IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Without this the changed checks in can_delete_file_in_directory give DELETE
access where there is none. So we can end up granting the ntcreate&x preparing
the unlink where we should not, which leads to a NT_STATUS_ACCESS_DENIED at
close time later, which in turn does *not* give the access denied error message
in the Windows GUI.
can_delete_file_in_directory will grant access now by looking at the directory
permissions.
(This used to be commit 51b5364c2a)
Coverity ID 545 falsely classified this as a NULL dereferencing bug.
By putting the loop of walking the list of aces more naturely not using
additional counters, it becomes much more obvious that it is not entered
when dir_ace == NULL.
The same modifications are done for the file_ace loop.
Michael
(This used to be commit 6dab6cf064)
NT ACL into a POSIX one, if the group being set is the primary group
of the file, map it into a SMB_ACL_GROUP_OBJ, not a SMB_ACL_GROUP.
Otherwise we get an extra bogus group entry in the POSIX ACL.
Jeremy.
(This used to be commit 4d302254fd)
Up to now, get_nt_acl() took a files_struct pointer (fsp) and
a file name. All the underlying functions should need and now
do need (after the previous preparatory work), is a connection_struct
and a file name. The connection_struct is already there in the
vfs_handle passed to the vfs functions. So the files_struct
argument can be eliminated.
This eliminates the need of calling open_file_stat in a couple
of places to produce the fsp needed.
Michael
(This used to be commit b5f600fab5)
Replace smbd/posix_acls.c:get_nt_acl() by two funcions:
posix_get_nt_acl() and posix_fget_nt_acl(). The first
takes a connection struct and a file name instead of a
files_struct pointer. This is in preparation of changing
the vfs api for SMB_VFS_GET_NT_ACL.
Michael
(This used to be commit 50c82cc145)
Convert canonicalise_acl() to take connection_struct, is_directory
and file name instead of files_struct pointer.
Michael
(This used to be commit d579a7f84f)
Convert ensure_canon_entry_valid() to take share_params and an is_directory
flag instead of an files_struct pointer.
Michael
(This used to be commit bdb208124b)
This is a first change in a series: Pass what is needed instead of files_struct
pointers to some functions. This is in preparation of introducing two variants
of get_nt_acl - one for fname (which does not need an fsp), one for file
descriptor.
This changes apply_default_perms to take share_params (rather thatn snum)
and an is_directory flag instead of an fsp.
Michael
(This used to be commit d7e2e93758)
The three can_* access check functions in smbd/posix_acls.c that are used in
smbd/open.c and smbd/nttrans.c explicitly called check_posix_acl_group_access()
This lead to errors with nfsv4 acls (ZFS and GPFS).
This changes the can_* functions to get the nt_acl via VFS layer and call
se_access_check on that. It also removes check_posix_acl_group_access()
which has no more callers.
NOTE: The can_* functions should really not be in smbd/posix_acls.c but
in a separate file (I propose smbd/access.c).
Michael
(This used to be commit 6f961a23de)
bugs in various places whilst doing this (places that assumed
BOOL == int). I also need to fix the Samba4 pidl generation
(next checkin).
Jeremy.
(This used to be commit f35a266b3c)
Why? It moves these structs from the data into the text segment, so they
will never been copy-on-write copied. Not much, but as in German you say
"Kleinvieh macht auch Mist...."
(This used to be commit 0141e64ad4)
the main server code paths. We should now be able to cope with
paths up to PATH_MAX length now.
Final job will be to add the TALLOC_CTX * parameter to
unix_convert to make it explicit (for Volker).
Jeremy.
(This used to be commit 7f0db75fb0)
This adds the two functions talloc_stackframe() and talloc_tos().
* When a new talloc stackframe is allocated with talloc_stackframe(), then
* the TALLOC_CTX returned with talloc_tos() is reset to that new
* frame. Whenever that stack frame is TALLOC_FREE()'ed, then the reverse
* happens: The previous talloc_tos() is restored.
*
* This API is designed to be robust in the sense that if someone forgets to
* TALLOC_FREE() a stackframe, then the next outer one correctly cleans up and
* resets the talloc_tos().
The original motivation for this patch was to get rid of the
sid_string_static & friends buffers. Explicitly passing talloc context
everywhere clutters code too much for my taste, so an implicit
talloc_tos() is introduced here. Many of these static buffers are
replaced by a single static pointer.
The intended use would thus be that low-level functions can rather
freely push stuff to talloc_tos, the upper layers clean up by freeing
the stackframe. The more of these stackframes are used and correctly
freed the more exact the memory cleanup happens.
This patch removes the main_loop_talloc_ctx, tmp_talloc_ctx and
lp_talloc_ctx (did I forget any?)
So, never do a
tmp_ctx = talloc_init("foo");
anymore, instead, use
tmp_ctx = talloc_stackframe()
:-)
Volker
(This used to be commit 6585ea2cb7)
that contains some of the fields from the SMB header, removing the need
to access inbuf directly. This right now is used only in the open file
code & friends, and creating that header is only done when needed. This
needs more work, but it is a start.
Jeremy, I'm only checking this into 3_0, please review before I merge it
to _26.
Volker
(This used to be commit ca988f4e79)
You don't want to know what I discovered about Windows
ACLs to make this work :-(. See :
http://www.codeproject.com/win32/accessctrl2.asp
Search for "Q. How does Inheritance come into this?"
for details.
Jeremy.
(This used to be commit e1d3a80d2b)
return to correctly return NT_STATUS_INVALID_OWNER if it
should be disallowed. Matches better what W2K3R3 does.
NFSv4 ACL module owners, please examine these changes.
Jeremy.
(This used to be commit fc6899a550)
memory leak I introduced into acl code, also remove
redundent extra check for global_sid_System :
global_sid_System == S-1-5-18 which is already
included in the check for a domain of
global_sid_NT_Authority == S-1-5
Jeremy.
(This used to be commit 10649540ac)
Allow us to correctly refuse to set delete on close on a
non-empty directory. There are still some delete-on-close
wrinkles to be fixed, but I understand how to do that better
now. I'll fix this tomorrow.
Jeremy.
(This used to be commit 0296358858)
This involved passing the dirname as argument to a few routines instead of
calling parent_dirname() deep down.
Volker
(This used to be commit 7977fd7865)
code is wrong or bad or anything, just that it
needs to be discussed & reviewed on the samba-technical
list before we add a platform-specific NFSv4 mapping.
That way lies a lot of future pain :-).
Jeremy.
(This used to be commit 330899ec30)
acls code. I'm pretty sure this was safe, but become_root()
does other things to the token stack that become_root_uid_only()
does not, and as we're going into a vfs redirectred function
I decided it wasn't safe for now.
Jeremy.
(This used to be commit b3e0f45488)
calls make it :
become_root_uid_only()
operation
unbecome_root_uid_only()
saving errno across the second call. Most of our internal
change calls can be replaced with these simple calls.
Jeremy
(This used to be commit 4143aa83c0)
modularizes our interface into the special posix API used on
the system. Without this patch the specific API flavor is
determined at compile time, something which severely limits
usability on systems with more than one file system. Our
first targets are AIX with its JFS and JFS2 APIs, at a later
stage also GPFS. But it's certainly not limited to IBM
stuff, this abstraction is also necessary for anything that
copes with NFSv4 ACLs. For this we will check in handling
very soon.
Major contributions can be found in the copyright notices as
well as the checkin log of the vl-posixacls branch. The
final merge to 3_0 post-3.0.23 was done by Peter Somogyi
<psomogyi@gamax.hu>
(This used to be commit ca0c73f281)
no way to get all the cases where kernel oplocks are
on and we can't open the file and get the correct
semantics (think about the open with truncate with
an attribute only open - we'd need a vfs change to
add the truncate(fname, len) call). So always drop
the share mode lock before doing any real fd opens and
then re-acquire it afterwards. We're already dealing
with the race in the create case, and we deal with
any other races in the same way. Volker, please
examine *carefully* :-). This should fix the problems
people reported with kernel oplocks being on.
Jeremy.
(This used to be commit 8171c4c404)
think this can happen in real life but the code is
too complicated to be sure....
Jerry please merge this for 3.0.23.
Jeremy.
(This used to be commit 1e5042d4c0)
* depreacte 'acl group control' after discussion with Jeremy
and implement functionality as part of 'dos filemode'
* fix winbindd on a non-member server to expand local groups
* prevent code previously only used by smbd from blindly
turning _NO_WINBINDD back on
(This used to be commit 4ab372f4ca)
aliasing clearer. This isn't a bug but a code
clarification.
Jeremy.
line, and those below, will be ignored--
M source/smbd/posix_acls.c
(This used to be commit b8397c9f33)
by saving the UNIX token used to set a delete on close flag,
and using it when doing the delete. libsmbsharemodes.so still
needs updating to cope with this change.
Samba4 torture tests to follow.
Jeremy.
(This used to be commit 23f16cbc2e)
the name (must be abolute - start with /, must not end in /,
must have ./ and ../ removed). Of course for realpath resolved
paths this won't be the case but for others we need this name
to be canonicalized. This name is going into the sharemode db
for #3303 so needs to be in a normalized format.
Jeremy.
(This used to be commit 22e3300911)
We should only check the S_IWGRP permissions if we haven't already
seen an owning group SMB_ACL_GROUP_OBJ ace entry. If there is an
SMB_ACL_GROUP_OBJ ace entry then the group bits in st_gid are
the same as the SMB_ACL_MASK bits, not the SMB_ACL_GROUP_OBJ
bits. Thanks to Marc Cousin <mcousin@sigma.fr> for pointing
this out.
Jeremy.
(This used to be commit 7e1318e09b)
* Users with SeRestorePrivilege may chown files to anyone (be it as a
backup software or directly using the ownership-tab in the security
acl editor on xp), while
* Users with SeTakeOwnershipPrivilege only can chown to themselves.
Simo, Jeremy. I think this is correct now.
Guenther
(This used to be commit 1ef7a192ee)
tests on this as it's very late NY time (just wanted to get this work
into the tree). I'll test this over the weekend....
Jerry - in looking at the difference between the two trees there
seem to be some printing/ntprinting.c and registry changes we might
want to examine to try keep in sync.
Jeremy.
(This used to be commit c7fe18761e)
checking for write access in a directory before delete. Also
controls checking for write access before labeling a file read-only
if DOS attributes are not being stored in EA's.
Docuementation to follow.
Jeremy.
(This used to be commit dd1a5e6e49)
excel files). Ensures that any missing user ACL entry will be generated
from a union of all group permissions that contain the user.
Awaiting feedback from the reporters.
Jeremy.
(This used to be commit 874353e617)
Eric Stewart <eric@lib.usf.edu> I realised we weren't checking
against the current effective groupid (set by force group) as
well as the group list. Fix this.
Jeremy.
(This used to be commit 0c4058c073)
entry never to match - it matches but if doesn't grant access is recorded
so the "other" entry isn't subsequently checked.
Fix the algorithm.
Jeremy.
(This used to be commit e3c7d08bb6)
a "allow" entry of GROUP or GROUP_OBJ, then access is allowed. It doesn't
terminate on the first match. Added debug to show where the match occured
(or didn't).
Jeremy.
(This used to be commit 81fb337286)
to a WXPSP2 client we must do permission checking in userspace first
(this is a race condition but what can you do...). Needed for bugid #2227.
Jeremy.
(This used to be commit da23577f16)
functions so we can funnel through some well known functions. Should help greatly with
malloc checking.
HEAD patch to follow.
Jeremy.
(This used to be commit 620f2e608f)
POSIX ACL set. You need to *get* a permset_t pointer from the entry before
any of the permset code will accept it as a valid value
Jeremy.
(This used to be commit 7e78059948)
One part missing - delete file acl (to be added asap). No client
code yet, also needs testing with valgrind.
Jeremy.
(This used to be commit 6101ec2247)
descriptor for a file, if the owner sid is not known, the owner uid is set to
the current uid. Same for group sid.
This makes xcopy /o possible for files that are owned by local users/groups
(local administrators for example).
Thanks to Guenther for his persistence :-)
Volker
(This used to be commit 80e57d2790)
New protocol option "ea support" to turn them on (off by default). Conrad
at Apple may like this as it allows MacOS resource forks to be stored on
a file. Passes valgrind. Documentation to follow.
Jeremy.
(This used to be commit 8cc10a6c05)
CREATOR_OWNER/CREATOR_GROUP uid/gid entries in the SAMBA_PAI attribute.
Creator Owner and Creator group now show up as inherited correctly (I
think :-). Jim please test.
Jeremy.
(This used to be commit dbbd8dd155)
As abartlet rememberd me NT_STATUS_IS_ERR != !NT_STATUS_IS_OK
This patch will cure the problem.
Working on this one I found 16 functions where I think NT_STATUS_IS_ERR() is
used correctly, but I'm not 100% sure, coders should check the use of
NT_STATUS_IS_ERR() in samba is ok now.
Simo.
(This used to be commit c501e84d41)
if available. Adds new parameter "map acl inheritance" (docs coming soon)
off by default. Allows W2K acl inheritance dialogs to work correctly on
POSIX acls.
Jeremy.
(This used to be commit a83595e80a)
This gets us closer to W2k+ in what we return for file ACLs. Fix horribly
broken make_sec_desc() that screwed up the size when given a SD with no
owner or group (how did it get this bad... ?).
Jeremy.
(This used to be commit 183c9ed405)
moment as I don't think cumulative permission sets make sense in POSIX even
though that's the way Windows works....
Jeremy.
(This used to be commit 6ddd5b6ca7)
We really need idmap_ldap to have a good solution with ldapsam, porting
it from the prvious code is beeing made, the code is really simple to do
so I am confident it is not a problem to commit this code in.
Not committing it would have been worst.
I really would have been able to finish also the group code, maybe we can
put it into a followin release after 3.0.0 even if it may be an upgrade
problem.
The code has been tested and seem to work right, more testing is needed for
corner cases.
Currently winbind pdc (working only for users and not for groups) is
disabled as I was not able to make a complete group code replacement that
works somewhat in a week (I have a complete patch, but there are bugs)
Simo.
(This used to be commit 0e58085978)
1. Finally work with cascaded modules with private data storage per module
2. Convert VFS API to macro calls to simplify cascading
3. Add quota support to VFS layer (prepare to NT quota support)
Patch by Stefan (metze) Metzemacher, with review of Jelmer and me
Tested in past few weeks. Documentation to new VFS API for third-party developers to follow
(This used to be commit 91984ef5ca)
"changed the order of checking whether a SID is a UID or a GID in posix
acls. This is needed because sid_to_uid always claims that the sid is
a user, due ot a change I made some months back.
This change was suggested by Chere Zhou, but is really an interim
measure. Chere is looking at a longer term solution."
REMEMBER - 3.0 is the one we will SHIP !
Jeremy.
(This used to be commit a4d7496994)
-------------------------------------------------------------------------
I think there are basically two problem:
1. Windows clients do not always send ACEs for SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ,
and SMB_ACL_OTHER.
The function ensure_canon_entry_valid() is prepared for that, but tries
to "guess" values from group or other permissions, respectively, otherwise
falling back to minimum r-- for the owner. Even if the owner had full
permissions before setting ACL. This is the problem with W2k clients.
2. Function set_nt_acl() always chowns *before* attempting to set POSIX ACLs.
This is ok in a take-ownership situation, but must fail if the file is
to be given away. This is the problem with XP clients, trying to transfer
ownership of the original file to the temp file.
The problem with NT4 clients (no ACEs are transferred to the temp file, thus
are lost after moving the temp file to the original name) is a client problem.
It simply doesn't attempt to.
I have played around with that using posic_acls.c from 3.0 merged into 2.2.
As a result I can now present two patches, one for each branch. They
basically modify:
1. Interpret missing SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, or SMB_ACL_OTHER
as "preserve current value" instead of attempting to build one ourself.
The original code is still in, but only as fallback in case current values
can't be retrieved.
2. Rearrange set_nt_acl() such that chown is only done before setting
ACLs if there is either no change of owning user, or change of owning
user is towards the current user. Otherwise chown is done after setting
ACLs.
It now seems to produce reasonable results. (Well, as far as it can. If
NT4 doesn't even try to transfer ACEs, only deliberate use of named default
ACEs and/or "force group" or the crystal ball can help :)
-------------------------------------------------------------------------
Jeremy.
(This used to be commit 1d3b8c528b)
- user_ok() and user_in_group() now take a list of groups, instead of
looking for the user in the members of all groups.
- The 'server_info' returned from the authentication is now kept around
- in future we won't copy the sesion key, username etc, we will just
referece them directly.
- rhosts upgraded to use the SAM if possible, otherwise fake up based on
getpwnam().
- auth_util code to deal with groups upgraded to deal with non-winbind domain
members again.
Andrew Bartlett
(This used to be commit 74b5436c75)
This is not 100% the same as what SuSE shipped in their Samba, there is
a crash bug fix, a race condition fix, and a few logic changes I'd like to
discuss with Andreas. Added Andreas to (C) notices for posix_acls.c
Jeremy.
(This used to be commit 40eafb9dde)
Based on code donated by Olaf Frczyk <olaf@cbk.poznan.pl>. Further commit
will change to sending via vfs interface.
Jeremy.
(This used to be commit d85133e269)
This commit gets rid of all our old codepage handling and replaces it with
iconv. All internal strings in Samba are now in "unix" charset, which may
be multi-byte. See internals.doc and my posting to samba-technical for
a more complete explanation.
(This used to be commit debb471267)
smbd/posix_acls.c: Attempt to fix the "lose default acl" problem in Solaris.
Needs testing.
lib/sysacls.c: Typo fix.
Jeremy.
(This used to be commit d989f8bd3e)
return a malloced area so added sys_acl_free_qualifier() calls to all supported
ACL interfaces to code with this (only Linux needs actual free call).
Jeremy.
(This used to be commit 5870e6019b)
