summaryrefslogtreecommitdiffstats
path: root/source3/modules/nfs4_acls.c
Commit message (Collapse)AuthorAgeFilesLines
* smbd: Fix CID 1035478 Negative array index readVolker Lendecke2013-11-111-6/+19
| | | | | | | lp_parm_enum can return -1. Add error checking. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* s3:modules: nfs4_acls ACLs with zero entries are fine.Alexander Werth2013-10-301-6/+6
| | | | | | | | Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Oct 30 20:31:42 CET 2013 on sn-devel-104
* s3:modules: Fix realloc with zero sized ACLsAlexander Werth2013-10-301-5/+7
| | | | | | | | A realloc with size zero is similar to a free. Since we return the number of acls that's not an error. Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s3: fix missing braces in nfs4_acls.cAbhidnya Joshi2013-08-281-1/+2
| | | | | | | | Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Aug 28 20:25:56 CEST 2013 on sn-devel-104
* s3: Remove old mode special substitution.Alexander Werth2013-07-161-13/+2
| | | | | | | | | | | The mode special substitution now happens in a separate function. The substitution at this point is unnecessary. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Tue Jul 16 00:52:26 CEST 2013 on sn-devel-104
* Use existing "acl map full control" parameter to control the adding of the ↵Jeremy Allison2013-06-241-2/+17
| | | | | | | | | | | | | | | | | | | | DELETE_CHILD parameter on NFSv4/ZFS/GPFS file ACE's. Windows maps an open request of GENERIC_ALL on files to 0x1FF specific bits, which includes DELETE_CHILD even though this has no meaning on file ACE's. If a returned NFSv4 ACE entry for a file has all other specific bits set except for DELETE (which comes from the containing directory) and DELETE_CHILD (which has no meaning) then optionally add it into the returned ACE entry. This is using the same parameter in the same way as it is currently used in smbd/posix_acls.c. Note that as this parameter is on by default, it is already being tested in the existing raw.acl tests. Fixes issue with Microsoft SMB2 torture test suite found at the interop event in Redmond, WA. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* smbd: Fix a ISO C90 forbids mixed declarations and code warningVolker Lendecke2013-05-181-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Sat May 18 01:40:04 CEST 2013 on sn-devel-104
* Tidy up old bool usage. False -> false, True -> true.Jeremy Allison2013-05-091-13/+13
| | | | Signed-off-by: Jeremy Allison <jra@samba.org>
* s3: Use mode bits in some cases in mode simple.Alexander Werth2013-05-091-0/+46
| | | | | | | | | | Non inheriting ACL entries will show mode bits. With this an file owner change does affect the effective ACL because the special owner acl will now refer to the new owner. This could be fixed by updating the ACL on a file owner change. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: Add changes that keep nfs4:mode special behavior.Alexander Werth2013-05-091-1/+41
| | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: Mapping of cifs creator owner to nfs owner@ ace.Alexander Werth2013-05-091-0/+24
| | | | | | | | | | This is ignored in nfs4mode special for compatibility. Also ensure that we drop non inheriting creator owner aces since these don't contribute to who can access a file. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: Mapping of special entries to creator owner in mode simple.Alexander Werth2013-05-091-6/+60
| | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: Add params parameter to smbacl4_nfs42win function.Alexander Werth2013-05-091-12/+27
| | | | | Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: Change smbacl4_get_vfs_params to use connection_struct instead of fsp.Alexander Werth2013-05-091-5/+6
| | | | | Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: Move up declaration of params struct and related function.Alexander Werth2013-05-091-49/+49
| | | | | | | | | | We need the parameters earlier in the code so we move up the declaration of the params struct. Since reading the parameters is closely related the definition of the function smbacl4_get_vfs_params has also been moved up. Reviewed-By: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* vfs: Allocate SMB4ACL_T on an explict memory contextAndrew Bartlett2013-05-091-8/+25
| | | | | | | | | | | | This ensures the caller knows exactly what the memory lifetime of this returned object is. This makes the NFSv4 ACL code consistent with the POSIX and NT ACL code, to avoid supprising developers who have worked on those other parts of the ACL code. Most of this patch is adding a memory context to the callers and passing it in. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
* vfs: Add vfs_handle_struct argument to smb_set_nt_acl_nfs4 and the callbackAndrew Bartlett2013-05-091-2/+2
| | | | | | | | This allows the callback to call xattr based storage functions that need this argument. Andrew Bartlett Reviewed-by: Jeremy Allison <jra@samba.org>
* s3:modules:nfs4_acls remove unused mem_ctx parameter to smbacl4_fill_ace4Christian Ambach2012-11-171-3/+1
| | | | | | | | | Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Sat Nov 17 01:11:07 CET 2012 on sn-devel-104
* s3:modules:nfs4_acls fix memory hierarchy in smb_create_smb4aclChristian Ambach2012-11-161-2/+1
| | | | | | | | the ACEs should be talloc children of the ACL itself and not be placed on talloc_tos() Signed-off-by: Christian Ambach <ambi@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
* smbd: Add mem_ctx to {f,}get_nt_acl VFS callAndrew Bartlett2012-10-111-5/+13
| | | | | | | | | | | This makes it clear which context the returned SD is allocated on, as a number of callers do not want it on talloc_tos(). As the ACL transformation allocates and then no longer needs a great deal of memory, a talloc_stackframe() call is used to contain the memory that is not returned further up the stack. Andrew Bartlett
* s3: Pass down smb_filename to smbacl4_fill_ace4Volker Lendecke2012-10-091-6/+6
| | | | | | | A full fsp is a bit overkill here Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Oct 9 13:38:49 CEST 2012 on sn-devel-104
* s3:nfs4acls filter away inheritance flags on filesChristian Ambach2012-09-271-0/+11
| | | | | | | | | | | | | While it is possible to define inheritance flags on files on Windows, this will be denied by GPFS and UFS (and potentially others). So it will be better to strip of these bits when being set for files instead of failing to set the ACL completely (this is current behavior). Users that want to retain the full SD will have to use acl_xattr (acl_tdb), as other pieces of the SD are also lost when translating to NFSv4. So this should not be a too intrusive change, but allow users to migrate data with such flags instead of failing to migrate the ACL completely.
* s3:nfs4acls pass down fsp instead of just the filenameChristian Ambach2012-09-271-4/+6
|
* s3-nfs4acls: Remove lookup_sid and sidmap from NFSv4 ACL mapping and check ↵Andrew Bartlett2012-08-111-115/+13
| | | | | | | | | | | | | | | | | | gid first By checking just the IDMAP, and by removing the sidmap and lookup_sid calls, we support IDMAP_BOTH. This is because by checking for a mapping to a GID first, we can rely on the fact that IDMAP_BOTH will resolve to a GID. If the sidmap idea is valued - it allows multiple SIDs to map to a single unix ID, this should be done in the IDMAP layer. Andrew Bartlett Signed-off-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Aug 11 01:17:36 CEST 2012 on sn-devel-104
* s3:Really ignore unknown special ids in NFSv4 ACLs.Alexander Werth2012-07-181-0/+1
| | | | | | | Signed-off-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Wed Jul 18 17:45:05 CEST 2012 on sn-devel-104
* s3: Add a "lock_order" argument to db_openVolker Lendecke2012-01-181-1/+2
| | | | | | | This will be used to enforce a lock hierarchy between the databases. We have seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb. These should be fixed by refusing a dbwrap_fetch_locked that does not follow a defined lock hierarchy.
* s3:vfs: convert nfs4_acls sidmap db code to use dbwrap_wrapper functionsMichael Adam2011-10-111-2/+4
| | | | Avoid direct use of the db_record and db_context structs.
* s3: Trim lines in nfs4_acls.cVolker Lendecke2011-09-161-41/+75
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Sep 16 01:39:36 CEST 2011 on sn-devel-104
* s3: Fix some nonempty blank linesVolker Lendecke2011-09-161-17/+17
|
* Tidy up previous patch for bug #8442 - NFSv4 DENY ACLs always include ↵Jeremy Allison2011-09-081-5/+4
| | | | | | | | | SYNCHRONIZE flag - blocking renames. aceType is an enum field, not a bitmask. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Sep 8 03:34:39 CEST 2011 on sn-devel-104
* Fix bug #8442 - NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking ↵Ira Cooper2011-09-071-1/+7
| | | | | | | | | renames. Thanks to Youzhong Yang for discovering this issue. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Sep 7 22:56:06 CEST 2011 on sn-devel-104
* s3:dbwrap: move all .c and .h files of dbwrap to lib/dbwrap/Michael Adam2011-07-291-1/+1
| | | | | Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Fri Jul 29 13:34:22 CEST 2011 on sn-devel-104
* s3:dbwrap: move db_open() to a file dbwrap_open.c of its own.Michael Adam2011-07-291-0/+1
| | | | | | Also start new folder lib/dbwrap/ where dbwrap_open.c is stored and make the fallbacke implementation functoins non-static and create a dbwrap_private.h header file that contains their prototypes.
* s3:modules:nfs4_acls: fix the include of dbwrap.h to not include "include/"Michael Adam2011-07-291-1/+1
|
* s3:modules:nfs4_acls: improve fix for bug #8330Michael Adam2011-07-281-4/+2
| | | | | | | | | simplify the check insmbacl4_find_equal_special() Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Thu Jul 28 13:20:38 CEST 2011 on sn-devel-104
* s3:modules fix Bug 8330 NFSv4 ACL merging logic is brokenChristian Ambach2011-07-271-2/+1
| | | | | | | | | | | | | | | | | we should not merge ACEs with different flags (e.g. CI/OI/I/) Otherwise ACLs get wrong entries and thus wrong semantics Example: ACL:BUILTIN\Users:ALLOWED/0x0/FULL ACL:BUILTIN\Users:ALLOWED/I/READ got merged to ACL:BUILTIN\Users:ALLOWED/I/FULL This is not the same and also leads to wrong displays in the Windows ACL dialog Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Wed Jul 27 16:03:51 CEST 2011 on sn-devel-104
* param: Merge param headers into lib/param/loadparm.hAndrew Bartlett2011-06-291-0/+1
| | | | | | | This defines a common table format, so we can in future define a common table. Andrew Bartlett
* tdb_compat: Higher level API fixes.Rusty Russell2011-06-201-1/+1
| | | | | | | | | | | | My previous patches fixed up all direct TDB callers, but there are a few utility functions and the db_context functions which are still using the old -1 / 0 return codes. It's clearer to fix up all the callers of these too, so everywhere is consistent: non-zero means an error. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* Split the ACE flag mapping between nfs4 and WindowsJeremy Allison2011-06-011-14/+59
| | | | | | | into two separate functions rather than trying to do it inline. Allows us to carefully control what flags are mapped to what in one place. Modification to bug #8191 - vfs_gpfs dosn't honor ACE_FLAG_INHERITED_ACE
* nfs4_acls: pass ACE_FLAG_INHERITED_ACE down from the clientGregor Beck2011-05-301-0/+3
| | | | Signed-off-by: Michael Adam <obnox@samba.org>
* nfs4_acls: pass ACE_FLAG_INHERITED_ACE up to the clientGregor Beck2011-05-301-0/+3
| | | | Signed-off-by: Michael Adam <obnox@samba.org>
* s3:modules properly terminate enums in nfs4 acl codeChristian Ambach2011-05-241-1/+3
| | | | | | | | | same issue as with the audit modules: using a wrong parameter leads to smbd crash as lp_enum() will not terminate on last entry of the array Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Tue May 24 20:13:39 CEST 2011 on sn-devel-104
* s3: only include tdb headers where needed.Günther Deschner2011-05-061-0/+1
| | | | Guenther
* s3-vfs: include smbd/smbd.h in vfs modules.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-passdb: use passdb headers where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-includes: only include system/filesys.h when needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* If possible (O_DIRECTORY exists) open an fd for a directory open.Jeremy Allison2011-02-081-1/+1
| | | | | | | | | | | Start of the move towards handle-based code for directory access. Currently makes fstat/fchown code work for directories rather than falling back to pathnames. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Feb 8 06:34:41 CET 2011 on sn-devel-104
* Fix try_chown code. Use new vfs_chown_fsp() which always trys fd first.Jeremy Allison2011-02-051-4/+4
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Feb 5 03:33:59 CET 2011 on sn-devel-104
* Fix bug #7909 - map SYNCHRONIZE acl permission statically in zfs_acl vfs module.Paul B. Henson2011-01-131-1/+3
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Jan 13 20:02:32 CET 2011 on sn-devel-104
* s3: fix the build of idmap_adex, idmap_tdb2, idmap_hash and several vfs modules.Günther Deschner2010-10-181-0/+1
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 18 14:39:39 UTC 2010 on sn-devel-104
generated by cgit (git 2.34.1) at 2025-09-25 23:13:37 +0000