*/
#include "includes.h"
+#include "system/filesys.h"
+#include "smbd/smbd.h"
#include "nfs4_acls.h"
+#include "vfs_aixacl_util.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_VFS
#define AIXACL2_MODULE_NAME "aixacl2"
-extern struct current_user current_user;
-extern int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid);
-extern bool unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp,
- uint32 security_info_sent, SEC_DESC *psd);
-
-extern SMB_ACL_T aixacl_to_smbacl( struct acl *file_acl);
-extern struct acl *aixacl_smb_to_aixacl(SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
-
typedef union aixjfs2_acl_t {
nfs4_acl_int_t jfs2_acl[1];
aixc_acl_t aixc_acl[1];
return acl;
}
-static bool aixjfs2_get_nfs4_acl(const char *name,
- SMB4ACL_T **ppacl, bool *pretryPosix)
+static bool aixjfs2_get_nfs4_acl(TALLOC_CTX *mem_ctx, const char *name,
+ struct SMB4ACL_T **ppacl, bool *pretryPosix)
{
int32_t i;
DEBUG(10, ("len: %d, version: %d, nace: %d, type: 0x%x\n",
jfs2_acl->aclLength, jfs2_acl->aclVersion, jfs2_acl->aclEntryN, type.u64));
- *ppacl = smb_create_smb4acl();
+ *ppacl = smb_create_smb4acl(mem_ctx);
if (*ppacl==NULL)
return False;
}
static NTSTATUS aixjfs2_fget_nt_acl(vfs_handle_struct *handle,
- files_struct *fsp, uint32 security_info,
- SEC_DESC **ppdesc)
+ files_struct *fsp, uint32_t security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
- SMB4ACL_T *pacl = NULL;
+ NTSTATUS status;
+ struct SMB4ACL_T *pacl = NULL;
bool result;
bool retryPosix = False;
+ TALLOC_CTX *frame = talloc_stackframe();
*ppdesc = NULL;
- result = aixjfs2_get_nfs4_acl(fsp->fsp_name, &pacl, &retryPosix);
+ result = aixjfs2_get_nfs4_acl(frame, fsp->fsp_name->base_name, &pacl,
+ &retryPosix);
if (retryPosix)
{
+ TALLOC_FREE(frame);
DEBUG(10, ("retrying with posix acl...\n"));
- return posix_fget_nt_acl(fsp, security_info, ppdesc);
+ return posix_fget_nt_acl(fsp, security_info,
+ mem_ctx, ppdesc);
}
- if (result==False)
+ if (result==False) {
+ TALLOC_FREE(frame);
return NT_STATUS_ACCESS_DENIED;
+ }
- return smb_fget_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
+ status = smb_fget_nt_acl_nfs4(
+ fsp, NULL, security_info, mem_ctx, ppdesc, pacl);
+ TALLOC_FREE(frame);
+ return status;
}
-static NTSTATUS aixjfs2_get_nt_acl(vfs_handle_struct *handle,
- files_struct *fsp, const char *name,
- uint32 security_info, SEC_DESC **ppdesc)
+static int aixjfs2_sys_acl_blob_get_fd(vfs_handle_struct *handle, files_struct *fsp, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob)
{
- SMB4ACL_T *pacl = NULL;
+ struct SMB4ACL_T *pacl = NULL;
bool result;
bool retryPosix = False;
- *ppdesc = NULL;
- result = aixjfs2_get_nfs4_acl(name, &pacl, &retryPosix);
+ result = aixjfs2_get_nfs4_acl(mem_ctx, fsp->fsp_name->base_name, &pacl,
+ &retryPosix);
if (retryPosix)
{
- DEBUG(10, ("retrying with posix acl...\n"));
- return posix_get_nt_acl(handle->conn, name security_info,
- ppdesc);
+ return posix_sys_acl_blob_get_fd(handle, fsp, mem_ctx, blob_description, blob);
}
- if (result==False)
- return NT_STATUS_ACCESS_DENIED;
- return smb_get_nt_acl_nfs4(handle->conn, name, security_info, ppdesc,
- pacl);
+ /* Now way to linarlise NFS4 ACLs at the moment, but the NT ACL is pretty close in this case */
+ errno = ENOSYS;
+ return -1;
}
-static SMB_ACL_T aixjfs2_get_posix_acl(const char *path, acl_type_t type)
+static SMB_ACL_T aixjfs2_get_posix_acl(const char *path, acl_type_t type, TALLOC_CTX *mem_ctx)
{
aixc_acl_t *pacl;
AIXJFS2_ACL_T *acl;
DEBUG(10, ("len: %d, mode: %d\n",
pacl->acl_len, pacl->acl_mode));
- result = aixacl_to_smbacl(pacl);
+ result = aixacl_to_smbacl(pacl, mem_ctx);
if (result == NULL) {
goto done;
}
done:
if (errno != 0) {
- SAFE_FREE(result);
+ TALLOC_FREE(result);
}
return result;
}
-SMB_ACL_T aixjfs2_sys_acl_get_file(vfs_handle_struct *handle,
- const char *path_p,
- SMB_ACL_TYPE_T type)
+SMB_ACL_T aixjfs2_sys_acl_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx)
{
acl_type_t aixjfs2_type;
smb_panic("exiting");
}
- return aixjfs2_get_posix_acl(path_p, aixjfs2_type);
-}
-
-SMB_ACL_T aixjfs2_sys_acl_get_fd(vfs_handle_struct *handle,
- files_struct *fsp,
- int fd)
-{
- acl_type_t aixjfs2_type;
- aixjfs2_type.u64 = ACL_AIXC;
-
- return aixjfs2_get_posix_acl(fsp->fsp_name, aixjfs2_type);
+ return aixjfs2_get_posix_acl(fsp->fsp_name->base_name,
+ aixjfs2_type, mem_ctx);
}
/*
acl_type_t *pacl_type_info
)
{
- acl_types_list_t acl_type_list;
- size_t acl_type_list_len = sizeof(acl_types_list_t);
- uint32_t i;
+ acl_types_list_t acl_type_list;
+ size_t acl_type_list_len = sizeof(acl_types_list_t);
+ uint32_t i;
memset(&acl_type_list, 0, sizeof(acl_type_list));
return 1; /* haven't found that ACL type. */
}
-static bool aixjfs2_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
+static bool aixjfs2_process_smbacl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ struct SMB4ACL_T *smbacl)
{
- SMB4ACE_T *smbace;
+ struct SMB4ACE_T *smbace;
TALLOC_CTX *mem_ctx;
nfs4_acl_int_t *jfs2acl;
- int32_t entryLen;
- uint32 aclLen, naces;
- int rc;
+ int32_t entryLen;
+ uint32_t aclLen, naces;
+ int rc;
acl_type_t acltype;
- DEBUG(10, ("jfs2_process_smbacl invoked on %s\n", fsp->fsp_name));
+ DEBUG(10, ("jfs2_process_smbacl invoked on %s\n", fsp_str_dbg(fsp)));
/* no need to be freed which is alloced with mem_ctx */
mem_ctx = talloc_tos();
memset(jfs2_ace, 0, entryLen);
jfs2_ace->entryLen = entryLen; /* won't store textual "who" */
- jfs2_ace->aceType = aceprop->aceType; /* only ACCES|DENY supported by jfs2 */
+ jfs2_ace->aceType = aceprop->aceType; /* only ACCESS|DENY supported by jfs2 */
jfs2_ace->aceFlags = aceprop->aceFlags;
jfs2_ace->aceMask = aceprop->aceMask;
jfs2_ace->flags = (aceprop->flags&SMB_ACE4_ID_SPECIAL) ? ACE4_ID_SPECIAL : 0;
/* won't set S_ISUID - the only one JFS2/NFS4 accepts */
rc = aclx_put(
- fsp->fsp_name,
+ fsp->fsp_name->base_name,
SET_ACL, /* set only the ACL, not mode bits */
acltype, /* not a pointer !!! */
jfs2acl,
return True;
}
-static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
+static NTSTATUS aixjfs2_set_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd)
{
acl_type_t acl_type_info;
NTSTATUS result = NT_STATUS_ACCESS_DENIED;
int rc;
rc = aixjfs2_query_acl_support(
- fsp->fsp_name,
+ fsp->fsp_name->base_name,
ACL_NFS4,
&acl_type_info);
if (rc==0)
{
- result = smb_set_nt_acl_nfs4(
- fsp, security_info_sent, psd,
+ result = smb_set_nt_acl_nfs4(handle,
+ fsp, NULL, security_info_sent, psd,
aixjfs2_process_smbacl);
} else if (rc==1) { /* assume POSIX ACL - by default... */
result = set_nt_acl(fsp, security_info_sent, psd);
return result;
}
-NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
-{
- return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd);
-}
-
-NTSTATUS aixjfs2_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd)
+NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd)
{
- return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd);
+ return aixjfs2_set_nt_acl_common(handle, fsp, security_info_sent, psd);
}
-int aixjfs2_sys_acl_set_file(vfs_handle_struct *handle,
- const char *name,
- SMB_ACL_TYPE_T type,
- SMB_ACL_T theacl)
+int aixjfs2_sys_acl_set_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ SMB_ACL_TYPE_T type,
+ SMB_ACL_T theacl)
{
struct acl *acl_aixc;
acl_type_t acl_type_info;
int rc;
- DEBUG(10, ("aixjfs2_sys_acl_set_file invoked for %s", name));
+ DEBUG(10, ("aixjfs2_sys_acl_set_fd invoked for %s\n", fsp_str_dbg(fsp)));
- rc = aixjfs2_query_acl_support((char *)name, ACL_AIXC, &acl_type_info);
+ rc = aixjfs2_query_acl_support(fsp->fsp_name->base_name, ACL_AIXC,
+ &acl_type_info);
if (rc) {
DEBUG(8, ("jfs2_set_nt_acl: AIXC support not found\n"));
return -1;
if (!acl_aixc)
return -1;
- rc = aclx_put(
- (char *)name,
- SET_ACL, /* set only the ACL, not mode bits */
- acl_type_info,
- acl_aixc,
- acl_aixc->acl_len,
- 0
- );
- if (rc) {
- DEBUG(2, ("aclx_put failed with %s for %s\n",
- strerror(errno), name));
- return -1;
+ if (fsp->fsp_flags.is_pathref) {
+ /*
+ * This is no longer a handle based call.
+ */
+ return aclx_put(fsp->fsp_name->base_name,
+ SET_ACL,
+ acl_type_info,
+ acl_aixc,
+ acl_aixc->acl_len,
+ 0);
}
- return 0;
-}
-
-int aixjfs2_sys_acl_set_fd(vfs_handle_struct *handle,
- files_struct *fsp,
- int fd, SMB_ACL_T theacl)
-{
- struct acl *acl_aixc;
- acl_type_t acl_type_info;
- int rc;
-
- DEBUG(10, ("aixjfs2_sys_acl_set_fd invoked for %s", fsp->fsp_name));
-
- rc = aixjfs2_query_acl_support(fsp->fsp_name, ACL_AIXC, &acl_type_info);
- if (rc) {
- DEBUG(8, ("jfs2_set_nt_acl: AIXC support not found\n"));
- return -1;
- }
-
- acl_aixc = aixacl_smb_to_aixacl(SMB_ACL_TYPE_ACCESS, theacl);
- if (!acl_aixc)
- return -1;
-
rc = aclx_fput(
- fd,
+ fsp_get_io_fd(fsp),
SET_ACL, /* set only the ACL, not mode bits */
acl_type_info,
acl_aixc,
);
if (rc) {
DEBUG(2, ("aclx_fput failed with %s for %s\n",
- strerror(errno), fsp->fsp_name));
+ strerror(errno), fsp_str_dbg(fsp)));
return -1;
}
return 0;
}
-int aixjfs2_sys_acl_delete_def_file(vfs_handle_struct *handle,
- const char *path)
+int aixjfs2_sys_acl_delete_def_fd(vfs_handle_struct *handle,
+ files_struct *fsp)
{
/* Not available under AIXC ACL */
/* Don't report here any error otherwise */
return 0;
}
-
-/* VFS operations structure */
-
-static vfs_op_tuple aixjfs2_ops[] =
-{
- {SMB_VFS_OP(aixjfs2_fget_nt_acl),
- SMB_VFS_OP_FGET_NT_ACL,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_get_nt_acl),
- SMB_VFS_OP_GET_NT_ACL,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_fset_nt_acl),
- SMB_VFS_OP_FSET_NT_ACL,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_set_nt_acl),
- SMB_VFS_OP_SET_NT_ACL,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_sys_acl_get_file),
- SMB_VFS_OP_SYS_ACL_GET_FILE,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_sys_acl_get_fd),
- SMB_VFS_OP_SYS_ACL_GET_FD,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_sys_acl_set_file),
- SMB_VFS_OP_SYS_ACL_SET_FILE,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_sys_acl_set_fd),
- SMB_VFS_OP_SYS_ACL_SET_FD,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(aixjfs2_sys_acl_delete_def_file),
- SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
- SMB_VFS_LAYER_TRANSPARENT},
-
- {SMB_VFS_OP(NULL),
- SMB_VFS_OP_NOOP,
- SMB_VFS_LAYER_NOOP}
+static struct vfs_fn_pointers vfs_aixacl2_fns = {
+ .stat_fn = nfs4_acl_stat,
+ .fstat_fn = nfs4_acl_fstat,
+ .lstat_fn = nfs4_acl_lstat,
+ .fstatat_fn = nfs4_acl_fstatat,
+ .fget_nt_acl_fn = aixjfs2_fget_nt_acl,
+ .fset_nt_acl_fn = aixjfs2_fset_nt_acl,
+ .sys_acl_get_fd_fn = aixjfs2_sys_acl_get_fd,
+ .sys_acl_blob_get_fd_fn = aixjfs2_sys_acl_blob_get_fd,
+ .sys_acl_set_fd_fn = aixjfs2_sys_acl_set_fd,
+ .sys_acl_delete_def_fd_fn = aixjfs2_sys_acl_delete_def_fd
};
-NTSTATUS vfs_aixacl2_init(void);
-NTSTATUS vfs_aixacl2_init(void)
+static_decl_vfs;
+NTSTATUS vfs_aixacl2_init(TALLOC_CTX *ctx)
{
return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, AIXACL2_MODULE_NAME,
- aixjfs2_ops);
+ &vfs_aixacl2_fns);
}
git.samba.org / samba.git / blobdiff