summaryrefslogtreecommitdiffstats
path: root/source3/smbd/posix_acls.c
Commit message (Collapse)AuthorAgeFilesLines
* r8615: Added "acl group control". Defaults to off. Docs to follow.Jeremy Allison2007-10-101-34/+127
| | | | | Jeremy. (This used to be commit f7b169ed57de81229c3b9089a05f4e73ea39010c)
* r8547: Code tidyup from Jason Mader <jason@ncac.gwu.edu>. Bugid #2885.Jeremy Allison2007-10-101-2/+0
| | | | | Jeremy. (This used to be commit 4d69a682b3ab4f660455e6ea5a2970481a6ccffc)
* r8219: Merge the new open code from HEAD to 3.0. Haven't yet run the tortureJeremy Allison2007-10-101-20/+20
| | | | | | | | | | tests on this as it's very late NY time (just wanted to get this work into the tree). I'll test this over the weekend.... Jerry - in looking at the difference between the two trees there seem to be some printing/ntprinting.c and registry changes we might want to examine to try keep in sync. Jeremy. (This used to be commit c7fe18761e2c753afbffd3a78abff46472a9b8eb)
* r7985: Add "acl map full control", true by default, to allow people to changeJeremy Allison2007-10-101-7/+7
| | | | | | mapping of rwx to full control or not. Requested feature at SambaXP. Jeremy. (This used to be commit c870579f4cd91dc9e030134dd367109aed3e3469)
* r7888: Fix use of "protected".Jeremy Allison2007-10-101-11/+11
| | | | | Jeremy. (This used to be commit af5fd615b37f555e5f2c7b9fef24299e99952a41)
* r7693: Fix from James Peach @ SGI for null pointer ACL free.Jeremy Allison2007-10-101-2/+6
| | | | | Jeremy. (This used to be commit 000477943c3dd41fd44f2aef3755aa603ba5d595)
* r7662: Allow someone with SeTakeOwnershipPrivilege to chown the userJeremy Allison2007-10-101-6/+28
| | | | | | of a file to themself. Jeremy. (This used to be commit f3319e224db8f79baa10413e0e2a96d2bc871f38)
* r6946: Allow mapping of POSIX ACLs to NT perms to differentiate between ↵Jeremy Allison2007-10-101-6/+16
| | | | | | | | directories and files. Needed for Volker's coming changes. Jeremy. (This used to be commit b257744fdfd0a8d940ae834b3c21f0f298c7d1f9)
* r6895: Add "acl check permissions" to turn on/off the new behaviour ofJeremy Allison2007-10-101-9/+10
| | | | | | | | | checking for write access in a directory before delete. Also controls checking for write access before labeling a file read-only if DOS attributes are not being stored in EA's. Docuementation to follow. Jeremy. (This used to be commit dd1a5e6e499dd721c5bb8d56a61810a7454a3449)
* r6696: Another attempt to fix the (unreproducible for me) bug #2346 (read-onlyJeremy Allison2007-10-101-6/+21
| | | | | | | | excel files). Ensures that any missing user ACL entry will be generated from a union of all group permissions that contain the user. Awaiting feedback from the reporters. Jeremy. (This used to be commit 874353e617b314429359e8e9516898f670bbf539)
* r6533: Fix for bad comment from Andreas Gruenbacher <agruen@suse.de>.Jeremy Allison2007-10-101-2/+2
| | | | | Jeremy. (This used to be commit 60325ab1281ebbe70665b5f763065ca60ee9f682)
* r6385: Convert checking of egid and secondary egid list intoJeremy Allison2007-10-101-32/+17
| | | | | | | iterator functions so it can be used easily in a for loop. Drops duplicated code from posix_acls.c Jeremy. (This used to be commit 81f30bf5985f5c6dc8399c4695dfa6f14140fde1)
* r6378: Other systems may not return 1 for checking WRITE permission.Jeremy Allison2007-10-101-0/+13
| | | | | | Canaonicalise any +ve return to 1. Jeremy. (This used to be commit e594222d0ba7713088420f6c6603a74c1d5def8e)
* r6365: Wow, how much worse does this get. From info provided byJeremy Allison2007-10-101-0/+26
| | | | | | | | Eric Stewart <eric@lib.usf.edu> I realised we weren't checking against the current effective groupid (set by force group) as well as the group list. Fix this. Jeremy. (This used to be commit 0c4058c0732b1faa87ca64b8f95ad2fe3106a69f)
* r6316: Remove over-cautious asserts. Damn wish I'd made the releaseJeremy Allison2007-10-101-4/+9
| | | | | | with this.... Jeremy. (This used to be commit 11c464268df2a0a5155e93d4a7d053d2920fcff0)
* r6263: Get rid of generate_wellknown_sids, they are const static and ↵Volker Lendecke2007-10-101-8/+3
| | | | | | | | | initializable statically. Volker (This used to be commit 3493d9f383567d286e69c0e60c0708ed400a04d9)
* r6225: get rid of warnings from my compiler about nested externsHerb Lewis2007-10-101-20/+8
| | | | (This used to be commit efea76ac71412f8622cd233912309e91b9ea52da)
* r6060: It's not quite accurate to say not having write access causes a groupJeremy Allison2007-10-101-8/+9
| | | | | | | | entry never to match - it matches but if doesn't grant access is recorded so the "other" entry isn't subsequently checked. Fix the algorithm. Jeremy. (This used to be commit e3c7d08bb68f51bc05768467feb0af896a059e91)
* r6057: Don't put the assert in the wrong place :-).Jeremy Allison2007-10-101-4/+3
| | | | | Jeremy. (This used to be commit 6609b209f513f0859040686a88ee6c7106c06008)
* r6055: Fix algorithm. If any of the primary or supplementary group ids matchJeremy Allison2007-10-101-2/+18
| | | | | | | | a "allow" entry of GROUP or GROUP_OBJ, then access is allowed. It doesn't terminate on the first match. Added debug to show where the match occured (or didn't). Jeremy. (This used to be commit 81fb3372867fa66a092841222e02bd1c104b2d19)
* r6053: Fixup dfs path with the new wildcard parser code split out.Jeremy Allison2007-10-101-1/+1
| | | | | Jeremy. (This used to be commit e831cef618d55c362e8d3a8a4c2b9f2ed7d4d7bd)
* r6049: Ensure "dos filetime" checks file ACLs correctly. May fix Excel ↵Jeremy Allison2007-10-101-32/+102
| | | | | | | | "read-only" issue. Jeremy. (This used to be commit 80e788143a6c3d973d3b8e57d91ca5c4a83605b2)
* r6001: Oops. Checing the wrong tagtype - should have been SMB_ACL_GROUP, not ↵Jeremy Allison2007-10-101-1/+1
| | | | | | | | SMB_ACL_MASK. Fix bug #2521. Jeremy. (This used to be commit 21e3cf2f8f6129324ebb799f959f8d2afe0285d2)
* r5616: Forgot about the sticky bit on directories (commonly set on /tmp). If ↵Jeremy Allison2007-10-101-0/+16
| | | | | | | | | this is set then only the owner or root can delete a file. We now use the same algorithm to check file delete. Jeremy. (This used to be commit eb18104d10428a5daef2316088edc3dbaff58708)
* r5355: Fill in the access check code for POSIX ACLs to *really* fix bug #2227.Jeremy Allison2007-10-101-2/+148
| | | | | Jeremy. (This used to be commit ecc134a2e3546ed77ab6f1dafc0249c78897e1f3)
* r5324: In order to process DELETE_ACCESS correctly and return access deniedJeremy Allison2007-10-101-0/+11
| | | | | | | to a WXPSP2 client we must do permission checking in userspace first (this is a race condition but what can you do...). Needed for bugid #2227. Jeremy. (This used to be commit da23577f162b6bdca7d631fca256a9b3b04043e4)
* r4088: Get medieval on our ass about malloc.... :-). Take control of all our ↵Jeremy Allison2007-10-101-13/+16
| | | | | | | | | | allocation functions so we can funnel through some well known functions. Should help greatly with malloc checking. HEAD patch to follow. Jeremy. (This used to be commit 620f2e608f70ba92f032720c031283d295c5c06a)
* r4016: Fix for bug found by Steve French client code (cifsfs) onJeremy Allison2007-10-101-0/+9
| | | | | | | POSIX ACL set. You need to *get* a permset_t pointer from the entry before any of the permset code will accept it as a valid value Jeremy. (This used to be commit 7e78059948612fa9f5d179a1e3f5f59e7ad5e456)
* r4007: Fix bug #2088 - ensure inherit permissions is only applied on a new file,Jeremy Allison2007-10-101-1/+1
| | | | | | not an existing one. Jeremy. (This used to be commit fbbdb72cf1adfe567112556626f26b031747f440)
* r3951: Fix for bugid #2081 reported by John Janosik <jpjanosi@us.ibm.com> - ↵Jeremy Allison2007-10-101-1/+3
| | | | | | | | ensure SE_DESC_DACL_PROTECTED is set if "map acl inherit = no". Jeremy. (This used to be commit 934c41b474c8959310389378bfa7d3332bd5ec79)
* r3859: Ensure if num_acls is set to 0xFFFF this field is ignored.Jeremy Allison2007-10-101-28/+28
| | | | | | Use def_acl everywhere instead of dir_acl. Jeremy. (This used to be commit d28611c960f87830aa8449725951984aa155b089)
* r3816: Added fn to remove an ACL from a file. Now need client code to test this.Jeremy Allison2007-10-101-2/+128
| | | | | | How do the share mask/modes fit into this code... Need to think about this. Jeremy. (This used to be commit 1aa1c2f489f5b92c3696e7b9123061d91babc34e)
* r3794: Added set posix acl functionality into the UNIX extensions code.Jeremy Allison2007-10-101-6/+235
| | | | | | | One part missing - delete file acl (to be added asap). No client code yet, also needs testing with valgrind. Jeremy. (This used to be commit 6101ec2247c182fde6ea3e7e1f64a92b353ec4e8)
* r3693: Correctly detect errno for no acl/ea support.Jeremy Allison2007-10-101-14/+6
| | | | | Jeremy (This used to be commit 089a76f611187e2ba4c3363b657905d04576109e)
* r3496: Fix calling of get_acl_group_bits().Günther Deschner2007-10-101-1/+1
| | | | | Guenther (This used to be commit 3acc74eef5dae16d7e2792206640904265c42494)
* r3296: Fix to ensure entries are stored in correct order. Bug #1498. Patch fromJeremy Allison2007-10-101-2/+2
| | | | | | SATOH Fumiyasu <fumiya@samba.gr.jp>. Jeremy. (This used to be commit 7e35900bc6894d69f83c99ac6eb260d7cc35683a)
* r3117: Fix from Tom Lackemann <cessnatomny@yahoo.com> for bug #1954.Jeremy Allison2007-10-101-3/+6
| | | | | | Memory leak in posix acl code. Jeremy. (This used to be commit c97aab7ee6bf1f385b445b4b0eb0e1df7e9a56f5)
* r1681: Ensure we return the same ACL revision on the wire that W2K3 does.Jeremy Allison2007-10-101-1/+1
| | | | | Jeremy. (This used to be commit 31505acf033c7d76592bb5b4ef80b29a00658c49)
* r1314: Restore the 2.2 'force unknown acl user' parameter. When getting a ↵Volker Lendecke2007-10-101-19/+23
| | | | | | | | | | | | | | | security descriptor for a file, if the owner sid is not known, the owner uid is set to the current uid. Same for group sid. This makes xcopy /o possible for files that are owned by local users/groups (local administrators for example). Thanks to Guenther for his persistence :-) Volker (This used to be commit 80e57d27909a9a1edad962e3f43c2178d2da2a92)
* r786: Memory leak fixes in (mostly) error code paths fromJeremy Allison2007-10-101-1/+3
| | | | | | | kawasa_r@itg.hitachi.co.jp. A couple of mem leak fixes in mainline code paths though :-). Jeremy. (This used to be commit 4695cc95fe576b6da0d0cb0686f208fc306b2646)
* r428: add acls debug classHerb Lewis2007-10-101-0/+3
| | | | (This used to be commit b7703799f8899affda205eacb0bf79cf8e2b9362)
* r50: Fix bug 1139 as per fix suggested by jdev@panix.com,Jeremy Allison2007-10-101-3/+3
| | | | | | | swap lookups for user and group - group will do an algorithmic lookup if it fails, user won't. Jeremy. (This used to be commit a205c56a75c93c82796fd68687e8c0db26459073)
* Added per-share parameter "store dos attributes". When set, will storeJeremy Allison2004-04-021-1/+1
| | | | | | | dos attributes in an EA. Based on an original patch from tridge, but modified somewhat to cover all cases. Jeremy. (This used to be commit ed653cd468213e0be901bc654aa3748ce5837947)
* Added support for OS/2 EA's in smbd server. Test with smbtorture eatest.Jeremy Allison2004-03-311-2/+0
| | | | | | | | New protocol option "ea support" to turn them on (off by default). Conrad at Apple may like this as it allows MacOS resource forks to be stored on a file. Passes valgrind. Documentation to follow. Jeremy. (This used to be commit 8cc10a6c0550c017a62e8a3790afd2172d173e00)
* Patch from Jim McDonough for bug #802. Retrieve the correct ACL group bitsJeremy Allison2003-11-251-0/+42
| | | | | | if the file has an ACL. Jeremy. (This used to be commit 7bf5ed30ce74ba658ca35059955748c1d8cbd6d2)
* Fix more 64-bit printf warnings.Tim Potter2003-11-031-1/+1
| | | | (This used to be commit 23443e3aa079710221557e18158d0ddb8ff48a36)
* Fixed the latest complaint from jcmd :-). We were storing -1 for theJeremy Allison2003-07-011-6/+10
| | | | | | | | CREATOR_OWNER/CREATOR_GROUP uid/gid entries in the SAMBA_PAI attribute. Creator Owner and Creator group now show up as inherited correctly (I think :-). Jim please test. Jeremy. (This used to be commit dbbd8dd15582f95fb9c160c6c42ce9f0971ac4b7)
* Finally ! Fixed the ACL ordering bug reported by jcmd. I realised we wereJeremy Allison2003-06-301-20/+10
| | | | | | | not sorting returned ACE's correctly w.r.t. W2K - implemented the correct algorithm. Jeremy. (This used to be commit fa23a4158ec23c0b8dbdc6c53f29958243107dee)
* Fixed the merge_default_aces() code to work correctly with inheritance.Jeremy Allison2003-06-231-11/+38
| | | | | | Hopefully will fix jcmd bugs :-). Jeremy. (This used to be commit 482e6c79edefc8aaacbb37f807d2076e59b40e26)
* Found out a good number of NT_STATUS_IS_ERR used the wrong way.Simo Sorce2003-06-221-2/+2
| | | | | | | | | | | | As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK This patch will cure the problem. Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is used correctly, but I'm not 100% sure, coders should check the use of NT_STATUS_IS_ERR() in samba is ok now. Simo. (This used to be commit c501e84d412563eb3f674f76038ec48c2b458687)
generated by cgit (git 2.34.1) at 2024-11-16 17:26:46 +0000