/+4
I removed two "const"s in front of string declarations to achieve this. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-27s4-ntvfs: win7 does not check for the NONE smb2 lock flag on unlockAndrew Tridgell1-1/+2
2009-11-27s4-ntvfs: move valid lock range test from smb2 layer to generic codeAndrew Tridgell2-6/+19
win7 also fails invalid lock ranges on SMB
2009-11-27s4-pvfs: fixed access check failure in SFILEINFO testAndrew Tridgell1-8/+5
matching windows behaviour is not always the right thing to do!
2009-11-27s4-smb2: SMB2 uses NT_STATUS_CANCELLED for cancelled locksAndrew Tridgell1-1/+5
2009-11-27s4-smb2: check for invalid SMB2 lock rangesAndrew Tridgell1-0/+6
2009-11-27s4-smb2: check for an invalid lock flags combinationAndrew Tridgell1-0/+3
UNLOCK with FAIL_IMMEDIATELY is not allowed
2009-11-20s4:ntvfs/posix/pvfs_acl - Remove unused variable "token"Matthias Dieter Wallnöfer1-1/+0
2009-11-18s4:ntvfs_generic: check for valid SMB2_LOCK flagsStefan Metzmacher1-0/+8
metze
2009-11-07s4:vfs_ipc - fix "ipc_open" for NTTRANS create requestsMatthias Dieter Wallnöfer1-2/+2
2009-10-19s4-pvfs: fill in alignment_requirement (valgrind error)Andrew Tridgell1-0/+1
2009-10-19s4-pvfs: another uninitialised variableAndrew Tridgell1-1/+1
thanks to valgrind for this one
2009-10-19s4-pvfs: fixed uninitialised variableAndrew Tridgell1-1/+1
This caused havoc on the build farm. Interestingly, it only affected gcc 4.3.3, not gcc 4.4.1
2009-10-18s4-streams: fixed handling of stream rename and overwriteAndrew Tridgell3-9/+21
2009-10-18s4-pvfs: rename with full name gives SHARING_VIOLATIONAndrew Tridgell1-1/+3
2009-10-18s4-pvfs: when reporting the file name, don't include the :$DATA suffixAndrew Tridgell1-0/+10
2009-10-18s4-pvfs: the STREAM_INFORMATION calls don't need any access flagsAndrew Tridgell1-0/+5
2009-10-18s4-pvfs: fixed update of stream sizesAndrew Tridgell1-1/+1
The data_blob_free() was changing the size we set the stream to
2009-10-18s4-pvfs: more fixes for ACLs on file creationAndrew Tridgell1-11/+12
The passed in SD is not used to limit the access mask allowed on file create.
2009-10-18s4-smb2: fixed SMB2 find commandsAndrew Tridgell1-2/+2
The change to check for invalid \ prefix on SMB2 paths broke the internal SMB2 code.
2009-10-18s4-pvfs: change the handling of access checking on createAndrew Tridgell4-60/+124
Previously when a file was created, we produces the resulting access mask based on an ACL check against the parent. This change means we now calculate the inherited ACL much earlier, and produce the resulting access mask from that ACL, or the user supplied ACL.
2009-10-17s4-pvfs: when uwrap is enabled, ignore chown errorsAndrew Tridgell1-0/+3
chown is expected to fail under uwrap
2009-10-17s4-pvfs: don't auto-apply privilege bits in unix acl handling eitherAndrew Tridgell1-7/+11
2009-10-17s4-pvfs: use privileges rather than "uid == 0" in unix access checkAndrew Tridgell1-6/+12
This makes the unix access check much closer to the full ACL check
2009-10-16s4-pvfs: fixed mask handling for SEC_FLAG_MAXIMUM_ALLOWEDAndrew Tridgell1-2/+2
This matches the sec_access_check() code
2009-10-15s4-pvfs: implement root_fid support in posix backendAndrew Tridgell1-0/+15
Construct the filename from the old handle and the new name.