[SCM] Samba Shared Repository - branch v3-3-stable updated -
release-3-3-0pre1-331-gb9c9bab
Karolin Seeger
kseeger at samba.org
Sun Sep 21 20:19:36 GMT 2008
The branch, v3-3-stable has been updated
via b9c9bab8f732d1b63a7e07086742cb00d04dbbf0 (commit)
via bccf53c1222876295f961e8004eeb8f7b96eaa28 (commit)
via bb8af8c165623c2f4dc3800122ff363a8d12cf41 (commit)
via 5a19269eeef2e1927af279be75af6e028d0af9a1 (commit)
via 90edc12197697e65cf725e97353a02d26877e36d (commit)
via 30635b698f4155fa7767044bf6b2f352d80d1c91 (commit)
via e3758f9716cb1bda7457fe306f4ef44868f4cf44 (commit)
via ee67ed7256f6c52890cbb40f6e096669c8664259 (commit)
via bad5ab8989de24f98a9ce3defb88ed074a24a34f (commit)
via 9c19fca3ea583c3b3d55c36c48649fae65833387 (commit)
via 69cd526ab0cc2cc5a3a91e7311b4f092a3aae0b7 (commit)
via 88a50dd5833a9a699ef081e2b8e70bfa5f53c9a4 (commit)
via 0ab0ed55c0ec3195e988a3fe0f49da5e67b130ca (commit)
via f4b84970b66ffc3b26bc098e748b34ee412f47f7 (commit)
via 0f3b855491ab7f876f177bea8176261511c0dd95 (commit)
from 5a9a190a5588b0cf938bc5c9659b7704d18cd4a3 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-stable
- Log -----------------------------------------------------------------
commit b9c9bab8f732d1b63a7e07086742cb00d04dbbf0
Author: Karolin Seeger <kseeger at samba.org>
Date: Sun Sep 21 13:01:52 2008 -0700
WHATSNEW: Add changes since 3.3.0pre1.
Karolin
(cherry picked from commit 9c464946c1f77a6f95da4a36fd590ec75734432d)
commit bccf53c1222876295f961e8004eeb8f7b96eaa28
Author: Simo Sorce <idra at samba.org>
Date: Fri Sep 19 13:48:12 2008 -0400
Add a comment for the bump of version
(cherry picked from commit 91935b08aa38f3022b500424546d05a747d7ceb3)
commit bb8af8c165623c2f4dc3800122ff363a8d12cf41
Author: Gerald (Jerry) Carter <jerry at samba.org>
Date: Thu Sep 18 14:49:46 2008 -0500
idmap: Increment the interface number after Volker's rewrite.
(cherry picked from commit 387deb2ece6f4374990ab34a4682c773ee85943a)
commit 5a19269eeef2e1927af279be75af6e028d0af9a1
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 17 13:45:10 2008 -0700
Correctly get+set the NT ACL on a file. Now to make us check it on open..
Jeremy.
(cherry picked from commit e60be05baff1a0d9f99cd2be8fbfd66e76893c1d)
commit 90edc12197697e65cf725e97353a02d26877e36d
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 17 12:33:40 2008 -0700
Mark module experimental, fix crash bugs.
Jeremy.
(cherry picked from commit 299fbaad957d214f47bb468f751bb500bb1956a2)
commit 30635b698f4155fa7767044bf6b2f352d80d1c91
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 17 12:20:57 2008 -0700
Ensure vfs_acl_xattr is built.
Jeremy.
(cherry picked from commit c1e9061af54b02521c601a2fe788827ae6ea0759)
commit e3758f9716cb1bda7457fe306f4ef44868f4cf44
Author: Jeremy Allison <jra at samba.org>
Date: Wed Sep 17 11:59:57 2008 -0700
Ensure all pointers are initialized. Without this we can crash when looking up a non-existant uid.
Jeremy.
(cherry picked from commit 3ebdbcae6f7a32952680a3c0687c410fe4004b01)
commit ee67ed7256f6c52890cbb40f6e096669c8664259
Author: Karolin Seeger <kseeger at samba.org>
Date: Wed Sep 17 08:48:19 2008 +0200
find_missing_manpages.pl: Adapt script to changed directory structure.
Karolin
(cherry picked from commit b6b7aa023b62ab8994d13cb91d5185204c1500b2)
commit bad5ab8989de24f98a9ce3defb88ed074a24a34f
Author: Jeremy Allison <jra at samba.org>
Date: Tue Sep 16 16:59:22 2008 -0700
Make the correct module name.
Jeremy.
(cherry picked from commit 7cd40b7e0ec77f70d79b19abb8bc9623a9efae31)
commit 9c19fca3ea583c3b3d55c36c48649fae65833387
Author: Jeremy Allison <jra at samba.org>
Date: Tue Sep 16 15:52:02 2008 -0700
First (incomplete) cut of this module. Based on Volker's original work.
Jeremy.
(cherry picked from commit b1c55f5616b16a698a751a90fb209e0549332dc7)
commit 69cd526ab0cc2cc5a3a91e7311b4f092a3aae0b7
Author: Gerald (Jerry) Carter <jerry at samba.org>
Date: Tue Sep 16 10:41:55 2008 -0700
* Allow an admin to define the "uid" attribute for a RFC2307
user object in AD to be the username alias.
For example:
$ net ads search "(uid=coffeedude)"
distinguishedName: CN=Gerald W. Carter,CN=Users,DC=pink,DC=plainjoe,DC=org
sAMAccountName: gcarter
memberOf: CN=UnixUsers,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Domain Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Enterprise Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
memberOf: CN=Schema Admins,CN=Users,DC=pink,DC=plainjoe,DC=org
uid: coffeedude
uidNumber: 10000
gidNumber: 10000
unixHomeDirectory: /home/gcarter
loginShell: /bin/bash
$ ssh coffeedude at 192.168.56.91
Password:
coffeedude at orville:~$ id
uid=10000(coffeedude) gid=10000(PINK\unixusers) groups=10000(PINK\unixusers)
$ getent passwd PINK\\gcarter
coffeedude:*:10000:10000::/home/gcarter:/bin/bash
$ getent passwd coffeedude
coffeedude:*:10000:10000::/home/gcarter:/bin/bash
$ getent group PINK\\Unixusers
PINK\unixusers:x:10000:coffeedude
(cherry picked from commit 7cdcf4dff2cb02ec16f4e78b85701cd2043be274)
commit 88a50dd5833a9a699ef081e2b8e70bfa5f53c9a4
Author: Gerald (Jerry) Carter <jerry at samba.org>
Date: Mon Sep 15 15:51:44 2008 -0500
idmap_hash: Add the idmap/nss-info provider from Likewise Open.
* Port the Likewise Open idmap/nss_info provider (renamed to
idmap_hash).
* uids & gids are generated based on a hashing algorithm that collapse
the Domain SID to a 31 bit number. The reverse mapping from the
high order 11 bits to the originat8ing sdomain SID is stored in
a has table initialized at start up.
* Includes support for "idmap_hash:name_map = <filename>" for the
name aliasing layer. The name map file consist of entries in
the form "alias = DOMAIN\name"
(cherry picked from commit 081787719590b319633e2bc34f747feabaf3c6fe)
commit 0ab0ed55c0ec3195e988a3fe0f49da5e67b130ca
Author: Gerald (Jerry) Carter <jerry at samba.org>
Date: Mon Sep 15 15:50:15 2008 -0500
winbindd: Update the calls to ws_name_XX() to reflect API changes.
* Ensures that all points an which a name is received or returned
to/from a client passes through the name aliases layer (users
and groups).
(cherry picked from commit 0a2c8ac3f6af38ebeb61a49c515bdc84591130cc)
commit f4b84970b66ffc3b26bc098e748b34ee412f47f7
Author: Gerald (Jerry) Carter <jerry at samba.org>
Date: Mon Sep 15 15:41:37 2008 -0500
winbindd: Add support for name aliasing.
* Add support user and group name aliasing by expanding
the ws_name_replace() and ws_name_return() functions.
The lookup path is
aliases -> qualified name -> SID
SID -> fully qualified name -> alias
In other words, the name aliasing support is a thin layer
built on top of SID/NAME translation.
* Rename the ws_name_XX() functions to normalize_name_map()
and normalize_name_unmap(). Chaneg interface to return
NTSTATUS rather than char *.
* Add associated cache validation functions.
(cherry picked from commit 1ed8c35a730a01a565762485fead8db9cce4c469)
commit 0f3b855491ab7f876f177bea8176261511c0dd95
Author: Gerald W. Carter <jerry at samba.org>
Date: Mon Sep 15 12:38:36 2008 -0500
idmap_ad: Fix a segfault when calling nss_get_info() with a NULL ads structure.
(cherry picked from commit cc6d1c9a9fb4d97278af4d676f260c479b338638)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 13 +
docs-xml/scripts/find_missing_manpages.pl | 27 ++-
source/Makefile.in | 10 +-
source/configure.in | 4 +-
source/include/ads.h | 5 +
source/include/idmap.h | 3 +-
source/include/nss_info.h | 10 +
source/libads/ldap_schema.c | 15 +-
source/modules/vfs_acl_xattr.c | 331 ++++++++++++++++++++++++
source/services/services_db.c | 40 ++--
source/winbindd/idmap_ad.c | 258 +++++++++++++++++--
source/winbindd/idmap_hash/idmap_hash.c | 393 +++++++++++++++++++++++++++++
source/winbindd/idmap_hash/idmap_hash.h | 60 +++++
source/winbindd/idmap_hash/mapfile.c | 175 +++++++++++++
source/winbindd/nss_info.c | 41 +++
source/winbindd/nss_info_template.c | 32 +++-
source/winbindd/winbindd_cache.c | 249 ++++++++++++++++++
source/winbindd/winbindd_group.c | 182 +++++++++++---
source/winbindd/winbindd_pam.c | 60 ++++-
source/winbindd/winbindd_proto.h | 18 ++-
source/winbindd/winbindd_rpc.c | 44 +++-
source/winbindd/winbindd_user.c | 74 +++++-
source/winbindd/winbindd_util.c | 107 +++++++--
23 files changed, 2029 insertions(+), 122 deletions(-)
create mode 100644 source/modules/vfs_acl_xattr.c
create mode 100644 source/winbindd/idmap_hash/idmap_hash.c
create mode 100644 source/winbindd/idmap_hash/idmap_hash.h
create mode 100644 source/winbindd/idmap_hash/mapfile.c
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 3135cd5..bca14a7 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -20,6 +20,7 @@ Major enhancements in Samba 3.3.0 include:
Winbind:
o Simplyfied idmap configuration.
o Added new parameter "winbind reconnect delay".
+ o Added support for user and group aliasing.
Administrative tools:
o The destination "all" of smbcontrol does now affect all running
@@ -100,6 +101,8 @@ o Jeremy Allison <jra at samba.org>
* BUG 5751: Fix showing of ACLs on DFS in (lib)smbclient.
* BUG 5762: Fix opening of mangled directory name (resulted
'is a stream name').
+ * Fix crashes when looking up a non-existant uid.
+ * Fix getting/setting of NT ACLs on a file.
* Add st_birthtime and friends for accurate create times on *BSD
and MacOSX).
* Fix the wcache_invalidate_samlogon calls.
@@ -107,6 +110,15 @@ o Jeremy Allison <jra at samba.org>
* Get smbd to look (read-only) into the winbindd cache for uid/gid <--> sid
mappings.
* Write times code update.
+ * Add experimental version of VFS module acl_xattr.
+
+
+o Gerald W. Carter <jerry at samba.org>
+ * Fix segfault when calling nss_get_info() with a NULL ads structure.
+ * Add support for name aliasing in Winbind.
+ * Add the idmap/nss-info provider from Likewise Open.
+ * Allow an admin to define the "uid" attribute for a RFC2307
+ user object in AD to be the username alias.
o Steven Danneman <steven.danneman at isilon.com>
@@ -117,6 +129,7 @@ o Steven Danneman <steven.danneman at isilon.com>
o Günther Deschner <gd at samba.org>
* BUG 5710: Fix changing of machine account passwords.
* Fix invalid sid copy (hit when enumerating sibling domains) in Winbind.
+ * Fix double installation of cifs.upcall.
o James Ding <ding_cc at hotmail.com>
diff --git a/docs-xml/scripts/find_missing_manpages.pl b/docs-xml/scripts/find_missing_manpages.pl
index c468d7d..aa5751b 100755
--- a/docs-xml/scripts/find_missing_manpages.pl
+++ b/docs-xml/scripts/find_missing_manpages.pl
@@ -1,14 +1,25 @@
#!/usr/bin/perl
-my %doc;
-
$invar = 0;
-
$topdir = (shift @ARGV) or $topdir = ".";
-
+$makefile = "$topdir/source/Makefile.in";
+$mandir = "$topdir/docs-xml/manpages-3";
$progs = "";
-open(IN, "$topdir/Makefile.in");
+chdir($topdir);
+
+if(! -e "$makefile") {
+ print "$makefile does not exist!\n";
+ print "Wrong directory?\n";
+ exit(1);
+}
+
+if(! -d "$mandir") {
+ print "$mandir does not exist!\n";
+ exit(1);
+}
+
+open(IN, "$makefile");
while(<IN>) {
if($invar && /^([ \t]*)(.*?)([\\])$/) {
$progs.=" " . $2;
@@ -22,15 +33,17 @@ while(<IN>) {
foreach(split(/bin\//, $progs)) {
next if($_ eq " ");
s/\@EXEEXT\@//g;
+ s/\@EXTRA_BIN_PROGS\@//g;
s/ //g;
$f = $_;
-
+
$found = 0;
+
for($i = 0; $i < 9; $i++) {
- if(-e "manpages/$f.$i.xml") { $found = 1; }
+ if(-e "$mandir/$f.$i.xml") { $found = 1; }
}
if(!$found) {
diff --git a/source/Makefile.in b/source/Makefile.in
index 704d3e5..1b2339e 100644
--- a/source/Makefile.in
+++ b/source/Makefile.in
@@ -985,6 +985,10 @@ IDMAP_OBJ = winbindd/idmap.o winbindd/idmap_util.o @IDMAP_STATIC@
NSS_INFO_OBJ = winbindd/nss_info.o @NSS_INFO_STATIC@
+IDMAP_HASH_OBJ = \
+ winbindd/idmap_hash/idmap_hash.o \
+ winbindd/idmap_hash/mapfile.o
+
WINBINDD_OBJ1 = \
winbindd/winbindd.o \
winbindd/winbindd_user.o \
@@ -2216,6 +2220,10 @@ bin/ad. at SHLIBEXT@: $(BINARY_PREREQS) winbindd/idmap_ad.o
@echo "Building plugin $@"
@$(SHLD_MODULE) winbindd/idmap_ad.o
+bin/hash. at SHLIBEXT@: $(BINARY_PREREQS) $(IDMAP_HASH_OBJ)
+ @echo "Building plugin $@"
+ @$(SHLD_MODULE) $(IDMAP_HASH_OBJ)
+
bin/tdb2. at SHLIBEXT@: $(BINARY_PREREQS) winbindd/idmap_tdb2.o
@echo "Building plugin $@"
@$(SHLD_MODULE) winbindd/idmap_tdb2.o
@@ -2383,7 +2391,7 @@ bin/aio_fork. at SHLIBEXT@: $(BINARY_PREREQS) $(VFS_AIO_FORK_OBJ)
@echo "Building plugin $@"
@$(SHLD_MODULE) $(VFS_AIO_FORK_OBJ)
-bin/vfs_acl_xattr. at SHLIBEXT@: $(BINARY_PREREQS) $(VFS_ACL_XATTR_OBJ)
+bin/acl_xattr. at SHLIBEXT@: $(BINARY_PREREQS) $(VFS_ACL_XATTR_OBJ)
@echo "Building plugin $@"
@$(SHLD_MODULE) $(VFS_ACL_XATTR_OBJ)
diff --git a/source/configure.in b/source/configure.in
index e7b2aff..12d98e2 100644
--- a/source/configure.in
+++ b/source/configure.in
@@ -409,7 +409,7 @@ dnl These have to be built static:
default_static_modules="pdb_smbpasswd pdb_tdbsam rpc_lsarpc rpc_samr rpc_winreg rpc_initshutdown rpc_dssetup rpc_wkssvc rpc_svcctl2 rpc_ntsvcs2 rpc_netlogon rpc_netdfs rpc_srvsvc rpc_spoolss rpc_eventlog2 auth_sam auth_unix auth_winbind auth_server auth_domain auth_builtin vfs_default nss_info_template"
dnl These are preferably build shared, and static if dlopen() is not available
-default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr"
+default_shared_modules="vfs_recycle vfs_audit vfs_extd_audit vfs_full_audit vfs_netatalk vfs_fake_perms vfs_default_quota vfs_readonly vfs_cap vfs_expand_msdfs vfs_shadow_copy vfs_shadow_copy2 charset_CP850 charset_CP437 auth_script vfs_readahead vfs_xattr_tdb vfs_streams_xattr vfs_acl_xattr"
if test "x$developer" = xyes; then
default_static_modules="$default_static_modules rpc_rpcecho"
@@ -6059,6 +6059,7 @@ SMB_MODULE(idmap_passdb, winbindd/idmap_passdb.o, "bin/passdb.$SHLIBEXT", IDMAP)
SMB_MODULE(idmap_nss, winbindd/idmap_nss.o, "bin/nss.$SHLIBEXT", IDMAP)
SMB_MODULE(idmap_rid, winbindd/idmap_rid.o, "bin/rid.$SHLIBEXT", IDMAP)
SMB_MODULE(idmap_ad, winbindd/idmap_ad.o, "bin/ad.$SHLIBEXT", IDMAP)
+SMB_MODULE(idmap_hash, \$(IDMAP_HASH_OBJ), "bin/hash.$SHLIBEXT", IDMAP)
SMB_SUBSYSTEM(IDMAP, winbindd/idmap.o)
SMB_MODULE(nss_info_template, winbindd/nss_info_template.o, "bin/template.$SHLIBEXT", NSS_INFO)
@@ -6115,6 +6116,7 @@ SMB_MODULE(vfs_aio_fork, \$(VFS_AIO_FORK_OBJ), "bin/aio_fork.$SHLIBEXT", VFS)
SMB_MODULE(vfs_syncops, \$(VFS_SYNCOPS_OBJ), "bin/syncops.$SHLIBEXT", VFS)
SMB_MODULE(vfs_zfsacl, \$(VFS_ZFSACL_OBJ), "bin/zfsacl.$SHLIBEXT", VFS)
SMB_MODULE(vfs_notify_fam, \$(VFS_NOTIFY_FAM_OBJ), "bin/notify_fam.$SHLIBEXT", VFS)
+SMB_MODULE(vfs_acl_xattr, \$(VFS_ACL_XATTR_OBJ), "bin/acl_xattr.$SHLIBEXT", VFS)
SMB_SUBSYSTEM(VFS,smbd/vfs.o)
diff --git a/source/include/ads.h b/source/include/ads.h
index 97faf0b..b72d250 100644
--- a/source/include/ads.h
+++ b/source/include/ads.h
@@ -133,6 +133,7 @@ struct posix_schema {
char *posix_uidnumber_attr;
char *posix_gidnumber_attr;
char *posix_gecos_attr;
+ char *posix_uid_attr;
};
@@ -179,6 +180,7 @@ typedef void **ADS_MODLIST;
#define ADS_ATTR_SFU_HOMEDIR_OID "1.2.840.113556.1.6.18.1.344"
#define ADS_ATTR_SFU_SHELL_OID "1.2.840.113556.1.6.18.1.312"
#define ADS_ATTR_SFU_GECOS_OID "1.2.840.113556.1.6.18.1.337"
+#define ADS_ATTR_SFU_UID_OID "1.2.840.113556.1.6.18.1.309"
/* ldap attribute oids (Services for Unix 2.0) */
#define ADS_ATTR_SFU20_UIDNUMBER_OID "1.2.840.113556.1.4.7000.187.70"
@@ -186,6 +188,8 @@ typedef void **ADS_MODLIST;
#define ADS_ATTR_SFU20_HOMEDIR_OID "1.2.840.113556.1.4.7000.187.106"
#define ADS_ATTR_SFU20_SHELL_OID "1.2.840.113556.1.4.7000.187.72"
#define ADS_ATTR_SFU20_GECOS_OID "1.2.840.113556.1.4.7000.187.97"
+#define ADS_ATTR_SFU20_UID_OID "1.2.840.113556.1.4.7000.187.102"
+
/* ldap attribute oids (RFC2307) */
#define ADS_ATTR_RFC2307_UIDNUMBER_OID "1.3.6.1.1.1.1.0"
@@ -193,6 +197,7 @@ typedef void **ADS_MODLIST;
#define ADS_ATTR_RFC2307_HOMEDIR_OID "1.3.6.1.1.1.1.3"
#define ADS_ATTR_RFC2307_SHELL_OID "1.3.6.1.1.1.1.4"
#define ADS_ATTR_RFC2307_GECOS_OID "1.3.6.1.1.1.1.2"
+#define ADS_ATTR_RFC2307_UID_OID "0.9.2342.19200300.100.1.1"
/* ldap bitwise searches */
#define ADS_LDAP_MATCHING_RULE_BIT_AND "1.2.840.113556.1.4.803"
diff --git a/source/include/idmap.h b/source/include/idmap.h
index 95c3e4c..4322192 100644
--- a/source/include/idmap.h
+++ b/source/include/idmap.h
@@ -31,8 +31,9 @@
Updated to 3 for enum types by JRA. */
/* Updated to 4, completely new interface, SSS */
+/* Updated to 5, simplified interface by Volker */
-#define SMB_IDMAP_INTERFACE_VERSION 4
+#define SMB_IDMAP_INTERFACE_VERSION 5
struct idmap_domain {
const char *name;
diff --git a/source/include/nss_info.h b/source/include/nss_info.h
index 1ff9ebc..e756136 100644
--- a/source/include/nss_info.h
+++ b/source/include/nss_info.h
@@ -66,6 +66,10 @@ struct nss_info_methods {
TALLOC_CTX *ctx,
ADS_STRUCT *ads, LDAPMessage *msg,
char **homedir, char **shell, char **gecos, gid_t *p_gid);
+ NTSTATUS (*map_to_alias)( TALLOC_CTX *mem_ctx, const char *domain,
+ const char *name, char **alias );
+ NTSTATUS (*map_from_alias)( TALLOC_CTX *mem_ctx, const char *domain,
+ const char *alias, char **name );
NTSTATUS (*close_fn)( void );
};
@@ -84,6 +88,12 @@ NTSTATUS nss_get_info( const char *domain, const DOM_SID *user_sid,
char **homedir, char **shell, char **gecos,
gid_t *p_gid);
+NTSTATUS nss_map_to_alias( TALLOC_CTX *mem_ctx, const char *domain,
+ const char *name, char **alias );
+
+NTSTATUS nss_map_from_alias( TALLOC_CTX *mem_ctx, const char *domain,
+ const char *alias, char **name );
+
NTSTATUS nss_close( const char *parameters );
#endif /* _IDMAP_NSS_H_ */
diff --git a/source/libads/ldap_schema.c b/source/libads/ldap_schema.c
index ff41ccc..b5d2d35 100644
--- a/source/libads/ldap_schema.c
+++ b/source/libads/ldap_schema.c
@@ -246,19 +246,22 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx,
ADS_ATTR_SFU_GIDNUMBER_OID,
ADS_ATTR_SFU_HOMEDIR_OID,
ADS_ATTR_SFU_SHELL_OID,
- ADS_ATTR_SFU_GECOS_OID};
+ ADS_ATTR_SFU_GECOS_OID,
+ ADS_ATTR_SFU_UID_OID };
const char *oids_sfu20[] = { ADS_ATTR_SFU20_UIDNUMBER_OID,
ADS_ATTR_SFU20_GIDNUMBER_OID,
ADS_ATTR_SFU20_HOMEDIR_OID,
ADS_ATTR_SFU20_SHELL_OID,
- ADS_ATTR_SFU20_GECOS_OID};
+ ADS_ATTR_SFU20_GECOS_OID,
+ ADS_ATTR_SFU20_UID_OID };
const char *oids_rfc2307[] = { ADS_ATTR_RFC2307_UIDNUMBER_OID,
ADS_ATTR_RFC2307_GIDNUMBER_OID,
ADS_ATTR_RFC2307_HOMEDIR_OID,
ADS_ATTR_RFC2307_SHELL_OID,
- ADS_ATTR_RFC2307_GECOS_OID };
+ ADS_ATTR_RFC2307_GECOS_OID,
+ ADS_ATTR_RFC2307_UID_OID };
DEBUG(10,("ads_check_posix_schema_mapping for schema mode: %d\n", map_type));
@@ -359,6 +362,12 @@ ADS_STATUS ads_check_posix_schema_mapping(TALLOC_CTX *mem_ctx,
strequal(ADS_ATTR_SFU20_GECOS_OID, oids_out[i])) {
schema->posix_gecos_attr = talloc_strdup(schema, names_out[i]);
}
+
+ if (strequal(ADS_ATTR_RFC2307_UID_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU_UID_OID, oids_out[i]) ||
+ strequal(ADS_ATTR_SFU20_UID_OID, oids_out[i])) {
+ schema->posix_uid_attr = talloc_strdup(schema, names_out[i]);
+ }
}
if (!schema->posix_uidnumber_attr ||
diff --git a/source/modules/vfs_acl_xattr.c b/source/modules/vfs_acl_xattr.c
new file mode 100644
index 0000000..fd59310
--- /dev/null
+++ b/source/modules/vfs_acl_xattr.c
@@ -0,0 +1,331 @@
+/*
+ * Store Windows ACLs in xattrs.
+ *
+ * Copyright (C) Volker Lendecke, 2008
+ * Copyright (C) Jeremy Allison, 2008
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+/* NOTE: This is an experimental module, not yet finished. JRA. */
+
+#include "includes.h"
+#include "librpc/gen_ndr/xattr.h"
+#include "librpc/gen_ndr/ndr_xattr.h"
+
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_VFS
+
+static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob,
+ const struct timespec cts,
+ uint32 security_info,
+ struct security_descriptor **ppdesc)
+{
+ TALLOC_CTX *ctx = talloc_tos();
+ struct xattr_NTACL xacl;
+ enum ndr_err_code ndr_err;
+ size_t sd_size;
+ struct timespec ts;
+
+ ndr_err = ndr_pull_struct_blob(pblob, ctx, &xacl,
+ (ndr_pull_flags_fn_t)ndr_pull_xattr_NTACL);
+
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DEBUG(5, ("parse_acl_blob: ndr_pull_xattr_NTACL failed: %s\n",
+ ndr_errstr(ndr_err)));
+ return ndr_map_error2ntstatus(ndr_err);;
+ }
+
+ if (xacl.version != 2) {
+ return NT_STATUS_REVISION_MISMATCH;
+ }
+
+ /*
+ * Check that the ctime timestamp is ealier
+ * than the stored timestamp.
+ */
+
+ ts = nt_time_to_unix_timespec(&xacl.info.sd_ts->last_changed);
+
+ if (timespec_compare(&cts, &ts) > 0) {
+ DEBUG(5, ("parse_acl_blob: stored ACL out of date.\n"));
+ return NT_STATUS_EA_CORRUPT_ERROR;
+ }
+
+ *ppdesc = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
+ (security_info & OWNER_SECURITY_INFORMATION)
+ ? xacl.info.sd_ts->sd->owner_sid : NULL,
+ (security_info & GROUP_SECURITY_INFORMATION)
+ ? xacl.info.sd_ts->sd->group_sid : NULL,
+ (security_info & SACL_SECURITY_INFORMATION)
+ ? xacl.info.sd_ts->sd->sacl : NULL,
+ (security_info & DACL_SECURITY_INFORMATION)
+ ? xacl.info.sd_ts->sd->dacl : NULL,
+ &sd_size);
+
+ TALLOC_FREE(xacl.info.sd);
+
+ return (*ppdesc != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
+}
+
+static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
+ vfs_handle_struct *handle,
+ files_struct *fsp,
+ const char *name,
+ DATA_BLOB *pblob)
+{
+ size_t size = 1024;
+ uint8_t *val = NULL;
+ uint8_t *tmp;
+ ssize_t sizeret;
+ int saved_errno;
+
+ ZERO_STRUCTP(pblob);
+
+ again:
+
+ tmp = TALLOC_REALLOC_ARRAY(ctx, val, uint8_t, size);
+ if (tmp == NULL) {
+ TALLOC_FREE(val);
+ return NT_STATUS_NO_MEMORY;
+ }
+ val = tmp;
+
+ become_root();
+ if (fsp && fsp->fh->fd != -1) {
+ sizeret = SMB_VFS_FGETXATTR(fsp, XATTR_NTACL_NAME, val, size);
+ } else {
+ sizeret = SMB_VFS_GETXATTR(handle->conn, name,
+ XATTR_NTACL_NAME, val, size);
+ }
+ if (sizeret == -1) {
+ saved_errno = errno;
+ }
+ unbecome_root();
+
+ /* Max ACL size is 65536 bytes. */
+ if (sizeret == -1) {
+ errno = saved_errno;
+ if ((errno == ERANGE) && (size != 65536)) {
+ /* Too small, try again. */
+ size = 65536;
+ goto again;
+ }
+
+ /* Real error - exit here. */
+ TALLOC_FREE(val);
+ return map_nt_error_from_unix(errno);
+ }
+
+ pblob->data = val;
+ pblob->length = sizeret;
+ return NT_STATUS_OK;
+}
+
+static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode)
+{
+ return SMB_VFS_NEXT_MKDIR(handle, path, mode);
+}
+
+static int rmdir_acl_xattr(vfs_handle_struct *handle, const char *path)
+{
+ return SMB_VFS_NEXT_RMDIR(handle, path);
+}
+
+static int open_acl_xattr(vfs_handle_struct *handle, const char *fname, files_struct *fsp, int flags, mode_t mode)
+{
+ return SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
+}
+
+static int unlink_acl_xattr(vfs_handle_struct *handle, const char *fname)
+{
+ return SMB_VFS_NEXT_UNLINK(handle, fname);
+}
+
+static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle,
+ files_struct *fsp,
+ const char *name,
+ uint32 security_info,
+ SEC_DESC **ppdesc)
+{
+ TALLOC_CTX *ctx = talloc_tos();
+ DATA_BLOB blob;
+ SMB_STRUCT_STAT sbuf;
+ NTSTATUS status;
+
+ if (fsp && name == NULL) {
+ name = fsp->fsp_name;
+ }
+
+ DEBUG(10, ("get_nt_acl_xattr_internal: name=%s\n", name));
+
+ status = get_acl_blob(ctx, handle, fsp, name, &blob);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("get_acl_blob returned %s\n", nt_errstr(status)));
+ return status;
+ }
+
+ if (fsp && fsp->fh->fd != -1) {
+ if (SMB_VFS_FSTAT(fsp, &sbuf) == -1) {
+ return map_nt_error_from_unix(errno);
+ }
+ } else {
+ if (SMB_VFS_STAT(handle->conn, name, &sbuf) == -1) {
+ return map_nt_error_from_unix(errno);
+ }
+ }
+
+ status = parse_acl_blob(&blob, get_ctimespec(&sbuf),
+ security_info, ppdesc);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("parse_acl_blob returned %s\n",
+ nt_errstr(status)));
+ return status;
+ }
+
+ TALLOC_FREE(blob.data);
+ return status;
+}
+
+static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
+ uint32 security_info, SEC_DESC **ppdesc)
+{
+ NTSTATUS status = get_nt_acl_xattr_internal(handle, fsp,
+ NULL, security_info, ppdesc);
+ if (NT_STATUS_IS_OK(status)) {
+ return NT_STATUS_OK;
--
Samba Shared Repository
More information about the samba-cvs
mailing list