[SCM] Samba Shared Repository - branch v3-2-test updated -
initial-v3-2-unstable-747-gb5f600f
Michael Adam
obnox at samba.org
Wed Dec 19 22:39:17 GMT 2007
The branch, v3-2-test has been updated
via b5f600fab53c9d159a958c59795db3ba4a8acc63 (commit)
via 15caf58c81ce6b68eefa03c8f8510c2ecb5fdeb3 (commit)
via 36e2a814ba50feefa34c76353c0f5dec1d7cfff4 (commit)
via 40a1438e17c462990e6b71b544c39f093236d5be (commit)
via 1c4f74551f48429ee3af2022101a97679e25cdea (commit)
via f6db5a0d0571130f765d8a0fb4e20e61cc8b2487 (commit)
via 04258231dc654df077638edb7cb08542e39b7547 (commit)
via d6043c1066322d2c567aedc5eae1a9d46c8fc396 (commit)
via 7afeb1c6cb1bdb58d1e61c54ae215d947d8dc3ea (commit)
via e0672a46a2e5e655da32499ca7f52a9156e9b7f0 (commit)
via 50c82cc1456736fa634fb656e63555319742f725 (commit)
via b0ae830bf57dcaec00b2a2eabfec7221a3b7f791 (commit)
via d579a7f84fd47a3f00215725cecd65b21a5ff2e0 (commit)
via bdb208124bd703edee03ac4d2a4ec45ecdfc135e (commit)
via d7e2e93758f6598a0459db3255300558618f066e (commit)
from 735f59315497113aebadcf9ad387e3dbfffa284a (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-2-test
- Log -----------------------------------------------------------------
commit b5f600fab53c9d159a958c59795db3ba4a8acc63
Author: Michael Adam <obnox at samba.org>
Date: Wed Dec 5 09:53:10 2007 +0100
Change the prototype of the vfs function get_nt_acl().
Up to now, get_nt_acl() took a files_struct pointer (fsp) and
a file name. All the underlying functions should need and now
do need (after the previous preparatory work), is a connection_struct
and a file name. The connection_struct is already there in the
vfs_handle passed to the vfs functions. So the files_struct
argument can be eliminated.
This eliminates the need of calling open_file_stat in a couple
of places to produce the fsp needed.
Michael
commit 15caf58c81ce6b68eefa03c8f8510c2ecb5fdeb3
Author: Michael Adam <obnox at samba.org>
Date: Tue Dec 4 09:45:14 2007 +0100
Prepare the afs acl module for the api change in get_nt_acl().
This makes both of afsacl_[f]get_nt_acl() more specific,
eliminating the need for afs_get_nt_acl(). Instead, split
afs_to_nt_acl.
Michael
commit 36e2a814ba50feefa34c76353c0f5dec1d7cfff4
Author: Michael Adam <obnox at samba.org>
Date: Mon Dec 3 18:31:03 2007 +0100
Prepare the aix2 acl module for the api change in get_nt_acl().
This makes both of aixjfs2_[f]get_nt_acl() more specific,
eliminating the need for aixjfs2_get_nt_acl_common().
Michael
commit 40a1438e17c462990e6b71b544c39f093236d5be
Author: Michael Adam <obnox at samba.org>
Date: Mon Dec 3 18:24:56 2007 +0100
Change aixjfs2_get_nfs4_acl() to take file name instead of fsp.
In preparation of the api change in api change in get_nt_acl().
Michael
commit 1c4f74551f48429ee3af2022101a97679e25cdea
Author: Michael Adam <obnox at samba.org>
Date: Tue Dec 4 08:25:21 2007 +0100
Fix two debug statements: Add missing printf parameter.
Michael
commit f6db5a0d0571130f765d8a0fb4e20e61cc8b2487
Author: Michael Adam <obnox at samba.org>
Date: Tue Dec 4 08:19:40 2007 +0100
Reformatting: wrap long lines and remove trailing spaces.
Michael
commit 04258231dc654df077638edb7cb08542e39b7547
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 16 18:33:39 2007 +0100
Prepare the zfs acl module for the api change in get_nt_acl().
Michael
commit d6043c1066322d2c567aedc5eae1a9d46c8fc396
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 16 18:33:39 2007 +0100
Prepare the gpfs acl module for the api change in get_nt_acl().
This moves functionality from gpfsacl_get_nt_acl_common()
back to gpfsacl_get_nt_acl() and gpfsacl_fget_nt_acl(),
making both these functions more specific (calling the
corresponding fsp- and non-fsp functions).
gpfsacl_get_nt_acl_common(). is removed.
Michael
commit 7afeb1c6cb1bdb58d1e61c54ae215d947d8dc3ea
Author: Michael Adam <obnox at samba.org>
Date: Thu Nov 15 00:46:20 2007 +0100
Split smb_get_nt_acl_nfs4 into two (f- and non-f-variant).
This is the next step in preparation of a get_nt_acl prototype change.
Michael
commit e0672a46a2e5e655da32499ca7f52a9156e9b7f0
Author: Michael Adam <obnox at samba.org>
Date: Fri Nov 9 01:01:55 2007 +0100
Split smbacl4_GetFileOwner into two (f- and non-f-variant).
This is in preparation of a get_nt_acl prototype change.
commit 50c82cc1456736fa634fb656e63555319742f725
Author: Michael Adam <obnox at samba.org>
Date: Tue Nov 6 08:01:31 2007 +0100
Split get_nt_acl() into two functions: fsp- and non-fsp variant.
Replace smbd/posix_acls.c:get_nt_acl() by two funcions:
posix_get_nt_acl() and posix_fget_nt_acl(). The first
takes a connection struct and a file name instead of a
files_struct pointer. This is in preparation of changing
the vfs api for SMB_VFS_GET_NT_ACL.
Michael
commit b0ae830bf57dcaec00b2a2eabfec7221a3b7f791
Author: Michael Adam <obnox at samba.org>
Date: Tue Nov 6 06:20:51 2007 +0100
Remove the "is_directory" parameter from canonicalise_acl():
It can be retrieved from the stat buffer.
Michael
commit d579a7f84fd47a3f00215725cecd65b21a5ff2e0
Author: Michael Adam <obnox at samba.org>
Date: Sun Oct 28 01:38:59 2007 +0200
Change canonicalise_acl() to not take an fsp.
Convert canonicalise_acl() to take connection_struct, is_directory
and file name instead of files_struct pointer.
Michael
commit bdb208124bd703edee03ac4d2a4ec45ecdfc135e
Author: Michael Adam <obnox at samba.org>
Date: Sun Oct 28 01:24:41 2007 +0200
Change ensure_canon_entry_valid() to not take and fsp.
Convert ensure_canon_entry_valid() to take share_params and an is_directory
flag instead of an files_struct pointer.
Michael
commit d7e2e93758f6598a0459db3255300558618f066e
Author: Michael Adam <obnox at samba.org>
Date: Sun Oct 28 01:14:51 2007 +0200
Change apply_default_perms() to not take an fsp.
This is a first change in a series: Pass what is needed instead of files_struct
pointers to some functions. This is in preparation of introducing two variants
of get_nt_acl - one for fname (which does not need an fsp), one for file
descriptor.
This changes apply_default_perms to take share_params (rather thatn snum)
and an is_directory flag instead of an fsp.
Michael
-----------------------------------------------------------------------
Summary of changes:
source/include/vfs.h | 4 +-
source/include/vfs_macros.h | 6 +-
source/modules/nfs4_acls.c | 90 +++++++++----
source/modules/nfs4_acls.h | 7 +-
source/modules/vfs_afsacl.c | 121 +++++++++++------
source/modules/vfs_aixacl2.c | 46 ++++---
source/modules/vfs_catia.c | 3 +-
source/modules/vfs_default.c | 6 +-
source/modules/vfs_full_audit.c | 3 +-
source/modules/vfs_gpfs.c | 39 ++++--
source/modules/vfs_zfsacl.c | 48 +++++--
source/rpc_server/srv_srvsvc_nt.c | 26 +----
source/smbd/file_access.c | 67 +---------
source/smbd/nttrans.c | 2 +-
source/smbd/posix_acls.c | 266 +++++++++++++++++++++++++------------
15 files changed, 432 insertions(+), 302 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/vfs.h b/source/include/vfs.h
index b45320d..e1669a2 100644
--- a/source/include/vfs.h
+++ b/source/include/vfs.h
@@ -75,6 +75,9 @@
/* Leave at 22 - not yet released. Change all BOOL parameters (int) to bool. jra. */
/* Leave at 22 - not yet released. Added recvfile. */
/* Leave at 22 - not yet released. Change get_nt_acl to return NTSTATUS - vl */
+/* Leave at 22 - not yet released. Change get_nt_acl to *not* take a
+ * files_struct. - obnox.*/
+
#define SMB_VFS_INTERFACE_VERSION 22
@@ -311,7 +314,6 @@ struct vfs_ops {
uint32 security_info,
struct security_descriptor **ppdesc);
NTSTATUS (*get_nt_acl)(struct vfs_handle_struct *handle,
- struct files_struct *fsp,
const char *name,
uint32 security_info,
struct security_descriptor **ppdesc);
diff --git a/source/include/vfs_macros.h b/source/include/vfs_macros.h
index cc7780f..c31d6cf 100644
--- a/source/include/vfs_macros.h
+++ b/source/include/vfs_macros.h
@@ -85,7 +85,7 @@
/* NT ACL operations. */
#define SMB_VFS_FGET_NT_ACL(fsp, fd, security_info, ppdesc) ((fsp)->conn->vfs.ops.fget_nt_acl((fsp)->conn->vfs.handles.fget_nt_acl, (fsp), (fd), (security_info), (ppdesc)))
-#define SMB_VFS_GET_NT_ACL(fsp, name, security_info, ppdesc) ((fsp)->conn->vfs.ops.get_nt_acl((fsp)->conn->vfs.handles.get_nt_acl, (fsp), (name), (security_info), (ppdesc)))
+#define SMB_VFS_GET_NT_ACL(conn, name, security_info, ppdesc) ((conn)->vfs.ops.get_nt_acl((conn)->vfs.handles.get_nt_acl, (name), (security_info), (ppdesc)))
#define SMB_VFS_FSET_NT_ACL(fsp, fd, security_info_sent, psd) ((fsp)->conn->vfs.ops.fset_nt_acl((fsp)->conn->vfs.handles.fset_nt_acl, (fsp), (fd), (security_info_sent), (psd)))
#define SMB_VFS_SET_NT_ACL(fsp, name, security_info_sent, psd) ((fsp)->conn->vfs.ops.set_nt_acl((fsp)->conn->vfs.handles.set_nt_acl, (fsp), (name), (security_info_sent), (psd)))
@@ -204,7 +204,7 @@
/* NT ACL operations. */
#define SMB_VFS_OPAQUE_FGET_NT_ACL(fsp, fd, security_info, ppdesc) ((fsp)->conn->vfs_opaque.ops.fget_nt_acl((fsp)->conn->vfs_opaque.handles.fget_nt_acl, (fsp), (fd), (security_info), (ppdesc)))
-#define SMB_VFS_OPAQUE_GET_NT_ACL(fsp, name, security_info, ppdesc) ((fsp)->conn->vfs_opaque.ops.get_nt_acl((fsp)->conn->vfs_opaque.handles.get_nt_acl, (fsp), (name), (security_info), (ppdesc)))
+#define SMB_VFS_OPAQUE_GET_NT_ACL(conn, name, security_info, ppdesc) ((conn)->vfs_opaque.ops.get_nt_acl((conn)->vfs_opaque.handles.get_nt_acl, (name), (security_info), (ppdesc)))
#define SMB_VFS_OPAQUE_FSET_NT_ACL(fsp, fd, security_info_sent, psd) ((fsp)->conn->vfs_opaque.ops.fset_nt_acl((fsp)->conn->vfs_opaque.handles.fset_nt_acl, (fsp), (fd), (security_info_sent), (psd)))
#define SMB_VFS_OPAQUE_SET_NT_ACL(fsp, name, security_info_sent, psd) ((fsp)->conn->vfs_opaque.ops.set_nt_acl((fsp)->conn->vfs_opaque.handles.set_nt_acl, (fsp), (name), (security_info_sent), (psd)))
@@ -324,7 +324,7 @@
/* NT ACL operations. */
#define SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info, ppdesc) ((handle)->vfs_next.ops.fget_nt_acl((handle)->vfs_next.handles.fget_nt_acl, (fsp), (fd), (security_info), (ppdesc)))
-#define SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info, ppdesc) ((handle)->vfs_next.ops.get_nt_acl((handle)->vfs_next.handles.get_nt_acl, (fsp), (name), (security_info), (ppdesc)))
+#define SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc) ((handle)->vfs_next.ops.get_nt_acl((handle)->vfs_next.handles.get_nt_acl, (name), (security_info), (ppdesc)))
#define SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, fd, security_info_sent, psd) ((handle)->vfs_next.ops.fset_nt_acl((handle)->vfs_next.handles.fset_nt_acl, (fsp), (fd), (security_info_sent), (psd)))
#define SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent, psd) ((handle)->vfs_next.ops.set_nt_acl((handle)->vfs_next.handles.set_nt_acl, (fsp), (name), (security_info_sent), (psd)))
diff --git a/source/modules/nfs4_acls.c b/source/modules/nfs4_acls.c
index edcc522..70bb6a0 100644
--- a/source/modules/nfs4_acls.c
+++ b/source/modules/nfs4_acls.c
@@ -161,24 +161,35 @@ uint32 smb_get_naces(SMB4ACL_T *acl)
return aclint->naces;
}
-static int smbacl4_GetFileOwner(files_struct *fsp, SMB_STRUCT_STAT *psbuf)
+static int smbacl4_GetFileOwner(struct connection_struct *conn,
+ const char *filename,
+ SMB_STRUCT_STAT *psbuf)
{
memset(psbuf, 0, sizeof(SMB_STRUCT_STAT));
+
+ /* Get the stat struct for the owner info. */
+ if (SMB_VFS_STAT(conn, filename, psbuf) != 0)
+ {
+ DEBUG(8, ("SMB_VFS_STAT failed with error %s\n",
+ strerror(errno)));
+ return -1;
+ }
+
+ return 0;
+}
+
+static int smbacl4_fGetFileOwner(files_struct *fsp, SMB_STRUCT_STAT *psbuf)
+{
+ memset(psbuf, 0, sizeof(SMB_STRUCT_STAT));
+
if (fsp->is_directory || fsp->fh->fd == -1) {
- /* Get the stat struct for the owner info. */
- if (SMB_VFS_STAT(fsp->conn,fsp->fsp_name, psbuf) != 0)
- {
- DEBUG(8, ("SMB_VFS_STAT failed with error %s\n",
- strerror(errno)));
- return -1;
- }
- } else {
- if (SMB_VFS_FSTAT(fsp,fsp->fh->fd, psbuf) != 0)
- {
- DEBUG(8, ("SMB_VFS_FSTAT failed with error %s\n",
- strerror(errno)));
- return -1;
- }
+ return smbacl4_GetFileOwner(fsp->conn, fsp->fsp_name, psbuf);
+ }
+ if (SMB_VFS_FSTAT(fsp,fsp->fh->fd, psbuf) != 0)
+ {
+ DEBUG(8, ("SMB_VFS_FSTAT failed with error %s\n",
+ strerror(errno)));
+ return -1;
}
return 0;
@@ -257,30 +268,24 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */
return True;
}
-NTSTATUS smb_get_nt_acl_nfs4(files_struct *fsp,
+static NTSTATUS smb_get_nt_acl_nfs4_common(const SMB_STRUCT_STAT *sbuf,
uint32 security_info,
SEC_DESC **ppdesc, SMB4ACL_T *acl)
{
int good_aces = 0;
- SMB_STRUCT_STAT sbuf;
DOM_SID sid_owner, sid_group;
size_t sd_size = 0;
SEC_ACE *nt_ace_list = NULL;
SEC_ACL *psa = NULL;
TALLOC_CTX *mem_ctx = talloc_tos();
- DEBUG(10, ("smb_get_nt_acl_nfs4 invoked for %s\n", fsp->fsp_name));
-
if (acl==NULL || smb_get_naces(acl)==0)
return NT_STATUS_ACCESS_DENIED; /* special because we
* shouldn't alloc 0 for
* win */
- if (smbacl4_GetFileOwner(fsp, &sbuf))
- return map_nt_error_from_unix(errno);
-
- uid_to_sid(&sid_owner, sbuf.st_uid);
- gid_to_sid(&sid_group, sbuf.st_gid);
+ uid_to_sid(&sid_owner, sbuf->st_uid);
+ gid_to_sid(&sid_group, sbuf->st_gid);
if (smbacl4_nfs42win(mem_ctx, acl, &sid_owner, &sid_group, &nt_ace_list, &good_aces)==False) {
DEBUG(8,("smbacl4_nfs42win failed\n"));
@@ -303,12 +308,43 @@ NTSTATUS smb_get_nt_acl_nfs4(files_struct *fsp,
return NT_STATUS_NO_MEMORY;
}
- DEBUG(10, ("smb_get_nt_acl_nfs4 successfully exited with sd_size %d\n",
+ DEBUG(10, ("smb_get_nt_acl_nfs4_common successfully exited with sd_size %d\n",
sec_desc_size(*ppdesc)));
return NT_STATUS_OK;
}
+NTSTATUS smb_fget_nt_acl_nfs4(files_struct *fsp,
+ uint32 security_info,
+ SEC_DESC **ppdesc, SMB4ACL_T *acl)
+{
+ SMB_STRUCT_STAT sbuf;
+
+ DEBUG(10, ("smb_fget_nt_acl_nfs4 invoked for %s\n", fsp->fsp_name));
+
+ if (smbacl4_fGetFileOwner(fsp, &sbuf)) {
+ return map_nt_error_from_unix(errno);
+ }
+
+ return smb_get_nt_acl_nfs4_common(&sbuf, security_info, ppdesc, acl);
+}
+
+NTSTATUS smb_get_nt_acl_nfs4(struct connection_struct *conn,
+ const char *name,
+ uint32 security_info,
+ SEC_DESC **ppdesc, SMB4ACL_T *acl)
+{
+ SMB_STRUCT_STAT sbuf;
+
+ DEBUG(10, ("smb_get_nt_acl_nfs4 invoked for %s\n", name));
+
+ if (smbacl4_GetFileOwner(conn, name, &sbuf)) {
+ return map_nt_error_from_unix(errno);
+ }
+
+ return smb_get_nt_acl_nfs4_common(&sbuf, security_info, ppdesc, acl);
+}
+
enum smbacl4_mode_enum {e_simple=0, e_special=1};
enum smbacl4_acedup_enum {e_dontcare=0, e_reject=1, e_ignore=2, e_merge=3};
@@ -588,7 +624,7 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME, fsp, ¶ms))
return NT_STATUS_NO_MEMORY;
- if (smbacl4_GetFileOwner(fsp, &sbuf))
+ if (smbacl4_fGetFileOwner(fsp, &sbuf))
return map_nt_error_from_unix(errno);
if (params.do_chown) {
@@ -610,7 +646,7 @@ NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
}
DEBUG(10,("chown %s, %u, %u succeeded.\n",
fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID));
- if (smbacl4_GetFileOwner(fsp, &sbuf))
+ if (smbacl4_fGetFileOwner(fsp, &sbuf))
return map_nt_error_from_unix(errno);
}
}
diff --git a/source/modules/nfs4_acls.h b/source/modules/nfs4_acls.h
index ceb66ec..0f783aa 100644
--- a/source/modules/nfs4_acls.h
+++ b/source/modules/nfs4_acls.h
@@ -129,7 +129,12 @@ SMB4ACE_T *smb_next_ace4(SMB4ACE_T *ace);
uint32 smb_get_naces(SMB4ACL_T *acl);
-NTSTATUS smb_get_nt_acl_nfs4(files_struct *fsp,
+NTSTATUS smb_fget_nt_acl_nfs4(files_struct *fsp,
+ uint32 security_info,
+ SEC_DESC **ppdesc, SMB4ACL_T *acl);
+
+NTSTATUS smb_get_nt_acl_nfs4(connection_struct *conn,
+ const char *name,
uint32 security_info,
SEC_DESC **ppdesc, SMB4ACL_T *acl);
diff --git a/source/modules/vfs_afsacl.c b/source/modules/vfs_afsacl.c
index a923ce1..a14a117 100644
--- a/source/modules/vfs_afsacl.c
+++ b/source/modules/vfs_afsacl.c
@@ -585,15 +585,14 @@ static uint32 nt_to_afs_file_rights(const char *filename, const SEC_ACE *ace)
return result;
}
-static size_t afs_to_nt_acl(struct afs_acl *afs_acl,
- struct files_struct *fsp,
- uint32 security_info,
- struct security_descriptor **ppdesc)
+static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
+ SMB_STRUCT_STAT *psbuf,
+ uint32 security_info,
+ struct security_descriptor **ppdesc)
{
SEC_ACE *nt_ace_list;
DOM_SID owner_sid, group_sid;
SEC_ACCESS mask;
- SMB_STRUCT_STAT sbuf;
SEC_ACL *psa = NULL;
int good_aces;
size_t sd_size;
@@ -601,19 +600,8 @@ static size_t afs_to_nt_acl(struct afs_acl *afs_acl,
struct afs_ace *afs_ace;
- if (fsp->is_directory || fsp->fh->fd == -1) {
- /* Get the stat struct for the owner info. */
- if(SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf) != 0) {
- return 0;
- }
- } else {
- if(SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) != 0) {
- return 0;
- }
- }
-
- uid_to_sid(&owner_sid, sbuf.st_uid);
- gid_to_sid(&group_sid, sbuf.st_gid);
+ uid_to_sid(&owner_sid, psbuf->st_uid);
+ gid_to_sid(&group_sid, psbuf->st_gid);
if (afs_acl->num_aces) {
nt_ace_list = TALLOC_ARRAY(mem_ctx, SEC_ACE, afs_acl->num_aces);
@@ -639,7 +627,7 @@ static size_t afs_to_nt_acl(struct afs_acl *afs_acl,
continue;
}
- if (fsp->is_directory)
+ if (S_ISDIR(psbuf->st_mode))
afs_to_nt_dir_rights(afs_ace->rights, &nt_rights,
&flag);
else
@@ -656,7 +644,6 @@ static size_t afs_to_nt_acl(struct afs_acl *afs_acl,
if (psa == NULL)
return 0;
-
*ppdesc = make_sec_desc(mem_ctx, SEC_DESC_REVISION,
SEC_DESC_SELF_RELATIVE,
(security_info & OWNER_SECURITY_INFORMATION)
@@ -668,6 +655,42 @@ static size_t afs_to_nt_acl(struct afs_acl *afs_acl,
return sd_size;
}
+static size_t afs_to_nt_acl(struct afs_acl *afs_acl,
+ struct connection_struct *conn,
+ const char *name,
+ uint32 security_info,
+ struct security_descriptor **ppdesc)
+{
+ SMB_STRUCT_STAT sbuf;
+
+ /* Get the stat struct for the owner info. */
+ if(SMB_VFS_STAT(conn, name, &sbuf) != 0) {
+ return 0;
+ }
+
+ return afs_to_nt_acl_common(afs_acl, &sbuf, security_info, ppdesc);
+}
+
+static size_t afs_fto_nt_acl(struct afs_acl *afs_acl,
+ struct files_struct *fsp,
+ uint32 security_info,
+ struct security_descriptor **ppdesc)
+{
+ SMB_STRUCT_STAT sbuf;
+
+ if (fsp->is_directory || fsp->fh->fd == -1) {
+ /* Get the stat struct for the owner info. */
+ return afs_to_nt_acl(afs_acl, fsp->conn, fsp->fsp_name,
+ security_info, ppdesc);
+ }
+
+ if(SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) != 0) {
+ return 0;
+ }
+
+ return afs_to_nt_acl_common(afs_acl, &sbuf, security_info, ppdesc);
+}
+
static bool mappable_sid(const DOM_SID *sid)
{
DOM_SID domain_sid;
@@ -830,27 +853,6 @@ static bool afs_get_afs_acl(char *filename, struct afs_acl *acl)
return True;
}
-static NTSTATUS afs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
- struct security_descriptor **ppdesc)
-{
- struct afs_acl acl;
- size_t sd_size;
-
- DEBUG(5, ("afs_get_nt_acl: %s\n", fsp->fsp_name));
-
- sidpts = lp_parm_bool(SNUM(fsp->conn), "afsacl", "sidpts", False);
-
- if (!afs_get_afs_acl(fsp->fsp_name, &acl)) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
- sd_size = afs_to_nt_acl(&acl, fsp, security_info, ppdesc);
-
- free_afs_acl(&acl);
-
- return (sd_size != 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
-}
-
/* For setting an AFS ACL we have to take care of the ACEs we could
* not properly map to SIDs. Merge all of them into the new ACL. */
@@ -994,14 +996,45 @@ static NTSTATUS afsacl_fget_nt_acl(struct vfs_handle_struct *handle,
int fd, uint32 security_info,
struct security_descriptor **ppdesc)
{
- return afs_get_nt_acl(fsp, security_info, ppdesc);
+ struct afs_acl acl;
+ size_t sd_size;
+
+ DEBUG(5, ("afsacl_fget_nt_acl: %s\n", fsp->fsp_name));
+
+ sidpts = lp_parm_bool(SNUM(fsp->conn), "afsacl", "sidpts", False);
+
+ if (!afs_get_afs_acl(fsp->fsp_name, &acl)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ sd_size = afs_fto_nt_acl(&acl, fsp, security_info, ppdesc);
+
+ free_afs_acl(&acl);
+
+ return (sd_size != 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
}
+
static NTSTATUS afsacl_get_nt_acl(struct vfs_handle_struct *handle,
- struct files_struct *fsp,
const char *name, uint32 security_info,
struct security_descriptor **ppdesc)
{
- return afs_get_nt_acl(fsp, security_info, ppdesc);
+ struct afs_acl acl;
+ size_t sd_size;
+
+ DEBUG(5, ("afsacl_get_nt_acl: %s\n", name));
+
+ sidpts = lp_parm_bool(SNUM(handle->conn), "afsacl", "sidpts", False);
+
+ if (!afs_get_afs_acl(name, &acl)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ sd_size = afs_to_nt_acl(&acl, handle->conn, name, security_info,
+ ppdesc);
+
+ free_afs_acl(&acl);
+
+ return (sd_size != 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
}
NTSTATUS afsacl_fset_nt_acl(vfs_handle_struct *handle,
diff --git a/source/modules/vfs_aixacl2.c b/source/modules/vfs_aixacl2.c
index 756977d..d28efa5 100644
--- a/source/modules/vfs_aixacl2.c
+++ b/source/modules/vfs_aixacl2.c
@@ -98,7 +98,7 @@ static AIXJFS2_ACL_T *aixjfs2_getacl_alloc(const char *fname, acl_type_t *type)
return acl;
}
-static bool aixjfs2_get_nfs4_acl(files_struct *fsp,
+static bool aixjfs2_get_nfs4_acl(const char *name,
SMB4ACL_T **ppacl, bool *pretryPosix)
{
int32_t i;
@@ -108,15 +108,15 @@ static bool aixjfs2_get_nfs4_acl(files_struct *fsp,
nfs4_ace_int_t *jfs2_ace = NULL;
acl_type_t type;
- DEBUG(10,("jfs2 get_nt_acl invoked for %s\n", fsp->fsp_name));
+ DEBUG(10,("jfs2 get_nt_acl invoked for %s\n", name));
memset(&type, 0, sizeof(acl_type_t));
type.u64 = ACL_NFS4;
- pacl = aixjfs2_getacl_alloc(fsp->fsp_name, &type);
+ pacl = aixjfs2_getacl_alloc(name, &type);
if (pacl == NULL) {
DEBUG(9, ("aixjfs2_getacl_alloc failed for %s with %s\n",
- fsp->fsp_name, strerror(errno)));
+ name, strerror(errno)));
if (errno==ENOSYS)
*pretryPosix = True;
return False;
@@ -158,38 +158,48 @@ static bool aixjfs2_get_nfs4_acl(files_struct *fsp,
return True;
}
-static NTSTATUS aixjfs2_get_nt_acl_common(files_struct *fsp,
- uint32 security_info, SEC_DESC **ppdesc)
+static NTSTATUS aixjfs2_fget_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp, int fd, uint32 security_info,
+ SEC_DESC **ppdesc)
{
SMB4ACL_T *pacl = NULL;
bool result;
bool retryPosix = False;
*ppdesc = NULL;
- result = aixjfs2_get_nfs4_acl(fsp, &pacl, &retryPosix);
+ result = aixjfs2_get_nfs4_acl(fsp->fsp_name, &pacl, &retryPosix);
if (retryPosix)
{
DEBUG(10, ("retrying with posix acl...\n"));
- return get_nt_acl(fsp, security_info, ppdesc);
+ return posix_fget_nt_acl(fsp, security_info, ppdesc);
}
if (result==False)
return NT_STATUS_ACCESS_DENIED;
- return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
-}
-
-NTSTATUS aixjfs2_fget_nt_acl(vfs_handle_struct *handle,
- files_struct *fsp, int fd, uint32 security_info,
- SEC_DESC **ppdesc)
-{
- return aixjfs2_get_nt_acl_common(fsp, security_info, ppdesc);
+ return smb_fget_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
}
-NTSTATUS aixjfs2_get_nt_acl(vfs_handle_struct *handle,
+static NTSTATUS aixjfs2_get_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, const char *name,
uint32 security_info, SEC_DESC **ppdesc)
{
- return aixjfs2_get_nt_acl_common(fsp, security_info, ppdesc);
+ SMB4ACL_T *pacl = NULL;
+ bool result;
+ bool retryPosix = False;
+
+ *ppdesc = NULL;
+ result = aixjfs2_get_nfs4_acl(name, &pacl, &retryPosix);
+ if (retryPosix)
+ {
+ DEBUG(10, ("retrying with posix acl...\n"));
+ return posix_get_nt_acl(handle->conn, name security_info,
+ ppdesc);
+ }
+ if (result==False)
+ return NT_STATUS_ACCESS_DENIED;
+
+ return smb_get_nt_acl_nfs4(handle->conn, name, security_info, ppdesc,
+ pacl);
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list