summaryrefslogtreecommitdiffstats
path: root/source3/modules/nfs4_acls.c
Commit message (Collapse)AuthorAgeFilesLines
* s3: Add a "lock_order" argument to db_openVolker Lendecke2012-01-181-1/+2
| | | | | | | This will be used to enforce a lock hierarchy between the databases. We have seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb. These should be fixed by refusing a dbwrap_fetch_locked that does not follow a defined lock hierarchy.
* s3:vfs: convert nfs4_acls sidmap db code to use dbwrap_wrapper functionsMichael Adam2011-10-111-2/+4
| | | | Avoid direct use of the db_record and db_context structs.
* s3: Trim lines in nfs4_acls.cVolker Lendecke2011-09-161-41/+75
| | | | | Autobuild-User: Volker Lendecke <vlendec@samba.org> Autobuild-Date: Fri Sep 16 01:39:36 CEST 2011 on sn-devel-104
* s3: Fix some nonempty blank linesVolker Lendecke2011-09-161-17/+17
|
* Tidy up previous patch for bug #8442 - NFSv4 DENY ACLs always include ↵Jeremy Allison2011-09-081-5/+4
| | | | | | | | | SYNCHRONIZE flag - blocking renames. aceType is an enum field, not a bitmask. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Sep 8 03:34:39 CEST 2011 on sn-devel-104
* Fix bug #8442 - NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking ↵Ira Cooper2011-09-071-1/+7
| | | | | | | | | renames. Thanks to Youzhong Yang for discovering this issue. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Sep 7 22:56:06 CEST 2011 on sn-devel-104
* s3:dbwrap: move all .c and .h files of dbwrap to lib/dbwrap/Michael Adam2011-07-291-1/+1
| | | | | Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Fri Jul 29 13:34:22 CEST 2011 on sn-devel-104
* s3:dbwrap: move db_open() to a file dbwrap_open.c of its own.Michael Adam2011-07-291-0/+1
| | | | | | Also start new folder lib/dbwrap/ where dbwrap_open.c is stored and make the fallbacke implementation functoins non-static and create a dbwrap_private.h header file that contains their prototypes.
* s3:modules:nfs4_acls: fix the include of dbwrap.h to not include "include/"Michael Adam2011-07-291-1/+1
|
* s3:modules:nfs4_acls: improve fix for bug #8330Michael Adam2011-07-281-4/+2
| | | | | | | | | simplify the check insmbacl4_find_equal_special() Signed-off-by: Michael Adam <obnox@samba.org> Autobuild-User: Michael Adam <obnox@samba.org> Autobuild-Date: Thu Jul 28 13:20:38 CEST 2011 on sn-devel-104
* s3:modules fix Bug 8330 NFSv4 ACL merging logic is brokenChristian Ambach2011-07-271-2/+1
| | | | | | | | | | | | | | | | | we should not merge ACEs with different flags (e.g. CI/OI/I/) Otherwise ACLs get wrong entries and thus wrong semantics Example: ACL:BUILTIN\Users:ALLOWED/0x0/FULL ACL:BUILTIN\Users:ALLOWED/I/READ got merged to ACL:BUILTIN\Users:ALLOWED/I/FULL This is not the same and also leads to wrong displays in the Windows ACL dialog Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Wed Jul 27 16:03:51 CEST 2011 on sn-devel-104
* param: Merge param headers into lib/param/loadparm.hAndrew Bartlett2011-06-291-0/+1
| | | | | | | This defines a common table format, so we can in future define a common table. Andrew Bartlett
* tdb_compat: Higher level API fixes.Rusty Russell2011-06-201-1/+1
| | | | | | | | | | | | My previous patches fixed up all direct TDB callers, but there are a few utility functions and the db_context functions which are still using the old -1 / 0 return codes. It's clearer to fix up all the callers of these too, so everywhere is consistent: non-zero means an error. Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
* Split the ACE flag mapping between nfs4 and WindowsJeremy Allison2011-06-011-14/+59
| | | | | | | into two separate functions rather than trying to do it inline. Allows us to carefully control what flags are mapped to what in one place. Modification to bug #8191 - vfs_gpfs dosn't honor ACE_FLAG_INHERITED_ACE
* nfs4_acls: pass ACE_FLAG_INHERITED_ACE down from the clientGregor Beck2011-05-301-0/+3
| | | | Signed-off-by: Michael Adam <obnox@samba.org>
* nfs4_acls: pass ACE_FLAG_INHERITED_ACE up to the clientGregor Beck2011-05-301-0/+3
| | | | Signed-off-by: Michael Adam <obnox@samba.org>
* s3:modules properly terminate enums in nfs4 acl codeChristian Ambach2011-05-241-1/+3
| | | | | | | | | same issue as with the audit modules: using a wrong parameter leads to smbd crash as lp_enum() will not terminate on last entry of the array Autobuild-User: Christian Ambach <ambi@samba.org> Autobuild-Date: Tue May 24 20:13:39 CEST 2011 on sn-devel-104
* s3: only include tdb headers where needed.Günther Deschner2011-05-061-0/+1
| | | | Guenther
* s3-vfs: include smbd/smbd.h in vfs modules.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-passdb: use passdb headers where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-includes: only include system/filesys.h when needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* If possible (O_DIRECTORY exists) open an fd for a directory open.Jeremy Allison2011-02-081-1/+1
| | | | | | | | | | | Start of the move towards handle-based code for directory access. Currently makes fstat/fchown code work for directories rather than falling back to pathnames. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Tue Feb 8 06:34:41 CET 2011 on sn-devel-104
* Fix try_chown code. Use new vfs_chown_fsp() which always trys fd first.Jeremy Allison2011-02-051-4/+4
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Feb 5 03:33:59 CET 2011 on sn-devel-104
* Fix bug #7909 - map SYNCHRONIZE acl permission statically in zfs_acl vfs module.Paul B. Henson2011-01-131-1/+3
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Thu Jan 13 20:02:32 CET 2011 on sn-devel-104
* s3: fix the build of idmap_adex, idmap_tdb2, idmap_hash and several vfs modules.Günther Deschner2010-10-181-0/+1
| | | | | | | Guenther Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Mon Oct 18 14:39:39 UTC 2010 on sn-devel-104
* s3-vfs: fix the build of nfs4_acls.cGünther Deschner2010-09-261-1/+2
| | | | Guenther
* s3: Fix the build of the nfs4_acl moduleVolker Lendecke2010-08-301-0/+1
|
* s3: Fix the build of the nfsv4 acl codeVolker Lendecke2010-06-031-1/+2
|
* s3-security: use shared "Standard access rights.".Günther Deschner2010-06-031-1/+1
| | | | Guenther
* s3-security: use shared "File Object specific access rights".Günther Deschner2010-06-031-1/+1
| | | | Guenther
* s3-security: use shared SECINFO_DACL define.Günther Deschner2010-06-031-2/+2
| | | | Guenther
* s3-security: use shared SECINFO_GROUP define.Günther Deschner2010-06-031-2/+2
| | | | Guenther
* s3-security: use shared SECINFO_OWNER define.Günther Deschner2010-06-031-2/+2
| | | | Guenther
* s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett2010-05-211-8/+8
| | | | | | | | | | This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
* s3-secdesc: use SD_REVISION from security.idl.Günther Deschner2010-05-181-1/+1
| | | | Guenther
* s3-secdesc: remove "typedef struct security_descriptor SEC_DESC".Günther Deschner2010-05-181-4/+4
| | | | Guenther
* s3-secdesc: remove "typedef struct security_acl SEC_ACL".Günther Deschner2010-05-181-2/+2
| | | | Guenther
* s3-secdesc: remove "typedef struct security_ace SEC_ACE".Günther Deschner2010-05-181-5/+5
| | | | Guenther
* Pass "connection_struct *conn" into functions that currently use ↵Jeremy Allison2010-03-151-1/+1
| | | | | | | | "current_user.XXX" Will allow me to replace them with accessor functions. Jeremy.
* Rever e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 "Remove more uses of "extern ↵Jeremy Allison2010-03-151-1/+1
| | | | | | | | struct current_user current_user;"." As requested by Volker, split this into smaller commits. Jeremy.
* Remove more uses of "extern struct current_user current_user;".Jeremy Allison2010-03-121-1/+1
| | | | | | | | | | | | | Use accessor functions to get to this value. Tidies up much of the user context code. Volker, please look at the changes in smbd/uid.c to familiarize yourself with these changes as I think they make the logic in there cleaner. Cause smbd/posix_acls.c code to look at current user context, not stored context on the conn struct - allows correct use of these function calls under a become_root()/unbecome_root() pair. Jeremy.
* Fix more use of VFS_STAT when posix pathnames selected.Jeremy Allison2009-10-021-1/+1
| | | | Jeremy.
* Use defined names rather than numeric constants to make codeJeremy Allison2009-08-141-2/+2
| | | | | clearer. Jeremy.
* gpfs.so: map the file_inherit and dir_inherit flags away for filesMichael Adam2009-08-141-1/+15
| | | | | | | | | | | GPFS sets inherits dir_inhert and file_inherit flags to files, too, which confuses windows, and seems to be wrong anyways. So when mapping a nfs4 acl to a windows acl, we map these flags away for files. Michael
* s3: Finish plumbing the fsp->fsp_name smb_fname conversion through the modules.Tim Prouty2009-07-201-18/+16
|
* s3: Plumb smb_filename through dos_mode() and related funtionsTim Prouty2009-07-081-1/+11
|
* do not merge ACEs with different SMB_ACE4_INHERIT_ONLY_ACE flag, this leads ↵Christian Ambach2009-07-061-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | to wrong inheritance flags in the ACL e.g. (on GPFS) user:10000036:rwxc:allow (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED group:10000005:rwxc:allow (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED would be merged to user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED so the explicit right for the user on the parent directory will be gone (the InheritOnly flag only accounts to subdirectories) thus leaving the user without access to the directory itself Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
* Add a \n to a debug message in smbacl4_nfs42winVolker Lendecke2009-06-251-1/+1
|
* s3: Plumb smb_filename through SMB_VFS_STAT and SMB_VFS_LSTATTim Prouty2009-06-241-1/+1
| | | | | | | | | | | | | This patch introduces two new temporary helper functions vfs_stat_smb_fname and vfs_lstat_smb_fname. They basically allowed me to call the new smb_filename version of stat, while avoiding plumbing it through callers that are still too inconvenient. As the conversion moves along, I will be able to remove callers of this, with the goal being to remove all callers. There was also a bug in create_synthetic_smb_fname_split (also a temporary utility function) that caused it to incorrectly handle filenames with ':'s in them when in posix mode. This is now fixed.
* Fix the build of nfs4_acls.cVolker Lendecke2009-05-271-1/+2
|
generated by cgit (git 2.34.1) at 2025-09-26 22:53:07 +0000