1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-25 06:04:04 +03:00

48 Commits

Author SHA1 Message Date
Volker Lendecke
e3523c8d46 nfs4acls: Add "smbacl4_vfs_params" parameter to smb_set_nt_acl_nfs4
Pure placeholder right now, this will allow vfs modules to load the params in
advance

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-08-12 17:15:20 +02:00
Volker Lendecke
02882b44df nfs4acls: Add "smbacl4_vfs_params" parameter to smb_get_nt_acl_nfs4
Pure placeholder right now, this will allow vfs modules to load the params in
advance

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-08-12 17:15:20 +02:00
Volker Lendecke
fbddf56f17 nfs4acls: Add "smbacl4_vfs_params" parameter to smb_fget_nt_acl_nfs4
Pure placeholder right now, this will allow vfs modules to load the params
in advance. nfs4 acl parameters should not change while a tcon is live,
and lp_parm_get_* show up in profiles. Loading the parameters once at
tcon time will remove this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-08-12 17:15:20 +02:00
Jeremy Allison
cb7016594a s3:smbd:vfs: Change smb_get_nt_acl_nfs4() to take a const struct smb_filename *.
Push the struct further down closer to places that use
lp_posix_pathname() functions.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
2016-03-14 23:02:10 +01:00
Jeremy Allison
a5f441dc71 vfs:zfs fix build after get_nt_acl_fn signature change.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Mar  2 10:50:58 CET 2016 on sn-devel-144
2016-03-02 10:50:58 +01:00
Volker Lendecke
157711cb47 nfs4acls: Use an anon struct for SMB4ACE_T
-typedef struct _SMB4ACE_T {char dontuse;} SMB4ACE_T;
+struct SMB4ACE_T;

Same as for ACL_T

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-08-13 14:40:15 +02:00
Volker Lendecke
f15ad38d14 nfs4acls: Use an anon struct for SMB4ACL_T
The relevant change:

-typedef struct _SMB4ACL_T {char dontuse;} SMB4ACL_T;
+struct SMB4ACL_T;

We can use anonymous structs to prevent direct use. This patch will
trigger a set of simplifications in the next patches

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2015-08-13 14:40:15 +02:00
Richard Sharpe
e60cc280d6 Convert all uint8/16/32 to _t in all modules.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2015-05-06 04:14:14 +02:00
Andrew Bartlett
00cb6354cf vfs: Allow CREATOR GROUP to be used with vfs_zfsacl
The solaris acl() code requires that both ACE_GROUP|ACE_IDENTIFIER_GROUP be
set to indicate the @group permissions.

Otherwise, it would return Invalid Paramter to clients.

Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:21 +02:00
Andrew Bartlett
5d517f4166 vfs: Remove unused security_info argument in vfz_zfsacl.c
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:20 +02:00
Andrew Bartlett
a65568750b vfs: Allocate SMB4ACL_T on an explict memory context
This ensures the caller knows exactly what the memory lifetime of this
returned object is.  This makes the NFSv4 ACL code consistent with the
POSIX and NT ACL code, to avoid supprising developers who have worked
on those other parts of the ACL code.

Most of this patch is adding a memory context to the callers and passing it in.

Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:20 +02:00
Andrew Bartlett
67bb7d93ba vfs: Add vfs_handle_struct argument to smb_set_nt_acl_nfs4 and the callback
This allows the callback to call xattr based storage functions that need this argument.

Andrew Bartlett

Reviewed-by: Jeremy Allison <jra@samba.org>
2013-05-09 06:18:20 +02:00
Ira Cooper
0615f68096 s3: Fix vfs_zfsacl to compile.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2013-01-09 15:29:51 +11:00
Andrew Bartlett
38416ccac3 vfs: Use a blocking function in vfs_zfsacl for system ACL blobs
This is so we do not query some other module for the ACL blob, as zfs
ACLs are not posix ACLs.  We may add a linearisation later.

Andrew Bartlett
2012-10-11 12:25:13 +11:00
Andrew Bartlett
c8ade07760 smbd: Add mem_ctx to {f,}get_nt_acl VFS call
This makes it clear which context the returned SD is allocated on, as
a number of callers do not want it on talloc_tos().

As the ACL transformation allocates and then no longer needs a great
deal of memory, a talloc_stackframe() call is used to contain the
memory that is not returned further up the stack.

Andrew Bartlett
2012-10-11 12:25:11 +11:00
Richard Sharpe
422494a8e6 vfs: Make function pointer names consistent. They all end in _fn
Autobuild-User: Richard Sharpe <sharpe@samba.org>
Autobuild-Date: Mon Dec 12 04:58:40 CET 2011 on sn-devel-104
2011-12-12 04:58:40 +01:00
Volker Lendecke
76c73dbb22 s3-zfsacl: Fix a debug message
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Jul  8 11:22:55 CEST 2011 on sn-devel-104
2011-07-08 11:22:55 +02:00
Günther Deschner
53bdf43aca s3-vfs acl modules: more non-linux build fixes.
Guenther

Autobuild-User: Günther Deschner <gd@samba.org>
Autobuild-Date: Wed Mar 30 16:00:02 CEST 2011 on sn-devel-104
2011-03-30 16:00:02 +02:00
Günther Deschner
45364f5e69 s3-vfs: include smbd/smbd.h in vfs modules.
Guenther
2011-03-30 01:13:08 +02:00
Volker Lendecke
e6e7c724ad s3: On FreeBSD, compile zfsacl if sunacl.h is around
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sun Jan 30 12:17:49 CET 2011 on sn-devel-104
2011-01-30 12:17:48 +01:00
Paul B. Henson
99a74ff5e6 Fix bug #7909 - map SYNCHRONIZE acl permission statically in zfs_acl vfs module.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Thu Jan 13 20:02:32 CET 2011 on sn-devel-104
2011-01-13 20:02:31 +01:00
Volker Lendecke
bdff4591ca s3: Fix some warnings in the zfsacl module
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Sat Jan  8 13:42:20 CET 2011 on sn-devel-104
2011-01-08 13:42:20 +01:00
Günther Deschner
7f6bb48bdf s3-secdesc: remove "typedef struct security_descriptor SEC_DESC".
Guenther
2010-05-18 12:30:12 +02:00
Volker Lendecke
0ad83813ee s3: Add a zfsacl:denymissingspecial parameter
When setting an ACL without any of the user/group/other entries, ZFS
automatically creates them. This can at times confuse users a lot. This
parameter denies setting such an acl, users explicitly have to for example set
an ACE with everyone allowing nothing. Users need to be educated about this,
but this helps avoid a lot of confusion.
2010-01-11 12:14:37 +01:00
Volker Lendecke
033185e2a1 Make the smbd VFS typesafe 2009-07-24 11:42:05 -04:00
Tim Prouty
c9b8a01714 s3: Finish plumbing the fsp->fsp_name smb_fname conversion through the modules. 2009-07-20 17:26:57 -07:00
Michael Adam
afbfbd7f4c [s3]zfsacl: "return" is not a function.
Michael
2008-11-25 11:29:41 +01:00
Nils Goroll
bf04324592 [s3]zfsacl: Prevent calling POSIX ACL vfs methods on zfs share.
This is a proposed fix for Bugs #5135 and #5446.

Signed-off-by: Michael Adam <obnox@samba.org>
2008-11-25 11:29:40 +01:00
Jeremy Allison
ec5d09dbff Update vfs version as I've added a const to the security_descriptor paramter in fset_nt_acl().
Need to watch the build farm to make sure I haven't broken the AIX or Solaris ACL modules.
Jeremy.
2008-10-07 17:50:01 -07:00
Volker Lendecke
bdd815e554 Fix the build of vfs_zfsacl.c
(cherry picked from commit b83beeda44e1c8d485c2ad6bb8ee539cdcbe8bda)
(This used to be commit b46ce28039e8829f5188574ebe84ff3b7d9e65bc)
2008-07-18 17:53:58 +02:00
Jeremy Allison
00b2cdf75e Yay ! Remove a VFS entry. Removed the set_nt_acl() call,
this can only be done via fset_nt_acl() using an open
file/directory handle. I'd like to do the same with
get_nt_acl() but am concerned about efficiency
problems with "hide unreadable/hide unwritable" when
doing a directory listing (this would mean opening
every file in the dir on list).
Moving closer to rationalizing the ACL model and
maybe moving the POSIX calls into a posix_acl VFS
module rather than having them as first class citizens
of the VFS.
Jeremy.
(This used to be commit f487f742cb903a06fbf2be006ddc9ce9063339ed)
2008-05-08 18:09:07 -07:00
Michael Adam
05352cf2cb Remove superfluous parameter fd from SMB_VFS_FSET_NT_ACL().
Michael
(This used to be commit 4f2d139a186048f08180378a877b69d2f80ad51f)
2008-01-06 23:08:00 +01:00
Michael Adam
ee24c629a6 Remove superfluous fd parameter from SMB_VFS_FGET_NT_ACL().
Michael
(This used to be commit c0c7c1223da29c68359dac64a340c1c710d5f3d2)
2008-01-06 23:07:59 +01:00
Michael Adam
233eb0e560 Change the prototype of the vfs function get_nt_acl().
Up to now, get_nt_acl() took a files_struct pointer (fsp) and
a file name. All the underlying functions should need and now
do need (after the previous preparatory work), is a connection_struct
and a file name. The connection_struct is already there in the
vfs_handle passed to the vfs functions. So the files_struct
argument can be eliminated.

This eliminates the need of calling open_file_stat in a couple
of places to produce the fsp needed.

Michael
(This used to be commit b5f600fab53c9d159a958c59795db3ba4a8acc63)
2007-12-19 23:08:01 +01:00
Michael Adam
65b3065a4b Fix two debug statements: Add missing printf parameter.
Michael
(This used to be commit 1c4f74551f48429ee3af2022101a97679e25cdea)
2007-12-19 23:07:59 +01:00
Michael Adam
35f13ae589 Reformatting: wrap long lines and remove trailing spaces.
Michael
(This used to be commit f6db5a0d0571130f765d8a0fb4e20e61cc8b2487)
2007-12-19 23:07:59 +01:00
Michael Adam
c8fc49ff1b Prepare the zfs acl module for the api change in get_nt_acl().
Michael
(This used to be commit 04258231dc654df077638edb7cb08542e39b7547)
2007-12-19 23:07:58 +01:00
Michael Adam
c650857fac Split smb_get_nt_acl_nfs4 into two (f- and non-f-variant).
This is the next step in preparation of a get_nt_acl prototype change.

Michael
(This used to be commit 7afeb1c6cb1bdb58d1e61c54ae215d947d8dc3ea)
2007-12-19 23:07:57 +01:00
Michael Adam
b2f942cfe2 Fix build of the zfs_acl module.
There was one caller of smb_get_nt_acl_nfs4() forgotten
in the change of return value.

Michael
(This used to be commit 4d3e84a3b3a39d3d2c9b86affa16c8124b1496e5)
2007-11-13 15:50:14 +01:00
Volker Lendecke
15953b82eb Make [f]get_nt_acl return NTSTATUS
(This used to be commit dcbe1bf942d017a3cd5084c6ef605a13912f795b)
2007-11-13 15:47:01 +01:00
Jeremy Allison
30191d1a57 RIP BOOL. Convert BOOL -> bool. I found a few interesting
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3cbb3e5fa6a86be60f34fe340a3ca71f)
2007-10-18 17:40:25 -07:00
Volker Lendecke
929e1d9920 r24809: Consolidate the use of temporary talloc contexts.
This adds the two functions talloc_stackframe() and talloc_tos().

 * When a new talloc stackframe is allocated with talloc_stackframe(), then
 * the TALLOC_CTX returned with talloc_tos() is reset to that new
 * frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse
 * happens: The previous talloc_tos() is restored.
 *
 * This API is designed to be robust in the sense that if someone forgets to
 * TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and
 * resets the talloc_tos().

The original motivation for this patch was to get rid of the
sid_string_static & friends buffers. Explicitly passing talloc context
everywhere clutters code too much for my taste, so an implicit
talloc_tos() is introduced here. Many of these static buffers are
replaced by a single static pointer.

The intended use would thus be that low-level functions can rather
freely push stuff to talloc_tos, the upper layers clean up by freeing
the stackframe. The more of these stackframes are used and correctly
freed the more exact the memory cleanup happens.

This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and
lp_talloc_ctx (did I forget any?)

So, never do a

tmp_ctx = talloc_init("foo");

anymore, instead, use

tmp_ctx = talloc_stackframe()

:-)

Volker
(This used to be commit 6585ea2cb7f417e14540495b9c7380fe9c8c717b)
2007-10-10 12:30:24 -05:00
Jeremy Allison
79a9f6dcb8 r23856: Add Jiri.Sasek@Sun.COM;s fix from Axel Apitz for ZFS ACLs.
Jeremy.
(This used to be commit 6ba12b6cb9f69297731c73071b627e8d7fbc6d73)
2007-10-10 12:28:35 -05:00
Andrew Tridgell
153cfb9c83 r23801: The FSF has moved around a lot. This fixes their Mass Ave address.
(This used to be commit 87c91e4362c51819032bfbebbb273c52e203b227)
2007-10-10 12:28:27 -05:00
Jeremy Allison
d824b98f80 r23779: Change from v2 or later to v3 or later.
Jeremy.
(This used to be commit 407e6e695b8366369b7c76af1ff76869b45347b3)
2007-10-10 12:28:20 -05:00
Jeremy Allison
a0ac7a7f4c r23620: Convert set_nt_acl to return NTSTATUS. Also fix the chown
return to correctly return NT_STATUS_INVALID_OWNER if it
should be disallowed. Matches better what W2K3R3 does.

NFSv4 ACL module owners, please examine these changes.

Jeremy.
(This used to be commit fc6899a5506b272f8cd5f5837ca13300b4e69a5f)
2007-10-10 12:23:37 -05:00
James Peach
0ae0d33a3a r23396: Make VFS callbacks static. Mark operations as OPAQUE because they
do not pass through.
(This used to be commit b9d6eee5d4d0894ded88455675a470cbf04d8f45)
2007-10-10 12:23:13 -05:00
Jeremy Allison
338d2462d4 r22872: Add vfs_zfsacl module from Jiri Sasek <Jiri.Sasek@Sun.COM>.
Jeremy.
(This used to be commit bd80db71e71fc05b8b4875c386d8d58612cdbb06)
2007-10-10 12:22:04 -05:00