summaryrefslogtreecommitdiff
path: root/source3/modules/nfs4_acls.c
Commit message (Collapse)AuthorAgeFilesLines
* nfs4_acls: Use correct owner information for ACL after owner changeChristof Schmitt2019-08-261-14/+22
| | | | | | | | | | | | | | | | After a chown, the cached stat data is obviously no longer valid. The code in smb_set_nt_acl_nfs4 checked the file correctly, but did only use a local buffer for the stat data. So later checks of the stat buffer under the fsp->fsp_name->st would still see the old information. Fix this by removing the local stat buffer and always update the one under fsp->fsp_name->st. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 86f7af84f04b06ed96b30f936ace92aa0937be06)
* nfs4_acls: Remove duplicate entries when mapping from NFS4 ACL to DACLChristof Schmitt2019-08-261-0/+31
| | | | | | | | | | | | The previous patch added an additional entry for IDMAP_TYPE_BOTH. When mapping back to a DACL, there should be no additional entry. Add a loop that will check and remove entries that are exact duplicates. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 9c88602128592ddad537bf70cbe3c51f0b2cebe5)
* nfs4_acls: Rename smbacl4_fill_ace4 functionChristof Schmitt2019-08-261-11/+9
| | | | | | | | | | | As this function now maps the ACE and also adds it to the NFSv4 ACE, change the name to better describe its behavior. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 169812943de23cf2752289c63331d786b0b063bd)
* nfs4_acls: Add additional owner entry when mapping to NFS4 ACL with ↵Christof Schmitt2019-08-261-1/+36
| | | | | | | | | | | | | | | IDMAP_TYPE_BOTH With IDMAP_TYPE_BOTH, all entries have to be mapped to group entries. In order to have the file system reflect the owner permissions in the POSIX modebits, create a second entry for the user. This will be mapped to the "special owner" entry. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit b796119e2df38d1935064556934dd10da6f3d339)
* nfs4_acls: Remove redundant pointer variableChristof Schmitt2019-08-261-30/+26
| | | | | | | | | | | | The previous patch introduced a pointer to a local variable to reduce the amount of lines changed. Remove that pointer and adjust all usage accordingly. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit aa4644193635d846c2e08e8c1e7b512e8009c2ef)
* nfs4_acls: Remove redundant logging from smbacl4_fill_ace4Christof Schmitt2019-08-261-8/+0
| | | | | | | | | | | Logging flags in case they do not match seems unnecessary. Other log messages should show the flags as well. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 7ab0003ffc098247c3ee3962d7061f2af5a2d00e)
* nfs4_acls: Move adding of NFS4 ACE to ACL to smbacl4_fill_ace4Christof Schmitt2019-08-261-29/+39
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit abb58b17599bd3f9a06037e208dcc5033c7fdd8b)
* nfs4_acls: Move smbacl4_MergeIgnoreReject functionChristof Schmitt2019-08-261-31/+30
| | | | | | | | | | This static function will be called earlier in later patches. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 3499d97463110f042415d917160bc2743805a544)
* nfs4_acls: Remove i argument from smbacl4_MergeIgnoreRejectChristof Schmitt2019-08-261-9/+6
| | | | | | | | | | | This is only used for logging of a rejected ACL, but does not provide additional useful information. Remove it to simplify the function a bit. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 44790721e4f2c6ee6f46de7ac88123ce1a9f6e39)
* nfs4_acls: Add missing braces in smbacl4_win2nfs4Christof Schmitt2019-08-261-2/+4
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit ba73d2363d93a376ba4947963c9de45a7e683f02)
* nfs4_acls: Add helper function for checking INHERIT flags.Christof Schmitt2019-08-261-6/+9
| | | | | | | | | | | This avoids some code duplication. Do not make this static, as it will be used in a later patch. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmit <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 336e8668c1cc3682cb3c198eb6dc49baf522a79a)
* nfs4_acls: Use correct type when checking ownerGIDChristof Schmitt2019-08-261-1/+1
| | | | | | | | | | | | uid and gid are members of the same union so this makes no difference, but for type correctness and readability use the gid to check for ownerGID. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 3b3d722ce579c19c7b08d06a3adea275537545dc)
* nfs4_acls: Use switch/case for checking idmap typeChristof Schmitt2019-08-261-9/+18
| | | | | | | | BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit f198a0867e71f248d4887ab0b6f2832123b16d11)
* nfs4_acls: Use sids_to_unixids to lookup uid or gidChristof Schmitt2019-08-261-6/+14
| | | | | | | | | | | This is the newer API to lookup id mappings and will make it easier to add to the IDMAP_TYPE_BOTH case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit d9a2ff559e1ad953141b1118a9e370496f1f61fa)
* nfs4_acls: Remove fsp from smbacl4_win2nfs4Christof Schmitt2019-08-261-12/+10
| | | | | | | | | | | | Only the information whether the ACL is for a file or a directory is required. Replacing the fsp with a flag is clearer and allows for unit testing of the mapping functions. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit a06486bb110d04a90b66a0bca4b1b600ef3c0ebf)
* Revert "nfs4acl: Fix owner mapping with ID_TYPE_BOTH"Christof Schmitt2019-08-261-8/+1
| | | | | | | | | | | | | | | | This reverts commit 5d4f7bfda579cecb123cfb1d7130688f1d1c98b7. That patch broke the case with ID_TYPE_BOTH where a file is owned by a group (e.g. using autorid and having a file owned by BUILTIN\Administrators). In this case, the ACE entry for the group gets mapped a to a user ACL entry and the group no longer has access (as in the user's token the group is not mapped to a uid). BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit 42bd3a72a2525aa8a918f4bf7067b30ce8e0e197)
* vfs: Use dom_sid_str_bufVolker Lendecke2019-08-261-4/+10
| | | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> (cherry picked from commit 59f29acb2cd947d2f594a5af3d73d0cbe8298d92)
* nfs4acls: Slightly simplify smb_add_ace4Volker Lendecke2017-10-221-2/+1
| | | | | | | | The comment was a bit confusing to me, it took a few seconds too many to figure out *why* setting NULL is not required. Remove it :-) Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nfs4acls: Fix a debug messageVolker Lendecke2017-10-221-1/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3/vfs: move ACE4_ADD_FILE/ACE4_DELETE_CHILD mapping from NFSv4 framework to ↵Ralph Boehme2017-09-091-4/+0
| | | | | | | | | | | | | | | | | | | | vfs_zfsacl This was added in e6a5f11865a55e9644292ae92e4a4b5ec0662ccd to adopt the NFSv4 framework to follow ZFS permission rules. But this is the wrong place, other filesystems like GPFS do not allow deletion when the user has SEC_DIR_ADD_FILE. This patch therefor moves the change from the NFS4 framework into the ZFS module. Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Sat Sep 9 04:59:51 CEST 2017 on sn-devel-144
* vfs/nfs4_acls: move special handling of SMB_ACE4_SYNCHRONIZE to vfs_zfsaclRalph Boehme2017-09-091-7/+0
| | | | | | | | | | | | | | | | | Commit 99a74ff5e6a9f87ad7a650cb44e0f925f834b3a1 added special handling of SMB_ACE4_SYNCHRONIZE, always setting it in the access_mask when fabricating an ACL. While at the same time removing it from the access_mask when setting an ACL, but this is done direclty in vfs_zfsacl, not it the common code. Forcing SMB_ACE4_SYNCHRONIZE to be always set is only needed on ZFS, the other VFS modules using the common NFSv4 infrastructure should not be made victims of the special ZFS behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=7909 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* s3/vfs/nfs4_acls: avoid a statRalph Boehme2016-09-271-6/+22
| | | | | | | | Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Tue Sep 27 04:03:03 CEST 2016 on sn-devel-144
* nfs4acl: Fix owner mapping with ID_TYPE_BOTHChristof Schmitt2016-09-151-1/+8
| | | | | | | | | | | | | | | | This fixes a corner case when using NFS4 ACLs with ID_TYPE_BOTH. Before this patch, the owner entry in the ACL would be mapped to a gid entry in the NFSv4 ACL, and not the expected special owner entry. This is caused by the id mapping returning a valid gid and the nfs4 mapping assumed that this was actually a group. Fix this by asking for the uid first, and explicitly checking if the mapped uid matches the owner. That creates a uid entry in the NFSv4 ACL that can be changed later in smbacl4_substitute_{simple,special} to the expected special owner entry. Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
* nfs4acls: Allow nfs4 acl params to be set by callersVolker Lendecke2016-08-121-14/+23
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nfs4acls: Make smbacl4_vfs_params publicVolker Lendecke2016-08-121-14/+2
| | | | | | | | | | | vfs_gpfs & others will be able to embed this structure in their special config. We could have gone with an anonymous struct and a talloc'ed object, but for my taste this is specialized and hidden enough that it's not worth the indirection. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nfs4acls: Add "smbacl4_vfs_params" parameter to smb_set_nt_acl_nfs4Volker Lendecke2016-08-121-0/+1
| | | | | | | | Pure placeholder right now, this will allow vfs modules to load the params in advance Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nfs4acls: Add "smbacl4_vfs_params" parameter to smb_get_nt_acl_nfs4Volker Lendecke2016-08-121-0/+1
| | | | | | | | Pure placeholder right now, this will allow vfs modules to load the params in advance Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nfs4acls: Add "smbacl4_vfs_params" parameter to smb_fget_nt_acl_nfs4Volker Lendecke2016-08-121-0/+1
| | | | | | | | | | Pure placeholder right now, this will allow vfs modules to load the params in advance. nfs4 acl parameters should not change while a tcon is live, and lp_parm_get_* show up in profiles. Loading the parameters once at tcon time will remove this. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nfs4acls: Add some constVolker Lendecke2016-08-121-4/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* nfs4acls: Remove a typedefVolker Lendecke2016-08-121-10/+10
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
* s3: smbd: Modify vfs_stat_smb_basename() to take a const struct smb_filename ↵Jeremy Allison2016-03-241-1/+1
| | | | | | | * instead of const char *. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
* s3:vfs: Change smbacl4_GetFileOwner() to take const struct smb_filename * ↵Jeremy Allison2016-03-141-5/+5
| | | | | | | | | from const char *. Preparing to remove vfs_stat_smb_basename() call. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <rb@sernet.de>
* s3:smbd:vfs: Change smb_get_nt_acl_nfs4() to take a const struct smb_filename *.Jeremy Allison2016-03-141-3/+4
| | | | | | | | Push the struct further down closer to places that use lp_posix_pathname() functions. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <rb@sernet.de>
* nfs4acls: Remove type_name param from smbacl4_get_vfs_paramsVolker Lendecke2015-08-131-10/+10
| | | | | | | | | | | It is kindof unexpected that we get params for something else but "nfs4:" Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Thu Aug 13 17:45:31 CEST 2015 on sn-devel-104
* nfs4acls: Fix a small memleakVolker Lendecke2015-08-131-1/+1
| | | | | | | | We don't need the nt_ace_list beyond this function, make_sec_acl makes a copy and make_sec_desc makes another one Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Introduce a helper variableVolker Lendecke2015-08-131-3/+5
| | | | | | | ... triggered by removing a "==false" condition Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Remove a few unnecessary castsVolker Lendecke2015-08-131-15/+8
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use talloc_realloc()Volker Lendecke2015-08-131-3/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use talloc_zero_array()Volker Lendecke2015-08-131-2/+2
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use talloc_zero()Volker Lendecke2015-08-131-2/+1
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use talloc_zero()Volker Lendecke2015-08-131-2/+3
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Remove get_validated_aceintVolker Lendecke2015-08-131-31/+8
| | | | | | | | With the anonymous struct SMB4ACE_T we can rely on the compiler to warn us Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Remove get_validated_aclintVolker Lendecke2015-08-131-69/+39
| | | | | | | | With the anonymous struct SMB4ACL_T we can rely on the compiler to warn us Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Remove the SMB_ACE4_INT_T typedefVolker Lendecke2015-08-131-22/+22
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Remove the SMB_ACL4_INT_T typedefVolker Lendecke2015-08-131-16/+16
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use SMB4ACE_T instead of _SMB_ACE4_INT_TVolker Lendecke2015-08-131-1/+1
| | | | | | | | We can make the _INT_ structure now be the representation of the published anonymous struct Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use SMB4ACL_T instead of _SMB_ACL4_INT_TVolker Lendecke2015-08-131-1/+1
| | | | | | | | We can make the _INT_ structure now be the representation of the published anonymous struct Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use an anon struct for SMB4ACE_TVolker Lendecke2015-08-131-8/+8
| | | | | | | | | | -typedef struct _SMB4ACE_T {char dontuse;} SMB4ACE_T; +struct SMB4ACE_T; Same as for ACL_T Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use an anon struct for SMB4ACL_TVolker Lendecke2015-08-131-21/+21
| | | | | | | | | | | | | The relevant change: -typedef struct _SMB4ACL_T {char dontuse;} SMB4ACL_T; +struct SMB4ACL_T; We can use anonymous structs to prevent direct use. This patch will trigger a set of simplifications in the next patches Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
* nfs4acls: Use ZERO_STRUCTPVolker Lendecke2015-08-131-4/+4
| | | | | Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
View Lorry Controller Status