This will allow us to hash this, rather than the NT ACL it maps to.
This will in turn allow us to know if the NT ACL is valid even if we
have to change the mapping code.
Andrew Bartlett
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Sep 12 07:06:01 CEST 2012 on sn-devel-104
return (SMB_ACL_T)NULL;
}
+static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob)
+{
+ errno = ENOSYS;
+ return -1;
+}
+
+static int skel_sys_acl_blob_get_fd(vfs_handle_struct *handle, files_struct *fsp, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob)
+{
+ errno = ENOSYS;
+ return -1;
+}
+
static int skel_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
{
errno = ENOSYS;
.sys_acl_get_file_fn = skel_sys_acl_get_file,
.sys_acl_get_fd_fn = skel_sys_acl_get_fd,
+ .sys_acl_blob_get_file_fn = skel_sys_acl_blob_get_file,
+ .sys_acl_blob_get_fd_fn = skel_sys_acl_blob_get_fd,
.sys_acl_set_file_fn = skel_sys_acl_set_file,
.sys_acl_set_fd_fn = skel_sys_acl_set_fd,
.sys_acl_delete_def_file_fn = skel_sys_acl_delete_def_file,
+
/* EA operations. */
.getxattr_fn = skel_getxattr,
.fgetxattr_fn = skel_fgetxattr,
return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp);
}
+static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob);
+}
+
+static int skel_sys_acl_blob_get_fd(vfs_handle_struct *handle, files_struct *fsp,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
+}
+
static int skel_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
{
return SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype, theacl);
.sys_acl_get_file_fn = skel_sys_acl_get_file,
.sys_acl_get_fd_fn = skel_sys_acl_get_fd,
+ .sys_acl_blob_get_file_fn = skel_sys_acl_blob_get_file,
+ .sys_acl_blob_get_fd_fn = skel_sys_acl_blob_get_fd,
.sys_acl_set_file_fn = skel_sys_acl_set_file,
.sys_acl_set_fd_fn = skel_sys_acl_set_fd,
.sys_acl_delete_def_file_fn = skel_sys_acl_delete_def_file,
/* Leave at 29 - not yet released. Remove sys_acl functions other than set and get - abartlet */
/* Leave at 29 - not yet released. Added backup_intent bool to files_struct - JRA */
/* Leave at 29 - not yet released. Add durable handle functions - metze/obnox */
+/* Leave at 29 - not yet released. Added sys_acl_blob_get_file and sys_acl_blob_get_fd */
/* Bump to version 30 - Samba 4.0.0 will ship with interface version 30 */
#define SMB_VFS_INTERFACE_VERSION 30
SMB_ACL_T (*sys_acl_get_file_fn)(struct vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type);
SMB_ACL_T (*sys_acl_get_fd_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp);
+ int (*sys_acl_blob_get_file_fn)(struct vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx, char **blob_description,
+ DATA_BLOB *blob);
+ int (*sys_acl_blob_get_fd_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp,
+ TALLOC_CTX *mem_ctx, char **blob_description,
+ DATA_BLOB *blob);
int (*sys_acl_set_file_fn)(struct vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl);
int (*sys_acl_set_fd_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, SMB_ACL_T theacl);
int (*sys_acl_delete_def_file_fn)(struct vfs_handle_struct *handle, const char *path);
SMB_ACL_TYPE_T type);
SMB_ACL_T smb_vfs_call_sys_acl_get_fd(struct vfs_handle_struct *handle,
struct files_struct *fsp);
+int smb_vfs_call_sys_acl_blob_get_file(struct vfs_handle_struct *handle,
+ const char *path_p,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob);
+int smb_vfs_call_sys_acl_blob_get_fd(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob);
int smb_vfs_call_sys_acl_set_file(struct vfs_handle_struct *handle,
const char *name, SMB_ACL_TYPE_T acltype,
SMB_ACL_T theacl);
#define SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp) \
smb_vfs_call_sys_acl_get_fd((handle)->next, (fsp))
+#define SMB_VFS_SYS_ACL_BLOB_GET_FILE(conn, path_p, type, mem_ctx, blob_description, blob) \
+ smb_vfs_call_sys_acl_blob_get_file((conn)->vfs_handles, (path_p), (type), (mem_ctx), (blob_description), (blob))
+#define SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob) \
+ smb_vfs_call_sys_acl_blob_get_file((handle)->next, (path_p), (type), (mem_ctx), (blob_description), (blob))
+
+#define SMB_VFS_SYS_ACL_BLOB_GET_FD(fsp, mem_ctx, blob_description, blob) \
+ smb_vfs_call_sys_acl_blob_get_fd((fsp)->conn->vfs_handles, (fsp), (mem_ctx), (blob_description), (blob))
+#define SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob) \
+ smb_vfs_call_sys_acl_blob_get_fd((handle)->next, (fsp), mem_ctx, (blob_description), (blob))
+
#define SMB_VFS_SYS_ACL_SET_FILE(conn, name, acltype, theacl) \
smb_vfs_call_sys_acl_set_file((conn)->vfs_handles, (name), (acltype), (theacl))
#define SMB_VFS_NEXT_SYS_ACL_SET_FILE(handle, name, acltype, theacl) \
return acl;
}
+
+static int fake_acls_sys_acl_blob_get_file(struct vfs_handle_struct *handle, const char *path, SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx,
+ char **blob_description, DATA_BLOB *blob)
+{
+ ssize_t length;
+ const char *name = NULL;
+ switch (type) {
+ case SMB_ACL_TYPE_ACCESS:
+ name = FAKE_ACL_ACCESS_XATTR;
+ break;
+ case SMB_ACL_TYPE_DEFAULT:
+ name = FAKE_ACL_DEFAULT_XATTR;
+ break;
+ }
+
+ *blob_description = talloc_strdup(mem_ctx, "fake_acls");
+ if (!*blob_description) {
+ errno = ENOMEM;
+ return -1;
+ }
+
+ *blob = data_blob_null;
+ do {
+ blob->length += 1000;
+ blob->data = talloc_realloc(mem_ctx, blob->data, uint8_t, blob->length);
+ if (!blob->data) {
+ errno = ENOMEM;
+ return -1;
+ }
+ length = SMB_VFS_NEXT_GETXATTR(handle, path, name, blob->data, blob->length);
+ blob->length = length;
+ } while (length == -1 && errno == ERANGE);
+ if (length == -1) {
+ return -1;
+ }
+ return 0;
+}
+
+static int fake_acls_sys_acl_blob_get_fd(struct vfs_handle_struct *handle, files_struct *fsp, TALLOC_CTX *mem_ctx,
+ char **blob_description, DATA_BLOB *blob)
+{
+ ssize_t length;
+ const char *name = FAKE_ACL_ACCESS_XATTR;
+
+ *blob_description = talloc_strdup(mem_ctx, "fake_acls");
+ if (!*blob_description) {
+ errno = ENOMEM;
+ return -1;
+ }
+ *blob = data_blob_null;
+ do {
+ blob->length += 1000;
+ blob->data = talloc_realloc(mem_ctx, blob->data, uint8_t, blob->length);
+ if (!blob->data) {
+ errno = ENOMEM;
+ return -1;
+ }
+ length = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, blob->data, blob->length);
+ blob->length = length;
+ } while (length == -1 && errno == ERANGE);
+ if (length == -1) {
+ return -1;
+ }
+ return 0;
+}
+
static int fake_acls_sys_acl_set_file(vfs_handle_struct *handle, const char *path, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl)
{
int ret;
.fstat_fn = fake_acls_fstat,
.sys_acl_get_file_fn = fake_acls_sys_acl_get_file,
.sys_acl_get_fd_fn = fake_acls_sys_acl_get_fd,
+ .sys_acl_blob_get_file_fn = fake_acls_sys_acl_blob_get_file,
+ .sys_acl_blob_get_fd_fn = fake_acls_sys_acl_blob_get_fd,
.sys_acl_set_file_fn = fake_acls_sys_acl_set_file,
.sys_acl_set_fd_fn = fake_acls_sys_acl_set_fd,
.sys_acl_delete_def_file_fn = fake_acls_sys_acl_delete_def_file,
SMB_VFS_OP_SYS_ACL_GET_FILE,
SMB_VFS_OP_SYS_ACL_GET_FD,
+ SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE,
+ SMB_VFS_OP_SYS_ACL_BLOB_GET_FD,
SMB_VFS_OP_SYS_ACL_SET_FILE,
SMB_VFS_OP_SYS_ACL_SET_FD,
SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE,
{ SMB_VFS_OP_FCHMOD_ACL, "fchmod_acl" },
{ SMB_VFS_OP_SYS_ACL_GET_FILE, "sys_acl_get_file" },
{ SMB_VFS_OP_SYS_ACL_GET_FD, "sys_acl_get_fd" },
+ { SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, "sys_acl_blob_get_file" },
+ { SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, "sys_acl_blob_get_fd" },
{ SMB_VFS_OP_SYS_ACL_SET_FILE, "sys_acl_set_file" },
{ SMB_VFS_OP_SYS_ACL_SET_FD, "sys_acl_set_fd" },
{ SMB_VFS_OP_SYS_ACL_DELETE_DEF_FILE, "sys_acl_delete_def_file" },
return result;
}
+static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
+ const char *path_p,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ SMB_ACL_T result;
+
+ result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob);
+
+ do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, (result >= 0), handle,
+ "%s", path_p);
+
+ return result;
+}
+
+static int smb_full_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ SMB_ACL_T result;
+
+ result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description,blob);
+
+ do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FD, (result >= 0), handle,
+ "%s", fsp_str_do_log(fsp));
+
+ return result;
+}
+
static int smb_full_audit_sys_acl_set_file(vfs_handle_struct *handle,
const char *name, SMB_ACL_TYPE_T acltype,
return result;
}
+
+static int smb_time_audit_sys_acl_blob_get_file(vfs_handle_struct *handle,
+ const char *path_p,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ int result;
+ struct timespec ts1,ts2;
+ double timediff;
+
+ clock_gettime_mono(&ts1);
+ result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob);
+ clock_gettime_mono(&ts2);
+ timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
+
+ if (timediff > audit_timeout) {
+ smb_time_audit_log("sys_acl_blob_get_file", timediff);
+ }
+
+ return result;
+}
+
+static int smb_time_audit_sys_acl_blob_get_fd(vfs_handle_struct *handle,
+ files_struct *fsp,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ int result;
+ struct timespec ts1,ts2;
+ double timediff;
+
+ clock_gettime_mono(&ts1);
+ result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FD(handle, fsp, mem_ctx, blob_description, blob);
+ clock_gettime_mono(&ts2);
+ timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
+
+ if (timediff > audit_timeout) {
+ smb_time_audit_log("sys_acl_blob_get_fd", timediff);
+ }
+
+ return result;
+}
+
static int smb_time_audit_sys_acl_set_file(vfs_handle_struct *handle,
const char *name,
SMB_ACL_TYPE_T acltype,
.fchmod_acl_fn = smb_time_audit_fchmod_acl,
.sys_acl_get_file_fn = smb_time_audit_sys_acl_get_file,
.sys_acl_get_fd_fn = smb_time_audit_sys_acl_get_fd,
+ .sys_acl_blob_get_file_fn = smb_time_audit_sys_acl_blob_get_file,
+ .sys_acl_blob_get_fd_fn = smb_time_audit_sys_acl_blob_get_fd,
.sys_acl_set_file_fn = smb_time_audit_sys_acl_set_file,
.sys_acl_set_fd_fn = smb_time_audit_sys_acl_set_fd,
.sys_acl_delete_def_file_fn = smb_time_audit_sys_acl_delete_def_file,
return handle->fns->sys_acl_get_fd_fn(handle, fsp);
}
+int smb_vfs_call_sys_acl_blob_get_file(struct vfs_handle_struct *handle,
+ const char *path_p,
+ SMB_ACL_TYPE_T type,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ VFS_FIND(sys_acl_blob_get_file);
+ return handle->fns->sys_acl_blob_get_file_fn(handle, path_p, type, mem_ctx, blob_description, blob);
+}
+
+int smb_vfs_call_sys_acl_blob_get_fd(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ TALLOC_CTX *mem_ctx,
+ char **blob_description,
+ DATA_BLOB *blob)
+{
+ VFS_FIND(sys_acl_blob_get_fd);
+ return handle->fns->sys_acl_blob_get_fd_fn(handle, fsp, mem_ctx, blob_description, blob);
+}
+
int smb_vfs_call_sys_acl_set_file(struct vfs_handle_struct *handle,
const char *name, SMB_ACL_TYPE_T acltype,
SMB_ACL_T theacl)