IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
It is kindof unexpected that we get params for something else but
"nfs4:"
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Aug 13 17:45:31 CEST 2015 on sn-devel-104
We don't need the nt_ace_list beyond this function, make_sec_acl makes
a copy and make_sec_desc makes another one
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
With the anonymous struct SMB4ACE_T we can rely on the compiler
to warn us
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
With the anonymous struct SMB4ACL_T we can rely on the compiler
to warn us
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We can make the _INT_ structure now be the representation of the
published anonymous struct
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
We can make the _INT_ structure now be the representation of the
published anonymous struct
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
-typedef struct _SMB4ACE_T {char dontuse;} SMB4ACE_T;
+struct SMB4ACE_T;
Same as for ACL_T
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
The relevant change:
-typedef struct _SMB4ACL_T {char dontuse;} SMB4ACL_T;
+struct SMB4ACL_T;
We can use anonymous structs to prevent direct use. This patch will
trigger a set of simplifications in the next patches
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
They are all post-stream name processing.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11249
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Feb 9 12:25:06 CET 2015 on sn-devel-104
The ACL control flags stores in particular the dacl protected bit
which is responsible for the "Include inherited permissions from
this object's parent" checkbox. This stores the information in the
ACL struct passed to and from file system specific vfs modules.
Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Wed Oct 30 20:31:42 CET 2013 on sn-devel-104
A realloc with size zero is similar to a free.
Since we return the number of acls that's not an error.
Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Aug 28 20:25:56 CEST 2013 on sn-devel-104
The mode special substitution now happens in a separate function.
The substitution at this point is unnecessary.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Tue Jul 16 00:52:26 CEST 2013 on sn-devel-104
Windows maps an open request of GENERIC_ALL on files to 0x1FF specific bits, which
includes DELETE_CHILD even though this has no meaning on file ACE's. If a returned
NFSv4 ACE entry for a file has all other specific bits set except for DELETE (which
comes from the containing directory) and DELETE_CHILD (which has no meaning) then
optionally add it into the returned ACE entry.
This is using the same parameter in the same way as it is currently used
in smbd/posix_acls.c. Note that as this parameter is on by default, it
is already being tested in the existing raw.acl tests.
Fixes issue with Microsoft SMB2 torture test suite found at the interop event
in Redmond, WA.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Non inheriting ACL entries will show mode bits.
With this an file owner change does affect the effective ACL because
the special owner acl will now refer to the new owner.
This could be fixed by updating the ACL on a file owner change.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This is ignored in nfs4mode special for compatibility.
Also ensure that we drop non inheriting creator owner
aces since these don't contribute to who can access
a file.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
We need the parameters earlier in the code so we move up
the declaration of the params struct. Since reading the
parameters is closely related the definition of the function
smbacl4_get_vfs_params has also been moved up.
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This ensures the caller knows exactly what the memory lifetime of this
returned object is. This makes the NFSv4 ACL code consistent with the
POSIX and NT ACL code, to avoid supprising developers who have worked
on those other parts of the ACL code.
Most of this patch is adding a memory context to the callers and passing it in.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat Nov 17 01:11:07 CET 2012 on sn-devel-104
the ACEs should be talloc children of the ACL itself and not be placed on talloc_tos()
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().
As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.
Andrew Bartlett
A full fsp is a bit overkill here
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Oct 9 13:38:49 CEST 2012 on sn-devel-104
While it is possible to define inheritance flags on files on Windows, this will
be denied by GPFS and UFS (and potentially others).
So it will be better to strip of these bits when being set for files instead of
failing to set the ACL completely (this is current behavior).
Users that want to retain the full SD will have to use acl_xattr (acl_tdb), as
other pieces of the SD are also lost when translating to NFSv4. So this should
not be a too intrusive change, but allow users to migrate data with such flags
instead of failing to migrate the ACL completely.
By checking just the IDMAP, and by removing the sidmap and lookup_sid calls, we support
IDMAP_BOTH. This is because by checking for a mapping to a GID first, we can rely on
the fact that IDMAP_BOTH will resolve to a GID.
If the sidmap idea is valued - it allows multiple SIDs to map to a single unix ID, this should
be done in the IDMAP layer.
Andrew Bartlett
Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Aug 11 01:17:36 CEST 2012 on sn-devel-104
Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Jul 18 17:45:05 CEST 2012 on sn-devel-104
This will be used to enforce a lock hierarchy between the databases. We have
seen deadlocks between locking.tdb, brlock.tdb, serverid.tdb and notify*.tdb.
These should be fixed by refusing a dbwrap_fetch_locked that does not follow a
defined lock hierarchy.
