summaryrefslogtreecommitdiff
path: root/source3/modules/nfs4_acls.c
Commit message (Collapse)AuthorAgeFilesLines
* nfs4acls: Slightly simplify smb_add_ace4Volker Lendecke2017-10-221-2/+1
| | | | | | | | The comment was a bit confusing to me, it took a few seconds too many to figure out *why* setting NULL is not required. Remove it :-) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nfs4acls: Fix a debug messageVolker Lendecke2017-10-221-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3/vfs: move ACE4_ADD_FILE/ACE4_DELETE_CHILD mapping from NFSv4 framework to ↵Ralph Boehme2017-09-091-4/+0
| | | | | | | | | | | | | | | | | | | | vfs_zfsacl This was added in e6a5f11865a55e9644292ae92e4a4b5ec0662ccd to adopt the NFSv4 framework to follow ZFS permission rules. But this is the wrong place, other filesystems like GPFS do not allow deletion when the user has SEC_DIR_ADD_FILE. This patch therefor moves the change from the NFS4 framework into the ZFS module. Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Sep 9 04:59:51 CEST 2017 on sn-devel-144
* vfs/nfs4_acls: move special handling of SMB_ACE4_SYNCHRONIZE to vfs_zfsaclRalph Boehme2017-09-091-7/+0
| | | | | | | | | | | | | | | | | Commit 99a74ff5e6a9f87ad7a650cb44e0f925f834b3a1 added special handling of SMB_ACE4_SYNCHRONIZE, always setting it in the access_mask when fabricating an ACL. While at the same time removing it from the access_mask when setting an ACL, but this is done direclty in vfs_zfsacl, not it the common code. Forcing SMB_ACE4_SYNCHRONIZE to be always set is only needed on ZFS, the other VFS modules using the common NFSv4 infrastructure should not be made victims of the special ZFS behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7909 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3/vfs/nfs4_acls: avoid a statRalph Boehme2016-09-271-6/+22
| | | | | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Sep 27 04:03:03 CEST 2016 on sn-devel-144
* nfs4acl: Fix owner mapping with ID_TYPE_BOTHChristof Schmitt2016-09-151-1/+8
| | | | | | | | | | | | | | | | This fixes a corner case when using NFS4 ACLs with ID_TYPE_BOTH. Before this patch, the owner entry in the ACL would be mapped to a gid entry in the NFSv4 ACL, and not the expected special owner entry. This is caused by the id mapping returning a valid gid and the nfs4 mapping assumed that this was actually a group. Fix this by asking for the uid first, and explicitly checking if the mapped uid matches the owner. That creates a uid entry in the NFSv4 ACL that can be changed later in smbacl4_substitute_{simple,special} to the expected special owner entry. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* nfs4acls: Allow nfs4 acl params to be set by callersVolker Lendecke2016-08-121-14/+23
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nfs4acls: Make smbacl4_vfs_params publicVolker Lendecke2016-08-121-14/+2
| | | | | | | | | | | vfs_gpfs & others will be able to embed this structure in their special config. We could have gone with an anonymous struct and a talloc'ed object, but for my taste this is specialized and hidden enough that it's not worth the indirection. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nfs4acls: Add "smbacl4_vfs_params" parameter to smb_set_nt_acl_nfs4Volker Lendecke2016-08-121-0/+1
| | | | | | | | Pure placeholder right now, this will allow vfs modules to load the params in advance Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nfs4acls: Add "smbacl4_vfs_params" parameter to smb_get_nt_acl_nfs4Volker Lendecke2016-08-121-0/+1
| | | | | | | | Pure placeholder right now, this will allow vfs modules to load the params in advance Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nfs4acls: Add "smbacl4_vfs_params" parameter to smb_fget_nt_acl_nfs4Volker Lendecke2016-08-121-0/+1
| | | | | | | | | | Pure placeholder right now, this will allow vfs modules to load the params in advance. nfs4 acl parameters should not change while a tcon is live, and lp_parm_get_* show up in profiles. Loading the parameters once at tcon time will remove this. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nfs4acls: Add some constVolker Lendecke2016-08-121-4/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nfs4acls: Remove a typedefVolker Lendecke2016-08-121-10/+10
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Modify vfs_stat_smb_basename() to take a const struct smb_filename ↵Jeremy Allison2016-03-241-1/+1
| | | | | | | * instead of const char *. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* s3:vfs: Change smbacl4_GetFileOwner() to take const struct smb_filename * ↵Jeremy Allison2016-03-141-5/+5
| | | | | | | | | from const char *. Preparing to remove vfs_stat_smb_basename() call. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <rb@sernet.de>
* s3:smbd:vfs: Change smb_get_nt_acl_nfs4() to take a const struct smb_filename *.Jeremy Allison2016-03-141-3/+4
| | | | | | | | Push the struct further down closer to places that use lp_posix_pathname() functions. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <rb@sernet.de>
* nfs4acls: Remove type_name param from smbacl4_get_vfs_paramsVolker Lendecke2015-08-131-10/+10
| | | | | | | | | | | It is kindof unexpected that we get params for something else but "nfs4:" Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Aug 13 17:45:31 CEST 2015 on sn-devel-104
* nfs4acls: Fix a small memleakVolker Lendecke2015-08-131-1/+1
| | | | | | | | We don't need the nt_ace_list beyond this function, make_sec_acl makes a copy and make_sec_desc makes another one Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Introduce a helper variableVolker Lendecke2015-08-131-3/+5
| | | | | | | ... triggered by removing a "==false" condition Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Remove a few unnecessary castsVolker Lendecke2015-08-131-15/+8
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use talloc_realloc()Volker Lendecke2015-08-131-3/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use talloc_zero_array()Volker Lendecke2015-08-131-2/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use talloc_zero()Volker Lendecke2015-08-131-2/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use talloc_zero()Volker Lendecke2015-08-131-2/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Remove get_validated_aceintVolker Lendecke2015-08-131-31/+8
| | | | | | | | With the anonymous struct SMB4ACE_T we can rely on the compiler to warn us Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Remove get_validated_aclintVolker Lendecke2015-08-131-69/+39
| | | | | | | | With the anonymous struct SMB4ACL_T we can rely on the compiler to warn us Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Remove the SMB_ACE4_INT_T typedefVolker Lendecke2015-08-131-22/+22
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Remove the SMB_ACL4_INT_T typedefVolker Lendecke2015-08-131-16/+16
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use SMB4ACE_T instead of _SMB_ACE4_INT_TVolker Lendecke2015-08-131-1/+1
| | | | | | | | We can make the _INT_ structure now be the representation of the published anonymous struct Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use SMB4ACL_T instead of _SMB_ACL4_INT_TVolker Lendecke2015-08-131-1/+1
| | | | | | | | We can make the _INT_ structure now be the representation of the published anonymous struct Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use an anon struct for SMB4ACE_TVolker Lendecke2015-08-131-8/+8
| | | | | | | | | | -typedef struct _SMB4ACE_T {char dontuse;} SMB4ACE_T; +struct SMB4ACE_T; Same as for ACL_T Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use an anon struct for SMB4ACL_TVolker Lendecke2015-08-131-21/+21
| | | | | | | | | | | | | The relevant change: -typedef struct _SMB4ACL_T {char dontuse;} SMB4ACL_T; +struct SMB4ACL_T; We can use anonymous structs to prevent direct use. This patch will trigger a set of simplifications in the next patches Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use ZERO_STRUCTPVolker Lendecke2015-08-131-4/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Convert all uint8/16/32 to _t in all modules.Richard Sharpe2015-05-061-9/+9
| | | | | Signed-off-by: Richard Sharpe <rsharpe@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: smbd: VFS: All the places that are currently calling ↵Jeremy Allison2015-05-051-2/+2
| | | | | | | | | | | | vfs_stat_smb_fname() and vfs_lstat_smb_fname() should be calling vfs_stat_smb_basename(). They are all post-stream name processing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=11249 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nfs4: Fix a confusing debug messageVolker Lendecke2015-02-091-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Mon Feb 9 12:25:06 CET 2015 on sn-devel-104
* s3:smbd: ignore dacls with MS NFS ACEsRalph Boehme2014-12-041-0/+3
| | | | | | | | | | Ignore NFS ACEs in code the modifies * default POSIX ACLs * VFS: NFSv4 ACLs * VFS: xattr and tdb ACLs Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* vfs: Support NFS control flags in nfs4_acls.c.Alexander Werth2014-04-051-1/+23
| | | | | | | | | | | The ACL control flags stores in particular the dacl protected bit which is responsible for the "Include inherited permissions from this object's parent" checkbox. This stores the information in the ACL struct passed to and from file system specific vfs modules. Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com> Reviewed-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* smbd: Fix CID 1035478 Negative array index readVolker Lendecke2013-11-111-6/+19
| | | | | | | lp_parm_enum can return -1. Add error checking. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* s3:modules: nfs4_acls ACLs with zero entries are fine.Alexander Werth2013-10-301-6/+6
| | | | | | | | Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com> Reviewed-by: David Disseldorp <ddiss@samba.org> Autobuild-User(master): David Disseldorp <ddiss@samba.org> Autobuild-Date(master): Wed Oct 30 20:31:42 CET 2013 on sn-devel-104
* s3:modules: Fix realloc with zero sized ACLsAlexander Werth2013-10-301-5/+7
| | | | | | | | A realloc with size zero is similar to a free. Since we return the number of acls that's not an error. Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com> Reviewed-by: David Disseldorp <ddiss@samba.org>
* s3: fix missing braces in nfs4_acls.cAbhidnya Joshi2013-08-281-1/+2
| | | | | | | | Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Simo Sorce <idra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Aug 28 20:25:56 CEST 2013 on sn-devel-104
* s3: Remove old mode special substitution.Alexander Werth2013-07-161-13/+2
| | | | | | | | | | | The mode special substitution now happens in a separate function. The substitution at this point is unnecessary. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Christian Ambach <ambi@samba.org> Autobuild-User(master): Christian Ambach <ambi@samba.org> Autobuild-Date(master): Tue Jul 16 00:52:26 CEST 2013 on sn-devel-104
* Use existing "acl map full control" parameter to control the adding of the ↵Jeremy Allison2013-06-241-2/+17
| | | | | | | | | | | | | | | | | | | | DELETE_CHILD parameter on NFSv4/ZFS/GPFS file ACE's. Windows maps an open request of GENERIC_ALL on files to 0x1FF specific bits, which includes DELETE_CHILD even though this has no meaning on file ACE's. If a returned NFSv4 ACE entry for a file has all other specific bits set except for DELETE (which comes from the containing directory) and DELETE_CHILD (which has no meaning) then optionally add it into the returned ACE entry. This is using the same parameter in the same way as it is currently used in smbd/posix_acls.c. Note that as this parameter is on by default, it is already being tested in the existing raw.acl tests. Fixes issue with Microsoft SMB2 torture test suite found at the interop event in Redmond, WA. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ira Cooper <ira@samba.org>
* smbd: Fix a ISO C90 forbids mixed declarations and code warningVolker Lendecke2013-05-181-1/+1
| | | | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Matthieu Patou <mat@matws.net> Autobuild-User(master): Matthieu Patou <mat@samba.org> Autobuild-Date(master): Sat May 18 01:40:04 CEST 2013 on sn-devel-104
* Tidy up old bool usage. False -> false, True -> true.Jeremy Allison2013-05-091-13/+13
| | | | Signed-off-by: Jeremy Allison <jra@samba.org>
* s3: Use mode bits in some cases in mode simple.Alexander Werth2013-05-091-0/+46
| | | | | | | | | | Non inheriting ACL entries will show mode bits. With this an file owner change does affect the effective ACL because the special owner acl will now refer to the new owner. This could be fixed by updating the ACL on a file owner change. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: Add changes that keep nfs4:mode special behavior.Alexander Werth2013-05-091-1/+41
| | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: Mapping of cifs creator owner to nfs owner@ ace.Alexander Werth2013-05-091-0/+24
| | | | | | | | | | This is ignored in nfs4mode special for compatibility. Also ensure that we drop non inheriting creator owner aces since these don't contribute to who can access a file. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3: Mapping of special entries to creator owner in mode simple.Alexander Werth2013-05-091-6/+60
| | | | | Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
View Lorry Controller Status