[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Tue Aug 30 23:07:05 UTC 2016


The branch, master has been updated
       via  91a2eb0 s3: modules: vfs_acl_common - Add Ralph's copyright.
       via  11dddd5 vfs_acl_common: use DBG_LEVEL and remove function prefixes in DEBUG statements
       via  946b93d s4/torture: tests for vfs_acl_xattr default ACL styles
       via  0730cb7 vfs_acl_common: Windows style default ACL
       via  26a9867 vfs_acl_xattr|tdb: add option to control default ACL style
       via  f46179e vfs_acl_common: check for ignore_system_acls before fetching filesystem ACL
       via  1095969 vfs_acl_common: move stat stuff to a helper function
       via  61c3d21 vfs_acl_tdb|xattr: use a config handle
       via  0de5a12 vfs_acl_common: move the ACL blob validation to a helper function
       via  335527c vfs_acl_common: simplify ACL logic, cleanup and talloc hierarchy
       via  e6f1254 vfs_acl_common: remove redundant NULL assignment
       via  9f79084 vfs_acl_common: rename pdesc_next to psd_fs
       via  2367eea vfs_acl_common: rename psd to psd_blob in get_nt_acl_internal()
       via  590b804 Revert "vfs_acl_xattr: objects without NT ACL xattr"
      from  faa3bef gensec_krb5: Use get_krb5_smb_session_key() in gensec_krb5_session_key()

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 91a2eb052581216e7baa670040d212c02d7148ea
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Aug 30 12:01:00 2016 -0700

    s3: modules: vfs_acl_common - Add Ralph's copyright.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Böhme <slow at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Wed Aug 31 01:06:43 CEST 2016 on sn-devel-144

commit 11dddd59aa01195152199443bc26e3141f162c8f
Author: Ralph Boehme <slow at samba.org>
Date:   Sat Aug 27 10:11:14 2016 +0200

    vfs_acl_common: use DBG_LEVEL and remove function prefixes in DEBUG statements
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 946b93d0e3f6f23fa2325d7aaba4dc6f4cc17cb6
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Aug 25 16:30:24 2016 +0200

    s4/torture: tests for vfs_acl_xattr default ACL styles
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 0730cb7e1ce33dbc5fc48a7363204c1220400c68
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Aug 25 07:45:34 2016 +0200

    vfs_acl_common: Windows style default ACL
    
    Reintroduce Windows style default ACL, but this time as an optional
    feature, not changing default behaviour.
    
    Original bugreport that got reverted because it changed the default
    behaviour: https://bugzilla.samba.org/show_bug.cgi?id=12028
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 26a9867ae1a9c69659252ce03c280c7c18a6c58f
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Aug 24 20:31:00 2016 +0200

    vfs_acl_xattr|tdb: add option to control default ACL style
    
    Existing behaviour is "posix" style. Next commit will (re)add the
    "windows" style. This commit doesn't change behaviour in any way.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit f46179ef7310959af095b0ea6234df7523d15457
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Aug 24 10:43:47 2016 +0200

    vfs_acl_common: check for ignore_system_acls before fetching filesystem ACL
    
    If ignore_system_acls is set and we're synthesizing a default ACL, we
    were fetching the filesystem ACL just to free it again. This change
    avoids this.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 10959698e20de381beec7ab532c8bdc32fa6401c
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Aug 24 10:30:15 2016 +0200

    vfs_acl_common: move stat stuff to a helper function
    
    Will be reused in the next commit when moving the
    make_default_filesystem_acl() stuff to a different place.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 61c3d2124fb1a180fae4c8c0b5ab5b32bd56c8ad
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Aug 24 10:01:17 2016 +0200

    vfs_acl_tdb|xattr: use a config handle
    
    Better for performance and a subsequent commit will add one more option
    where this will pay off.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 0de5a128cee90694979d074c2590ddbca0071e82
Author: Ralph Boehme <slow at samba.org>
Date:   Tue Aug 23 22:32:57 2016 +0200

    vfs_acl_common: move the ACL blob validation to a helper function
    
    No change in behaviour.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 335527c647331148927feea2a7ae2f2c88986bc6
Author: Ralph Boehme <slow at samba.org>
Date:   Tue Aug 23 17:07:20 2016 +0200

    vfs_acl_common: simplify ACL logic, cleanup and talloc hierarchy
    
    No change in behaviour (hopefully! :-). This paves the way for moving
    the ACL blob validation to a helper function in the next commit.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit e6f1254a00a6bf85b8d95bfbafef7d3e39ce1dde
Author: Ralph Boehme <slow at samba.org>
Date:   Tue Aug 23 13:14:50 2016 +0200

    vfs_acl_common: remove redundant NULL assignment
    
    The variables are already set to NULL by TALLOC_FREE.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 9f79084f166208820f586c8e43e1e315d32cd5ce
Author: Ralph Boehme <slow at samba.org>
Date:   Tue Aug 23 13:11:24 2016 +0200

    vfs_acl_common: rename pdesc_next to psd_fs
    
    In most realistic cases the "next" VFS op will return the permissions
    from the filesystem. This rename makes it explicit where the SD is
    originating from. No change in behaviour.
    
    This just paves the way for a later change that will simplify the whole
    logic and talloc hierarchy.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 2367eea928593f12f8914f7e7ba613b1b15516de
Author: Ralph Boehme <slow at samba.org>
Date:   Tue Aug 23 13:08:12 2016 +0200

    vfs_acl_common: rename psd to psd_blob in get_nt_acl_internal()
    
    This makes it explicit where the SD is originating from. No change in
    behaviour.
    
    This just paves the way for a later change that will simplify the whole
    logic and talloc hierarchy, therefor this also strictly renames the
    occurences after the out label.
    
    Logically, behind the out label, we're dealing with a variable that
    points to what we're going to return, so the name psd_blob is
    misleading, but I'm desperately trying to avoid logic changes in this
    commit and therefor I'm just strictly renaming.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

commit 590b80490c00587b5a4035856891e10defb654f6
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Aug 24 10:04:24 2016 +0200

    Revert "vfs_acl_xattr: objects without NT ACL xattr"
    
    This reverts commit 961c4b591bb102751079d9cc92d7aa1c37f1958c.
    
    Subsequent commits will add the same functionality as an optional
    feature.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/manpages/vfs_acl_tdb.8.xml   |  25 ++
 docs-xml/manpages/vfs_acl_xattr.8.xml |  25 ++
 selftest/target/Samba3.pm             |   8 +
 source3/modules/vfs_acl_common.c      | 730 ++++++++++++++++++++++------------
 source3/modules/vfs_acl_tdb.c         |   7 +
 source3/modules/vfs_acl_xattr.c       |   7 +
 source3/selftest/tests.py             |   4 +-
 source4/torture/vfs/acl_xattr.c       | 314 +++++++++++++++
 source4/torture/vfs/vfs.c             |   1 +
 source4/torture/wscript_build         |   2 +-
 10 files changed, 868 insertions(+), 255 deletions(-)
 create mode 100644 source4/torture/vfs/acl_xattr.c


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages/vfs_acl_tdb.8.xml b/docs-xml/manpages/vfs_acl_tdb.8.xml
index 640cec0..607e344 100644
--- a/docs-xml/manpages/vfs_acl_tdb.8.xml
+++ b/docs-xml/manpages/vfs_acl_tdb.8.xml
@@ -63,6 +63,31 @@
 		</para>
 		</listitem>
 		</varlistentry>
+
+		<varlistentry>
+		<term>acl_tdb:default acl style = [posix|windows]</term>
+		<listitem>
+		<para>
+		This parameter determines the type of ACL that is synthesized in
+		case a file or directory lacks an
+		<emphasis>security.NTACL</emphasis> xattr.
+		</para>
+		<para>
+		When set to <emphasis>posix</emphasis>, an ACL will be
+		synthesized based on the POSIX mode permissions for user, group
+		and others, with an additional ACE for <emphasis>NT
+		Authority\SYSTEM</emphasis> will full rights.
+		</para>
+		<para>
+		When set to <emphasis>windows</emphasis>, an ACL is synthesized
+		the same way Windows does it, only including permissions for the
+		owner and <emphasis>NT Authority\SYSTEM</emphasis>.
+		</para>
+		<para>
+		The default for this option is <emphasis>posix</emphasis>.
+		</para>
+		</listitem>
+		</varlistentry>
 	</variablelist>
 
 </refsect1>
diff --git a/docs-xml/manpages/vfs_acl_xattr.8.xml b/docs-xml/manpages/vfs_acl_xattr.8.xml
index 60a1c2d..8da73e0 100644
--- a/docs-xml/manpages/vfs_acl_xattr.8.xml
+++ b/docs-xml/manpages/vfs_acl_xattr.8.xml
@@ -67,6 +67,31 @@
 		</para>
 		</listitem>
 		</varlistentry>
+
+		<varlistentry>
+		<term>acl_xattr:default acl style = [posix|windows]</term>
+		<listitem>
+		<para>
+		This parameter determines the type of ACL that is synthesized in
+		case a file or directory lacks an
+		<emphasis>security.NTACL</emphasis> xattr.
+		</para>
+		<para>
+		When set to <emphasis>posix</emphasis>, an ACL will be
+		synthesized based on the POSIX mode permissions for user, group
+		and others, with an additional ACE for <emphasis>NT
+		Authority\SYSTEM</emphasis> will full rights.
+		</para>
+		<para>
+		When set to <emphasis>windows</emphasis>, an ACL is synthesized
+		the same way Windows does it, only including permissions for the
+		owner and <emphasis>NT Authority\SYSTEM</emphasis>.
+		</para>
+		<para>
+		The default for this option is <emphasis>posix</emphasis>.
+		</para>
+		</listitem>
+		</varlistentry>
 	</variablelist>
 
 </refsect1>
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 8fc3204..f68d7de 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -1792,6 +1792,14 @@ sub provision($$$$$$$$)
 	vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
 	inherit owner = yes
 	include = $dfqconffile
+[acl_xattr_ign_sysacl_posix]
+	copy = tmp
+	acl_xattr:ignore system acls = yes
+	acl_xattr:default acl style = posix
+[acl_xattr_ign_sysacl_windows]
+	copy = tmp
+	acl_xattr:ignore system acls = yes
+	acl_xattr:default acl style = windows
 	";
 	close(CONF);
 
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 2fda938e..fa65fd1 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -4,6 +4,7 @@
  *
  * Copyright (C) Volker Lendecke, 2008
  * Copyright (C) Jeremy Allison, 2009
+ * Copyright (C) Ralph Böhme, 2016
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
@@ -46,6 +47,47 @@ static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
 				SECINFO_DACL | \
 				SECINFO_SACL)
 
+enum default_acl_style {DEFAULT_ACL_POSIX, DEFAULT_ACL_WINDOWS};
+
+static const struct enum_list default_acl_style[] = {
+	{DEFAULT_ACL_POSIX,	"posix"},
+	{DEFAULT_ACL_WINDOWS,	"windows"}
+};
+
+struct acl_common_config {
+	bool ignore_system_acls;
+	enum default_acl_style default_acl_style;
+};
+
+static bool init_acl_common_config(vfs_handle_struct *handle)
+{
+	struct acl_common_config *config = NULL;
+
+	config = talloc_zero(handle->conn, struct acl_common_config);
+	if (config == NULL) {
+		DBG_ERR("talloc_zero() failed\n");
+		errno = ENOMEM;
+		return false;
+	}
+
+	config->ignore_system_acls = lp_parm_bool(SNUM(handle->conn),
+						  ACL_MODULE_NAME,
+						  "ignore system acls",
+						  false);
+	config->default_acl_style = lp_parm_enum(SNUM(handle->conn),
+						 ACL_MODULE_NAME,
+						 "default acl style",
+						 default_acl_style,
+						 DEFAULT_ACL_POSIX);
+
+	SMB_VFS_HANDLE_SET_DATA(handle, config, NULL,
+				struct acl_common_config,
+				return false);
+
+	return true;
+}
+
+
 /*******************************************************************
  Hash a security descriptor.
 *******************************************************************/
@@ -103,8 +145,8 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob,
 			(ndr_pull_flags_fn_t)ndr_pull_xattr_NTACL);
 
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		DEBUG(5, ("parse_acl_blob: ndr_pull_xattr_NTACL failed: %s\n",
-			ndr_errstr(ndr_err)));
+		DBG_INFO("ndr_pull_xattr_NTACL failed: %s\n",
+			 ndr_errstr(ndr_err));
 		TALLOC_FREE(frame);
 		return ndr_map_error2ntstatus(ndr_err);
 	}
@@ -200,8 +242,8 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
 			(ndr_push_flags_fn_t)ndr_push_xattr_NTACL);
 
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		DEBUG(5, ("create_acl_blob: ndr_push_xattr_NTACL failed: %s\n",
-			ndr_errstr(ndr_err)));
+		DBG_INFO("ndr_push_xattr_NTACL failed: %s\n",
+			 ndr_errstr(ndr_err));
 		return ndr_map_error2ntstatus(ndr_err);
 	}
 
@@ -246,8 +288,8 @@ static NTSTATUS create_sys_acl_blob(const struct security_descriptor *psd,
 			(ndr_push_flags_fn_t)ndr_push_xattr_NTACL);
 
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-		DEBUG(5, ("create_acl_blob: ndr_push_xattr_NTACL failed: %s\n",
-			ndr_errstr(ndr_err)));
+		DBG_INFO("ndr_push_xattr_NTACL failed: %s\n",
+			 ndr_errstr(ndr_err));
 		return ndr_map_error2ntstatus(ndr_err);
 	}
 
@@ -304,10 +346,7 @@ static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle,
 
 	mode = dir_mode | file_mode;
 
-	DEBUG(10, ("add_directory_inheritable_components: directory %s, "
-		"mode = 0%o\n",
-		name,
-		(unsigned int)mode ));
+	DBG_DEBUG("directory %s, mode = 0%o\n", name, (unsigned int)mode);
 
 	if (num_aces) {
 		memcpy(new_ace_list, psd->dacl->aces,
@@ -359,10 +398,10 @@ static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle,
 	return NT_STATUS_OK;
 }
 
-static NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
-					    const char *name,
-					    SMB_STRUCT_STAT *psbuf,
-					    struct security_descriptor **ppdesc)
+static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx,
+				       const char *name,
+				       SMB_STRUCT_STAT *psbuf,
+				       struct security_descriptor **ppdesc)
 {
 	struct dom_sid owner_sid, group_sid;
 	size_t size = 0;
@@ -372,17 +411,18 @@ static NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
 	struct security_acl *new_dacl = NULL;
 	int idx = 0;
 
-	DEBUG(10,("make_default_filesystem_acl: file %s mode = 0%o\n",
-		name, (int)mode ));
+	DBG_DEBUG("file %s mode = 0%o\n",name, (int)mode);
 
 	uid_to_sid(&owner_sid, psbuf->st_ex_uid);
 	gid_to_sid(&group_sid, psbuf->st_ex_gid);
 
 	/*
-	 * We provide 2 ACEs:
-	 * - Owner
-	 * - NT System
-	 */
+	 We provide up to 4 ACEs
+		- Owner
+		- Group
+		- Everyone
+		- NT System
+	*/
 
 	if (mode & S_IRUSR) {
 		if (mode & S_IWUSR) {
@@ -402,6 +442,39 @@ static NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
 			0);
 	idx++;
 
+	access_mask = 0;
+	if (mode & S_IRGRP) {
+		access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
+	}
+	if (mode & S_IWGRP) {
+		/* note that delete is not granted - this matches posix behaviour */
+		access_mask |= SEC_RIGHTS_FILE_WRITE;
+	}
+	if (access_mask) {
+		init_sec_ace(&aces[idx],
+			&group_sid,
+			SEC_ACE_TYPE_ACCESS_ALLOWED,
+			access_mask,
+			0);
+		idx++;
+	}
+
+	access_mask = 0;
+	if (mode & S_IROTH) {
+		access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
+	}
+	if (mode & S_IWOTH) {
+		access_mask |= SEC_RIGHTS_FILE_WRITE;
+	}
+	if (access_mask) {
+		init_sec_ace(&aces[idx],
+			&global_sid_World,
+			SEC_ACE_TYPE_ACCESS_ALLOWED,
+			access_mask,
+			0);
+		idx++;
+	}
+
 	init_sec_ace(&aces[idx],
 			&global_sid_System,
 			SEC_ACE_TYPE_ACCESS_ALLOWED,
@@ -432,20 +505,131 @@ static NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
 	return NT_STATUS_OK;
 }
 
-/*******************************************************************
- Pull a DATA_BLOB from an xattr given a pathname.
- If the hash doesn't match, or doesn't exist - return the underlying
- filesystem sd.
-*******************************************************************/
+static NTSTATUS make_default_acl_windows(TALLOC_CTX *ctx,
+					 const char *name,
+					 SMB_STRUCT_STAT *psbuf,
+					 struct security_descriptor **ppdesc)
+{
+	struct dom_sid owner_sid, group_sid;
+	size_t size = 0;
+	struct security_ace aces[4];
+	uint32_t access_mask = 0;
+	mode_t mode = psbuf->st_ex_mode;
+	struct security_acl *new_dacl = NULL;
+	int idx = 0;
 
-static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
-				    files_struct *fsp,
-				    const struct smb_filename *smb_fname_in,
-				    uint32_t security_info,
-				    TALLOC_CTX *mem_ctx,
-				    struct security_descriptor **ppdesc)
+	DBG_DEBUG("file [%s] mode [0%o]\n", name, (int)mode);
+
+	uid_to_sid(&owner_sid, psbuf->st_ex_uid);
+	gid_to_sid(&group_sid, psbuf->st_ex_gid);
+
+	/*
+	 * We provide 2 ACEs:
+	 * - Owner
+	 * - NT System
+	 */
+
+	if (mode & S_IRUSR) {
+		if (mode & S_IWUSR) {
+			access_mask |= SEC_RIGHTS_FILE_ALL;
+		} else {
+			access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
+		}
+	}
+	if (mode & S_IWUSR) {
+		access_mask |= SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE;
+	}
+
+	init_sec_ace(&aces[idx],
+		     &owner_sid,
+		     SEC_ACE_TYPE_ACCESS_ALLOWED,
+		     access_mask,
+		     0);
+	idx++;
+
+	init_sec_ace(&aces[idx],
+		     &global_sid_System,
+		     SEC_ACE_TYPE_ACCESS_ALLOWED,
+		     SEC_RIGHTS_FILE_ALL,
+		     0);
+	idx++;
+
+	new_dacl = make_sec_acl(ctx,
+				NT4_ACL_REVISION,
+				idx,
+				aces);
+
+	if (!new_dacl) {
+		return NT_STATUS_NO_MEMORY;
+	}
+
+	*ppdesc = make_sec_desc(ctx,
+				SECURITY_DESCRIPTOR_REVISION_1,
+				SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
+				&owner_sid,
+				&group_sid,
+				NULL,
+				new_dacl,
+				&size);
+	if (!*ppdesc) {
+		return NT_STATUS_NO_MEMORY;
+	}
+	return NT_STATUS_OK;
+}
+
+static NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
+					    struct acl_common_config *config,
+					    const char *name,
+					    SMB_STRUCT_STAT *psbuf,
+					    struct security_descriptor **ppdesc)
+{
+	NTSTATUS status;
+
+	switch (config->default_acl_style) {
+
+	case DEFAULT_ACL_POSIX:
+		status =  make_default_acl_posix(ctx, name, psbuf, ppdesc);
+		break;
+
+	case DEFAULT_ACL_WINDOWS:
+		status =  make_default_acl_windows(ctx, name, psbuf, ppdesc);
+		break;
+
+	default:
+		DBG_ERR("unknown acl style %d", config->default_acl_style);
+		status = NT_STATUS_INTERNAL_ERROR;
+		break;
+	}
+
+	return status;
+}
+
+/**
+ * Validate an ACL blob
+ *
+ * This validates an ACL blob against the underlying filesystem ACL. If this
+ * function returns NT_STATUS_OK ppsd can be
+ *
+ * 1. the ACL from the blob (psd_from_fs=false), or
+ * 2. the ACL from the fs (psd_from_fs=true), or
+ * 3. NULL (!)
+ *
+ * If the return value is anything else then NT_STATUS_OK, ppsd is set to NULL
+ * and psd_from_fs set to false.
+ *
+ * Returning the underlying filesystem ACL in case no. 2 is really just an
+ * optimisation, because some validations have to fetch the filesytem ACL as
+ * part of the validation, so we already have it available and callers might
+ * need it as well.
+ **/
+static NTSTATUS validate_nt_acl_blob(TALLOC_CTX *mem_ctx,
+				     vfs_handle_struct *handle,
+				     files_struct *fsp,
+				     const struct smb_filename *smb_fname,
+				     const DATA_BLOB *blob,
+				     struct security_descriptor **ppsd,
+				     bool *psd_is_from_fs)
 {
-	DATA_BLOB blob = data_blob_null;
 	NTSTATUS status;
 	uint16_t hash_type = XATTR_SD_HASH_TYPE_NONE;
 	uint16_t xattr_version = 0;
@@ -454,46 +638,31 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
 	uint8_t hash_tmp[XATTR_SD_HASH_SIZE];
 	uint8_t sys_acl_hash_tmp[XATTR_SD_HASH_SIZE];
 	struct security_descriptor *psd = NULL;
-	struct security_descriptor *pdesc_next = NULL;
-	const struct smb_filename *smb_fname = NULL;
-	bool ignore_file_system_acl = lp_parm_bool(SNUM(handle->conn),
-						ACL_MODULE_NAME,
-						"ignore system acls",
-						false);
-	TALLOC_CTX *frame = talloc_stackframe();
+	struct security_descriptor *psd_blob = NULL;
+	struct security_descriptor *psd_fs = NULL;
+	char *sys_acl_blob_description = NULL;
+	DATA_BLOB sys_acl_blob = { 0 };
+	struct acl_common_config *config = NULL;
 
-	if (fsp && smb_fname_in == NULL) {
-		smb_fname = fsp->fsp_name;
-	} else {
-		smb_fname = smb_fname_in;
-	}
+	*ppsd = NULL;
+	*psd_is_from_fs = false;
 
-	DEBUG(10, ("get_nt_acl_internal: name=%s\n", smb_fname->base_name));
+	SMB_VFS_HANDLE_GET_DATA(handle, config,
+				struct acl_common_config,
+				return NT_STATUS_UNSUCCESSFUL);
 
-	status = get_acl_blob(frame, handle, fsp, smb_fname, &blob);
+	status = parse_acl_blob(blob,
+				mem_ctx,
+				&psd_blob,
+				&hash_type,
+				&xattr_version,
+				&hash[0],
+				&sys_acl_hash[0]);
 	if (!NT_STATUS_IS_OK(status)) {
-		DEBUG(10, ("get_nt_acl_internal: get_acl_blob returned %s\n",
-			nt_errstr(status)));
-		psd = NULL;
-		goto out;
-	} else {
-		status = parse_acl_blob(&blob, mem_ctx, &psd,
-					&hash_type, &xattr_version, &hash[0], &sys_acl_hash[0]);
-		if (!NT_STATUS_IS_OK(status)) {
-			DEBUG(10, ("parse_acl_blob returned %s\n",
-				   nt_errstr(status)));
-			psd = NULL;
-			goto out;
-		}
+		DBG_DEBUG("parse_acl_blob returned %s\n", nt_errstr(status));
+		goto fail;
 	}
 
-	/* Ensure we don't leak psd if we don't choose it.
-	 *
-	 * We don't allocate it onto frame as it is preferred not to
-	 * steal from a talloc pool.
-	 */
-	talloc_steal(frame, psd);
-
 	/* determine which type of xattr we got */
 	switch (xattr_version) {
 	case 1:
@@ -502,33 +671,29 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
 		 * require confirmation of the hash.  In particular,
 		 * the NTVFS file server uses version 1, but
 		 * 'samba-tool ntacl' can set these as well */
-		goto out;
+		*ppsd = psd_blob;
+		return NT_STATUS_OK;
 	case 3:
 	case 4:
-		if (ignore_file_system_acl) {
-			goto out;
+		if (config->ignore_system_acls) {
+			*ppsd = psd_blob;
+			return NT_STATUS_OK;


-- 
Samba Shared Repository



More information about the samba-cvs mailing list