1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-21 18:04:06 +03:00

190 Commits

Author SHA1 Message Date
Gerald Carter
1bcf7e82ed r11060: merging new eventlog code from trunk 2007-10-10 11:04:59 -05:00
Jeremy Allison
a33f4f0d2a r10885: Fix bug where read-only share files are always seen as
read-only. Noticed by Andrew Bartlett.
Jeremy
2007-10-10 11:04:55 -05:00
Günther Deschner
1ef7a192ee r9952: Adapt better to the Windows way of taking and assigning ownership:
* Users with SeRestorePrivilege may chown files to anyone (be it as a
backup software or directly using the ownership-tab in the security
acl editor on xp), while

* Users with SeTakeOwnershipPrivilege only can chown to themselves.

Simo, Jeremy. I think this is correct now.

Guenther
2007-10-10 11:03:29 -05:00
Günther Deschner
8e48e8936e r9946: allow the priv-based chown (se_take_ownership) to chown to other users
(not only to the current_user.uid).

Jeremy, please have a look.

Guenther
2007-10-10 11:03:28 -05:00
Jeremy Allison
9b5cc58f3a r9293: Fix error path memory leak bug found by Coverity - also potential NULL
deref bug (in unlikely error path) found by Coverity.
Jeremy.
2007-10-10 11:00:32 -05:00
Jeremy Allison
f7b169ed57 r8615: Added "acl group control". Defaults to off. Docs to follow.
Jeremy.
2007-10-10 11:00:13 -05:00
Jeremy Allison
4d69a682b3 r8547: Code tidyup from Jason Mader <jason@ncac.gwu.edu>. Bugid #2885.
Jeremy.
2007-10-10 11:00:08 -05:00
Jeremy Allison
c7fe18761e r8219: Merge the new open code from HEAD to 3.0. Haven't yet run the torture
tests on this as it's very late NY time (just wanted to get this work
into the tree). I'll test this over the weekend....
Jerry - in looking at the difference between the two trees there
seem to be some printing/ntprinting.c and registry changes we might
want to examine to try keep in sync.
Jeremy.
2007-10-10 10:58:18 -05:00
Jeremy Allison
c870579f4c r7985: Add "acl map full control", true by default, to allow people to change
mapping of rwx to full control or not. Requested feature at SambaXP.
Jeremy.
2007-10-10 10:58:06 -05:00
Jeremy Allison
af5fd615b3 r7888: Fix use of "protected".
Jeremy.
2007-10-10 10:58:01 -05:00
Jeremy Allison
000477943c r7693: Fix from James Peach @ SGI for null pointer ACL free.
Jeremy.
2007-10-10 10:57:19 -05:00
Jeremy Allison
f3319e224d r7662: Allow someone with SeTakeOwnershipPrivilege to chown the user
of a file to themself.
Jeremy.
2007-10-10 10:57:18 -05:00
Jeremy Allison
b257744fdf r6946: Allow mapping of POSIX ACLs to NT perms to differentiate between directories
and files. Needed for Volker's coming changes.
Jeremy.
2007-10-10 10:56:58 -05:00
Jeremy Allison
dd1a5e6e49 r6895: Add "acl check permissions" to turn on/off the new behaviour of
checking for write access in a directory before delete. Also
controls checking for write access before labeling a file read-only
if DOS attributes are not being stored in EA's.
Docuementation to follow.
Jeremy.
2007-10-10 10:56:56 -05:00
Jeremy Allison
874353e617 r6696: Another attempt to fix the (unreproducible for me) bug #2346 (read-only
excel files). Ensures that any missing user ACL entry will be generated
from a union of all group permissions that contain the user.
Awaiting feedback from the reporters.
Jeremy.
2007-10-10 10:56:52 -05:00
Jeremy Allison
60325ab128 r6533: Fix for bad comment from Andreas Gruenbacher <agruen@suse.de>.
Jeremy.
2007-10-10 10:56:44 -05:00
Jeremy Allison
81f30bf598 r6385: Convert checking of egid and secondary egid list into
iterator functions so it can be used easily in a for loop.
Drops duplicated code from posix_acls.c
Jeremy.
2007-10-10 10:56:39 -05:00
Jeremy Allison
e594222d0b r6378: Other systems may not return 1 for checking WRITE permission.
Canaonicalise any +ve return to 1.
Jeremy.
2007-10-10 10:56:39 -05:00
Jeremy Allison
0c4058c073 r6365: Wow, how much worse does this get. From info provided by
Eric Stewart <eric@lib.usf.edu> I realised we weren't checking
against the current effective groupid (set by force group) as
well as the group list. Fix this.
Jeremy.
2007-10-10 10:56:38 -05:00
Jeremy Allison
11c464268d r6316: Remove over-cautious asserts. Damn wish I'd made the release
with this....
Jeremy.
2007-10-10 10:56:36 -05:00
Volker Lendecke
3493d9f383 r6263: Get rid of generate_wellknown_sids, they are const static and initializable
statically.

Volker
2007-10-10 10:56:33 -05:00
Herb Lewis
efea76ac71 r6225: get rid of warnings from my compiler about nested externs 2007-10-10 10:56:30 -05:00
Jeremy Allison
e3c7d08bb6 r6060: It's not quite accurate to say not having write access causes a group
entry never to match - it matches but if doesn't grant access is recorded
so the "other" entry isn't subsequently checked.
Fix the algorithm.
Jeremy.
2007-10-10 10:56:19 -05:00
Jeremy Allison
6609b209f5 r6057: Don't put the assert in the wrong place :-).
Jeremy.
2007-10-10 10:56:19 -05:00
Jeremy Allison
81fb337286 r6055: Fix algorithm. If any of the primary or supplementary group ids match
a "allow" entry of GROUP or GROUP_OBJ, then access is allowed. It doesn't
terminate on the first match. Added debug to show where the match occured
(or didn't).
Jeremy.
2007-10-10 10:56:19 -05:00
Jeremy Allison
e831cef618 r6053: Fixup dfs path with the new wildcard parser code split out.
Jeremy.
2007-10-10 10:56:19 -05:00
Jeremy Allison
80e788143a r6049: Ensure "dos filetime" checks file ACLs correctly. May fix Excel "read-only"
issue.
Jeremy.
2007-10-10 10:56:18 -05:00
Jeremy Allison
21e3cf2f8f r6001: Oops. Checing the wrong tagtype - should have been SMB_ACL_GROUP, not SMB_ACL_MASK.
Fix bug #2521.
Jeremy.
2007-10-10 10:56:15 -05:00
Jeremy Allison
eb18104d10 r5616: Forgot about the sticky bit on directories (commonly set on /tmp). If this is set
then only the owner or root can delete a file. We now use
the same algorithm to check file delete.
Jeremy.
2007-10-10 10:55:50 -05:00
Jeremy Allison
ecc134a2e3 r5355: Fill in the access check code for POSIX ACLs to *really* fix bug #2227.
Jeremy.
2007-10-10 10:55:39 -05:00
Jeremy Allison
da23577f16 r5324: In order to process DELETE_ACCESS correctly and return access denied
to a WXPSP2 client we must do permission checking in userspace first
(this is a race condition but what can you do...). Needed for bugid #2227.
Jeremy.
2007-10-10 10:55:37 -05:00
Jeremy Allison
620f2e608f r4088: Get medieval on our ass about malloc.... :-). Take control of all our allocation
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
2007-10-10 10:53:32 -05:00
Jeremy Allison
7e78059948 r4016: Fix for bug found by Steve French client code (cifsfs) on
POSIX ACL set. You need to *get* a permset_t pointer from the entry before
any of the permset code will accept it as a valid value
Jeremy.
2007-10-10 10:53:27 -05:00
Jeremy Allison
fbbdb72cf1 r4007: Fix bug #2088 - ensure inherit permissions is only applied on a new file,
not an existing one.
Jeremy.
2007-10-10 10:53:27 -05:00
Jeremy Allison
934c41b474 r3951: Fix for bugid #2081 reported by John Janosik <jpjanosi@us.ibm.com> - ensure
SE_DESC_DACL_PROTECTED is set if "map acl inherit = no".
Jeremy.
2007-10-10 10:53:26 -05:00
Jeremy Allison
d28611c960 r3859: Ensure if num_acls is set to 0xFFFF this field is ignored.
Use def_acl everywhere instead of dir_acl.
Jeremy.
2007-10-10 10:53:21 -05:00
Jeremy Allison
1aa1c2f489 r3816: Added fn to remove an ACL from a file. Now need client code to test this.
How do the share mask/modes fit into this code... Need to think about this.
Jeremy.
2007-10-10 10:53:19 -05:00
Jeremy Allison
6101ec2247 r3794: Added set posix acl functionality into the UNIX extensions code.
One part missing - delete file acl (to be added asap). No client
code yet, also needs testing with valgrind.
Jeremy.
2007-10-10 10:53:17 -05:00
Jeremy Allison
089a76f611 r3693: Correctly detect errno for no acl/ea support.
Jeremy
2007-10-10 10:53:14 -05:00
Günther Deschner
3acc74eef5 r3496: Fix calling of get_acl_group_bits().
Guenther
2007-10-10 10:53:08 -05:00
Jeremy Allison
7e35900bc6 r3296: Fix to ensure entries are stored in correct order. Bug #1498. Patch from
SATOH Fumiyasu <fumiya@samba.gr.jp>.
Jeremy.
2007-10-10 10:53:04 -05:00
Jeremy Allison
c97aab7ee6 r3117: Fix from Tom Lackemann <cessnatomny@yahoo.com> for bug #1954.
Memory leak in posix acl code.
Jeremy.
2007-10-10 10:53:01 -05:00
Jeremy Allison
31505acf03 r1681: Ensure we return the same ACL revision on the wire that W2K3 does.
Jeremy.
2007-10-10 10:52:18 -05:00
Volker Lendecke
80e57d2790 r1314: Restore the 2.2 'force unknown acl user' parameter. When getting a security
descriptor for a file, if the owner sid is not known, the owner uid is set to
the current uid. Same for group sid.

This makes xcopy /o possible for files that are owned by local users/groups
(local administrators for example).

Thanks to Guenther for his persistence :-)

Volker
2007-10-10 10:52:05 -05:00
Jeremy Allison
4695cc95fe r786: Memory leak fixes in (mostly) error code paths from
kawasa_r@itg.hitachi.co.jp. A couple of mem leak fixes in
mainline code paths though :-).
Jeremy.
2007-10-10 10:51:38 -05:00
Herb Lewis
b7703799f8 r428: add acls debug class 2007-10-10 10:51:23 -05:00
Jeremy Allison
a205c56a75 r50: Fix bug 1139 as per fix suggested by jdev@panix.com,
swap lookups for user and group - group will do an
algorithmic lookup if it fails, user won't.
Jeremy.
2007-10-10 10:51:06 -05:00
Jeremy Allison
ed653cd468 Added per-share parameter "store dos attributes". When set, will store
dos attributes in an EA. Based on an original patch from tridge, but
modified somewhat to cover all cases.
Jeremy.
-
Jeremy Allison
8cc10a6c05 Added support for OS/2 EA's in smbd server. Test with smbtorture eatest.
New protocol option "ea support" to turn them on (off by default). Conrad
at Apple may like this as it allows MacOS resource forks to be stored on
a file. Passes valgrind. Documentation to follow.
Jeremy.
-
Jeremy Allison
7bf5ed30ce Patch from Jim McDonough for bug #802. Retrieve the correct ACL group bits
if the file has an ACL.
Jeremy.
-