Gerald Carter
1bcf7e82ed
r11060: merging new eventlog code from trunk
2007-10-10 11:04:59 -05:00
Jeremy Allison
a33f4f0d2a
r10885: Fix bug where read-only share files are always seen as
...
read-only. Noticed by Andrew Bartlett.
Jeremy
2007-10-10 11:04:55 -05:00
Günther Deschner
1ef7a192ee
r9952: Adapt better to the Windows way of taking and assigning ownership:
...
* Users with SeRestorePrivilege may chown files to anyone (be it as a
backup software or directly using the ownership-tab in the security
acl editor on xp), while
* Users with SeTakeOwnershipPrivilege only can chown to themselves.
Simo, Jeremy. I think this is correct now.
Guenther
2007-10-10 11:03:29 -05:00
Günther Deschner
8e48e8936e
r9946: allow the priv-based chown (se_take_ownership) to chown to other users
...
(not only to the current_user.uid).
Jeremy, please have a look.
Guenther
2007-10-10 11:03:28 -05:00
Jeremy Allison
9b5cc58f3a
r9293: Fix error path memory leak bug found by Coverity - also potential NULL
...
deref bug (in unlikely error path) found by Coverity.
Jeremy.
2007-10-10 11:00:32 -05:00
Jeremy Allison
f7b169ed57
r8615: Added "acl group control". Defaults to off. Docs to follow.
...
Jeremy.
2007-10-10 11:00:13 -05:00
Jeremy Allison
4d69a682b3
r8547: Code tidyup from Jason Mader <jason@ncac.gwu.edu>. Bugid #2885 .
...
Jeremy.
2007-10-10 11:00:08 -05:00
Jeremy Allison
c7fe18761e
r8219: Merge the new open code from HEAD to 3.0. Haven't yet run the torture
...
tests on this as it's very late NY time (just wanted to get this work
into the tree). I'll test this over the weekend....
Jerry - in looking at the difference between the two trees there
seem to be some printing/ntprinting.c and registry changes we might
want to examine to try keep in sync.
Jeremy.
2007-10-10 10:58:18 -05:00
Jeremy Allison
c870579f4c
r7985: Add "acl map full control", true by default, to allow people to change
...
mapping of rwx to full control or not. Requested feature at SambaXP.
Jeremy.
2007-10-10 10:58:06 -05:00
Jeremy Allison
af5fd615b3
r7888: Fix use of "protected".
...
Jeremy.
2007-10-10 10:58:01 -05:00
Jeremy Allison
000477943c
r7693: Fix from James Peach @ SGI for null pointer ACL free.
...
Jeremy.
2007-10-10 10:57:19 -05:00
Jeremy Allison
f3319e224d
r7662: Allow someone with SeTakeOwnershipPrivilege to chown the user
...
of a file to themself.
Jeremy.
2007-10-10 10:57:18 -05:00
Jeremy Allison
b257744fdf
r6946: Allow mapping of POSIX ACLs to NT perms to differentiate between directories
...
and files. Needed for Volker's coming changes.
Jeremy.
2007-10-10 10:56:58 -05:00
Jeremy Allison
dd1a5e6e49
r6895: Add "acl check permissions" to turn on/off the new behaviour of
...
checking for write access in a directory before delete. Also
controls checking for write access before labeling a file read-only
if DOS attributes are not being stored in EA's.
Docuementation to follow.
Jeremy.
2007-10-10 10:56:56 -05:00
Jeremy Allison
874353e617
r6696: Another attempt to fix the (unreproducible for me) bug #2346 (read-only
...
excel files). Ensures that any missing user ACL entry will be generated
from a union of all group permissions that contain the user.
Awaiting feedback from the reporters.
Jeremy.
2007-10-10 10:56:52 -05:00
Jeremy Allison
60325ab128
r6533: Fix for bad comment from Andreas Gruenbacher <agruen@suse.de>.
...
Jeremy.
2007-10-10 10:56:44 -05:00
Jeremy Allison
81f30bf598
r6385: Convert checking of egid and secondary egid list into
...
iterator functions so it can be used easily in a for loop.
Drops duplicated code from posix_acls.c
Jeremy.
2007-10-10 10:56:39 -05:00
Jeremy Allison
e594222d0b
r6378: Other systems may not return 1 for checking WRITE permission.
...
Canaonicalise any +ve return to 1.
Jeremy.
2007-10-10 10:56:39 -05:00
Jeremy Allison
0c4058c073
r6365: Wow, how much worse does this get. From info provided by
...
Eric Stewart <eric@lib.usf.edu> I realised we weren't checking
against the current effective groupid (set by force group) as
well as the group list. Fix this.
Jeremy.
2007-10-10 10:56:38 -05:00
Jeremy Allison
11c464268d
r6316: Remove over-cautious asserts. Damn wish I'd made the release
...
with this....
Jeremy.
2007-10-10 10:56:36 -05:00
Volker Lendecke
3493d9f383
r6263: Get rid of generate_wellknown_sids, they are const static and initializable
...
statically.
Volker
2007-10-10 10:56:33 -05:00
Herb Lewis
efea76ac71
r6225: get rid of warnings from my compiler about nested externs
2007-10-10 10:56:30 -05:00
Jeremy Allison
e3c7d08bb6
r6060: It's not quite accurate to say not having write access causes a group
...
entry never to match - it matches but if doesn't grant access is recorded
so the "other" entry isn't subsequently checked.
Fix the algorithm.
Jeremy.
2007-10-10 10:56:19 -05:00
Jeremy Allison
6609b209f5
r6057: Don't put the assert in the wrong place :-).
...
Jeremy.
2007-10-10 10:56:19 -05:00
Jeremy Allison
81fb337286
r6055: Fix algorithm. If any of the primary or supplementary group ids match
...
a "allow" entry of GROUP or GROUP_OBJ, then access is allowed. It doesn't
terminate on the first match. Added debug to show where the match occured
(or didn't).
Jeremy.
2007-10-10 10:56:19 -05:00
Jeremy Allison
e831cef618
r6053: Fixup dfs path with the new wildcard parser code split out.
...
Jeremy.
2007-10-10 10:56:19 -05:00
Jeremy Allison
80e788143a
r6049: Ensure "dos filetime" checks file ACLs correctly. May fix Excel "read-only"
...
issue.
Jeremy.
2007-10-10 10:56:18 -05:00
Jeremy Allison
21e3cf2f8f
r6001: Oops. Checing the wrong tagtype - should have been SMB_ACL_GROUP, not SMB_ACL_MASK.
...
Fix bug #2521 .
Jeremy.
2007-10-10 10:56:15 -05:00
Jeremy Allison
eb18104d10
r5616: Forgot about the sticky bit on directories (commonly set on /tmp). If this is set
...
then only the owner or root can delete a file. We now use
the same algorithm to check file delete.
Jeremy.
2007-10-10 10:55:50 -05:00
Jeremy Allison
ecc134a2e3
r5355: Fill in the access check code for POSIX ACLs to *really* fix bug #2227 .
...
Jeremy.
2007-10-10 10:55:39 -05:00
Jeremy Allison
da23577f16
r5324: In order to process DELETE_ACCESS correctly and return access denied
...
to a WXPSP2 client we must do permission checking in userspace first
(this is a race condition but what can you do...). Needed for bugid #2227 .
Jeremy.
2007-10-10 10:55:37 -05:00
Jeremy Allison
620f2e608f
r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
...
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
2007-10-10 10:53:32 -05:00
Jeremy Allison
7e78059948
r4016: Fix for bug found by Steve French client code (cifsfs) on
...
POSIX ACL set. You need to *get* a permset_t pointer from the entry before
any of the permset code will accept it as a valid value
Jeremy.
2007-10-10 10:53:27 -05:00
Jeremy Allison
fbbdb72cf1
r4007: Fix bug #2088 - ensure inherit permissions is only applied on a new file,
...
not an existing one.
Jeremy.
2007-10-10 10:53:27 -05:00
Jeremy Allison
934c41b474
r3951: Fix for bugid #2081 reported by John Janosik <jpjanosi@us.ibm.com> - ensure
...
SE_DESC_DACL_PROTECTED is set if "map acl inherit = no".
Jeremy.
2007-10-10 10:53:26 -05:00
Jeremy Allison
d28611c960
r3859: Ensure if num_acls is set to 0xFFFF this field is ignored.
...
Use def_acl everywhere instead of dir_acl.
Jeremy.
2007-10-10 10:53:21 -05:00
Jeremy Allison
1aa1c2f489
r3816: Added fn to remove an ACL from a file. Now need client code to test this.
...
How do the share mask/modes fit into this code... Need to think about this.
Jeremy.
2007-10-10 10:53:19 -05:00
Jeremy Allison
6101ec2247
r3794: Added set posix acl functionality into the UNIX extensions code.
...
One part missing - delete file acl (to be added asap). No client
code yet, also needs testing with valgrind.
Jeremy.
2007-10-10 10:53:17 -05:00
Jeremy Allison
089a76f611
r3693: Correctly detect errno for no acl/ea support.
...
Jeremy
2007-10-10 10:53:14 -05:00
Günther Deschner
3acc74eef5
r3496: Fix calling of get_acl_group_bits().
...
Guenther
2007-10-10 10:53:08 -05:00
Jeremy Allison
7e35900bc6
r3296: Fix to ensure entries are stored in correct order. Bug #1498 . Patch from
...
SATOH Fumiyasu <fumiya@samba.gr.jp>.
Jeremy.
2007-10-10 10:53:04 -05:00
Jeremy Allison
c97aab7ee6
r3117: Fix from Tom Lackemann <cessnatomny@yahoo.com> for bug #1954 .
...
Memory leak in posix acl code.
Jeremy.
2007-10-10 10:53:01 -05:00
Jeremy Allison
31505acf03
r1681: Ensure we return the same ACL revision on the wire that W2K3 does.
...
Jeremy.
2007-10-10 10:52:18 -05:00
Volker Lendecke
80e57d2790
r1314: Restore the 2.2 'force unknown acl user' parameter. When getting a security
...
descriptor for a file, if the owner sid is not known, the owner uid is set to
the current uid. Same for group sid.
This makes xcopy /o possible for files that are owned by local users/groups
(local administrators for example).
Thanks to Guenther for his persistence :-)
Volker
2007-10-10 10:52:05 -05:00
Jeremy Allison
4695cc95fe
r786: Memory leak fixes in (mostly) error code paths from
...
kawasa_r@itg.hitachi.co.jp . A couple of mem leak fixes in
mainline code paths though :-).
Jeremy.
2007-10-10 10:51:38 -05:00
Herb Lewis
b7703799f8
r428: add acls debug class
2007-10-10 10:51:23 -05:00
Jeremy Allison
a205c56a75
r50: Fix bug 1139 as per fix suggested by jdev@panix.com,
...
swap lookups for user and group - group will do an
algorithmic lookup if it fails, user won't.
Jeremy.
2007-10-10 10:51:06 -05:00
Jeremy Allison
ed653cd468
Added per-share parameter "store dos attributes". When set, will store
...
dos attributes in an EA. Based on an original patch from tridge, but
modified somewhat to cover all cases.
Jeremy.
-
Jeremy Allison
8cc10a6c05
Added support for OS/2 EA's in smbd server. Test with smbtorture eatest.
...
New protocol option "ea support" to turn them on (off by default). Conrad
at Apple may like this as it allows MacOS resource forks to be stored on
a file. Passes valgrind. Documentation to follow.
Jeremy.
-
Jeremy Allison
7bf5ed30ce
Patch from Jim McDonough for bug #802 . Retrieve the correct ACL group bits
...
if the file has an ACL.
Jeremy.
-