This ensures the caller knows exactly what the memory lifetime of this
returned object is. This makes the NFSv4 ACL code consistent with the
POSIX and NT ACL code, to avoid supprising developers who have worked
on those other parts of the ACL code.
Most of this patch is adding a memory context to the callers and passing it in.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
-SMB4ACL_T *smb_create_smb4acl(void)
+SMB4ACL_T *smb_create_smb4acl(TALLOC_CTX *mem_ctx)
- TALLOC_CTX *mem_ctx = talloc_tos();
SMB_ACL4_INT_T *theacl = (SMB_ACL4_INT_T *)TALLOC_ZERO_SIZE(
mem_ctx, sizeof(SMB_ACL4_INT_T));
if (theacl==NULL)
SMB_ACL4_INT_T *theacl = (SMB_ACL4_INT_T *)TALLOC_ZERO_SIZE(
mem_ctx, sizeof(SMB_ACL4_INT_T));
if (theacl==NULL)
struct security_acl *psa = NULL;
TALLOC_CTX *frame = talloc_stackframe();
struct security_acl *psa = NULL;
TALLOC_CTX *frame = talloc_stackframe();
- if (theacl==NULL || smb_get_naces(theacl)==0)
+ if (theacl==NULL || smb_get_naces(theacl)==0) {
+ TALLOC_FREE(frame);
return NT_STATUS_ACCESS_DENIED; /* special because we
* shouldn't alloc 0 for
* win */
return NT_STATUS_ACCESS_DENIED; /* special because we
* shouldn't alloc 0 for
* win */
uid_to_sid(&sid_owner, sbuf->st_ex_uid);
gid_to_sid(&sid_group, sbuf->st_ex_gid);
uid_to_sid(&sid_owner, sbuf->st_ex_uid);
gid_to_sid(&sid_group, sbuf->st_ex_gid);
}
static SMB4ACL_T *smbacl4_win2nfs4(
}
static SMB4ACL_T *smbacl4_win2nfs4(
const files_struct *fsp,
const struct security_acl *dacl,
smbacl4_vfs_params *pparams,
const files_struct *fsp,
const struct security_acl *dacl,
smbacl4_vfs_params *pparams,
DEBUG(10, ("smbacl4_win2nfs4 invoked\n"));
DEBUG(10, ("smbacl4_win2nfs4 invoked\n"));
- theacl = smb_create_smb4acl();
+ theacl = smb_create_smb4acl(mem_ctx);
if (theacl==NULL)
return NULL;
if (theacl==NULL)
return NULL;
uid_t newUID = (uid_t)-1;
gid_t newGID = (gid_t)-1;
int saved_errno;
uid_t newUID = (uid_t)-1;
gid_t newGID = (gid_t)-1;
int saved_errno;
+ TALLOC_CTX *frame = talloc_stackframe();
DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp)));
DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp)));
{
DEBUG(9, ("security_info_sent (0x%x) ignored\n",
security_info_sent));
{
DEBUG(9, ("security_info_sent (0x%x) ignored\n",
security_info_sent));
return NT_STATUS_OK; /* won't show error - later to be
* refined... */
}
/* Special behaviours */
return NT_STATUS_OK; /* won't show error - later to be
* refined... */
}
/* Special behaviours */
- if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME, fsp, ¶ms))
+ if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME, fsp, ¶ms)) {
+ TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
return NT_STATUS_NO_MEMORY;
- if (smbacl4_fGetFileOwner(fsp, &sbuf))
+ if (smbacl4_fGetFileOwner(fsp, &sbuf)) {
+ TALLOC_FREE(frame);
return map_nt_error_from_unix(errno);
return map_nt_error_from_unix(errno);
if (params.do_chown) {
/* chown logic is a copy/paste from posix_acl.c:set_nt_acl */
if (params.do_chown) {
/* chown logic is a copy/paste from posix_acl.c:set_nt_acl */
security_info_sent, psd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(8, ("unpack_nt_owners failed"));
security_info_sent, psd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(8, ("unpack_nt_owners failed"));
return status;
}
if (((newUID != (uid_t)-1) && (sbuf.st_ex_uid != newUID)) ||
return status;
}
if (((newUID != (uid_t)-1) && (sbuf.st_ex_uid != newUID)) ||
(unsigned int)newUID,
(unsigned int)newGID,
nt_errstr(status)));
(unsigned int)newUID,
(unsigned int)newGID,
nt_errstr(status)));
if (smbacl4_GetFileOwner(fsp->conn,
fsp->fsp_name->base_name,
&sbuf))
if (smbacl4_GetFileOwner(fsp->conn,
fsp->fsp_name->base_name,
&sbuf))
return map_nt_error_from_unix(errno);
/* If we successfully chowned, we know we must
return map_nt_error_from_unix(errno);
/* If we successfully chowned, we know we must
if (!(security_info_sent & SECINFO_DACL) || psd->dacl ==NULL) {
DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n",
security_info_sent));
if (!(security_info_sent & SECINFO_DACL) || psd->dacl ==NULL) {
DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n",
security_info_sent));
- theacl = smbacl4_win2nfs4(fsp, psd->dacl, ¶ms,
+ theacl = smbacl4_win2nfs4(frame, fsp, psd->dacl, ¶ms,
sbuf.st_ex_uid, sbuf.st_ex_gid);
sbuf.st_ex_uid, sbuf.st_ex_gid);
+ if (!theacl) {
+ TALLOC_FREE(frame);
return map_nt_error_from_unix(errno);
return map_nt_error_from_unix(errno);
smbacl4_dump_nfs4acl(10, theacl);
smbacl4_dump_nfs4acl(10, theacl);
if (set_acl_as_root) {
unbecome_root();
}
if (set_acl_as_root) {
unbecome_root();
}
+
+ TALLOC_FREE(frame);
+
if (result!=True) {
errno = saved_errno;
DEBUG(10, ("set_nfs4_native failed with %s\n",
if (result!=True) {
errno = saved_errno;
DEBUG(10, ("set_nfs4_native failed with %s\n",
typedef struct _SMB4ACL_T {char dontuse;} SMB4ACL_T;
typedef struct _SMB4ACE_T {char dontuse;} SMB4ACE_T;
typedef struct _SMB4ACL_T {char dontuse;} SMB4ACL_T;
typedef struct _SMB4ACE_T {char dontuse;} SMB4ACE_T;
-SMB4ACL_T *smb_create_smb4acl(void);
+SMB4ACL_T *smb_create_smb4acl(TALLOC_CTX *mem_ctx);
/* prop's contents are copied */
/* it doesn't change the order, appends */
/* prop's contents are copied */
/* it doesn't change the order, appends */
-static bool aixjfs2_get_nfs4_acl(const char *name,
+static bool aixjfs2_get_nfs4_acl(TALLOC_CTX *mem_ctx, const char *name
SMB4ACL_T **ppacl, bool *pretryPosix)
{
int32_t i;
SMB4ACL_T **ppacl, bool *pretryPosix)
{
int32_t i;
DEBUG(10, ("len: %d, version: %d, nace: %d, type: 0x%x\n",
jfs2_acl->aclLength, jfs2_acl->aclVersion, jfs2_acl->aclEntryN, type.u64));
DEBUG(10, ("len: %d, version: %d, nace: %d, type: 0x%x\n",
jfs2_acl->aclLength, jfs2_acl->aclVersion, jfs2_acl->aclEntryN, type.u64));
- *ppacl = smb_create_smb4acl();
+ *ppacl = smb_create_smb4acl(mem_ctx);
if (*ppacl==NULL)
return False;
if (*ppacl==NULL)
return False;
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
SMB4ACL_T *pacl = NULL;
bool result;
bool retryPosix = False;
SMB4ACL_T *pacl = NULL;
bool result;
bool retryPosix = False;
+ TALLOC_CTX *frame = talloc_stackframe();
- result = aixjfs2_get_nfs4_acl(fsp->fsp_name->base_name, &pacl,
+ result = aixjfs2_get_nfs4_acl(frame, fsp->fsp_name->base_name, &pacl,
&retryPosix);
if (retryPosix)
{
&retryPosix);
if (retryPosix)
{
DEBUG(10, ("retrying with posix acl...\n"));
return posix_fget_nt_acl(fsp, security_info,
mem_ctx, ppdesc);
DEBUG(10, ("retrying with posix acl...\n"));
return posix_fget_nt_acl(fsp, security_info,
mem_ctx, ppdesc);
if (result==False)
return NT_STATUS_ACCESS_DENIED;
if (result==False)
return NT_STATUS_ACCESS_DENIED;
- return smb_fget_nt_acl_nfs4(fsp, security_info, ppdesc,
- mem_ctx, pacl);
+ status = smb_fget_nt_acl_nfs4(fsp, security_info, ppdesc,
+ mem_ctx, pacl);
+ TALLOC_FREE(frame);
+ return status;
}
static NTSTATUS aixjfs2_get_nt_acl(vfs_handle_struct *handle,
}
static NTSTATUS aixjfs2_get_nt_acl(vfs_handle_struct *handle,
* On failure returns -1 if there is system (GPFS) error, check errno.
* Returns 0 on success
*/
* On failure returns -1 if there is system (GPFS) error, check errno.
* Returns 0 on success
*/
-static int gpfs_get_nfs4_acl(const char *fname, SMB4ACL_T **ppacl)
+static int gpfs_get_nfs4_acl(TALLOC_CTX *mem_ctx, const char *fname, SMB4ACL_T **ppacl)
{
gpfs_aclCount_t i;
struct gpfs_acl *gacl = NULL;
{
gpfs_aclCount_t i;
struct gpfs_acl *gacl = NULL;
- *ppacl = smb_create_smb4acl();
+ *ppacl = smb_create_smb4acl(mem_ctx);
DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d\n",
gacl->acl_len, gacl->acl_level, gacl->acl_version,
DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d\n",
gacl->acl_len, gacl->acl_level, gacl->acl_version,
return NT_STATUS_INTERNAL_ERROR);
if (!config->acl) {
return NT_STATUS_INTERNAL_ERROR);
if (!config->acl) {
- return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
- mem_ctx, ppdesc);
+ status = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
+ mem_ctx, ppdesc);
+ TALLOC_FREE(frame);
+ return status;
- result = gpfs_get_nfs4_acl(fsp->fsp_name->base_name, &pacl);
+ result = gpfs_get_nfs4_acl(frame, fsp->fsp_name->base_name, &pacl);
- if (result == 0)
- return smb_fget_nt_acl_nfs4(fsp, security_info, mem_ctx, ppdesc, pacl);
+ if (result == 0) {
+ statys = smb_fget_nt_acl_nfs4(fsp, security_info, mem_ctx, ppdesc, pacl);
+ TALLOC_FREE(frame);
+ return status;
+ }
if (result > 0) {
DEBUG(10, ("retrying with posix acl...\n"));
if (result > 0) {
DEBUG(10, ("retrying with posix acl...\n"));
- return posix_fget_nt_acl(fsp, security_info, mem_ctx, ppdesc);
+ status = posix_fget_nt_acl(fsp, security_info, mem_ctx, ppdesc);
+ TALLOC_FREE(frame);
+ return status;
+
/* GPFS ACL was not read, something wrong happened, error code is set in errno */
return map_nt_error_from_unix(errno);
}
/* GPFS ACL was not read, something wrong happened, error code is set in errno */
return map_nt_error_from_unix(errno);
}
SMB4ACL_T *pacl = NULL;
int result;
struct gpfs_config_data *config;
SMB4ACL_T *pacl = NULL;
int result;
struct gpfs_config_data *config;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
* read the local file's acls and return it in NT form
* using the NFSv4 format conversion
*/
* read the local file's acls and return it in NT form
* using the NFSv4 format conversion
*/
-static NTSTATUS zfs_get_nt_acl_common(const char *name,
+static NTSTATUS zfs_get_nt_acl_common(TALLOC_CTX *mem_ctx,
+ const char *name,
uint32 security_info,
SMB4ACL_T **ppacl)
{
int naces, i;
ace_t *acebuf;
SMB4ACL_T *pacl;
uint32 security_info,
SMB4ACL_T **ppacl)
{
int naces, i;
ace_t *acebuf;
SMB4ACL_T *pacl;
/* read the number of file aces */
if((naces = acl(name, ACE_GETACLCNT, 0, NULL)) == -1) {
/* read the number of file aces */
if((naces = acl(name, ACE_GETACLCNT, 0, NULL)) == -1) {
return map_nt_error_from_unix(errno);
}
/* create SMB4ACL data */
return map_nt_error_from_unix(errno);
}
/* create SMB4ACL data */
- if((pacl = smb_create_smb4acl()) == NULL) {
+ if((pacl = smb_create_smb4acl(mem_ctx)) == NULL) {
return NT_STATUS_NO_MEMORY;
}
for(i=0; i<naces; i++) {
return NT_STATUS_NO_MEMORY;
}
for(i=0; i<naces; i++) {
{
SMB4ACL_T *pacl;
NTSTATUS status;
{
SMB4ACL_T *pacl;
NTSTATUS status;
+ TALLOC_CTX *frame = talloc_stackframe();
- status = zfs_get_nt_acl_common(fsp->fsp_name->base_name,
+ status = zfs_get_nt_acl_common(frame,
+ fsp->fsp_name->base_name,
security_info,
&pacl);
if (!NT_STATUS_IS_OK(status)) {
security_info,
&pacl);
if (!NT_STATUS_IS_OK(status)) {
- return smb_fget_nt_acl_nfs4(fsp, security_info, mem_ctx, ppdesc, pacl);
+ status = smb_fget_nt_acl_nfs4(fsp, security_info, mem_ctx, ppdesc, pacl);
+ TALLOC_FREE(frame);
+ return status;
}
static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
}
static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
{
SMB4ACL_T *pacl;
NTSTATUS status;
{
SMB4ACL_T *pacl;
NTSTATUS status;
+ TALLOC_CTX *frame = talloc_stackframe();
- status = zfs_get_nt_acl_common(name, security_info, &pacl);
+ status = zfs_get_nt_acl_common(frame, name, security_info, &pacl);
if (!NT_STATUS_IS_OK(status)) {
if (!NT_STATUS_IS_OK(status)) {
- return smb_get_nt_acl_nfs4(handle->conn, name, security_info,
- mem_ctx, ppdesc,
- pacl);
+ status = smb_get_nt_acl_nfs4(handle->conn, name, security_info,
+ mem_ctx, ppdesc,
+ pacl);
+ TALLOC_FREE(frame);
+ return status;
}
static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle,
}
static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle,
static SMB_ACL_T zfsacl_fail__sys_acl_get_file(vfs_handle_struct *handle,
const char *path_p,
static SMB_ACL_T zfsacl_fail__sys_acl_get_file(vfs_handle_struct *handle,
const char *path_p,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx)
{
return (SMB_ACL_T)NULL;
}
static SMB_ACL_T zfsacl_fail__sys_acl_get_fd(vfs_handle_struct *handle,
{
return (SMB_ACL_T)NULL;
}
static SMB_ACL_T zfsacl_fail__sys_acl_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ TALLOC_CTX *mem_ctx)
{
return (SMB_ACL_T)NULL;
}
{
return (SMB_ACL_T)NULL;
}