}
static NTSTATUS skel_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
- uint32 security_info, struct security_descriptor **ppdesc)
+ uint32 security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
static NTSTATUS skel_get_nt_acl(vfs_handle_struct *handle,
- const char *name, uint32 security_info, struct security_descriptor **ppdesc)
+ const char *name, uint32 security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
}
static NTSTATUS skel_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
- uint32 security_info, struct security_descriptor **ppdesc)
+ uint32 security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
- return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc);
+ return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, mem_ctx, ppdesc);
}
static NTSTATUS skel_get_nt_acl(vfs_handle_struct *handle,
- const char *name, uint32 security_info, struct security_descriptor **ppdesc)
+ const char *name, uint32 security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
- return SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
+ return SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, mem_ctx, ppdesc);
}
static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
NTSTATUS (*fget_nt_acl_fn)(struct vfs_handle_struct *handle,
struct files_struct *fsp,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc);
NTSTATUS (*get_nt_acl_fn)(struct vfs_handle_struct *handle,
const char *name,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc);
NTSTATUS (*fset_nt_acl_fn)(struct vfs_handle_struct *handle,
struct files_struct *fsp,
NTSTATUS smb_vfs_call_fget_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc);
NTSTATUS smb_vfs_call_get_nt_acl(struct vfs_handle_struct *handle,
const char *name,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc);
NTSTATUS smb_vfs_call_fset_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp,
#define SMB_VFS_NEXT_FSCTL(handle, fsp, ctx, function, req_flags, in_data, in_len, out_data, max_out_len, out_len) \
smb_vfs_call_fsctl((handle)->next, (fsp), (ctx), (function), (req_flags), (in_data), (in_len), (out_data), (max_out_len), (out_len))
-#define SMB_VFS_FGET_NT_ACL(fsp, security_info, ppdesc) \
- smb_vfs_call_fget_nt_acl((fsp)->conn->vfs_handles, (fsp), (security_info), (ppdesc))
-#define SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc) \
- smb_vfs_call_fget_nt_acl((handle)->next, (fsp), (security_info), (ppdesc))
-
-#define SMB_VFS_GET_NT_ACL(conn, name, security_info, ppdesc) \
- smb_vfs_call_get_nt_acl((conn)->vfs_handles, (name), (security_info), (ppdesc))
-#define SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc) \
- smb_vfs_call_get_nt_acl((handle)->next, (name), (security_info), (ppdesc))
+#define SMB_VFS_FGET_NT_ACL(fsp, security_info, mem_ctx, ppdesc) \
+ smb_vfs_call_fget_nt_acl((fsp)->conn->vfs_handles, (fsp), (security_info), (mem_ctx), (ppdesc))
+#define SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, mem_ctx, ppdesc) \
+ smb_vfs_call_fget_nt_acl((handle)->next, (fsp), (security_info), (mem_ctx), (ppdesc))
+
+#define SMB_VFS_GET_NT_ACL(conn, name, security_info, mem_ctx, ppdesc) \
+ smb_vfs_call_get_nt_acl((conn)->vfs_handles, (name), (security_info), (mem_ctx), (ppdesc))
+#define SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, mem_ctx, ppdesc) \
+ smb_vfs_call_get_nt_acl((handle)->next, (name), (security_info), (mem_ctx), (ppdesc))
#define SMB_VFS_AUDIT_FILE(conn, name, sacl, access_requested, access_denied) \
smb_vfs_call_audit_file((conn)->vfs_handles, (name), (sacl), (access_requested), (access_denied))
}
static NTSTATUS smb_get_nt_acl_nfs4_common(const SMB_STRUCT_STAT *sbuf,
- uint32 security_info,
+ uint32 security_info, TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc, SMB4ACL_T *theacl)
{
int good_aces = 0;
size_t sd_size = 0;
struct security_ace *nt_ace_list = NULL;
struct security_acl *psa = NULL;
- TALLOC_CTX *mem_ctx = talloc_tos();
+ TALLOC_CTX *frame = talloc_stackframe();
if (theacl==NULL || smb_get_naces(theacl)==0)
return NT_STATUS_ACCESS_DENIED; /* special because we
S_ISDIR(sbuf->st_ex_mode),
&nt_ace_list, &good_aces)==False) {
DEBUG(8,("smbacl4_nfs42win failed\n"));
+ TALLOC_FREE(frame);
return map_nt_error_from_unix(errno);
}
- psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, good_aces, nt_ace_list);
+ psa = make_sec_acl(frame, NT4_ACL_REVISION, good_aces, nt_ace_list);
if (psa == NULL) {
DEBUG(2,("make_sec_acl failed\n"));
+ TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
NULL, psa, &sd_size);
if (*ppdesc==NULL) {
DEBUG(2,("make_sec_desc failed\n"));
+ TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
"sd_size %d\n",
(int)ndr_size_security_descriptor(*ppdesc, 0)));
+ TALLOC_FREE(frame);
return NT_STATUS_OK;
}
NTSTATUS smb_fget_nt_acl_nfs4(files_struct *fsp,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc,
SMB4ACL_T *theacl)
{
return map_nt_error_from_unix(errno);
}
- return smb_get_nt_acl_nfs4_common(&sbuf, security_info, ppdesc,
+ return smb_get_nt_acl_nfs4_common(&sbuf, security_info,
+ mem_ctx, ppdesc,
theacl);
}
NTSTATUS smb_get_nt_acl_nfs4(struct connection_struct *conn,
const char *name,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc,
SMB4ACL_T *theacl)
{
return map_nt_error_from_unix(errno);
}
- return smb_get_nt_acl_nfs4_common(&sbuf, security_info, ppdesc,
+ return smb_get_nt_acl_nfs4_common(&sbuf, security_info,
+ mem_ctx, ppdesc,
theacl);
}
NTSTATUS smb_fget_nt_acl_nfs4(files_struct *fsp,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc, SMB4ACL_T *theacl);
NTSTATUS smb_get_nt_acl_nfs4(connection_struct *conn,
const char *name,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc, SMB4ACL_T *theacl);
/* Callback function needed to set the native acl
*******************************************************************/
static NTSTATUS parse_acl_blob(const DATA_BLOB *pblob,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc,
uint16_t *p_hash_type,
uint8_t hash[XATTR_SD_HASH_SIZE])
{
- TALLOC_CTX *ctx = talloc_tos();
struct xattr_NTACL xacl;
enum ndr_err_code ndr_err;
size_t sd_size;
+ TALLOC_CTX *frame = talloc_stackframe();
- ndr_err = ndr_pull_struct_blob(pblob, ctx, &xacl,
+ ndr_err = ndr_pull_struct_blob(pblob, frame, &xacl,
(ndr_pull_flags_fn_t)ndr_pull_xattr_NTACL);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
DEBUG(5, ("parse_acl_blob: ndr_pull_xattr_NTACL failed: %s\n",
ndr_errstr(ndr_err)));
+ TALLOC_FREE(frame);
return ndr_map_error2ntstatus(ndr_err);
}
switch (xacl.version) {
case 1:
- *ppdesc = make_sec_desc(ctx, SD_REVISION,
+ *ppdesc = make_sec_desc(mem_ctx, SD_REVISION,
xacl.info.sd->type | SEC_DESC_SELF_RELATIVE,
xacl.info.sd->owner_sid,
xacl.info.sd->group_sid,
memset(hash, '\0', XATTR_SD_HASH_SIZE);
break;
case 2:
- *ppdesc = make_sec_desc(ctx, SD_REVISION,
+ *ppdesc = make_sec_desc(mem_ctx, SD_REVISION,
xacl.info.sd_hs2->sd->type | SEC_DESC_SELF_RELATIVE,
xacl.info.sd_hs2->sd->owner_sid,
xacl.info.sd_hs2->sd->group_sid,
memset(hash, '\0', XATTR_SD_HASH_SIZE);
break;
case 3:
- *ppdesc = make_sec_desc(ctx, SD_REVISION,
+ *ppdesc = make_sec_desc(mem_ctx, SD_REVISION,
xacl.info.sd_hs3->sd->type | SEC_DESC_SELF_RELATIVE,
xacl.info.sd_hs3->sd->owner_sid,
xacl.info.sd_hs3->sd->group_sid,
memcpy(hash, xacl.info.sd_hs3->hash, XATTR_SD_HASH_SIZE);
break;
default:
+ TALLOC_FREE(frame);
return NT_STATUS_REVISION_MISMATCH;
}
- TALLOC_FREE(xacl.info.sd);
+ TALLOC_FREE(frame);
return (*ppdesc != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
}
files_struct *fsp,
const char *name,
uint32_t security_info,
- struct security_descriptor **ppdesc)
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
DATA_BLOB blob = data_blob_null;
NTSTATUS status;
or to return as backup. */
if (fsp) {
status = SMB_VFS_NEXT_FGET_NT_ACL(handle,
- fsp,
- HASH_SECURITY_INFO,
- &pdesc_next);
+ fsp,
+ HASH_SECURITY_INFO,
+ mem_ctx,
+ &pdesc_next);
} else {
status = SMB_VFS_NEXT_GET_NT_ACL(handle,
- name,
- HASH_SECURITY_INFO,
- &pdesc_next);
+ name,
+ HASH_SECURITY_INFO,
+ mem_ctx,
+ &pdesc_next);
}
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
- status = parse_acl_blob(&blob, &psd,
+ status = parse_acl_blob(&blob, mem_ctx, &psd,
&hash_type, &hash[0]);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("parse_acl_blob returned %s\n",
if (ignore_file_system_acl) {
TALLOC_FREE(pdesc_next);
- status = make_default_filesystem_acl(talloc_tos(),
+ status = make_default_filesystem_acl(mem_ctx,
name,
psbuf,
&psd);
Fetch a security descriptor given an fsp.
*********************************************************************/
-static NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
- uint32_t security_info, struct security_descriptor **ppdesc)
+static NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle,
+ files_struct *fsp,
+ uint32_t security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
return get_nt_acl_internal(handle, fsp,
- NULL, security_info, ppdesc);
+ NULL, security_info, mem_ctx, ppdesc);
}
/*********************************************************************
*********************************************************************/
static NTSTATUS get_nt_acl_common(vfs_handle_struct *handle,
- const char *name, uint32_t security_info, struct security_descriptor **ppdesc)
+ const char *name,
+ uint32_t security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
return get_nt_acl_internal(handle, NULL,
- name, security_info, ppdesc);
+ name, security_info, mem_ctx, ppdesc);
}
/*********************************************************************
struct security_descriptor *psd = NULL;
uint8_t hash[XATTR_SD_HASH_SIZE];
bool chown_needed = false;
+ TALLOC_CTX *frame = talloc_stackframe();
if (DEBUGLEVEL >= 10) {
DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n",
status = get_nt_acl_internal(handle, fsp,
NULL,
SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL,
+ frame,
&psd);
if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
return status;
}
status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
if (!NT_STATUS_IS_OK(status)) {
if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+ TALLOC_FREE(frame);
return status;
}
/* We got access denied here. If we're already root,
security_info_sent, psd);
unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
return status;
}
}
/* Get the full underlying sd, then hash. */
status = SMB_VFS_NEXT_FGET_NT_ACL(handle,
- fsp,
- HASH_SECURITY_INFO,
- &pdesc_next);
+ fsp,
+ HASH_SECURITY_INFO,
+ frame,
+ &pdesc_next);
if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
return status;
}
status = hash_sd_sha256(pdesc_next, hash);
if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
return status;
}
status = create_acl_blob(psd, &blob, XATTR_SD_HASH_TYPE_SHA256, hash);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("fset_nt_acl_xattr: create_acl_blob failed\n"));
+ TALLOC_FREE(frame);
return status;
}
status = store_acl_blob_fsp(handle, fsp, &blob);
+ TALLOC_FREE(frame);
return status;
}
static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
SMB_STRUCT_STAT *psbuf,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
struct security_ace *nt_ace_list;
struct security_acl *psa = NULL;
int good_aces;
size_t sd_size;
- TALLOC_CTX *mem_ctx = talloc_tos();
struct afs_ace *afs_ace;
struct connection_struct *conn,
struct smb_filename *smb_fname,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
int ret;
}
return afs_to_nt_acl_common(afs_acl, &smb_fname->st, security_info,
- ppdesc);
+ mem_ctx, ppdesc);
}
static size_t afs_fto_nt_acl(struct afs_acl *afs_acl,
struct files_struct *fsp,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
SMB_STRUCT_STAT sbuf;
if (fsp->fh->fd == -1) {
/* Get the stat struct for the owner info. */
return afs_to_nt_acl(afs_acl, fsp->conn, fsp->fsp_name,
- security_info, ppdesc);
+ security_info, mem_ctx, ppdesc);
}
if(SMB_VFS_FSTAT(fsp, &sbuf) != 0) {
static NTSTATUS afsacl_fget_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
struct afs_acl acl;
return NT_STATUS_ACCESS_DENIED;
}
- sd_size = afs_fto_nt_acl(&acl, fsp, security_info, ppdesc);
+ sd_size = afs_fto_nt_acl(&acl, fsp, security_info, mem_ctx, ppdesc);
free_afs_acl(&acl);
}
static NTSTATUS afsacl_get_nt_acl(struct vfs_handle_struct *handle,
- const char *name, uint32 security_info,
+ const char *name, uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
struct afs_acl acl;
}
sd_size = afs_to_nt_acl(&acl, handle->conn, smb_fname, security_info,
- ppdesc);
+ mem_ctx, ppdesc);
TALLOC_FREE(smb_fname);
free_afs_acl(&acl);
static NTSTATUS aixjfs2_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
SMB4ACL_T *pacl = NULL;
if (retryPosix)
{
DEBUG(10, ("retrying with posix acl...\n"));
- return posix_fget_nt_acl(fsp, security_info, ppdesc);
+ return posix_fget_nt_acl(fsp, security_info,
+ mem_ctx, ppdesc);
}
if (result==False)
return NT_STATUS_ACCESS_DENIED;
- return smb_fget_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
+ return smb_fget_nt_acl_nfs4(fsp, security_info, ppdesc,
+ mem_ctx, pacl);
}
static NTSTATUS aixjfs2_get_nt_acl(vfs_handle_struct *handle,
const char *name,
- uint32 security_info, struct security_descriptor **ppdesc)
+ uint32 security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
SMB4ACL_T *pacl = NULL;
bool result;
{
DEBUG(10, ("retrying with posix acl...\n"));
return posix_get_nt_acl(handle->conn, name, security_info,
- ppdesc);
+ mem_ctx, ppdesc);
}
if (result==False)
return NT_STATUS_ACCESS_DENIED;
- return smb_get_nt_acl_nfs4(handle->conn, name, security_info, ppdesc,
+ return smb_get_nt_acl_nfs4(handle->conn, name, security_info,
+ mem_ctx, ppdesc,
pacl);
}
catia_get_nt_acl(struct vfs_handle_struct *handle,
const char *path,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
char *mapped_name = NULL;
return status;
}
status = SMB_VFS_NEXT_GET_NT_ACL(handle, mapped_name,
- security_info, ppdesc);
+ security_info, mem_ctx, ppdesc);
TALLOC_FREE(mapped_name);
return status;
static NTSTATUS vfswrap_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
NTSTATUS result;
START_PROFILE(fget_nt_acl);
- result = posix_fget_nt_acl(fsp, security_info, ppdesc);
+ result = posix_fget_nt_acl(fsp, security_info,
+ mem_ctx, ppdesc);
END_PROFILE(fget_nt_acl);
return result;
}
static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle,
const char *name,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
NTSTATUS result;
START_PROFILE(get_nt_acl);
- result = posix_get_nt_acl(handle->conn, name, security_info, ppdesc);
+ result = posix_get_nt_acl(handle->conn, name, security_info,
+ mem_ctx, ppdesc);
END_PROFILE(get_nt_acl);
return result;
}
}
static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
- uint32 security_info,
- struct security_descriptor **ppdesc)
+ uint32 security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
NTSTATUS result;
- result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc);
+ result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
+ mem_ctx, ppdesc);
do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
"%s", fsp_str_do_log(fsp));
static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
const char *name,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
NTSTATUS result;
- result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
+ result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info,
+ mem_ctx, ppdesc);
do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
"%s", name);
static NTSTATUS gpfsacl_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
SMB4ACL_T *pacl = NULL;
result = gpfs_get_nfs4_acl(fsp->fsp_name->base_name, &pacl);
if (result == 0)
- return smb_fget_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
+ return smb_fget_nt_acl_nfs4(fsp, security_info, mem_ctx, ppdesc, pacl);
if (result > 0) {
DEBUG(10, ("retrying with posix acl...\n"));
- return posix_fget_nt_acl(fsp, security_info, ppdesc);
+ return posix_fget_nt_acl(fsp, security_info, mem_ctx, ppdesc);
}
/* GPFS ACL was not read, something wrong happened, error code is set in errno */
static NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle,
const char *name,
- uint32 security_info, struct security_descriptor **ppdesc)
+ uint32 security_info,
+ TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc)
{
SMB4ACL_T *pacl = NULL;
int result;
result = gpfs_get_nfs4_acl(name, &pacl);
if (result == 0)
- return smb_get_nt_acl_nfs4(handle->conn, name, security_info, ppdesc, pacl);
+ return smb_get_nt_acl_nfs4(handle->conn, name, security_info,
+ mem_ctx, ppdesc, pacl);
if (result > 0) {
DEBUG(10, ("retrying with posix acl...\n"));
- return posix_get_nt_acl(handle->conn, name, security_info, ppdesc);
+ return posix_get_nt_acl(handle->conn, name, security_info,
+ mem_ctx, ppdesc);
}
/* GPFS ACL was not read, something wrong happened, error code is set in errno */
* In this case, "name" is a path.
*/
static NTSTATUS mh_get_nt_acl(vfs_handle_struct *handle,
- const char *name,
- uint32 security_info,
- struct security_descriptor **ppdesc)
+ const char *name,
+ uint32 security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
NTSTATUS status;
char *clientPath;
if (!is_in_media_files(name))
{
status = SMB_VFS_NEXT_GET_NT_ACL(handle, name,
- security_info, ppdesc);
+ security_info,
+ mem_ctx, ppdesc);
goto out;
}
}
status = SMB_VFS_NEXT_GET_NT_ACL(handle, clientPath,
- security_info, ppdesc);
+ security_info,
+ mem_ctx, ppdesc);
err:
TALLOC_FREE(clientPath);
out:
static NTSTATUS shadow_copy2_fget_nt_acl(vfs_handle_struct *handle,
struct files_struct *fsp,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
time_t timestamp;
}
if (timestamp == 0) {
return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
+ mem_ctx,
ppdesc);
}
conv = shadow_copy2_convert(talloc_tos(), handle, stripped, timestamp);
if (conv == NULL) {
return map_nt_error_from_unix(errno);
}
- status = SMB_VFS_NEXT_GET_NT_ACL(handle, conv, security_info, ppdesc);
+ status = SMB_VFS_NEXT_GET_NT_ACL(handle, conv, security_info,
+ mem_ctx, ppdesc);
TALLOC_FREE(conv);
return status;
}
static NTSTATUS shadow_copy2_get_nt_acl(vfs_handle_struct *handle,
const char *fname,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
time_t timestamp;
}
if (timestamp == 0) {
return SMB_VFS_NEXT_GET_NT_ACL(handle, fname, security_info,
- ppdesc);
+ mem_ctx, ppdesc);
}
conv = shadow_copy2_convert(talloc_tos(), handle, stripped, timestamp);
TALLOC_FREE(stripped);
if (conv == NULL) {
return map_nt_error_from_unix(errno);
}
- status = SMB_VFS_NEXT_GET_NT_ACL(handle, conv, security_info, ppdesc);
+ status = SMB_VFS_NEXT_GET_NT_ACL(handle, conv, security_info,
+ mem_ctx, ppdesc);
TALLOC_FREE(conv);
return status;
}
static NTSTATUS smb_time_audit_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
NTSTATUS result;
double timediff;
clock_gettime_mono(&ts1);
- result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, ppdesc);
+ result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info,
+ mem_ctx, ppdesc);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
static NTSTATUS smb_time_audit_get_nt_acl(vfs_handle_struct *handle,
const char *name,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
NTSTATUS result;
double timediff;
clock_gettime_mono(&ts1);
- result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
+ result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info,
+ mem_ctx, ppdesc);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
}
static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
- struct files_struct *fsp,
- uint32 security_info,
- struct security_descriptor **ppdesc)
+ struct files_struct *fsp,
+ uint32 security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
SMB4ACL_T *pacl;
NTSTATUS status;
- status = zfs_get_nt_acl_common(fsp->fsp_name->base_name, security_info,
+ status = zfs_get_nt_acl_common(fsp->fsp_name->base_name,
+ mem_ctx, security_info,
&pacl);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
- const char *name, uint32 security_info,
- struct security_descriptor **ppdesc)
+ const char *name, uint32 security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
SMB4ACL_T *pacl;
NTSTATUS status;
return status;
}
- return smb_get_nt_acl_nfs4(handle->conn, name, security_info, ppdesc,
+ return smb_get_nt_acl_nfs4(handle->conn, name, security_info,
+ mem_ctx, ppdesc,
pacl);
}
goto error_exit;
}
+ sd_buf = talloc_zero(p->mem_ctx, struct sec_desc_buf);
+ if (!sd_buf) {
+ werr = WERR_NOMEM;
+ goto error_exit;
+ }
+
nt_status = SMB_VFS_FGET_NT_ACL(fsp,
(SECINFO_OWNER
|SECINFO_GROUP
- |SECINFO_DACL), &psd);
+ |SECINFO_DACL), sd_buf, &sd_buf->sd);
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(3,("_srvsvc_NetGetFileSecurity: Unable to get NT ACL "
"for file %s\n", smb_fname_str_dbg(smb_fname)));
werr = ntstatus_to_werror(nt_status);
+ TALLOC_FREE(sd_buf);
goto error_exit;
}
sd_size = ndr_size_security_descriptor(psd, 0);
- sd_buf = talloc_zero(p->mem_ctx, struct sec_desc_buf);
- if (!sd_buf) {
- werr = WERR_NOMEM;
- goto error_exit;
- }
-
sd_buf->sd_size = sd_size;
- sd_buf->sd = talloc_move(p->mem_ctx, &psd);
*r->out.sd_buf = sd_buf;
bool directory_has_default_acl(connection_struct *conn, const char *fname)
{
- /* returns talloced off tos. */
struct security_descriptor *secdesc = NULL;
unsigned int i;
NTSTATUS status = SMB_VFS_GET_NT_ACL(conn, fname,
- SECINFO_DACL, &secdesc);
+ SECINFO_DACL, talloc_tos(),
+ &secdesc);
if (!NT_STATUS_IS_OK(status) ||
secdesc == NULL ||
{
NTSTATUS status;
struct security_descriptor *psd = NULL;
+ TALLOC_CTX *frame = talloc_stackframe();
/*
* Get the permissions to return.
}
if (!lp_nt_acl_support(SNUM(conn))) {
- status = get_null_nt_acl(mem_ctx, &psd);
+ status = get_null_nt_acl(frame, &psd);
} else if (security_info_wanted & SECINFO_LABEL) {
/* Like W2K3 return a null object. */
- status = get_null_nt_acl(mem_ctx, &psd);
+ status = get_null_nt_acl(frame, &psd);
} else {
status = SMB_VFS_FGET_NT_ACL(
- fsp, security_info_wanted, &psd);
+ fsp, security_info_wanted, frame, &psd);
}
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (max_data_count < *psd_size) {
- TALLOC_FREE(psd);
+ TALLOC_FREE(frame);
return NT_STATUS_BUFFER_TOO_SMALL;
}
ppmarshalled_sd, psd_size);
if (!NT_STATUS_IS_OK(status)) {
- TALLOC_FREE(psd);
+ TALLOC_FREE(frame);
return status;
}
- TALLOC_FREE(psd);
+ TALLOC_FREE(frame);
return NT_STATUS_OK;
}
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(SECINFO_OWNER |
SECINFO_GROUP |
- SECINFO_DACL),&sd);
+ SECINFO_DACL), talloc_tos(), &sd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("smbd_check_access_rights: Could not get acl "
status = SMB_VFS_GET_NT_ACL(conn,
parent_dir,
SECINFO_DACL,
+ talloc_tos(),
&parent_sd);
if (!NT_STATUS_IS_OK(status)) {
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(SECINFO_OWNER |
SECINFO_GROUP |
- SECINFO_DACL),&sd);
+ SECINFO_DACL),
+ talloc_tos(), &sd);
if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
/*
static NTSTATUS inherit_new_acl(files_struct *fsp)
{
- TALLOC_CTX *ctx = talloc_tos();
+ TALLOC_CTX *frame = talloc_stackframe();
char *parent_name = NULL;
struct security_descriptor *parent_desc = NULL;
NTSTATUS status = NT_STATUS_OK;
bool inheritable_components = false;
size_t size = 0;
- if (!parent_dirname(ctx, fsp->fsp_name->base_name, &parent_name, NULL)) {
+ if (!parent_dirname(frame, fsp->fsp_name->base_name, &parent_name, NULL)) {
return NT_STATUS_NO_MEMORY;
}
status = SMB_VFS_GET_NT_ACL(fsp->conn,
- parent_name,
- (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL),
- &parent_desc);
+ parent_name,
+ (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL),
+ frame,
+ &parent_desc);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
fsp->is_directory);
if (!inheritable_components && !inherit_owner) {
+ TALLOC_FREE(frame);
/* Nothing to inherit and not setting owner. */
return NT_STATUS_OK;
}
group_sid = &fsp->conn->session_info->security_token->sids[PRIMARY_GROUP_SID_INDEX];
}
- status = se_create_child_secdesc(ctx,
+ status = se_create_child_secdesc(frame,
&psd,
&size,
parent_desc,
group_sid,
fsp->is_directory);
if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_FREE(frame);
return status;
}
if (inherit_owner) {
unbecome_root();
}
+ TALLOC_FREE(frame);
return status;
}
SMB_ACL_T posix_acl,
SMB_ACL_T def_acl,
uint32_t security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
struct dom_sid owner_sid;
}
} /* security_info & SECINFO_DACL */
- psd = make_standard_sec_desc( talloc_tos(),
+ psd = make_standard_sec_desc(mem_ctx,
(security_info & SECINFO_OWNER) ? &owner_sid : NULL,
(security_info & SECINFO_GROUP) ? &group_sid : NULL,
psa,
}
NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
SMB_STRUCT_STAT sbuf;
SMB_ACL_T posix_acl = NULL;
struct pai_val *pal;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
*ppdesc = NULL;
/* can it happen that fsp_name == NULL ? */
if (fsp->is_directory || fsp->fh->fd == -1) {
- return posix_get_nt_acl(fsp->conn, fsp->fsp_name->base_name,
- security_info, ppdesc);
+ status = posix_get_nt_acl(fsp->conn, fsp->fsp_name->base_name,
+ security_info, mem_ctx, ppdesc);
+ TALLOC_FREE(frame);
+ return status;
}
/* Get the stat struct for the owner info. */
if(SMB_VFS_FSTAT(fsp, &sbuf) != 0) {
+ TALLOC_FREE(frame);
return map_nt_error_from_unix(errno);
}
/* Get the ACL from the fd. */
- posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, talloc_tos());
+ posix_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, frame);
pal = fload_inherited_info(fsp);
- return posix_get_nt_acl_common(fsp->conn, fsp->fsp_name->base_name,
- &sbuf, pal, posix_acl, NULL,
- security_info, ppdesc);
+ status = posix_get_nt_acl_common(fsp->conn, fsp->fsp_name->base_name,
+ &sbuf, pal, posix_acl, NULL,
+ security_info, mem_ctx, ppdesc);
+ TALLOC_FREE(frame);
+ return status;
}
NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name,
- uint32_t security_info, struct security_descriptor **ppdesc)
+ uint32_t security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
{
SMB_ACL_T posix_acl = NULL;
SMB_ACL_T def_acl = NULL;
struct pai_val *pal;
struct smb_filename smb_fname;
int ret;
+ TALLOC_CTX *frame = talloc_stackframe();
+ NTSTATUS status;
*ppdesc = NULL;
}
if (ret == -1) {
+ TALLOC_FREE(frame);
return map_nt_error_from_unix(errno);
}
/* Get the ACL from the path. */
posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, name,
- SMB_ACL_TYPE_ACCESS, talloc_tos());
+ SMB_ACL_TYPE_ACCESS, frame);
/* If it's a directory get the default POSIX ACL. */
if(S_ISDIR(smb_fname.st.st_ex_mode)) {
def_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, name,
- SMB_ACL_TYPE_DEFAULT,
- talloc_tos());
+ SMB_ACL_TYPE_DEFAULT, frame);
def_acl = free_empty_sys_acl(conn, def_acl);
}
pal = load_inherited_info(conn, name);
- return posix_get_nt_acl_common(conn, name, &smb_fname.st, pal,
- posix_acl, def_acl, security_info,
- ppdesc);
+ status = posix_get_nt_acl_common(conn, name, &smb_fname.st, pal,
+ posix_acl, def_acl, security_info,
+ mem_ctx,
+ ppdesc);
+ TALLOC_FREE(frame);
+ return status;
}
/****************************************************************************
struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname, uint32 security_info_wanted)
{
- struct security_descriptor *psd, *ret_sd;
+ struct security_descriptor *ret_sd;
connection_struct *conn;
files_struct finfo;
struct fd_handle fh;
return NULL;
}
- if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, security_info_wanted, &psd))) {
+ if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo,
+ security_info_wanted,
+ ctx, &ret_sd))) {
DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n"));
TALLOC_FREE(finfo.fsp_name);
conn_free(conn);
return NULL;
}
- ret_sd = dup_sec_desc( ctx, psd );
-
TALLOC_FREE(finfo.fsp_name);
conn_free(conn);
TALLOC_FREE(frame);
bool current_user_in_group(connection_struct *conn, gid_t gid);
SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl);
NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc);
NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name,
- uint32_t security_info, struct security_descriptor **ppdesc);
+ uint32_t security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc);
NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid);
NTSTATUS append_parent_acl(files_struct *fsp,
const struct security_descriptor *pcsd,
NTSTATUS smb_vfs_call_fget_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
VFS_FIND(fget_nt_acl);
return handle->fns->fget_nt_acl_fn(handle, fsp, security_info,
- ppdesc);
+ mem_ctx, ppdesc);
}
NTSTATUS smb_vfs_call_get_nt_acl(struct vfs_handle_struct *handle,
const char *name,
uint32 security_info,
+ TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
VFS_FIND(get_nt_acl);
- return handle->fns->get_nt_acl_fn(handle, name, security_info, ppdesc);
+ return handle->fns->get_nt_acl_fn(handle, name, security_info, mem_ctx, ppdesc);
}
NTSTATUS smb_vfs_call_fset_nt_acl(struct vfs_handle_struct *handle,
return NT_STATUS_OK;
}
- status = SMB_VFS_FGET_NT_ACL(vfs->files[fd], SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL, &sd);
+ status = SMB_VFS_FGET_NT_ACL(vfs->files[fd],
+ SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL,
+ talloc_tos(), &sd);
if (!NT_STATUS_IS_OK(status)) {
printf("fget_nt_acl returned (%s)\n", nt_errstr(status));
return status;
return NT_STATUS_OK;
}
- status = SMB_VFS_GET_NT_ACL(vfs->conn, argv[1], SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL, &sd);
+ status = SMB_VFS_GET_NT_ACL(vfs->conn, argv[1],
+ SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL,
+ talloc_tos(), &sd);
if (!NT_STATUS_IS_OK(status)) {
printf("get_nt_acl returned (%s)\n", nt_errstr(status));
return status;