1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-29 11:21:54 +03:00
Commit Graph

31 Commits

Author SHA1 Message Date
Günther Deschner
a75436e3ee s3-security: use shared SECINFO_DACL define.
Guenther
2010-06-03 11:00:12 +02:00
Günther Deschner
630c27bdad s3-security: use shared SECINFO_GROUP define.
Guenther
2010-06-03 10:59:38 +02:00
Günther Deschner
415d3d5fe7 s3-security: use shared SECINFO_OWNER define.
Guenther
2010-06-03 10:59:15 +02:00
Günther Deschner
f9f8007361 s3-build: only use ndr_security.h where needed.
Guenther
2010-05-31 11:32:37 +02:00
Jeremy Allison
984eee7e29 Switch over to using get_currect_XXX() accessor functions.
Jeremy.
2010-03-15 14:49:15 -07:00
Jeremy Allison
4b85a0ea7f Rever e80ceb1d73 "Remove more uses of "extern struct current_user current_user;"."
As requested by Volker, split this into smaller commits.

Jeremy.
2010-03-15 14:48:54 -07:00
Jeremy Allison
e80ceb1d73 Remove more uses of "extern struct current_user current_user;".
Use accessor functions to get to this value. Tidies up much of
the user context code. Volker, please look at the changes in smbd/uid.c
to familiarize yourself with these changes as I think they make the
logic in there cleaner.

Cause smbd/posix_acls.c code to look at current user context, not
stored context on the conn struct - allows correct use of these
function calls under a become_root()/unbecome_root() pair.

Jeremy.
2010-03-12 13:56:51 -08:00
Jeremy Allison
33ee8b5a4e Make file access control decisions a lot easier to debug (at level 10).
Jeremy.
2010-01-12 21:06:09 -08:00
Tim Prouty
23c703a01e s3: Remove unnecessary callers of get_full_smb_filename
This often times means explicitly denying certain operations on a stream
as they are not supported or don't make sense at a particular level.  At
some point in the future these can be enabled, but for now it's better to
remove ambiguity
2009-07-21 12:04:59 -07:00
Tim Prouty
eb8c658fcd s3 file_access: Convert some more functions over to use smb_filneame 2009-06-25 18:25:48 -07:00
Tim Prouty
e129384d7c s3: Plumb smb_filename through SMB_VFS_STAT and SMB_VFS_LSTAT
This patch introduces two new temporary helper functions
vfs_stat_smb_fname and vfs_lstat_smb_fname.  They basically allowed me
to call the new smb_filename version of stat, while avoiding plumbing
it through callers that are still too inconvenient.  As the conversion
moves along, I will be able to remove callers of this, with the goal
being to remove all callers.

There was also a bug in create_synthetic_smb_fname_split (also a
temporary utility function) that caused it to incorrectly handle
filenames with ':'s in them when in posix mode.  This is now fixed.
2009-06-24 21:15:25 -07:00
Jeremy Allison
d2da9dee68 Add some const to the stat struct in the dosmode calls.
Fix a couple more unix_convert uses to filename_convert.
Fix bug in acl_group_override() where an uninitialized
struct could be used. Move unix_convert with wildcard
use in SMBsearch reply to boilerplate code.
Jeremy.
2009-06-18 15:07:14 -07:00
Tim Prouty
5cfac1a1bd s3: Plumb smb_filename from create_file all of the way down to fd_open
I used the smb_filename struct everywhere that was feasible for the
first pass.  There are still some places in this path that need to be
changed to use smb_filename, but this is a good start.

I also:
- Removed fname/path arguments from a few functions that weren't
  really using them.
- Added a utility function for detecting whether an smb_filename is a
  stream.
2009-06-17 20:11:53 -07:00
Jeremy Allison
5cef57ff7d Fix bug #6297 - owner of sticky directory cannot delete files created by others.
The reason we couldn't delete was we were erroring out early
if requestor was not the owner of the file we wanted to delete,
instead of checking if the requestor owned the directory as well.
If either of these is true, we must go on and check the ACL.
Karolin, this is a must for 3.4.0 and also 3.3.next. I'll update
the bug report with patches for 3.4.0 and 3.3.next and ask vl
to review.
Jeremy.
2009-06-11 12:51:45 -07:00
Volker Lendecke
49ca690b4b Introduce "struct stat_ex" as a replacement for SMB_STRUCT_STAT
This patch introduces

struct stat_ex {
        dev_t           st_ex_dev;
        ino_t           st_ex_ino;
        mode_t          st_ex_mode;
        nlink_t         st_ex_nlink;
        uid_t           st_ex_uid;
        gid_t           st_ex_gid;
        dev_t           st_ex_rdev;
        off_t           st_ex_size;
        struct timespec st_ex_atime;
        struct timespec st_ex_mtime;
        struct timespec st_ex_ctime;
        struct timespec st_ex_btime; /* birthtime */
        blksize_t       st_ex_blksize;
        blkcnt_t        st_ex_blocks;
};
typedef struct stat_ex SMB_STRUCT_STAT;

It is really large because due to the friendly libc headers playing macro
tricks with fields like st_ino, so I renamed them to st_ex_xxx.

Why this change? To support birthtime, we already have quite a few #ifdef's at
places where it does not really belong. With a stat struct that we control, we
can consolidate the nanosecond timestamps and the birthtime deep in the VFS
stat calls.

At this moment it is triggered by a request to support the birthtime field for
GPFS. GPFS does not extend the system level struct stat, but instead has a
separate call that gets us the additional information beyond posix. Without
being able to do that within the VFS stat calls, that support would have to be
scattered around the main smbd code.

It will very likely break all the onefs modules, but I think the changes will
be reasonably easy to do.
2009-05-26 17:48:23 +02:00
Jeremy Allison
badad0a6a6 Fix bug #6154 - zfs does not honor admin users.
Jeremy
2009-03-04 16:57:37 -08:00
Jeremy Allison
553818add8 Fix bug #6082 - smbd_gpfs_getacl failed: Windows client can´t rename or delete file
This fixes the generic rename/delete problem for 3.3.0 and above.
Fixed slightly differently to discussions, user viewable modified
ACLs are not a good idea :-).
Jeremy.
2009-02-02 17:10:27 -08:00
Volker Lendecke
972295f80a Rename parent_dirname_talloc() to parent_dirname() 2008-12-31 19:33:25 +01:00
Jeremy Allison
8344e94574 Unify se_access_check with the S4 code. Will make
calculation of SEC_FLAG_MAXIMUM_ALLOWED much easier
for files.
Jeremy.
2008-10-31 10:51:45 -07:00
Volker Lendecke
40f5eab5eb Wrap the unix token info in a unix_user_token in auth_serversupplied_info
No functional change, this is a preparation for more current_user ref removal
(This used to be commit dcaedf345e)
2008-06-19 18:51:37 +02:00
Volker Lendecke
066f6c856f Fix checks in can_delete_file_in_directory()
With at least NFSv4 ACLs around the write permission for the owner is a bogus
check if we can delete a file in a directory. Like in Windows, there are two
ways which can grant us such: First, the DELETE permission on the file itself,
or if that does not help, the DELETE_CHILD permission on the directory. It
might be a bit more code that runs, but essentially we should end up with the
same set of syscalls in the non-acl case.
(This used to be commit daa9b05664)
2008-06-19 15:27:41 +02:00
Michael Adam
aedce263a8 file_access: add a function header comment for can_access_file_acl().
Michael
(This used to be commit 7d5fb873bd)
2008-06-18 00:06:46 +02:00
Michael Adam
b172eb1d47 file_access: remove unneeded stat buf parameter from can_access_file_acl().
This is a security descriptor level function only.

Michael
(This used to be commit 5931540fa1)
2008-06-17 23:58:49 +02:00
Volker Lendecke
704c99f340 Remove the reference to current_user from file_access.c
conn holds the current user info
(This used to be commit 093bc5f2b3)
2008-06-15 11:39:31 +02:00
Jeremy Allison
b430b38220 Remove the "stat_open()" function, flag, and all associated code. It was only
being (correctly) used in the can_read/can_write checks for hide unreadable/unwritable
and this is more properly done using the functions in smbd/file_access.c.
Preparing to do NT access checks on all file access.
Jeremy.
(This used to be commit 6bfb06ad95)
2008-05-02 17:22:10 -07:00
Jeremy Allison
96e969c9eb Move directory_has_default_acl() to file_access.c, belongs
there as it no longer uses explicit POSIX ACL calls.
Jeremy.
(This used to be commit ac1eac9b0d)
2008-05-02 10:09:00 -07:00
Michael Adam
233eb0e560 Change the prototype of the vfs function get_nt_acl().
Up to now, get_nt_acl() took a files_struct pointer (fsp) and
a file name. All the underlying functions should need and now
do need (after the previous preparatory work), is a connection_struct
and a file name. The connection_struct is already there in the
vfs_handle passed to the vfs functions. So the files_struct
argument can be eliminated.

This eliminates the need of calling open_file_stat in a couple
of places to produce the fsp needed.

Michael
(This used to be commit b5f600fab5)
2007-12-19 23:08:01 +01:00
Michael Adam
8ab992524a Fix potential orphaned open files.
Calling can_access_file could lead to orphaned open files
when SMB_VFS_GET_NT_ACL returned ENOSYS (not implemented).

Michael
(This used to be commit f4f700cf0c)
2007-11-13 23:26:38 +01:00
Volker Lendecke
15953b82eb Make [f]get_nt_acl return NTSTATUS
(This used to be commit dcbe1bf942)
2007-11-13 15:47:01 +01:00
Volker Lendecke
7e9d639ed1 Cosmetic fix
Do directory vs file open before entering open_file_stat
(This used to be commit cd62122916)
2007-11-11 23:45:02 +01:00
Michael Adam
7d899b5e7b Move some access check functions that are not posix-acl specific
to a new source file of their own.

Michael
(This used to be commit 9dd18bb534)
2007-11-06 19:32:10 +01:00