1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
Commit Graph

49 Commits

Author SHA1 Message Date
Günther Deschner
7f6bb48bdf s3-secdesc: remove "typedef struct security_descriptor SEC_DESC".
Guenther
2010-05-18 12:30:12 +02:00
Günther Deschner
8951c8301a s3-secdesc: remove "typedef struct security_acl SEC_ACL".
Guenther
2010-05-18 12:30:12 +02:00
Günther Deschner
a8b01d1f3b s3-secdesc: remove "typedef struct security_ace SEC_ACE".
Guenther
2010-05-18 12:30:11 +02:00
Jeremy Allison
6b2358e15e Pass "connection_struct *conn" into functions that currently use "current_user.XXX"
Will allow me to replace them with accessor functions.

Jeremy.
2010-03-15 14:49:11 -07:00
Jeremy Allison
4b85a0ea7f Rever e80ceb1d73 "Remove more uses of "extern struct current_user current_user;"."
As requested by Volker, split this into smaller commits.

Jeremy.
2010-03-15 14:48:54 -07:00
Jeremy Allison
e80ceb1d73 Remove more uses of "extern struct current_user current_user;".
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.

Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.

Jeremy.
2010-03-12 13:56:51 -08:00
Jeremy Allison
1e322cf6a9 Fix more use of VFS_STAT when posix pathnames selected.
Jeremy.
2009-10-02 11:05:03 -07:00
Jeremy Allison
a023b6c64b Use defined names rather than numeric constants to make code
clearer.
Jeremy.
2009-08-14 15:06:11 -07:00
Michael Adam
12864ffd51 gpfs.so: map the file_inherit and dir_inherit flags away for files
GPFS sets inherits dir_inhert and file_inherit flags
to files, too, which confuses windows, and seems to
be wrong anyways.

So when mapping a nfs4 acl to a windows acl, we map these
flags away for files.

Michael
2009-08-14 23:23:20 +02:00
Tim Prouty
c9b8a01714 s3: Finish plumbing the fsp->fsp_name smb_fname conversion through the modules. 2009-07-20 17:26:57 -07:00
Tim Prouty
1a1d10d22f s3: Plumb smb_filename through dos_mode() and related funtions 2009-07-08 21:36:03 -07:00
Christian Ambach
5e7da42f6e do not merge ACEs with different SMB_ACE4_INHERIT_ONLY_ACE flag, this leads to wrong inheritance flags in the ACL e.g. (on GPFS) user:10000036:rwxc:allow (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly
 (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (X)DELETE    (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

group:10000005:rwxc:allow
 (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (X)DELETE    (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly
 (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (X)DELETE    (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

would be merged to

user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly
 (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (X)DELETE    (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly
 (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (X)DELETE    (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

so the explicit right for the user on the parent directory will be gone (the InheritOnly flag only accounts to subdirectories)
thus leaving the user without access to the directory itself

Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
2009-07-06 12:28:52 +02:00
Volker Lendecke
6a66114f25 Add a \n to a debug message in smbacl4_nfs42win 2009-06-25 14:47:27 +02:00
Tim Prouty
e129384d7c s3: Plumb smb_filename through SMB_VFS_STAT and SMB_VFS_LSTAT
This patch introduces two new temporary helper functions
vfs_stat_smb_fname and vfs_lstat_smb_fname.  They basically allowed me
to call the new smb_filename version of stat, while avoiding plumbing
it through callers that are still too inconvenient.  As the conversion
moves along, I will be able to remove callers of this, with the goal
being to remove all callers.

There was also a bug in create_synthetic_smb_fname_split (also a
temporary utility function) that caused it to incorrectly handle
filenames with ':'s in them when in posix mode.  This is now fixed.
2009-06-24 21:15:25 -07:00
Volker Lendecke
4df33ec4a7 Fix the build of nfs4_acls.c 2009-05-27 11:54:15 +02:00
Volker Lendecke
a8ffc286a4 Fix a size_t/int warning 2009-05-27 11:54:14 +02:00
Volker Lendecke
49ca690b4b Introduce "struct stat_ex" as a replacement for SMB_STRUCT_STAT
This patch introduces

struct stat_ex {
        dev_t           st_ex_dev;
        ino_t           st_ex_ino;
        mode_t          st_ex_mode;
        nlink_t         st_ex_nlink;
        uid_t           st_ex_uid;
        gid_t           st_ex_gid;
        dev_t           st_ex_rdev;
        off_t           st_ex_size;
        struct timespec st_ex_atime;
        struct timespec st_ex_mtime;
        struct timespec st_ex_ctime;
        struct timespec st_ex_btime; /* birthtime */
        blksize_t       st_ex_blksize;
        blkcnt_t        st_ex_blocks;
};
typedef struct stat_ex SMB_STRUCT_STAT;

It is really large because due to the friendly libc headers playing macro
tricks with fields like st_ino, so I renamed them to st_ex_xxx.

Why this change? To support birthtime, we already have quite a few #ifdef's at
places where it does not really belong. With a stat struct that we control, we
can consolidate the nanosecond timestamps and the birthtime deep in the VFS
stat calls.

At this moment it is triggered by a request to support the birthtime field for
GPFS. GPFS does not extend the system level struct stat, but instead has a
separate call that gets us the additional information beyond posix. Without
being able to do that within the VFS stat calls, that support would have to be
scattered around the main smbd code.

It will very likely break all the onefs modules, but I think the changes will
be reasonably easy to do.
2009-05-26 17:48:23 +02:00
Volker Lendecke
9e70a960b7 Fix the build of nfsv4_acls.c
.. after adding smb_iconv_convenience to ndr_size_security_descriptor()
2009-03-27 11:10:50 +01:00
Jeremy Allison
0b62cdbed0 Quieten down a boatload of shadowed variable warnings on Solaris.
Makes real problems easier to spot.
Jeremy.
2009-02-23 15:03:29 -08:00
Jeremy Allison
e6a5f11865 Fix bug #6133 - Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem.
As the NFSv4 ACL mapping code doesn't map write directory into the DELETE_CHILD
permission bit (which we require before allowing a delete) no one can delete
files without an explicit DELETE_CHILD bit set on the directory. Add this mapping.
Jeremy.
2009-02-20 08:23:52 -08:00
Jeremy Allison
b30b1cfcaf Apply same logic fix for #4308 Excel save operation corrupts file ACLs
to NFSv4 ACL code as this uses the same flawed logic as posix_acls.c.
Jeremy.
2009-01-22 16:21:02 -08:00
Jeremy Allison
e5692d4cbe Remove SEC_ACCESS. It's a uint32_t.
Jeremy.
2008-10-09 09:49:03 -07:00
Jeremy Allison
ec5d09dbff Update vfs version as I've added a const to the security_descriptor paramter in fset_nt_acl().
Need to watch the build farm to make sure I haven't broken the AIX or Solaris ACL modules.
Jeremy.
2008-10-07 17:50:01 -07:00
Volker Lendecke
d4b41079cb When setting an NFSv4 ACL, map generic bits
(This used to be commit dbe7a61be2)
2008-09-08 16:53:54 +02:00
Volker Lendecke
e9489e9ff6 Fix the build of nfs4_acls.c
(This used to be commit 2abb7cd867)
2008-07-11 13:03:42 +02:00
Michael Adam
e1732fae33 Remove reference to current_user from modules/nfs4_acls.c .
Michael
(This used to be commit 50fbfa0348)
2008-06-17 10:33:12 +02:00
Alexander Bokovoy
313f7d10b8 Merge latest fixes to vfs_gpfs and NFS4 ACLs from Samba 3.0 CTDB branch (from http://samba.org/~tridge/3_0-ctdb)
Signed-off-by: Alexander Bokovoy <ab@samba.org>(This used to be commit 1daad835cb)
2008-01-16 12:18:57 +03:00
Michael Adam
87a684f7fc Remove redundant parameter fd from SMB_VFS_FSTAT().
Michael
(This used to be commit 0b86c420be)
2008-01-07 15:59:01 +01:00
Volker Lendecke
7cbdb48475 Remove tiny code duplication
ndr_size_security_descriptor does the same as sec_desc_size
(This used to be commit bc3bd7a8e7)
2007-12-29 23:13:26 +01:00
Michael Adam
c650857fac Split smb_get_nt_acl_nfs4 into two (f- and non-f-variant).
This is the next step in preparation of a get_nt_acl prototype change.

Michael
(This used to be commit 7afeb1c6cb)
2007-12-19 23:07:57 +01:00
Michael Adam
cb69a78505 Split smbacl4_GetFileOwner into two (f- and non-f-variant).
This is in preparation of a get_nt_acl prototype change.
(This used to be commit e0672a46a2)
2007-12-19 23:07:57 +01:00
Volker Lendecke
900288a2b8 Replace sid_string_static by sid_string_dbg in DEBUGs
(This used to be commit bb35e794ec)
2007-12-15 22:09:36 +01:00
Volker Lendecke
15953b82eb Make [f]get_nt_acl return NTSTATUS
(This used to be commit dcbe1bf942)
2007-11-13 15:47:01 +01:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
2007-10-18 17:40:25 -07:00
Volker Lendecke
929e1d9920 r24809: Consolidate the use of temporary talloc contexts.
This adds the two functions talloc_stackframe() and talloc_tos().

 * When a new talloc stackframe is allocated with talloc_stackframe(), then
 * the TALLOC_CTX returned with talloc_tos() is reset to that new
 * frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse
 * happens: The previous talloc_tos() is restored.
 *
 * This API is designed to be robust in the sense that if someone forgets to
 * TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and
 * resets the talloc_tos().

The original motivation for this patch was to get rid of the
sid_string_static & friends buffers. Explicitly passing talloc context
everywhere clutters code too much for my taste, so an implicit
talloc_tos() is introduced here. Many of these static buffers are
replaced by a single static pointer.

The intended use would thus be that low-level functions can rather
freely push stuff to talloc_tos, the upper layers clean up by freeing
the stackframe. The more of these stackframes are used and correctly
freed the more exact the memory cleanup happens.

This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and
lp_talloc_ctx (did I forget any?)

So, never do a

tmp_ctx = talloc_init("foo");

anymore, instead, use

tmp_ctx = talloc_stackframe()

:-)

Volker
(This used to be commit 6585ea2cb7)
2007-10-10 12:30:24 -05:00
Andrew Tridgell
153cfb9c83 r23801: The FSF has moved around a lot. This fixes their Mass Ave address.
(This used to be commit 87c91e4362)
2007-10-10 12:28:27 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b)
2007-10-10 12:28:20 -05:00
Jeremy Allison
a0ac7a7f4c r23620: Convert set_nt_acl to return NTSTATUS. Also fix the chown
return to correctly return NT_STATUS_INVALID_OWNER if it
should be disallowed. Matches better what W2K3R3 does.

NFSv4 ACL module owners, please examine these changes.

Jeremy.
(This used to be commit fc6899a550)
2007-10-10 12:23:37 -05:00
Alexander Bokovoy
ea7f6e7afa r23302: Refactor vfs_gpfs module, fix problems with chmod Tridge has found during ctdb tests
(This used to be commit e150e42ac5)
2007-10-10 12:23:04 -05:00
Jeremy Allison
09ba519eb4 r22592: Fix TALLOC_SIZE to be consistent.
Jeremy.
(This used to be commit 8044a6482c)
2007-10-10 12:19:49 -05:00
Jeremy Allison
12ba88574b r22542: Move over to using the _strict varients of the talloc
calls. No functional changes. Looks bigger than it is :-).
Jeremy.
(This used to be commit f6fa3080fe)
2007-10-10 12:19:44 -05:00
Alexander Bokovoy
679a313517 r21885: Chown logic should be activated only if nfs4:chown=yes
(This used to be commit b10410634f)
2007-10-10 12:18:44 -05:00
Volker Lendecke
b3d18b12c2 r18785: Check in Peter Somogyis build fix
(This used to be commit 31c1be9056)
2007-10-10 12:00:57 -05:00
Jeremy Allison
eb6e31afed r18719: Compile fix from Peter Somogyi.
Jeremy.
(This used to be commit 867eeaafce)
2007-10-10 12:00:52 -05:00
Jeremy Allison
8155621d54 r18603: Add in the NFSv4 ACL mapping code from IBM.
Sorry for the delay :-).
Jeremy.
(This used to be commit a52fa21895)
2007-10-10 11:51:59 -05:00
Jeremy Allison
d42a96b3ec r17367: Reverting the ab code. Note I'm not saying this
code is wrong or bad or anything, just that it
needs to be discussed & reviewed on the samba-technical
list before we add a platform-specific NFSv4 mapping.
That way lies a lot of future pain :-).
Jeremy.
(This used to be commit 330899ec30)
2007-10-10 11:38:29 -05:00
Alexander Bokovoy
fbd04d65c5 r17358: Re-add JFS2 NFS4 ACLs support, move readme for it into AIX-specific examples directory.
(This used to be commit c085355c32)
2007-10-10 11:38:28 -05:00
Alexander Bokovoy
16bf23d973 r17354: Revert -r 17353 per Volker request while gpfs compatibility layer code will be released.
(This used to be commit 5b1db01514)
2007-10-10 11:38:27 -05:00
Alexander Bokovoy
4cf5769331 r17353: Add support for JFS2 NFS4/AIXC and GPFS acls based on NFSv4 ACLs.
(This used to be commit 72312cb2e2)
2007-10-10 11:38:27 -05:00