The branch, master has been updated
via ff547a23ae464475fa9a6f0c9b8a5d1d721dde64 (commit)
from cd5133b1127579fa47152e4c38f4a6534bdf37c7 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ff547a23ae464475fa9a6f0c9b8a5d1d721dde64
Author: Jeremy Allison <j...@samba.org>
Date: Fri Jul 24 17:06:41 2009 -0700
Factor out common code into vfs_acl_common.c.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/Makefile.in | 4 +-
source3/include/proto.h | 27 +
.../modules/{vfs_acl_xattr.c => vfs_acl_common.c} | 282 ++--------
source3/modules/vfs_acl_tdb.c | 646 +-------------------
source3/modules/vfs_acl_xattr.c | 642 +-------------------
5 files changed, 80 insertions(+), 1521 deletions(-)
copy source3/modules/{vfs_acl_xattr.c => vfs_acl_common.c} (71%)
Changeset truncated at 500 lines:
diff --git a/source3/Makefile.in b/source3/Makefile.in
index e6d0cf0..b963511 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -706,8 +706,8 @@ VFS_FILEID_OBJ = modules/vfs_fileid.o
VFS_AIO_FORK_OBJ = modules/vfs_aio_fork.o
VFS_PREOPEN_OBJ = modules/vfs_preopen.o
VFS_SYNCOPS_OBJ = modules/vfs_syncops.o
-VFS_ACL_XATTR_OBJ = modules/vfs_acl_xattr.o
-VFS_ACL_TDB_OBJ = modules/vfs_acl_tdb.o
+VFS_ACL_XATTR_OBJ = modules/vfs_acl_xattr.o modules/vfs_acl_common.o
+VFS_ACL_TDB_OBJ = modules/vfs_acl_tdb.o modules/vfs_acl_common.o
VFS_SMB_TRAFFIC_ANALYZER_OBJ = modules/vfs_smb_traffic_analyzer.o
VFS_ONEFS_OBJ = modules/vfs_onefs.o modules/onefs_acl.o modules/onefs_system.o
\
modules/onefs_open.o modules/onefs_streams.o
modules/onefs_dir.o \
diff --git a/source3/include/proto.h b/source3/include/proto.h
index a79c7eb..92386f5 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -7284,4 +7284,31 @@ uint32_t ds_uf2atype(uint32_t uf);
uint32_t ds_gtype2atype(uint32_t gtype);
enum lsa_SidType ds_atype_map(uint32_t atype);
+/* The following definitions come from modules/vfs_acl_xattr.c */
+NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
+ vfs_handle_struct *handle,
+ files_struct *fsp,
+ const char *name,
+ DATA_BLOB *pblob);
+NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
+ files_struct *fsp,
+ DATA_BLOB *pblob);
+NTSTATUS store_acl_blob_pathname(vfs_handle_struct *handle,
+ const char *fname,
+ DATA_BLOB *pblob);
+
+/* The following definitions come from modules/vfs_acl_common.c */
+int open_acl_common(vfs_handle_struct *handle,
+ struct smb_filename *smb_fname,
+ files_struct *fsp,
+ int flags,
+ mode_t mode);
+int mkdir_acl_common(vfs_handle_struct *handle, const char *path, mode_t mode);
+NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
+ uint32_t security_info, struct security_descriptor **ppdesc);
+NTSTATUS get_nt_acl_common(vfs_handle_struct *handle,
+ const char *name, uint32_t security_info, struct security_descriptor
**ppdesc);
+NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
+ uint32_t security_info_sent, const struct security_descriptor *psd);
+
#endif /* _PROTO_H_ */
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_common.c
similarity index 71%
copy from source3/modules/vfs_acl_xattr.c
copy to source3/modules/vfs_acl_common.c
index 381c374..d8ff8c6 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_common.c
@@ -1,8 +1,8 @@
/*
- * Store Windows ACLs in xattrs.
+ * Store Windows ACLs in data store - common functions.
*
* Copyright (C) Volker Lendecke, 2008
- * Copyright (C) Jeremy Allison, 2008
+ * Copyright (C) Jeremy Allison, 2009
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -43,7 +43,7 @@ static NTSTATUS create_acl_blob(const struct
security_descriptor *psd,
*******************************************************************/
static NTSTATUS hash_sd_sha256(struct security_descriptor *psd,
- uint8_t hash[XATTR_SD_HASH_SIZE])
+ uint8_t *hash)
{
DATA_BLOB blob;
SHA256_CTX tctx;
@@ -120,64 +120,6 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob,
}
/*******************************************************************
- Pull a security descriptor into a DATA_BLOB from a xattr.
-*******************************************************************/
-
-static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
- vfs_handle_struct *handle,
- files_struct *fsp,
- const char *name,
- DATA_BLOB *pblob)
-{
- size_t size = 1024;
- uint8_t *val = NULL;
- uint8_t *tmp;
- ssize_t sizeret;
- int saved_errno = 0;
-
- ZERO_STRUCTP(pblob);
-
- again:
-
- tmp = TALLOC_REALLOC_ARRAY(ctx, val, uint8_t, size);
- if (tmp == NULL) {
- TALLOC_FREE(val);
- return NT_STATUS_NO_MEMORY;
- }
- val = tmp;
-
- become_root();
- if (fsp && fsp->fh->fd != -1) {
- sizeret = SMB_VFS_FGETXATTR(fsp, XATTR_NTACL_NAME, val, size);
- } else {
- sizeret = SMB_VFS_GETXATTR(handle->conn, name,
- XATTR_NTACL_NAME, val, size);
- }
- if (sizeret == -1) {
- saved_errno = errno;
- }
- unbecome_root();
-
- /* Max ACL size is 65536 bytes. */
- if (sizeret == -1) {
- errno = saved_errno;
- if ((errno == ERANGE) && (size != 65536)) {
- /* Too small, try again. */
- size = 65536;
- goto again;
- }
-
- /* Real error - exit here. */
- TALLOC_FREE(val);
- return map_nt_error_from_unix(errno);
- }
-
- pblob->data = val;
- pblob->length = sizeret;
- return NT_STATUS_OK;
-}
-
-/*******************************************************************
Create a DATA_BLOB from a security descriptor.
*******************************************************************/
@@ -214,87 +156,14 @@ static NTSTATUS create_acl_blob(const struct
security_descriptor *psd,
}
/*******************************************************************
- Store a DATA_BLOB into an xattr given an fsp pointer.
-*******************************************************************/
-
-static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
- files_struct *fsp,
- DATA_BLOB *pblob)
-{
- int ret;
- int saved_errno = 0;
-
- DEBUG(10,("store_acl_blob_fsp: storing blob length %u on file %s\n",
- (unsigned int)pblob->length, fsp_str_dbg(fsp)));
-
- become_root();
- if (fsp->fh->fd != -1) {
- ret = SMB_VFS_FSETXATTR(fsp, XATTR_NTACL_NAME,
- pblob->data, pblob->length, 0);
- } else {
- ret = SMB_VFS_SETXATTR(fsp->conn, fsp->fsp_name->base_name,
- XATTR_NTACL_NAME,
- pblob->data, pblob->length, 0);
- }
- if (ret) {
- saved_errno = errno;
- }
- unbecome_root();
- if (ret) {
- errno = saved_errno;
- DEBUG(5, ("store_acl_blob_fsp: setting attr failed for file %s"
- "with error %s\n",
- fsp_str_dbg(fsp),
- strerror(errno) ));
- return map_nt_error_from_unix(errno);
- }
- return NT_STATUS_OK;
-}
-
-/*******************************************************************
Store a DATA_BLOB into an xattr given a pathname.
*******************************************************************/
-static NTSTATUS store_acl_blob_pathname(vfs_handle_struct *handle,
- const char *fname,
- DATA_BLOB *pblob)
-{
- connection_struct *conn = handle->conn;
- int ret;
- int saved_errno = 0;
-
- DEBUG(10,("store_acl_blob_pathname: storing blob "
- "length %u on file %s\n",
- (unsigned int)pblob->length, fname));
-
- become_root();
- ret = SMB_VFS_SETXATTR(conn, fname,
- XATTR_NTACL_NAME,
- pblob->data, pblob->length, 0);
- if (ret) {
- saved_errno = errno;
- }
- unbecome_root();
- if (ret) {
- errno = saved_errno;
- DEBUG(5, ("store_acl_blob_pathname: setting attr failed "
- "for file %s with error %s\n",
- fname,
- strerror(errno) ));
- return map_nt_error_from_unix(errno);
- }
- return NT_STATUS_OK;
-}
-
-/*******************************************************************
- Store a DATA_BLOB into an xattr given a pathname.
-*******************************************************************/
-
-static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle,
- files_struct *fsp,
- const char *name,
- uint32_t security_info,
- struct security_descriptor **ppdesc)
+static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
+ files_struct *fsp,
+ const char *name,
+ uint32_t security_info,
+ struct security_descriptor **ppdesc)
{
DATA_BLOB blob;
NTSTATUS status;
@@ -307,7 +176,7 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct
*handle,
name = fsp->fsp_name->base_name;
}
- DEBUG(10, ("get_nt_acl_xattr_internal: name=%s\n", name));
+ DEBUG(10, ("get_nt_acl_internal: name=%s\n", name));
status = get_acl_blob(talloc_tos(), handle, fsp, name, &blob);
if (!NT_STATUS_IS_OK(status)) {
@@ -467,13 +336,13 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
DEBUG(10,("inherit_new_acl: check directory %s\n",
parent_name));
- status = get_nt_acl_xattr_internal(handle,
- NULL,
- parent_name,
- (OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION),
- &parent_desc);
+ status = get_nt_acl_internal(handle,
+ NULL,
+ parent_name,
+ (OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION),
+ &parent_desc);
if (NT_STATUS_IS_OK(status)) {
/* Create an inherited descriptor from the parent. */
@@ -569,11 +438,11 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
Check ACL on open. For new files inherit from parent directory.
*********************************************************************/
-static int open_acl_xattr(vfs_handle_struct *handle,
- struct smb_filename *smb_fname,
- files_struct *fsp,
- int flags,
- mode_t mode)
+int open_acl_common(vfs_handle_struct *handle,
+ struct smb_filename *smb_fname,
+ files_struct *fsp,
+ int flags,
+ mode_t mode)
{
uint32_t access_granted = 0;
struct security_descriptor *pdesc = NULL;
@@ -583,7 +452,7 @@ static int open_acl_xattr(vfs_handle_struct *handle,
if (fsp->base_fsp) {
/* Stream open. Base filename open already did the ACL check. */
- DEBUG(10,("open_acl_xattr: stream open on %s\n",
+ DEBUG(10,("open_acl_common: stream open on %s\n",
smb_fname_str_dbg(smb_fname) ));
return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
}
@@ -595,13 +464,13 @@ static int open_acl_xattr(vfs_handle_struct *handle,
return -1;
}
- status = get_nt_acl_xattr_internal(handle,
- NULL,
- fname,
- (OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION),
- &pdesc);
+ status = get_nt_acl_internal(handle,
+ NULL,
+ fname,
+ (OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION),
+ &pdesc);
if (NT_STATUS_IS_OK(status)) {
/* See if we can access it. */
status = smb1_file_se_access_check(pdesc,
@@ -640,7 +509,7 @@ static int open_acl_xattr(vfs_handle_struct *handle,
return fsp->fh->fd;
}
-static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t
mode)
+int mkdir_acl_common(vfs_handle_struct *handle, const char *path, mode_t mode)
{
struct smb_filename *smb_fname = NULL;
int ret = SMB_VFS_NEXT_MKDIR(handle, path, mode);
@@ -667,10 +536,10 @@ static int mkdir_acl_xattr(vfs_handle_struct *handle,
const char *path, mode_t m
Fetch a security descriptor given an fsp.
*********************************************************************/
-static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
+NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
uint32_t security_info, struct security_descriptor **ppdesc)
{
- return get_nt_acl_xattr_internal(handle, fsp,
+ return get_nt_acl_internal(handle, fsp,
NULL, security_info, ppdesc);
}
@@ -678,10 +547,10 @@ static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct
*handle, files_struct *fsp,
Fetch a security descriptor given a pathname.
*********************************************************************/
-static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle,
+NTSTATUS get_nt_acl_common(vfs_handle_struct *handle,
const char *name, uint32_t security_info, struct security_descriptor
**ppdesc)
{
- return get_nt_acl_xattr_internal(handle, NULL,
+ return get_nt_acl_internal(handle, NULL,
name, security_info, ppdesc);
}
@@ -689,7 +558,7 @@ static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle,
Store a security descriptor given an fsp.
*********************************************************************/
-static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
+NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
uint32_t security_info_sent, const struct security_descriptor *psd)
{
NTSTATUS status;
@@ -755,24 +624,6 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct
*handle, files_struct *fsp,
return status;
}
-#if 0
- if ((security_info_sent & DACL_SECURITY_INFORMATION) &&
- psd->dacl != NULL &&
- (psd->type & (SE_DESC_DACL_AUTO_INHERITED|
- SE_DESC_DACL_AUTO_INHERIT_REQ))==
- (SE_DESC_DACL_AUTO_INHERITED|
- SE_DESC_DACL_AUTO_INHERIT_REQ) ) {
- struct security_descriptor *new_psd = NULL;
- status = append_parent_acl(fsp, psd, &new_psd);
- if (!NT_STATUS_IS_OK(status)) {
- /* Lower level acl set succeeded,
- * so still return OK. */
- return NT_STATUS_OK;
- }
- psd = new_psd;
- }
-#endif
-
if (DEBUGLEVEL >= 10) {
DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s\n",
fsp_str_dbg(fsp)));
@@ -784,66 +635,3 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct
*handle, files_struct *fsp,
return NT_STATUS_OK;
}
-
-/*********************************************************************
- Remove a Windows ACL - we're setting the underlying POSIX ACL.
-*********************************************************************/
-
-static int sys_acl_set_file_xattr(vfs_handle_struct *handle,
- const char *name,
- SMB_ACL_TYPE_T type,
- SMB_ACL_T theacl)
-{
- int ret = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle,
- name,
- type,
- theacl);
- if (ret == -1) {
- return -1;
- }
-
- become_root();
- SMB_VFS_REMOVEXATTR(handle->conn, name, XATTR_NTACL_NAME);
- unbecome_root();
-
- return ret;
-}
-
-/*********************************************************************
- Remove a Windows ACL - we're setting the underlying POSIX ACL.
-*********************************************************************/
-
-static int sys_acl_set_fd_xattr(vfs_handle_struct *handle,
- files_struct *fsp,
- SMB_ACL_T theacl)
-{
- int ret = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle,
- fsp,
- theacl);
- if (ret == -1) {
- return -1;
- }
-
- become_root();
- SMB_VFS_FREMOVEXATTR(fsp, XATTR_NTACL_NAME);
- unbecome_root();
-
- return ret;
-}
-
-
-static struct vfs_fn_pointers vfs_acl_xattr_fns = {
- .mkdir = mkdir_acl_xattr,
- .open = open_acl_xattr,
- .fget_nt_acl = fget_nt_acl_xattr,
- .get_nt_acl = get_nt_acl_xattr,
- .fset_nt_acl = fset_nt_acl_xattr,
- .sys_acl_set_file = sys_acl_set_file_xattr,
- .sys_acl_set_fd = sys_acl_set_fd_xattr
-};
-
-NTSTATUS vfs_acl_xattr_init(void)
-{
- return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "acl_xattr",
- &vfs_acl_xattr_fns);
-}
diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
index dd7d874..07ad694 100644
--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -28,16 +28,6 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_VFS
-static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
- DATA_BLOB *pblob,
- uint16_t hash_type,
- uint8_t hash[XATTR_SD_HASH_SIZE]);
-
-#define HASH_SECURITY_INFO (OWNER_SECURITY_INFORMATION | \
- GROUP_SECURITY_INFORMATION | \
- DACL_SECURITY_INFORMATION | \
- SACL_SECURITY_INFORMATION)
-
static unsigned int ref_count;
static struct db_context *acl_db;
@@ -142,91 +132,10 @@ static NTSTATUS acl_tdb_delete(vfs_handle_struct *handle,
}
/*******************************************************************
- Hash a security descriptor.
-*******************************************************************/
-
-static NTSTATUS hash_sd_sha256(struct security_descriptor *psd,
- uint8_t hash[XATTR_SD_HASH_SIZE])
-{
- DATA_BLOB blob;
- SHA256_CTX tctx;
- NTSTATUS status;
-
- memset(hash, '\0', XATTR_SD_HASH_SIZE);
- status = create_acl_blob(psd, &blob, XATTR_SD_HASH_TYPE_SHA256, hash);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- SHA256_Init(&tctx);
- SHA256_Update(&tctx, blob.data, blob.length);
- SHA256_Final(hash, &tctx);
-
- return NT_STATUS_OK;
-}
-
-/*******************************************************************
- Parse out a struct security_descriptor from a DATA_BLOB.
-*******************************************************************/
--
Samba Shared Repository
