[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Tue Aug 14 21:24:03 MDT 2012
The branch, master has been updated
via 24b1143 s3-sysacls: Remove sys_acl_free_qualifier() as it is a no-op
via 6ccfd05 s3-sysacls: Remove sys_acl_free_acl() and replace with TALLOC_FREE()
via e25830d s3-smbd: Remove sys_acl_*() VFS wrapper functions
via a63a2a7 s3-smbd: Remove unused conn argument from convert_permset_to_mode_t()
via 3d031f2 s3-smbd: Call sys_acl_set_permset() directly rather than via the VFS
via 9f16fcf s3-smbd: Call sys_acl_set_qualifier() directly rather than via the VFS
via 21e0b91 s3-smbd: Call sys_acl_set_tag_type() directly rather than via the VFS
via 50d147b s3-smbd: Call sys_acl_create_entry() directly rather than via the VFS
via db54479 s3-smbd: Call sys_acl_add_perm() directly rather than via the VFS
via 631a356 s3-smbd: Call sys_acl_clear_perms() directly rather than via the VFS
via d78c7c3 s3-smbd: Call sys_acl_init() directly rather than via the VFS
via 8b3227e s3-smbd: Call sys_acl_free_acl() directly rather than via the VFS
via 6a46fbb s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS
via e019b93 s3-smbd: Call sys_acl_get_entry() directly rather than via the VFS
via d8fb9e7 s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS
via 6a2f142 s3-smbd: Call sys_acl_get_qualifier() directly rather than via the VFS
via d83276c s3-smbd: Call sys_acl_get_tagtype() directly rather than via the VFS
via 3b40932 s3-smbd: Call sys_acl_get_permset() directly rather than via the VFS
via 7dff34f s3-smbd: Call sys_acl_get_perm() directly rather than via the VFS
via 0705391 s3-smbd: Move smb_acl_t declaration to smb_acl.idl
via d5a8e58 pidl: Add mode_t as an alias so we can marshall posix ACL structures
via dcfb6aa s3-smbd: Change allocation of smb_acl_t to talloc()
via 47082ad libwbclient: Add test for wbcPingDc2
via 4c8616f wbinfo: Improve output of wbinfo --ping-dc
via bdb1f23 libwbclient: Add wbcPingDc2
via bd23c8f s3-winbind: Return the DC name from DC_PING
via 7baa709 s3-winbind: Pass ping-dc result to client
via 807fb16 selftest: Add knownfail for samba3.winbind.wbclient.wbcPingDc2
from 4ee602c s4:dsdb/repl: fix the usage of 'GC/' prefixed principal names
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 24b11430680ebd20303168ec73142226543ad6de
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 20:54:24 2012 +1000
s3-sysacls: Remove sys_acl_free_qualifier() as it is a no-op
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Aug 15 05:23:18 CEST 2012 on sn-devel-104
commit 6ccfd05e72bc010ccb291a169922cedd6a5ab702
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 20:51:41 2012 +1000
s3-sysacls: Remove sys_acl_free_acl() and replace with TALLOC_FREE()
commit e25830dcd87387a237b96f0d70deb204a5bf0a54
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 20:03:48 2012 +1000
s3-smbd: Remove sys_acl_*() VFS wrapper functions
We no longer do struct smb_acl_t manipuations via the VFS layer,
which is now reduced to handling the get/set functions.
The only backend that implemented these functions (aside from audit)
was the vfs_default module calling the sys_acl code. The various ACL
implementation modules either worked on the fully initilaised
smb_acl_t object or on NT ACLs.
This not only makes the operation of the posix ACL code more efficient
(as allocation and free is not put via the VFS), it makes it easier to
test and removes the fantasy that a module could safely redefine this
structure or the behaviour here.
The smb_acls.idl now defines the structure, and it is now allocated
with talloc.
These operations were originally added to the VFS in commit
3bb219161a270f12c27c3bc7e1220829c6e9f284.
Andrew Bartlett
commit a63a2a72ebb3d9c9a41c5519c85e8b294f1110a8
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 20:00:59 2012 +1000
s3-smbd: Remove unused conn argument from convert_permset_to_mode_t()
commit 3d031f2189a29a12320b424a4a192ac4e8b4622c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 20:00:21 2012 +1000
s3-smbd: Call sys_acl_set_permset() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
commit 9f16fcfd3f5e0fde9e857f18faaad01ee631320c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 19:59:54 2012 +1000
s3-smbd: Call sys_acl_set_qualifier() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
commit 21e0b91e9cf5ffc098beee01f4b573aee0133be4
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 19:59:33 2012 +1000
s3-smbd: Call sys_acl_set_tag_type() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
commit 50d147b8582d2f04b2a5914fb63c42b4e3aabdd5
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 19:59:03 2012 +1000
s3-smbd: Call sys_acl_create_entry() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
commit db544790f108000b4cad51fd143946765774753c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 19:58:17 2012 +1000
s3-smbd: Call sys_acl_add_perm() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
commit 631a356ea227eb48a9472b31ae3034fcbb1d3c5c
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 19:57:34 2012 +1000
s3-smbd: Call sys_acl_clear_perms() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
commit d78c7c32dc67d77bf68d3ac19853f599f0a817e7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 19:56:31 2012 +1000
s3-smbd: Call sys_acl_init() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
commit 8b3227eb451b360a82d488c643e1e4e4ac96e2fc
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 19:55:25 2012 +1000
s3-smbd: Call sys_acl_free_acl() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
commit 6a46fbb393559be0d80d7b80a1391fbed52bcce0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 19:53:41 2012 +1000
s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
commit e019b93f0e4aed60f23b57b02470f34cff871b41
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 19:52:23 2012 +1000
s3-smbd: Call sys_acl_get_entry() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
commit d8fb9e77ec98b055e1214e4ccf9d3f047354ac97
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 19:47:16 2012 +1000
s3-smbd: Call sys_acl_free_qualifier() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
commit 6a2f142b4980b8ce71980cd5bf8bd7b2428503d1
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 19:43:23 2012 +1000
s3-smbd: Call sys_acl_get_qualifier() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
commit d83276c13f3bfb25e98399827b1d5e10e709480d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 19:40:52 2012 +1000
s3-smbd: Call sys_acl_get_tagtype() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
commit 3b409324d3196b8f08df63189fc7d0802f03d757
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 19:38:09 2012 +1000
s3-smbd: Call sys_acl_get_permset() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
commit 7dff34f5d08d6389e0465d70a267ec87ed14849e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Aug 13 19:34:36 2012 +1000
s3-smbd: Call sys_acl_get_perm() directly rather than via the VFS
This will allow us to remove the struct smb_acl_t manipuations from the VFS layer,
which will be reduced to handling the get/set functions.
Andrew Bartlett
commit 0705391ed06441b2046d1de4529aa93f51bc3573
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Aug 12 22:02:23 2012 +1000
s3-smbd: Move smb_acl_t declaration to smb_acl.idl
This will allow us to marshall this into and from an NDR blob on disk, which will
allow us to fake up ACL support during make test, and to test the NT ACL emulation
using python bindings via the VFS.
Andrew Bartlett
commit d5a8e58bfbefd2ba7bcbec337013e8b204c68b6d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Aug 12 22:00:42 2012 +1000
pidl: Add mode_t as an alias so we can marshall posix ACL structures
commit dcfb6aad16b4b7b70a63340a17771d3f40aed1ce
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Aug 12 20:41:35 2012 +1000
s3-smbd: Change allocation of smb_acl_t to talloc()
The acl element is changed to be a talloc child, and is no longer one element
longer than requested by virtue of the acl[1] base pointer.
This also avoids one of the few remaining cases of over-allocation of a structure.
Andrew Bartlett
commit 47082ad3fae086c168bfedaa2fba692eccff3145
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Tue Aug 14 13:50:23 2012 -0700
libwbclient: Add test for wbcPingDc2
The internal domain used in 'make test' does not report a DC name, so
just add tests similar to the old wbcPingDc call.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 4c8616f0c84bfd1b114df8bb158c06ca8d987d5a
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Fri Aug 10 08:41:41 2012 -0700
wbinfo: Improve output of wbinfo --ping-dc
Use wbcPingDc2 to get the DC name and print it.
Cleanup error messages: Remove "Could not ping our DC", there is always
a more specific message. Avoid printing "failed to call wbcPingDc" in
case the ping has been attempted and it returns an error, the error is
already printed.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit bdb1f23e1d082830bf887cad0a0b5fed946b8e32
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Fri Aug 10 08:25:14 2012 -0700
libwbclient: Add wbcPingDc2
Add wbcPingDc2 that optionally returns the DC that was attempted to
ping. wbcPing is implemented as a wrapper around wbcPingDc2.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit bd23c8f1ce1caf61a0596c47795d6a21c2234826
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Fri Aug 10 08:10:42 2012 -0700
s3-winbind: Return the DC name from DC_PING
The DC that was attempted to ping is useful for troubleshooting. Return
the DC name in the response to the wbclient.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 7baa7091b741813f53954380a6ff6e7ff12e601b
Author: Christof Schmitt <christof.schmitt at us.ibm.com>
Date: Thu Aug 9 15:07:16 2012 -0700
s3-winbind: Pass ping-dc result to client
The client checks for an error code in response.data.auth.nt_status,
make sure the result is stored there.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
commit 807fb16086126a96a190176b6831c4ae990f94fa
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Aug 15 11:43:45 2012 +1000
selftest: Add knownfail for samba3.winbind.wbclient.wbcPingDc2
The soon-to-be-added command also fails against the s4 winbind.
Andrew Bartlett
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages-3/vfs_full_audit.8.xml | 17 -
examples/VFS/skel_opaque.c | 119 -------
examples/VFS/skel_transparent.c | 102 ------
librpc/idl/smb_acl.idl | 63 ++++
librpc/idl/wscript_build | 2 +-
librpc/wscript_build | 5 +
.../ABI/{wbclient-0.9.sigs => wbclient-0.10.sigs} | 1 +
nsswitch/libwbclient/tests/wbclient.c | 14 +
nsswitch/libwbclient/wbc_pam.c | 21 ++
nsswitch/libwbclient/wbclient.h | 18 +-
nsswitch/libwbclient/wscript | 2 +-
nsswitch/wbinfo.c | 8 +-
pidl/lib/Parse/Pidl/Typelist.pm | 1 +
selftest/knownfail | 1 +
source3/include/smb_acls.h | 39 +--
source3/include/vfs.h | 59 +----
source3/include/vfs_macros.h | 85 -----
source3/lib/sysacls.c | 28 +--
source3/librpc/idl/wbint.idl | 1 +
source3/modules/vfs_aixacl2.c | 2 +-
source3/modules/vfs_aixacl_util.c | 28 +-
source3/modules/vfs_default.c | 102 ------
source3/modules/vfs_full_audit.c | 302 -----------------
source3/modules/vfs_gpfs.c | 4 +-
source3/modules/vfs_hpuxacl.c | 11 +-
source3/modules/vfs_posixacl.c | 15 +-
source3/modules/vfs_solarisacl.c | 11 +-
source3/modules/vfs_time_audit.c | 357 --------------------
source3/modules/vfs_tru64acl.c | 21 +-
source3/smbd/posix_acls.c | 156 +++++-----
source3/smbd/pysmbd.c | 34 +-
source3/smbd/trans2.c | 36 +-
source3/smbd/vfs.c | 129 -------
source3/winbindd/winbindd_dual_srv.c | 5 +
source3/winbindd/winbindd_ping_dc.c | 19 +-
source3/wscript_build | 1 +
36 files changed, 316 insertions(+), 1503 deletions(-)
create mode 100644 librpc/idl/smb_acl.idl
copy nsswitch/libwbclient/ABI/{wbclient-0.9.sigs => wbclient-0.10.sigs} (98%)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages-3/vfs_full_audit.8.xml b/docs-xml/manpages-3/vfs_full_audit.8.xml
index 0f0d96d..f773a08 100644
--- a/docs-xml/manpages-3/vfs_full_audit.8.xml
+++ b/docs-xml/manpages-3/vfs_full_audit.8.xml
@@ -95,28 +95,11 @@
<member>stat</member>
<member>statvfs</member>
<member>symlink</member>
- <member>sys_acl_add_perm</member>
- <member>sys_acl_clear_perms</member>
- <member>sys_acl_create_entry</member>
<member>sys_acl_delete_def_file</member>
- <member>sys_acl_free_acl</member>
- <member>sys_acl_free_qualifier</member>
- <member>sys_acl_free_text</member>
- <member>sys_acl_get_entry</member>
<member>sys_acl_get_fd</member>
<member>sys_acl_get_file</member>
- <member>sys_acl_get_perm</member>
- <member>sys_acl_get_permset</member>
- <member>sys_acl_get_qualifier</member>
- <member>sys_acl_get_tag_type</member>
- <member>sys_acl_init</member>
<member>sys_acl_set_fd</member>
<member>sys_acl_set_file</member>
- <member>sys_acl_set_permset</member>
- <member>sys_acl_set_qualifier</member>
- <member>sys_acl_set_tag_type</member>
- <member>sys_acl_to_text</member>
- <member>sys_acl_valid</member>
<member>telldir</member>
<member>unlink</member>
<member>utime</member>
diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c
index 03a5157..edfb772 100644
--- a/examples/VFS/skel_opaque.c
+++ b/examples/VFS/skel_opaque.c
@@ -574,30 +574,6 @@ static int skel_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, mode_t
return -1;
}
-static int skel_sys_acl_get_entry(vfs_handle_struct *handle, SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
-{
- errno = ENOSYS;
- return -1;
-}
-
-static int skel_sys_acl_get_tag_type(vfs_handle_struct *handle, SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
-{
- errno = ENOSYS;
- return -1;
-}
-
-static int skel_sys_acl_get_permset(vfs_handle_struct *handle, SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
-{
- errno = ENOSYS;
- return -1;
-}
-
-static void *skel_sys_acl_get_qualifier(vfs_handle_struct *handle, SMB_ACL_ENTRY_T entry_d)
-{
- errno = ENOSYS;
- return NULL;
-}
-
static SMB_ACL_T skel_sys_acl_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type)
{
errno = ENOSYS;
@@ -610,60 +586,6 @@ static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fs
return (SMB_ACL_T)NULL;
}
-static int skel_sys_acl_clear_perms(vfs_handle_struct *handle, SMB_ACL_PERMSET_T permset)
-{
- errno = ENOSYS;
- return -1;
-}
-
-static int skel_sys_acl_add_perm(vfs_handle_struct *handle, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
-{
- errno = ENOSYS;
- return -1;
-}
-
-static char *skel_sys_acl_to_text(vfs_handle_struct *handle, SMB_ACL_T theacl, ssize_t *plen)
-{
- errno = ENOSYS;
- return NULL;
-}
-
-static SMB_ACL_T skel_sys_acl_init(vfs_handle_struct *handle, int count)
-{
- errno = ENOSYS;
- return (SMB_ACL_T)NULL;
-}
-
-static int skel_sys_acl_create_entry(vfs_handle_struct *handle, SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
-{
- errno = ENOSYS;
- return -1;
-}
-
-static int skel_sys_acl_set_tag_type(vfs_handle_struct *handle, SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
-{
- errno = ENOSYS;
- return -1;
-}
-
-static int skel_sys_acl_set_qualifier(vfs_handle_struct *handle, SMB_ACL_ENTRY_T entry, void *qual)
-{
- errno = ENOSYS;
- return -1;
-}
-
-static int skel_sys_acl_set_permset(vfs_handle_struct *handle, SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
-{
- errno = ENOSYS;
- return -1;
-}
-
-static int skel_sys_acl_valid(vfs_handle_struct *handle, SMB_ACL_T theacl )
-{
- errno = ENOSYS;
- return -1;
-}
-
static int skel_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
{
errno = ENOSYS;
@@ -682,30 +604,6 @@ static int skel_sys_acl_delete_def_file(vfs_handle_struct *handle, const char *
return -1;
}
-static int skel_sys_acl_get_perm(vfs_handle_struct *handle, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
-{
- errno = ENOSYS;
- return -1;
-}
-
-static int skel_sys_acl_free_text(vfs_handle_struct *handle, char *text)
-{
- errno = ENOSYS;
- return -1;
-}
-
-static int skel_sys_acl_free_acl(vfs_handle_struct *handle, SMB_ACL_T posix_acl)
-{
- errno = ENOSYS;
- return -1;
-}
-
-static int skel_sys_acl_free_qualifier(vfs_handle_struct *handle, void *qualifier, SMB_ACL_TAG_T tagtype)
-{
- errno = ENOSYS;
- return -1;
-}
-
static ssize_t skel_getxattr(vfs_handle_struct *handle, const char *path, const char *name, void *value, size_t size)
{
errno = ENOSYS;
@@ -871,28 +769,11 @@ struct vfs_fn_pointers skel_opaque_fns = {
.chmod_acl_fn = skel_chmod_acl,
.fchmod_acl_fn = skel_fchmod_acl,
- .sys_acl_get_entry_fn = skel_sys_acl_get_entry,
- .sys_acl_get_tag_type_fn = skel_sys_acl_get_tag_type,
- .sys_acl_get_permset_fn = skel_sys_acl_get_permset,
- .sys_acl_get_qualifier_fn = skel_sys_acl_get_qualifier,
.sys_acl_get_file_fn = skel_sys_acl_get_file,
.sys_acl_get_fd_fn = skel_sys_acl_get_fd,
- .sys_acl_clear_perms_fn = skel_sys_acl_clear_perms,
- .sys_acl_add_perm_fn = skel_sys_acl_add_perm,
- .sys_acl_to_text_fn = skel_sys_acl_to_text,
- .sys_acl_init_fn = skel_sys_acl_init,
- .sys_acl_create_entry_fn = skel_sys_acl_create_entry,
- .sys_acl_set_tag_type_fn = skel_sys_acl_set_tag_type,
- .sys_acl_set_qualifier_fn = skel_sys_acl_set_qualifier,
- .sys_acl_set_permset_fn = skel_sys_acl_set_permset,
- .sys_acl_valid_fn = skel_sys_acl_valid,
.sys_acl_set_file_fn = skel_sys_acl_set_file,
.sys_acl_set_fd_fn = skel_sys_acl_set_fd,
.sys_acl_delete_def_file_fn = skel_sys_acl_delete_def_file,
- .sys_acl_get_perm_fn = skel_sys_acl_get_perm,
- .sys_acl_free_text_fn = skel_sys_acl_free_text,
- .sys_acl_free_acl_fn = skel_sys_acl_free_acl,
- .sys_acl_free_qualifier_fn = skel_sys_acl_free_qualifier,
/* EA operations. */
.getxattr_fn = skel_getxattr,
diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c
index 6981b5d..711b7fc 100644
--- a/examples/VFS/skel_transparent.c
+++ b/examples/VFS/skel_transparent.c
@@ -689,26 +689,6 @@ static int skel_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, mode_t
return SMB_VFS_NEXT_FCHMOD_ACL(handle, fsp, mode);
}
-static int skel_sys_acl_get_entry(vfs_handle_struct *handle, SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
-{
- return SMB_VFS_NEXT_SYS_ACL_GET_ENTRY(handle, theacl, entry_id, entry_p);
-}
-
-static int skel_sys_acl_get_tag_type(vfs_handle_struct *handle, SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
-{
- return SMB_VFS_NEXT_SYS_ACL_GET_TAG_TYPE(handle, entry_d, tag_type_p);
-}
-
-static int skel_sys_acl_get_permset(vfs_handle_struct *handle, SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
-{
- return SMB_VFS_NEXT_SYS_ACL_GET_PERMSET(handle, entry_d, permset_p);
-}
-
-static void *skel_sys_acl_get_qualifier(vfs_handle_struct *handle, SMB_ACL_ENTRY_T entry_d)
-{
- return SMB_VFS_NEXT_SYS_ACL_GET_QUALIFIER(handle, entry_d);
-}
-
static SMB_ACL_T skel_sys_acl_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type)
{
return SMB_VFS_NEXT_SYS_ACL_GET_FILE(handle, path_p, type);
@@ -719,51 +699,6 @@ static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle, files_struct *fs
return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp);
}
-static int skel_sys_acl_clear_perms(vfs_handle_struct *handle, SMB_ACL_PERMSET_T permset)
-{
- return SMB_VFS_NEXT_SYS_ACL_CLEAR_PERMS(handle, permset);
-}
-
-static int skel_sys_acl_add_perm(vfs_handle_struct *handle, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
-{
- return SMB_VFS_NEXT_SYS_ACL_ADD_PERM(handle, permset, perm);
-}
-
-static char *skel_sys_acl_to_text(vfs_handle_struct *handle, SMB_ACL_T theacl, ssize_t *plen)
-{
- return SMB_VFS_NEXT_SYS_ACL_TO_TEXT(handle, theacl, plen);
-}
-
-static SMB_ACL_T skel_sys_acl_init(vfs_handle_struct *handle, int count)
-{
- return SMB_VFS_NEXT_SYS_ACL_INIT(handle, count);
-}
-
-static int skel_sys_acl_create_entry(vfs_handle_struct *handle, SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry)
-{
- return SMB_VFS_NEXT_SYS_ACL_CREATE_ENTRY(handle, pacl, pentry);
-}
-
-static int skel_sys_acl_set_tag_type(vfs_handle_struct *handle, SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype)
-{
- return SMB_VFS_NEXT_SYS_ACL_SET_TAG_TYPE(handle, entry, tagtype);
-}
-
-static int skel_sys_acl_set_qualifier(vfs_handle_struct *handle, SMB_ACL_ENTRY_T entry, void *qual)
-{
- return SMB_VFS_NEXT_SYS_ACL_SET_QUALIFIER(handle, entry, qual);
-}
-
-static int skel_sys_acl_set_permset(vfs_handle_struct *handle, SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset)
-{
- return SMB_VFS_NEXT_SYS_ACL_SET_PERMSET(handle, entry, permset);
-}
-
-static int skel_sys_acl_valid(vfs_handle_struct *handle, SMB_ACL_T theacl )
-{
- return SMB_VFS_NEXT_SYS_ACL_VALID(handle, theacl);
-}
-
static int skel_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
{
return SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype, theacl);
@@ -779,26 +714,6 @@ static int skel_sys_acl_delete_def_file(vfs_handle_struct *handle, const char *
return SMB_VFS_NEXT_SYS_ACL_DELETE_DEF_FILE(handle, path);
}
-static int skel_sys_acl_get_perm(vfs_handle_struct *handle, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm)
-{
- return SMB_VFS_NEXT_SYS_ACL_GET_PERM(handle, permset, perm);
-}
-
-static int skel_sys_acl_free_text(vfs_handle_struct *handle, char *text)
-{
- return SMB_VFS_NEXT_SYS_ACL_FREE_TEXT(handle, text);
-}
-
-static int skel_sys_acl_free_acl(vfs_handle_struct *handle, SMB_ACL_T posix_acl)
-{
- return SMB_VFS_NEXT_SYS_ACL_FREE_ACL(handle, posix_acl);
-}
-
-static int skel_sys_acl_free_qualifier(vfs_handle_struct *handle, void *qualifier, SMB_ACL_TAG_T tagtype)
-{
- return SMB_VFS_NEXT_SYS_ACL_FREE_QUALIFIER(handle, qualifier, tagtype);
-}
-
static ssize_t skel_getxattr(vfs_handle_struct *handle, const char *path, const char *name, void *value, size_t size)
{
return SMB_VFS_NEXT_GETXATTR(handle, path, name, value, size);
@@ -952,28 +867,11 @@ struct vfs_fn_pointers skel_transparent_fns = {
.chmod_acl_fn = skel_chmod_acl,
.fchmod_acl_fn = skel_fchmod_acl,
- .sys_acl_get_entry_fn = skel_sys_acl_get_entry,
- .sys_acl_get_tag_type_fn = skel_sys_acl_get_tag_type,
- .sys_acl_get_permset_fn = skel_sys_acl_get_permset,
- .sys_acl_get_qualifier_fn = skel_sys_acl_get_qualifier,
.sys_acl_get_file_fn = skel_sys_acl_get_file,
.sys_acl_get_fd_fn = skel_sys_acl_get_fd,
- .sys_acl_clear_perms_fn = skel_sys_acl_clear_perms,
- .sys_acl_add_perm_fn = skel_sys_acl_add_perm,
- .sys_acl_to_text_fn = skel_sys_acl_to_text,
- .sys_acl_init_fn = skel_sys_acl_init,
- .sys_acl_create_entry_fn = skel_sys_acl_create_entry,
- .sys_acl_set_tag_type_fn = skel_sys_acl_set_tag_type,
- .sys_acl_set_qualifier_fn = skel_sys_acl_set_qualifier,
- .sys_acl_set_permset_fn = skel_sys_acl_set_permset,
- .sys_acl_valid_fn = skel_sys_acl_valid,
.sys_acl_set_file_fn = skel_sys_acl_set_file,
.sys_acl_set_fd_fn = skel_sys_acl_set_fd,
.sys_acl_delete_def_file_fn = skel_sys_acl_delete_def_file,
- .sys_acl_get_perm_fn = skel_sys_acl_get_perm,
- .sys_acl_free_text_fn = skel_sys_acl_free_text,
- .sys_acl_free_acl_fn = skel_sys_acl_free_acl,
- .sys_acl_free_qualifier_fn = skel_sys_acl_free_qualifier,
/* EA operations. */
.getxattr_fn = skel_getxattr,
diff --git a/librpc/idl/smb_acl.idl b/librpc/idl/smb_acl.idl
new file mode 100644
index 0000000..9586958
--- /dev/null
+++ b/librpc/idl/smb_acl.idl
@@ -0,0 +1,63 @@
+/*
+ Unix SMB/CIFS implementation.
+ Portable SMB ACL interface
+ Copyright (C) Jeremy Allison 2000
+ Copyright (C) Andrew Bartlett 2012
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+
+/* Allow the smb_acl interface to be pushed into an NDR blob and read/written in python */
+[
+ pointer_default(unique)
+]
+interface smb_acl
+{
+
+ const int SMB_ACL_READ = 4;
+ const int SMB_ACL_WRITE = 2;
+ const int SMB_ACL_EXECUTE = 1;
+
+ /* Types of ACLs. */
+ typedef enum {
+ SMB_ACL_TAG_INVALID = 0,
+ SMB_ACL_USER = 1,
+ SMB_ACL_USER_OBJ = 2,
+ SMB_ACL_GROUP = 3,
+ SMB_ACL_GROUP_OBJ = 4,
+ SMB_ACL_OTHER = 5,
+ SMB_ACL_MASK = 6
+ } smb_acl_tag_t;
+
+ typedef struct {
+ smb_acl_tag_t a_type;
+ mode_t a_perm;
+ uid_t uid;
+ gid_t gid;
+ } smb_acl_entry;
+
+ typedef struct {
+ int size;
+ int count;
+ int next;
+ smb_acl_entry *acl;
+ } smb_acl_t;
+
+ const int SMB_ACL_FIRST_ENTRY = 0;
+ const int SMB_ACL_NEXT_ENTRY = 1;
+
+ const int SMB_ACL_TYPE_ACCESS = 0;
+ const int SMB_ACL_TYPE_DEFAULT = 1;
+}
diff --git a/librpc/idl/wscript_build b/librpc/idl/wscript_build
index 58d3181..2dbf1a3 100644
--- a/librpc/idl/wscript_build
+++ b/librpc/idl/wscript_build
@@ -4,7 +4,7 @@ bld.SAMBA_PIDL_LIST('PIDL',
'''atsvc.idl auth.idl drsuapi.idl epmapper.idl initshutdown.idl
misc.idl ntlmssp.idl schannel.idl trkwks.idl
audiosrv.idl dfsblobs.idl dsbackup.idl eventlog.idl file_id.idl keysvc.idl
- msgsvc.idl ntsvcs.idl remact.idl security.idl unixinfo.idl wzcsvc.idl
+ msgsvc.idl ntsvcs.idl remact.idl security.idl smb_acl.idl unixinfo.idl wzcsvc.idl
browser.idl dfs.idl dssetup.idl frsapi.idl krb5pac.idl
named_pipe_auth.idl orpc.idl rot.idl spoolss.idl w32time.idl xattr.idl
dbgidl.idl dnsserver.idl echo.idl frsrpc.idl lsa.idl nbt.idl dns.idl
diff --git a/librpc/wscript_build b/librpc/wscript_build
index 1dd755e..8dbbe2d 100644
--- a/librpc/wscript_build
+++ b/librpc/wscript_build
@@ -239,6 +239,11 @@ bld.SAMBA_SUBSYSTEM('NDR_SECURITY',
header_path='gen_ndr'
)
+bld.SAMBA_SUBSYSTEM('NDR_SMB_ACL',
+ source='gen_ndr/ndr_smb_acl.c',
+ deps='ndr',
+ )
+
bld.SAMBA_SUBSYSTEM('NDR_SVCCTL',
source='gen_ndr/ndr_svcctl.c ndr/ndr_svcctl.c',
public_deps='ndr NDR_SECURITY'
diff --git a/nsswitch/libwbclient/ABI/wbclient-0.9.sigs b/nsswitch/libwbclient/ABI/wbclient-0.10.sigs
similarity index 98%
copy from nsswitch/libwbclient/ABI/wbclient-0.9.sigs
copy to nsswitch/libwbclient/ABI/wbclient-0.10.sigs
index ec25e76..eda96f4 100644
--- a/nsswitch/libwbclient/ABI/wbclient-0.9.sigs
+++ b/nsswitch/libwbclient/ABI/wbclient-0.10.sigs
@@ -47,6 +47,7 @@ wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **
wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **)
wbcPing: wbcErr (void)
wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **)
wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
diff --git a/nsswitch/libwbclient/tests/wbclient.c b/nsswitch/libwbclient/tests/wbclient.c
index d105574..cd44d69 100644
--- a/nsswitch/libwbclient/tests/wbclient.c
+++ b/nsswitch/libwbclient/tests/wbclient.c
@@ -63,6 +63,19 @@ static bool test_wbc_pingdc(struct torture_context *tctx)
return true;
}
+static bool test_wbc_pingdc2(struct torture_context *tctx)
+{
+ char *name = NULL;
+
+ torture_assert_wbc_equal(tctx, wbcPingDc2("random_string", NULL, &name),
+ WBC_ERR_NOT_IMPLEMENTED, "%s",
+ "wbcPingDc2 failed");
+ torture_assert_wbc_ok(tctx, wbcPingDc2(NULL, NULL, &name), "%s",
+ "wbcPingDc2 failed");
+
+ return true;
+}
+
static bool test_wbc_library_details(struct torture_context *tctx)
{
struct wbcLibraryDetails *details;
@@ -688,6 +701,7 @@ struct torture_suite *torture_wbclient(void)
torture_suite_add_simple_test(suite, "wbcPing", test_wbc_ping);
torture_suite_add_simple_test(suite, "wbcPingDc", test_wbc_pingdc);
+ torture_suite_add_simple_test(suite, "wbcPingDc2", test_wbc_pingdc);
torture_suite_add_simple_test(suite, "wbcLibraryDetails", test_wbc_library_details);
torture_suite_add_simple_test(suite, "wbcInterfaceDetails", test_wbc_interface_details);
torture_suite_add_simple_test(suite, "wbcSidTypeString", test_wbc_sidtypestring);
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index 0aa180c..f7fb9f2 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -612,6 +612,16 @@ wbcErr wbcChangeTrustCredentials(const char *domain,
*/
wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error)
{
+ return wbcPingDc2(domain, error, NULL);
+}
+
+/*
+ * Trigger a no-op NETLOGON call. Lightweight version of
+ * wbcCheckTrustCredentials, optionally return attempted DC
+ */
+wbcErr wbcPingDc2(const char *domain, struct wbcAuthErrorInfo **error,
+ char **dcname)
+{
struct winbindd_request request;
struct winbindd_response response;
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
@@ -633,6 +643,17 @@ wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error)
wbc_status = wbcRequestResponse(WINBINDD_PING_DC,
&request,
&response);
+
+ if (dcname && response.extra_data.data) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list