summaryrefslogtreecommitdiff
path: root/source4/ntvfs
AgeCommit message (Collapse)AuthorFilesLines
2010-03-03s4-posix: allow change ownership of files if the user has the right privilegesAndrew Tridgell1-2/+21
When a user has SEC_PRIV_TAKE_OWNERSHIP or SEC_PRIV_RESTORE they have permission to change the ownership of a file. This should fix bug 6987 Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-26s4-krb5: propogate errors from a lot more kerberos functionsAndrew Tridgell1-1/+2
We need to be able to give sensible error messages when a kerberos calls fails. This propogates the kerberos error up the stack to the caller. Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
2010-02-13s4-ntvfs: use TYPESAFE_QSORT() in notify codeAndrew Tridgell1-3/+2
2010-02-11s4: Switch to S3-style id mapping data types.Kai Blin3-22/+22
2010-02-09s4:Remove "Py_RETURN_NONE" compatibility codeMatthias Dieter Wallnöfer2-8/+0
This was needed only by Python 2.3 which we no longer support.
2010-02-05s4:UID wrapper - Fix includesMatthias Dieter Wallnöfer2-0/+18
The includes of the UID wrapper headers werent't really efficient according to metze's post on the technical mailing list (http://lists.samba.org/archive/samba-technical/2010-February/069165.html). To achieve this move the "uid_wrapper.h" includes into "lib/util/unix_privs.c", "lib/util/util.c", "ntvfs/posix/pvfs_acl.c" and "ntvfs/unixuid/vfs_unixuid.c".
2010-02-02Change uint_t to unsigned int in source4Matt Kraai13-37/+37
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2010-01-25pyxattr: Move to the same directory as the xattr code.Jelmer Vernooij3-0/+259
2010-01-21s4: ntvfs, create push_xattr_blob_tdb_raw and pull_xattr_blob_tdb_raw that ↵Matthieu Patou1-27/+49
do not depend on pvfs objects Following a talk with tridge on IRC, this patch allow (pull|push)_xattr_blob to be called without having a pvfs object. It's handy for programs that wants to manipulate xattr directly.
2009-12-17s4-ntvfs: check if pvfs is NULL in pvfs_logoffbrendan powers1-0/+5
pvfs can be NULL if the directory a share points to does not exist. In this case, there would be no open files, so it is safe to just return from the function. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-16s4-ntvfs: try to fix bug 6989Andrew Tridgell1-2/+2
bug 6989 is a rare crash that has occurred in production. My best guess as to the cause is the talloc_free() not being specific enough as to which parent needs to be freed.
2009-12-08s4/smbstreams: Fix memory use after free.Kamen Mazdrashki1-4/+8
The bug is that sometimes 'streams' is parent for 'new_name'. With this said, 'new_name' must be dupped before 'streams' pointer is freed. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-03s4:ntvfs/posix/pvfs_streams - Fix "discard const" warningMatthias Dieter Wallnöfer1-1/+1
I removed one "const" in front of a string declaration to achieve this. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-12-03s4:ntvfs/posix/pvfs_resolve - Fix "discard const" warningMatthias Dieter Wallnöfer2-4/+4
I removed two "const"s in front of string declarations to achieve this. Signed-off-by: Andrew Tridgell <tridge@samba.org>
2009-11-27s4-ntvfs: win7 does not check for the NONE smb2 lock flag on unlockAndrew Tridgell1-1/+2
2009-11-27s4-ntvfs: move valid lock range test from smb2 layer to generic codeAndrew Tridgell2-6/+19
win7 also fails invalid lock ranges on SMB
2009-11-27s4-pvfs: fixed access check failure in SFILEINFO testAndrew Tridgell1-8/+5
matching windows behaviour is not always the right thing to do!
2009-11-27s4-smb2: SMB2 uses NT_STATUS_CANCELLED for cancelled locksAndrew Tridgell1-1/+5
2009-11-27s4-smb2: check for invalid SMB2 lock rangesAndrew Tridgell1-0/+6
2009-11-27s4-smb2: check for an invalid lock flags combinationAndrew Tridgell1-0/+3
UNLOCK with FAIL_IMMEDIATELY is not allowed
2009-11-20s4:ntvfs/posix/pvfs_acl - Remove unused variable "token"Matthias Dieter Wallnöfer1-1/+0
2009-11-18s4:ntvfs_generic: check for valid SMB2_LOCK flagsStefan Metzmacher1-0/+8
metze
2009-11-07s4:vfs_ipc - fix "ipc_open" for NTTRANS create requestsMatthias Dieter Wallnöfer1-2/+2
2009-10-19s4-pvfs: fill in alignment_requirement (valgrind error)Andrew Tridgell1-0/+1
2009-10-19s4-pvfs: another uninitialised variableAndrew Tridgell1-1/+1
thanks to valgrind for this one
2009-10-19s4-pvfs: fixed uninitialised variableAndrew Tridgell1-1/+1
This caused havoc on the build farm. Interestingly, it only affected gcc 4.3.3, not gcc 4.4.1
2009-10-18s4-streams: fixed handling of stream rename and overwriteAndrew Tridgell3-9/+21
2009-10-18s4-pvfs: rename with full name gives SHARING_VIOLATIONAndrew Tridgell1-1/+3
2009-10-18s4-pvfs: when reporting the file name, don't include the :$DATA suffixAndrew Tridgell1-0/+10
2009-10-18s4-pvfs: the STREAM_INFORMATION calls don't need any access flagsAndrew Tridgell1-0/+5
2009-10-18s4-pvfs: fixed update of stream sizesAndrew Tridgell1-1/+1
The data_blob_free() was changing the size we set the stream to
2009-10-18s4-pvfs: more fixes for ACLs on file creationAndrew Tridgell1-11/+12
The passed in SD is not used to limit the access mask allowed on file create.
2009-10-18s4-smb2: fixed SMB2 find commandsAndrew Tridgell1-2/+2
The change to check for invalid \ prefix on SMB2 paths broke the internal SMB2 code.
2009-10-18s4-pvfs: change the handling of access checking on createAndrew Tridgell4-60/+124
Previously when a file was created, we produces the resulting access mask based on an ACL check against the parent. This change means we now calculate the inherited ACL much earlier, and produce the resulting access mask from that ACL, or the user supplied ACL.
2009-10-17s4-pvfs: when uwrap is enabled, ignore chown errorsAndrew Tridgell1-0/+3
chown is expected to fail under uwrap
2009-10-17s4-pvfs: don't auto-apply privilege bits in unix acl handling eitherAndrew Tridgell1-7/+11
2009-10-17s4-pvfs: use privileges rather than "uid == 0" in unix access checkAndrew Tridgell1-6/+12
This makes the unix access check much closer to the full ACL check
2009-10-16s4-pvfs: fixed mask handling for SEC_FLAG_MAXIMUM_ALLOWEDAndrew Tridgell1-2/+2
This matches the sec_access_check() code
2009-10-15s4-pvfs: implement root_fid support in posix backendAndrew Tridgell1-0/+15
Construct the filename from the old handle and the new name.
2009-10-15s4-smb: declare root_fid as a file handleAndrew Tridgell1-1/+1
In order to implement root_fid in the s4 SMB server we need to declare it as a handle type, just as for other fnum values in SMB. This required some extensive (but simple) changes in many bits of code.
2009-10-15s4-pvfs: fixed handling of SEC_FLAG_MAXIMUM_ALLOWEDAndrew Tridgell1-1/+1
The CREATEX_ACCESS test shows that this is used as a bit test, not a equality test
2009-10-02s4: fix various warnings (not "const" related ones)Matthias Dieter Wallnöfer1-3/+3
2009-10-02s4:ntvfs Don't attempt to follow NULL in unixuid_setup_security()Andrew Bartlett1-1/+4
This segfault occoured in cases where we rejected (or never attempted) the tree connect, so had an invalid private pointer for the logoff codepath. Andrew Bartlett
2009-09-18s4-pipes: convert pipe names to lowercase and validateAndrew Tridgell1-0/+19
clients may provide arbitrary names, but we only want lowercase alnum names
2009-09-18s4:ntvfs_ipc: add real named pipe supportStefan Metzmacher2-236/+652
We now open a named via the named_pipe_auth code and process IO via the tstream interface. This means we support byte mode and message mode named pipes. We also correctly issue NT_STATUS_PIPE_BUSY when a smb_trans request comes in and a read or smb_trans is already pending. We also have support for async dcerpc over ncacn_np now, and we now can remove the ncacn_np specific hacks from the rpc_server/ code. metze
2009-09-08s4: fixed some shadowed variable warningsAndrew Tridgell3-9/+9
2009-08-12no need to shout about getting an oplockAndrew Tridgell1-1/+1
2009-08-05fixed a problem with group policy writes causing policy corruptionAndrew Tridgell3-4/+48
This bug was caused by two things: 1) in the unix ACL mapping, we were not taking into account group write permssions for the SEC_STD_DELETE flag 2) when a file is created using OVERWRITE mode, a fchmod() would fail if the user is not the file owner. We resolve that by only doing the fchmod() if the mapped file attribute does not match the desired file attribute
2009-08-05fixed the sense of the pvfs_acl uwrap checkAndrew Tridgell1-1/+1
2009-08-05make the UID_WRAPPER skip checks at runtimeAndrew Tridgell1-7/+7
This fixes two issues pointed out by Andrew. It adds a runtime uwrap_enabled() call that wraps the skips needed for uid emulation. It also makes the skip in the directory_create_or_exist() function only change the uid checking code, not the permissions code