summaryrefslogtreecommitdiffstats
path: root/source3/smbd/posix_acls.c
Commit message (Collapse)AuthorAgeFilesLines
* s3-talloc Change TALLOC_ZERO_ARRAY() to talloc_zero_array()Andrew Bartlett2011-06-091-1/+1
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_ARRAY isn't standard talloc.
* s3-talloc Change TALLOC_ZERO_P() to talloc_zero()Andrew Bartlett2011-06-091-1/+1
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_P isn't standard talloc.
* s3-talloc Change TALLOC_P() to talloc()Andrew Bartlett2011-06-091-1/+1
| | | | | Using the standard macro makes it easier to move code into common, as TALLOC_P isn't standard talloc.
* Fix bug #7996 - sgid bit lost on folder rename.Jeremy Allison2011-03-301-1/+1
| | | | | Refuse to set dos attributes into unix mode bits on such a folder.
* s3-auth: smbd needs auth.hGünther Deschner2011-03-301-0/+1
| | | | Guenther
* s3: include smbd/smbd.h where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-passdb: use passdb headers where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-includes: only include system/filesys.h when needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3-trans2: only include trans2.h where needed.Günther Deschner2011-03-301-0/+1
| | | | Guenther
* s3: Fix Coverity ID 2329: RESOURCE_LEAKVolker Lendecke2011-03-271-0/+1
|
* s3: Fix Coverity ID 2330: RESOURCE_LEAKVolker Lendecke2011-03-271-0/+1
|
* s3-auth struct security_unix_token replaces UNIX_USER_TOKENAndrew Bartlett2011-03-011-2/+2
|
* Fix try_chown code. Use new vfs_chown_fsp() which always trys fd first.Jeremy Allison2011-02-051-75/+42
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Sat Feb 5 03:33:59 CET 2011 on sn-devel-104
* Fix bug #7892 - open_file_fchmod() leaves a stale lock.Jeremy Allison2010-12-291-2/+2
| | | | | Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Wed Dec 29 02:15:23 CET 2010 on sn-devel-104
* Revert "Wrap security_token_has_privilege() with a check for ↵Jeremy Allison2010-10-221-2/+2
| | | | | | | | | | | | lp_enable_privileges(). Needed" Not needed - privileges code prevents "enable privileges = no" from adding privileges anyway. This reverts commit a8b95686a7bde3f96f141b6938e24e101567ef54. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Oct 22 23:41:36 UTC 2010 on sn-devel-104
* Wrap security_token_has_privilege() with a check for lp_enable_privileges(). ↵Jeremy Allison2010-10-221-2/+2
| | | | | | | | | | | Needed to maintain compatibility with smb.conf manpage. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Oct 22 18:15:48 UTC 2010 on sn-devel-104
* Add make_default_filesystem_acl() function to be used in following change to ↵Jeremy Allison2010-10-151-0/+110
| | | | acl_xattr and acl_tdb module.
* Fix handling of "NULL" DACL. Map to u/g/w - rwx.Jeremy Allison2010-10-151-23/+33
| | | | Jeremy.
* Fix "force unknown ACL user" to strip out foreign SIDs from POSIX ACLs if ↵Jeremy Allison2010-10-151-0/+8
| | | | they can't be mapped.
* libcli/security Provide a common, top level libcli/security/security.hAndrew Bartlett2010-10-121-1/+1
| | | | | | | | | | | | | | This will reduce the noise from merges of the rest of the libcli/security code, without this commit changing what code is actually used. This includes (along with other security headers) dom_sid.h and security_token.h Andrew Bartlett Autobuild-User: Andrew Bartlett <abartlet@samba.org> Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
* Make the posix ACL module cope with a NULL incoming DACL and aJeremy Allison2010-10-111-0/+31
| | | | | | missing owner/group. Jeremy.
* Fix bug 7716 - acl_xattr and acl_tdb modules don't store unmodified copies ↵Jeremy Allison2010-10-081-1/+13
| | | | | | | | | | | | | | | | | | | | | of security descriptors. As pointed out by an OEM, the code within smbd/posix_acl.c, even though passed a const pointer to a security descriptor, still modifies the ACE entries within it (which are not const pointers). This means ACLs stored in the extended attribute by the acl_xattr module have already been modified by the POSIX acl layer, and are not the original intent of storing the "unmodified" ACL from the client. Use dup_sec_desc to make a copy of the incoming ACL on talloc_tos() - that is what is then modified inside smbd/posix_acl.c, leaving the original ACL to be correctly stored in the xattr. Jeremy. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Oct 8 00:37:53 UTC 2010 on sn-devel-104
* s3-util_sid: use shared dom_sid_compare_auth and dom_sid_equal_X functions.Günther Deschner2010-09-201-17/+18
| | | | Guenther
* s3-privs Convert from user_has_privileges() -> security_token_has_privilege()Andrew Bartlett2010-09-111-4/+2
| | | | | | | | | This new call is available in the merged privileges code, and takes an enum as the parameter, rather than a bitmask. Andrew Bartlett Signed-off-by: Andrew Tridgell <tridge@samba.org>
* s3-smbd: Fix typo in comment.Karolin Seeger2010-06-101-1/+1
| | | | Karolin
* s3-security: remove duplicate Extra W2K flags.Günther Deschner2010-06-031-1/+1
| | | | Guenther
* s3-security: use shared SECINFO_DACL define.Günther Deschner2010-06-031-6/+6
| | | | Guenther
* s3-security: use shared SECINFO_GROUP define.Günther Deschner2010-06-031-2/+2
| | | | Guenther
* s3-security: use shared SECINFO_OWNER define.Günther Deschner2010-06-031-2/+2
| | | | Guenther
* s3-security: remove some more shared secdesc defines.Günther Deschner2010-06-031-3/+3
| | | | Guenther
* s3:dom_sid Global replace of DOM_SID with struct dom_sidAndrew Bartlett2010-05-211-19/+19
| | | | | | | | | | This matches the structure that new code is being written to, and removes one more of the old-style named structures, and the need to know that is is just an alias for struct dom_sid. Andrew Bartlett Signed-off-by: Günther Deschner <gd@samba.org>
* s3-secdesc: remove "typedef struct security_descriptor SEC_DESC".Günther Deschner2010-05-181-16/+17
| | | | Guenther
* s3-secdesc: remove "typedef struct security_acl SEC_ACL".Günther Deschner2010-05-181-2/+2
| | | | Guenther
* s3-secdesc: remove "typedef struct security_ace SEC_ACE".Günther Deschner2010-05-181-14/+14
| | | | Guenther
* Fix valgrind warning when source and dest stat are identical.Jeremy Allison2010-03-241-1/+3
| | | | Jeremy.
* Switch over to using get_currect_XXX() accessor functions.Jeremy Allison2010-03-151-13/+15
| | | | Jeremy.
* Pass "connection_struct *conn" into functions that currently use ↵Jeremy Allison2010-03-151-18/+20
| | | | | | | | "current_user.XXX" Will allow me to replace them with accessor functions. Jeremy.
* Rever e80ceb1d7355c8c46a2ed90d5721cf367640f4e8 "Remove more uses of "extern ↵Jeremy Allison2010-03-151-35/+31
| | | | | | | | struct current_user current_user;"." As requested by Volker, split this into smaller commits. Jeremy.
* Remove more uses of "extern struct current_user current_user;".Jeremy Allison2010-03-121-31/+35
| | | | | | | | | | | | | Use accessor functions to get to this value. Tidies up much of the user context code. Volker, please look at the changes in smbd/uid.c to familiarize yourself with these changes as I think they make the logic in there cleaner. Cause smbd/posix_acls.c code to look at current user context, not stored context on the conn struct - allows correct use of these function calls under a become_root()/unbecome_root() pair. Jeremy.
* s3-smbd: update to use new DLIST macrosAndrew Tridgell2010-02-101-2/+2
| | | | (cherry picked from commit 365b408c458c848a818637d9b36a0423aeb1ba54)
* Fix bug #6876 - Delete of an object whose parent folder does not have delete ↵Jeremy Allison2010-01-121-3/+4
| | | | | | | | | | rights fails even if the delete right is set on the object. Final fix for the vfs_acl_xattr and vfs_acl_tdb code. Ensure we can delete a file even if the underlying POSIX permissions don't allow it, if the Windows permissions do. Jeremy.
* Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"Jeremy Allison2010-01-081-0/+3
| | | | | | | | | | | | | | | This bug re-occurred for 3.3.x and above. The reason is that to change a NT ACL we now have to open the file requesting WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions in posix_acls doesn't add these bits when "dos filemode = yes", so even though the permission or owner change would be allowed by the POSIX ACL code, the NTCreateX call fails with ACCESS_DENIED now we always check NT permissions first. Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access. Jeremy.
* The posix acl version of set_nt_acl() could set the stat_exJeremy Allison2009-12-231-7/+15
| | | | | | | | struct in the fsp->fsp_name pointer incorrectly for a directory. Fix this. Make map_canon_ace_perms() public. Jeremy.
* s3: Replace some create_synthetic_smb_fname() callsVolker Lendecke2009-11-181-18/+10
| | | | | In very hot codepaths like the statcache copy_smb_filename and the subsequent recursive talloc_free is noticable in the CPU load.
* Fix bug 6891 - using windows explorer to change ownership on a folder fails ↵Jeremy Allison2009-11-121-1/+11
| | | | | | with Bad File Descriptor. Jeremy.
* Fix bug 6878 - Cannot change ACL's inherit flag.Jeremy Allison2009-11-111-44/+108
| | | | | | | | | | | | | | | | | | | | | | | | | | Based on a patch submitted by Tsukasa Hamano <hamano@osstech.co.jp>, this is a change in the POSIX ACL mapping to deal with the lossy mapping for directory ACE entries: We have a lossy mapping: directory ACE entries CREATOR_OWNER ------\ (map to) +---> SMB_ACL_USER_OBJ owning sid ------/ CREATOR_GROUP ------\ (map to) +---> SMB_ACL_GROUP_OBJ primary group sid --/ on set. And on read of a directory ACL SMB_ACL_USER_OBJ ----> CREATOR_OWNER SMB_ACL_GROUP_OBJ ---> CREATOR_GROUP. Deal with this on set by duplicating owning sid and primary group sid ACE entries into the directory ACL. Jeremy.
* Fix bug 6841 - "map acl inherit = yes" not working.Jeremy Allison2009-11-061-8/+29
| | | | | | The code to read the new V2 SAMBA_PAI entries had two errors. Jeremy.
* Remove lots of duplicate code and move it into oneJeremy Allison2009-10-021-26/+6
| | | | | | function vfs_stat_fsp(). Stops code looking at fsp->posix_open except for exceptional circumstances. Jeremy.
* Missed one VFS_STAT -> VFS_LSTATJeremy Allison2009-10-021-1/+1
| | | | Jeremy.
* Fix more use of VFS_STAT when posix pathnames selected.Jeremy Allison2009-10-021-18/+44
| | | | Jeremy.
generated by cgit (git 2.34.1) at 2025-09-26 06:26:02 +0000