1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-22 22:04:08 +03:00

94 Commits

Author SHA1 Message Date
Jeremy Allison
a205c56a75 r50: Fix bug 1139 as per fix suggested by jdev@panix.com,
swap lookups for user and group - group will do an
algorithmic lookup if it fails, user won't.
Jeremy.
2007-10-10 10:51:06 -05:00
Jeremy Allison
ed653cd468 Added per-share parameter "store dos attributes". When set, will store
dos attributes in an EA. Based on an original patch from tridge, but
modified somewhat to cover all cases.
Jeremy.
-
Jeremy Allison
8cc10a6c05 Added support for OS/2 EA's in smbd server. Test with smbtorture eatest.
New protocol option "ea support" to turn them on (off by default). Conrad
at Apple may like this as it allows MacOS resource forks to be stored on
a file. Passes valgrind. Documentation to follow.
Jeremy.
-
Jeremy Allison
7bf5ed30ce Patch from Jim McDonough for bug . Retrieve the correct ACL group bits
if the file has an ACL.
Jeremy.
-
Tim Potter
23443e3aa0 Fix more 64-bit printf warnings. -
Jeremy Allison
dbbd8dd155 Fixed the latest complaint from jcmd :-). We were storing -1 for the
CREATOR_OWNER/CREATOR_GROUP uid/gid entries in the SAMBA_PAI attribute.
Creator Owner and Creator group now show up as inherited correctly (I
think :-). Jim please test.
Jeremy.
-
Jeremy Allison
fa23a4158e Finally ! Fixed the ACL ordering bug reported by jcmd. I realised we were
not sorting returned ACE's correctly w.r.t. W2K - implemented the correct
algorithm.
Jeremy.
-
Jeremy Allison
482e6c79ed Fixed the merge_default_aces() code to work correctly with inheritance.
Hopefully will fix jcmd bugs :-).
Jeremy.
-
Simo Sorce
c501e84d41 Found out a good number of NT_STATUS_IS_ERR used the wrong way.
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK

This patch will cure the problem.
Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is
used correctly, but I'm not 100% sure, coders should check the use of
NT_STATUS_IS_ERR() in samba is ok now.

Simo.
-
Jeremy Allison
fa8ca20ed4 Fixed sorting algorithm to prevent problems with W2K clients.
Jeremy.
-
Jeremy Allison
a83595e80a Mapping of Windows ACL inheritance and protected bits onto extended attributes
if available. Adds new parameter "map acl inheritance" (docs coming soon)
off by default. Allows W2K acl inheritance dialogs to work correctly on
POSIX acls.
Jeremy.
-
Jeremy Allison
685e4e5182 Ensure 'blank' entries show up in both default and normal entries to
allow them to be changed. Works well with W2K and above.
Jeremy.
-
Jeremy Allison
183c9ed405 Change get_nt_acl() to include security_info wanted. Only return this.
This gets us closer to W2k+ in what we return for file ACLs. Fix horribly
broken make_sec_desc() that screwed up the size when given a SD with no
owner or group (how did it get this bad... ?).
Jeremy.
-
Jeremy Allison
cb70d8c9e8 Fix bug brought up by Ken Cross that empty ACE's cause existing ACE's to
be applied to new ACE set calls. This is incorrect. Don't think this
has a bugzilla id.
Jeremy.
-
Tim Potter
1b2b7766c8 Fix shadow parameter warning in free_empty_sys_acl() -
Jeremy Allison
6ddd5b6ca7 Cope with cumulative permissions sets. This code is #ifdef'ed out at the
moment as I don't think cumulative permission sets make sense in POSIX even
though that's the way Windows works....
Jeremy.
-
Alexander Bokovoy
c2689ed118 Prefix VFS API macros with SMB_ for consistency and to avoid problems with VFS_ macros at system side. We currently have one clash with AIX and its VFS_LOCK. Compiled and tested -- no new functionality or code, just plain rename of macros for yet-unreleased VFS API version. Needs to be done before a24 is out -
Simo Sorce
0e58085978 And finally IDMAP in 3_0
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.

Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.

The code has been tested and seem to work right, more testing is needed for
corner cases.

Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)

Simo.
-
Alexander Bokovoy
91984ef5ca Fix VFS layer:
1. Finally work with cascaded modules with private data storage per module
2. Convert VFS API to macro calls to simplify cascading
3. Add quota support to VFS layer (prepare to NT quota support)

Patch by Stefan (metze) Metzemacher, with review of Jelmer and me
Tested in past few weeks. Documentation to new VFS API for third-party developers to follow
-
Simo Sorce
a369c2ff26 use gid_t for gids not uid_t -
Jeremy Allison
a4d7496994 Doing janitor work for tridge.
"changed the order of checking whether a SID is a UID or a GID in posix
acls. This is needed because sid_to_uid always claims that the sid is
a user, due ot a change I made some months back.

This change was suggested by Chere Zhou, but is really an interim
measure. Chere is looking at a longer term solution."

REMEMBER - 3.0 is the one we will SHIP !

Jeremy.
-
Jeremy Allison
7f8d3a49b2 Missed parentheses around complex logic.
Jeremy.
-
Jeremy Allison
1d3b8c528b Patch from Michael Steffens. In his own words :
-------------------------------------------------------------------------
I think there are basically two problem:

  1. Windows clients do not always send ACEs for SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ,
     and SMB_ACL_OTHER.
     The function ensure_canon_entry_valid() is prepared for that, but tries
     to "guess" values from group or other permissions, respectively, otherwise
     falling back to minimum r-- for the owner. Even if the owner had full
     permissions before setting ACL. This is the problem with W2k clients.

  2. Function set_nt_acl() always chowns *before* attempting to set POSIX ACLs.
     This is ok in a take-ownership situation, but must fail if the file is
     to be given away. This is the problem with XP clients, trying to transfer
     ownership of the original file to the temp file.

The problem with NT4 clients (no ACEs are transferred to the temp file, thus
are lost after moving the temp file to the original name) is a client problem.
It simply doesn't attempt to.

I have played around with that using posic_acls.c from 3.0 merged into 2.2.
As a result I can now present two patches, one for each branch. They
basically modify:

  1. Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or SMB_ACL_OTHER
     as "preserve current value" instead of attempting to build one ourself.
     The original code is still in, but only as fallback in case current values
     can't be retrieved.

  2. Rearrange set_nt_acl() such that chown is only done before setting
     ACLs if there is either no change of owning user, or change of owning
     user is towards the current user. Otherwise chown is done after setting
     ACLs.

It now seems to produce reasonable results. (Well, as far as it can. If
NT4 doesn't even try to transfer ACEs, only deliberate use of named default
ACEs and/or "force group" or the crystal ball can help :)
-------------------------------------------------------------------------
Jeremy.
-
Andrew Bartlett
74b5436c75 Merge of server-side authentication changes to 3.0:
- user_ok() and user_in_group() now take a list of groups, instead of
   looking for the user in the members of all groups.

 - The 'server_info' returned from the authentication is now kept around
  - in future we won't copy the sesion key, username etc, we will just
    referece them directly.

 - rhosts upgraded to use the SAM if possible, otherwise fake up based on
   getpwnam().

 - auth_util code to deal with groups upgraded to deal with non-winbind domain
   members again.

Andrew Bartlett
-
Jeremy Allison
4015e39d36 Added comments to make it clearer when we're assigning a pointer that it
must not be freed afterwards.
Jeremy.
-
Jeremy Allison
793609cbc2 Fix from Corny.Bondad@hp.com for missing if (setting_acls) on default
perms.
Jeremy.
-
Andrew Bartlett
299233fbf2 Merge from HEAD: avoid braindead #define on Tru64. -
Jeremy Allison
40eafb9dde First cut of new ACL mapping code from Andreas Gruenbacher <agruen@suse.de>.
This is not 100% the same as what SuSE shipped in their Samba, there is
a crash bug fix, a race condition fix, and a few logic changes I'd like to
discuss with Andreas. Added Andreas to (C) notices for posix_acls.c
Jeremy.
-
Jeremy Allison
3343efaaa8 Fix based on Jim McDonough's code for ACL inheritance problem.
Jeremy.
-
Jeremy Allison
9b8f362abc Fix from Andreas Gruenbacher <agruen@suse.de> to prevent ACL set on read-only
share.
Jeremy.
-
Gerald Carter
65e7b5273b sync'ing up for 3.0alpha20 release -
Jelmer Vernooij
42615b945e Sync 3.0 branch with head -
Andrew Tridgell
03ac082dcb updated the 3.0 branch from the head branch - ready for alpha18 -
Jeremy Allison
7d59445b69 Added POSIX ACL layer into the vfs.
Jeremy.
-
Jeremy Allison
d85133e269 Implemented default ACL patch (set inherit acls = true on a per share basis).
Based on code donated by Olaf Fr�czyk <olaf@cbk.poznan.pl>. Further commit
will change to sending via vfs interface.
Jeremy.
-
Andrew Tridgell
c55737fb25 a more informitive debug message when a SID can't be validated -
Tim Potter
6a58c9bd06 Removed version number from file header.
Changed "SMB/Netbios" to "SMB/CIFS" in file header.
-
Gerald Carter
7dc1c34145 merge from 2.2 -
Andrew Tridgell
1c5e19a418 fixed a crash in merge_aces()
when we free curr_ace_outer we need to not try to use it again :)
-
Jeremy Allison
2d7b81e692 Allow ACL set to fail gracefully on HP HFS filesystems.
Jeremy.
-
Jeremy Allison
b926660e73 Stop using getgrgid() - a very expensive call with winbindd, to look up
a group name.
Jeremy.
-
Tim Potter
9712d3f15a Renamed sid field in SEC_ACE to trustee to be more in line with MS's
definitions.
-
Jeremy Allison
4a54a633c5 Log sys_acl_set_XX at level 2 not zero.
Jeremy.
-
Jeremy Allison
bc7963bd64 Ignore unmappable (NT Authority, BUILTIN etc.) SIDs in an ACL set.
Jeremy.
-
Simo Sorce
a95943fde0 move to SAFE_FREE() -
Jeremy Allison
9961c4c1a3 Don't fail if no owner/group owner set. Use existing owners.
Jeremy.
-
Herb Lewis
65ea13420c if no ACL elements then use chmod - fixes ability to set read-only bit
on files that do not have an ACL
-
Jeremy Allison
324ba0512e Fix from Michael Davidson <md@caldera.com> for DEC OSF/1 ACLs (ie.
Digital UNIX).
Jeremy.
-
Andrew Tridgell
debb471267 The big character set handling changeover!
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
-
Jeremy Allison
d989f8bd3e lib/util_getent.c: removed debug code.
smbd/posix_acls.c: Attempt to fix the "lose default acl" problem in Solaris.
Needs testing.
lib/sysacls.c: Typo fix.
Jeremy.
-