The branch, master has been updated via ff547a23ae464475fa9a6f0c9b8a5d1d721dde64 (commit) from cd5133b1127579fa47152e4c38f4a6534bdf37c7 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit ff547a23ae464475fa9a6f0c9b8a5d1d721dde64 Author: Jeremy Allison <j...@samba.org> Date: Fri Jul 24 17:06:41 2009 -0700 Factor out common code into vfs_acl_common.c. Jeremy. ----------------------------------------------------------------------- Summary of changes: source3/Makefile.in | 4 +- source3/include/proto.h | 27 + .../modules/{vfs_acl_xattr.c => vfs_acl_common.c} | 282 ++-------- source3/modules/vfs_acl_tdb.c | 646 +------------------- source3/modules/vfs_acl_xattr.c | 642 +------------------- 5 files changed, 80 insertions(+), 1521 deletions(-) copy source3/modules/{vfs_acl_xattr.c => vfs_acl_common.c} (71%) Changeset truncated at 500 lines: diff --git a/source3/Makefile.in b/source3/Makefile.in index e6d0cf0..b963511 100644 --- a/source3/Makefile.in +++ b/source3/Makefile.in @@ -706,8 +706,8 @@ VFS_FILEID_OBJ = modules/vfs_fileid.o VFS_AIO_FORK_OBJ = modules/vfs_aio_fork.o VFS_PREOPEN_OBJ = modules/vfs_preopen.o VFS_SYNCOPS_OBJ = modules/vfs_syncops.o -VFS_ACL_XATTR_OBJ = modules/vfs_acl_xattr.o -VFS_ACL_TDB_OBJ = modules/vfs_acl_tdb.o +VFS_ACL_XATTR_OBJ = modules/vfs_acl_xattr.o modules/vfs_acl_common.o +VFS_ACL_TDB_OBJ = modules/vfs_acl_tdb.o modules/vfs_acl_common.o VFS_SMB_TRAFFIC_ANALYZER_OBJ = modules/vfs_smb_traffic_analyzer.o VFS_ONEFS_OBJ = modules/vfs_onefs.o modules/onefs_acl.o modules/onefs_system.o \ modules/onefs_open.o modules/onefs_streams.o modules/onefs_dir.o \ diff --git a/source3/include/proto.h b/source3/include/proto.h index a79c7eb..92386f5 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -7284,4 +7284,31 @@ uint32_t ds_uf2atype(uint32_t uf); uint32_t ds_gtype2atype(uint32_t gtype); enum lsa_SidType ds_atype_map(uint32_t atype); +/* The following definitions come from modules/vfs_acl_xattr.c */ +NTSTATUS get_acl_blob(TALLOC_CTX *ctx, + vfs_handle_struct *handle, + files_struct *fsp, + const char *name, + DATA_BLOB *pblob); +NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle, + files_struct *fsp, + DATA_BLOB *pblob); +NTSTATUS store_acl_blob_pathname(vfs_handle_struct *handle, + const char *fname, + DATA_BLOB *pblob); + +/* The following definitions come from modules/vfs_acl_common.c */ +int open_acl_common(vfs_handle_struct *handle, + struct smb_filename *smb_fname, + files_struct *fsp, + int flags, + mode_t mode); +int mkdir_acl_common(vfs_handle_struct *handle, const char *path, mode_t mode); +NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, + uint32_t security_info, struct security_descriptor **ppdesc); +NTSTATUS get_nt_acl_common(vfs_handle_struct *handle, + const char *name, uint32_t security_info, struct security_descriptor **ppdesc); +NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, + uint32_t security_info_sent, const struct security_descriptor *psd); + #endif /* _PROTO_H_ */ diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_common.c similarity index 71% copy from source3/modules/vfs_acl_xattr.c copy to source3/modules/vfs_acl_common.c index 381c374..d8ff8c6 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_common.c @@ -1,8 +1,8 @@ /* - * Store Windows ACLs in xattrs. + * Store Windows ACLs in data store - common functions. * * Copyright (C) Volker Lendecke, 2008 - * Copyright (C) Jeremy Allison, 2008 + * Copyright (C) Jeremy Allison, 2009 * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -43,7 +43,7 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd, *******************************************************************/ static NTSTATUS hash_sd_sha256(struct security_descriptor *psd, - uint8_t hash[XATTR_SD_HASH_SIZE]) + uint8_t *hash) { DATA_BLOB blob; SHA256_CTX tctx; @@ -120,64 +120,6 @@ static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob, } /******************************************************************* - Pull a security descriptor into a DATA_BLOB from a xattr. -*******************************************************************/ - -static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, - vfs_handle_struct *handle, - files_struct *fsp, - const char *name, - DATA_BLOB *pblob) -{ - size_t size = 1024; - uint8_t *val = NULL; - uint8_t *tmp; - ssize_t sizeret; - int saved_errno = 0; - - ZERO_STRUCTP(pblob); - - again: - - tmp = TALLOC_REALLOC_ARRAY(ctx, val, uint8_t, size); - if (tmp == NULL) { - TALLOC_FREE(val); - return NT_STATUS_NO_MEMORY; - } - val = tmp; - - become_root(); - if (fsp && fsp->fh->fd != -1) { - sizeret = SMB_VFS_FGETXATTR(fsp, XATTR_NTACL_NAME, val, size); - } else { - sizeret = SMB_VFS_GETXATTR(handle->conn, name, - XATTR_NTACL_NAME, val, size); - } - if (sizeret == -1) { - saved_errno = errno; - } - unbecome_root(); - - /* Max ACL size is 65536 bytes. */ - if (sizeret == -1) { - errno = saved_errno; - if ((errno == ERANGE) && (size != 65536)) { - /* Too small, try again. */ - size = 65536; - goto again; - } - - /* Real error - exit here. */ - TALLOC_FREE(val); - return map_nt_error_from_unix(errno); - } - - pblob->data = val; - pblob->length = sizeret; - return NT_STATUS_OK; -} - -/******************************************************************* Create a DATA_BLOB from a security descriptor. *******************************************************************/ @@ -214,87 +156,14 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd, } /******************************************************************* - Store a DATA_BLOB into an xattr given an fsp pointer. -*******************************************************************/ - -static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle, - files_struct *fsp, - DATA_BLOB *pblob) -{ - int ret; - int saved_errno = 0; - - DEBUG(10,("store_acl_blob_fsp: storing blob length %u on file %s\n", - (unsigned int)pblob->length, fsp_str_dbg(fsp))); - - become_root(); - if (fsp->fh->fd != -1) { - ret = SMB_VFS_FSETXATTR(fsp, XATTR_NTACL_NAME, - pblob->data, pblob->length, 0); - } else { - ret = SMB_VFS_SETXATTR(fsp->conn, fsp->fsp_name->base_name, - XATTR_NTACL_NAME, - pblob->data, pblob->length, 0); - } - if (ret) { - saved_errno = errno; - } - unbecome_root(); - if (ret) { - errno = saved_errno; - DEBUG(5, ("store_acl_blob_fsp: setting attr failed for file %s" - "with error %s\n", - fsp_str_dbg(fsp), - strerror(errno) )); - return map_nt_error_from_unix(errno); - } - return NT_STATUS_OK; -} - -/******************************************************************* Store a DATA_BLOB into an xattr given a pathname. *******************************************************************/ -static NTSTATUS store_acl_blob_pathname(vfs_handle_struct *handle, - const char *fname, - DATA_BLOB *pblob) -{ - connection_struct *conn = handle->conn; - int ret; - int saved_errno = 0; - - DEBUG(10,("store_acl_blob_pathname: storing blob " - "length %u on file %s\n", - (unsigned int)pblob->length, fname)); - - become_root(); - ret = SMB_VFS_SETXATTR(conn, fname, - XATTR_NTACL_NAME, - pblob->data, pblob->length, 0); - if (ret) { - saved_errno = errno; - } - unbecome_root(); - if (ret) { - errno = saved_errno; - DEBUG(5, ("store_acl_blob_pathname: setting attr failed " - "for file %s with error %s\n", - fname, - strerror(errno) )); - return map_nt_error_from_unix(errno); - } - return NT_STATUS_OK; -} - -/******************************************************************* - Store a DATA_BLOB into an xattr given a pathname. -*******************************************************************/ - -static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, - files_struct *fsp, - const char *name, - uint32_t security_info, - struct security_descriptor **ppdesc) +static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, + files_struct *fsp, + const char *name, + uint32_t security_info, + struct security_descriptor **ppdesc) { DATA_BLOB blob; NTSTATUS status; @@ -307,7 +176,7 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle, name = fsp->fsp_name->base_name; } - DEBUG(10, ("get_nt_acl_xattr_internal: name=%s\n", name)); + DEBUG(10, ("get_nt_acl_internal: name=%s\n", name)); status = get_acl_blob(talloc_tos(), handle, fsp, name, &blob); if (!NT_STATUS_IS_OK(status)) { @@ -467,13 +336,13 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, DEBUG(10,("inherit_new_acl: check directory %s\n", parent_name)); - status = get_nt_acl_xattr_internal(handle, - NULL, - parent_name, - (OWNER_SECURITY_INFORMATION | - GROUP_SECURITY_INFORMATION | - DACL_SECURITY_INFORMATION), - &parent_desc); + status = get_nt_acl_internal(handle, + NULL, + parent_name, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION), + &parent_desc); if (NT_STATUS_IS_OK(status)) { /* Create an inherited descriptor from the parent. */ @@ -569,11 +438,11 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, Check ACL on open. For new files inherit from parent directory. *********************************************************************/ -static int open_acl_xattr(vfs_handle_struct *handle, - struct smb_filename *smb_fname, - files_struct *fsp, - int flags, - mode_t mode) +int open_acl_common(vfs_handle_struct *handle, + struct smb_filename *smb_fname, + files_struct *fsp, + int flags, + mode_t mode) { uint32_t access_granted = 0; struct security_descriptor *pdesc = NULL; @@ -583,7 +452,7 @@ static int open_acl_xattr(vfs_handle_struct *handle, if (fsp->base_fsp) { /* Stream open. Base filename open already did the ACL check. */ - DEBUG(10,("open_acl_xattr: stream open on %s\n", + DEBUG(10,("open_acl_common: stream open on %s\n", smb_fname_str_dbg(smb_fname) )); return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode); } @@ -595,13 +464,13 @@ static int open_acl_xattr(vfs_handle_struct *handle, return -1; } - status = get_nt_acl_xattr_internal(handle, - NULL, - fname, - (OWNER_SECURITY_INFORMATION | - GROUP_SECURITY_INFORMATION | - DACL_SECURITY_INFORMATION), - &pdesc); + status = get_nt_acl_internal(handle, + NULL, + fname, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION), + &pdesc); if (NT_STATUS_IS_OK(status)) { /* See if we can access it. */ status = smb1_file_se_access_check(pdesc, @@ -640,7 +509,7 @@ static int open_acl_xattr(vfs_handle_struct *handle, return fsp->fh->fd; } -static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode) +int mkdir_acl_common(vfs_handle_struct *handle, const char *path, mode_t mode) { struct smb_filename *smb_fname = NULL; int ret = SMB_VFS_NEXT_MKDIR(handle, path, mode); @@ -667,10 +536,10 @@ static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t m Fetch a security descriptor given an fsp. *********************************************************************/ -static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, +NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info, struct security_descriptor **ppdesc) { - return get_nt_acl_xattr_internal(handle, fsp, + return get_nt_acl_internal(handle, fsp, NULL, security_info, ppdesc); } @@ -678,10 +547,10 @@ static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, Fetch a security descriptor given a pathname. *********************************************************************/ -static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, +NTSTATUS get_nt_acl_common(vfs_handle_struct *handle, const char *name, uint32_t security_info, struct security_descriptor **ppdesc) { - return get_nt_acl_xattr_internal(handle, NULL, + return get_nt_acl_internal(handle, NULL, name, security_info, ppdesc); } @@ -689,7 +558,7 @@ static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle, Store a security descriptor given an fsp. *********************************************************************/ -static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, +NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd) { NTSTATUS status; @@ -755,24 +624,6 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, return status; } -#if 0 - if ((security_info_sent & DACL_SECURITY_INFORMATION) && - psd->dacl != NULL && - (psd->type & (SE_DESC_DACL_AUTO_INHERITED| - SE_DESC_DACL_AUTO_INHERIT_REQ))== - (SE_DESC_DACL_AUTO_INHERITED| - SE_DESC_DACL_AUTO_INHERIT_REQ) ) { - struct security_descriptor *new_psd = NULL; - status = append_parent_acl(fsp, psd, &new_psd); - if (!NT_STATUS_IS_OK(status)) { - /* Lower level acl set succeeded, - * so still return OK. */ - return NT_STATUS_OK; - } - psd = new_psd; - } -#endif - if (DEBUGLEVEL >= 10) { DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s\n", fsp_str_dbg(fsp))); @@ -784,66 +635,3 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, return NT_STATUS_OK; } - -/********************************************************************* - Remove a Windows ACL - we're setting the underlying POSIX ACL. -*********************************************************************/ - -static int sys_acl_set_file_xattr(vfs_handle_struct *handle, - const char *name, - SMB_ACL_TYPE_T type, - SMB_ACL_T theacl) -{ - int ret = SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, - name, - type, - theacl); - if (ret == -1) { - return -1; - } - - become_root(); - SMB_VFS_REMOVEXATTR(handle->conn, name, XATTR_NTACL_NAME); - unbecome_root(); - - return ret; -} - -/********************************************************************* - Remove a Windows ACL - we're setting the underlying POSIX ACL. -*********************************************************************/ - -static int sys_acl_set_fd_xattr(vfs_handle_struct *handle, - files_struct *fsp, - SMB_ACL_T theacl) -{ - int ret = SMB_VFS_NEXT_SYS_ACL_SET_FD(handle, - fsp, - theacl); - if (ret == -1) { - return -1; - } - - become_root(); - SMB_VFS_FREMOVEXATTR(fsp, XATTR_NTACL_NAME); - unbecome_root(); - - return ret; -} - - -static struct vfs_fn_pointers vfs_acl_xattr_fns = { - .mkdir = mkdir_acl_xattr, - .open = open_acl_xattr, - .fget_nt_acl = fget_nt_acl_xattr, - .get_nt_acl = get_nt_acl_xattr, - .fset_nt_acl = fset_nt_acl_xattr, - .sys_acl_set_file = sys_acl_set_file_xattr, - .sys_acl_set_fd = sys_acl_set_fd_xattr -}; - -NTSTATUS vfs_acl_xattr_init(void) -{ - return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "acl_xattr", - &vfs_acl_xattr_fns); -} diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c index dd7d874..07ad694 100644 --- a/source3/modules/vfs_acl_tdb.c +++ b/source3/modules/vfs_acl_tdb.c @@ -28,16 +28,6 @@ #undef DBGC_CLASS #define DBGC_CLASS DBGC_VFS -static NTSTATUS create_acl_blob(const struct security_descriptor *psd, - DATA_BLOB *pblob, - uint16_t hash_type, - uint8_t hash[XATTR_SD_HASH_SIZE]); - -#define HASH_SECURITY_INFO (OWNER_SECURITY_INFORMATION | \ - GROUP_SECURITY_INFORMATION | \ - DACL_SECURITY_INFORMATION | \ - SACL_SECURITY_INFORMATION) - static unsigned int ref_count; static struct db_context *acl_db; @@ -142,91 +132,10 @@ static NTSTATUS acl_tdb_delete(vfs_handle_struct *handle, } /******************************************************************* - Hash a security descriptor. -*******************************************************************/ - -static NTSTATUS hash_sd_sha256(struct security_descriptor *psd, - uint8_t hash[XATTR_SD_HASH_SIZE]) -{ - DATA_BLOB blob; - SHA256_CTX tctx; - NTSTATUS status; - - memset(hash, '\0', XATTR_SD_HASH_SIZE); - status = create_acl_blob(psd, &blob, XATTR_SD_HASH_TYPE_SHA256, hash); - if (!NT_STATUS_IS_OK(status)) { - return status; - } - - SHA256_Init(&tctx); - SHA256_Update(&tctx, blob.data, blob.length); - SHA256_Final(hash, &tctx); - - return NT_STATUS_OK; -} - -/******************************************************************* - Parse out a struct security_descriptor from a DATA_BLOB. -*******************************************************************/ -- Samba Shared Repository