acl_common: Avoid "#include vfs_acl_common.c"
authorVolker Lendecke <vl@samba.org>
Fri, 18 Aug 2017 12:41:57 +0000 (14:41 +0200)
committerJeremy Allison <jra@samba.org>
Wed, 23 Aug 2017 23:46:07 +0000 (01:46 +0200)
This makes vfs_acl_common.c a subsystem of its own that acl_xattr and acl_tdb
now link against, not #include it.

This patch is a bit on the large and clumsy side, but splitting it up would
(I believe) involve a separate intermediate copy of acl_common.c.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/modules/vfs_acl_common.c
source3/modules/vfs_acl_common.h [new file with mode: 0644]
source3/modules/vfs_acl_tdb.c
source3/modules/vfs_acl_xattr.c
source3/modules/wscript_build
source3/wscript_build

index 3f5f0c8..c4849b6 100644 (file)
  * along with this program; if not, see <http://www.gnu.org/licenses/>.
  */
 
+#include "includes.h"
+#include "vfs_acl_common.h"
 #include "smbd/smbd.h"
 #include "system/filesys.h"
+#include "librpc/gen_ndr/ndr_xattr.h"
 #include "../libcli/security/security.h"
 #include "../librpc/gen_ndr/ndr_security.h"
 #include "../lib/util/bitmap.h"
+#include "lib/crypto/sha256.h"
 #include "passdb/lookup_sid.h"
 
 static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
@@ -32,34 +36,18 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
                        uint16_t hash_type,
                        uint8_t hash[XATTR_SD_HASH_SIZE]);
 
-static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
-                       vfs_handle_struct *handle,
-                       files_struct *fsp,
-                       const struct smb_filename *smb_fname,
-                       DATA_BLOB *pblob);
-
-static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
-                       files_struct *fsp,
-                       DATA_BLOB *pblob);
-
 #define HASH_SECURITY_INFO (SECINFO_OWNER | \
                                SECINFO_GROUP | \
                                SECINFO_DACL | \
                                SECINFO_SACL)
 
-enum default_acl_style {DEFAULT_ACL_POSIX, DEFAULT_ACL_WINDOWS};
-
 static const struct enum_list default_acl_style[] = {
        {DEFAULT_ACL_POSIX,     "posix"},
        {DEFAULT_ACL_WINDOWS,   "windows"}
 };
 
-struct acl_common_config {
-       bool ignore_system_acls;
-       enum default_acl_style default_acl_style;
-};
-
-static bool init_acl_common_config(vfs_handle_struct *handle)
+bool init_acl_common_config(vfs_handle_struct *handle,
+                           const char *module_name)
 {
        struct acl_common_config *config = NULL;
 
@@ -71,11 +59,11 @@ static bool init_acl_common_config(vfs_handle_struct *handle)
        }
 
        config->ignore_system_acls = lp_parm_bool(SNUM(handle->conn),
-                                                 ACL_MODULE_NAME,
+                                                 module_name,
                                                  "ignore system acls",
                                                  false);
        config->default_acl_style = lp_parm_enum(SNUM(handle->conn),
-                                                ACL_MODULE_NAME,
+                                                module_name,
                                                 "default acl style",
                                                 default_acl_style,
                                                 DEFAULT_ACL_POSIX);
@@ -854,7 +842,7 @@ static NTSTATUS stat_fsp_or_smb_fname(vfs_handle_struct *handle,
  filesystem sd.
 *******************************************************************/
 
-static NTSTATUS get_nt_acl_internal(
+NTSTATUS get_nt_acl_common(
        NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
                                    vfs_handle_struct *handle,
                                    files_struct *fsp,
@@ -1022,34 +1010,6 @@ fail:
        return status;
 }
 
-/*********************************************************************
- Fetch a security descriptor given an fsp.
-*********************************************************************/
-
-static NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle,
-                                  files_struct *fsp,
-                                  uint32_t security_info,
-                                  TALLOC_CTX *mem_ctx,
-                                  struct security_descriptor **ppdesc)
-{
-       return get_nt_acl_internal(get_acl_blob, handle, fsp, NULL,
-                                  security_info, mem_ctx, ppdesc);
-}
-
-/*********************************************************************
- Fetch a security descriptor given a pathname.
-*********************************************************************/
-
-static NTSTATUS get_nt_acl_common(vfs_handle_struct *handle,
-                                 const struct smb_filename *smb_fname,
-                                 uint32_t security_info,
-                                 TALLOC_CTX *mem_ctx,
-                                 struct security_descriptor **ppdesc)
-{
-       return get_nt_acl_internal(get_acl_blob, handle, NULL, smb_fname,
-                                  security_info, mem_ctx, ppdesc);
-}
-
 /*********************************************************************
  Set the underlying ACL (e.g. POSIX ACLS, POSIX owner, etc)
 *********************************************************************/
@@ -1130,8 +1090,19 @@ static NTSTATUS store_v3_blob(
  Store a security descriptor given an fsp.
 *********************************************************************/
 
-static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
-        uint32_t security_info_sent, const struct security_descriptor *orig_psd)
+NTSTATUS fset_nt_acl_common(
+       NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
+                                   vfs_handle_struct *handle,
+                                   files_struct *fsp,
+                                   const struct smb_filename *smb_fname,
+                                   DATA_BLOB *pblob),
+       NTSTATUS (*store_acl_blob_fsp_fn)(vfs_handle_struct *handle,
+                                         files_struct *fsp,
+                                         DATA_BLOB *pblob),
+       const char *module_name,
+       vfs_handle_struct *handle, files_struct *fsp,
+       uint32_t security_info_sent,
+       const struct security_descriptor *orig_psd)
 {
        NTSTATUS status;
        int ret;
@@ -1144,7 +1115,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
        char *sys_acl_description;
        TALLOC_CTX *frame = talloc_stackframe();
        bool ignore_file_system_acl = lp_parm_bool(
-           SNUM(handle->conn), ACL_MODULE_NAME, "ignore system acls", false);
+           SNUM(handle->conn), module_name, "ignore system acls", false);
 
        if (DEBUGLEVEL >= 10) {
                DBG_DEBUG("incoming sd for file %s\n", fsp_str_dbg(fsp));
@@ -1152,7 +1123,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
                        discard_const_p(struct security_descriptor, orig_psd));
        }
 
-       status = get_nt_acl_internal(get_acl_blob, handle, fsp,
+       status = get_nt_acl_common(get_acl_blob_fn, handle, fsp,
                        NULL,
                        SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL,
                                     frame,
@@ -1211,7 +1182,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
                        }
                }
                ZERO_ARRAY(hash);
-               status = store_v3_blob(store_acl_blob_fsp, handle, fsp, psd,
+               status = store_v3_blob(store_acl_blob_fsp_fn, handle, fsp, psd,
                                       NULL, hash);
 
                TALLOC_FREE(frame);
@@ -1253,7 +1224,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
        /* If we fail to get the ACL blob (for some reason) then this
         * is not fatal, we just work based on the NT ACL only */
        if (ret != 0) {
-               status = store_v3_blob(store_acl_blob_fsp, handle, fsp, psd,
+               status = store_v3_blob(store_acl_blob_fsp_fn, handle, fsp, psd,
                                       pdesc_next, hash);
 
                TALLOC_FREE(frame);
@@ -1289,7 +1260,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
                return status;
        }
 
-       status = store_acl_blob_fsp(handle, fsp, &blob);
+       status = store_acl_blob_fsp_fn(handle, fsp, &blob);
 
        TALLOC_FREE(frame);
        return status;
@@ -1390,8 +1361,8 @@ static int acl_common_remove_object(vfs_handle_struct *handle,
        return ret;
 }
 
-static int rmdir_acl_common(struct vfs_handle_struct *handle,
-                               const struct smb_filename *smb_fname)
+int rmdir_acl_common(struct vfs_handle_struct *handle,
+                    const struct smb_filename *smb_fname)
 {
        int ret;
 
@@ -1414,7 +1385,7 @@ static int rmdir_acl_common(struct vfs_handle_struct *handle,
        return -1;
 }
 
-static int unlink_acl_common(struct vfs_handle_struct *handle,
+int unlink_acl_common(struct vfs_handle_struct *handle,
                        const struct smb_filename *smb_fname)
 {
        int ret;
@@ -1443,9 +1414,9 @@ static int unlink_acl_common(struct vfs_handle_struct *handle,
        return -1;
 }
 
-static int chmod_acl_module_common(struct vfs_handle_struct *handle,
-                       const struct smb_filename *smb_fname,
-                       mode_t mode)
+int chmod_acl_module_common(struct vfs_handle_struct *handle,
+                           const struct smb_filename *smb_fname,
+                           mode_t mode)
 {
        if (smb_fname->flags & SMB_FILENAME_POSIX_PATH) {
                /* Only allow this on POSIX pathnames. */
@@ -1454,8 +1425,8 @@ static int chmod_acl_module_common(struct vfs_handle_struct *handle,
        return 0;
 }
 
-static int fchmod_acl_module_common(struct vfs_handle_struct *handle,
-                       struct files_struct *fsp, mode_t mode)
+int fchmod_acl_module_common(struct vfs_handle_struct *handle,
+                            struct files_struct *fsp, mode_t mode)
 {
        if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
                /* Only allow this on POSIX opens. */
@@ -1464,9 +1435,9 @@ static int fchmod_acl_module_common(struct vfs_handle_struct *handle,
        return 0;
 }
 
-static int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
-                       const struct smb_filename *smb_fname,
-                       mode_t mode)
+int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
+                               const struct smb_filename *smb_fname,
+                               mode_t mode)
 {
        if (smb_fname->flags & SMB_FILENAME_POSIX_PATH) {
                /* Only allow this on POSIX pathnames. */
@@ -1475,8 +1446,8 @@ static int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
        return 0;
 }
 
-static int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
-                       struct files_struct *fsp, mode_t mode)
+int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
+                                struct files_struct *fsp, mode_t mode)
 {
        if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
                /* Only allow this on POSIX opens. */
diff --git a/source3/modules/vfs_acl_common.h b/source3/modules/vfs_acl_common.h
new file mode 100644 (file)
index 0000000..c52fc50
--- /dev/null
@@ -0,0 +1,79 @@
+/*
+ * Store Windows ACLs in data store - common functions.
+ *
+ * Copyright (C) Volker Lendecke, 2008
+ * Copyright (C) Jeremy Allison, 2009
+ * Copyright (C) Ralph B√∂hme, 2016
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __VFS_ACL_COMMON_H__
+#define __VFS_ACL_COMMON_H__
+
+enum default_acl_style {DEFAULT_ACL_POSIX, DEFAULT_ACL_WINDOWS};
+
+struct acl_common_config {
+       bool ignore_system_acls;
+       enum default_acl_style default_acl_style;
+};
+
+bool init_acl_common_config(vfs_handle_struct *handle,
+                           const char *module_name);
+
+int rmdir_acl_common(struct vfs_handle_struct *handle,
+                    const struct smb_filename *smb_fname);
+int unlink_acl_common(struct vfs_handle_struct *handle,
+                     const struct smb_filename *smb_fname);
+int chmod_acl_module_common(struct vfs_handle_struct *handle,
+                           const struct smb_filename *smb_fname,
+                           mode_t mode);
+int fchmod_acl_module_common(struct vfs_handle_struct *handle,
+                            struct files_struct *fsp, mode_t mode);
+int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
+                               const struct smb_filename *smb_fname,
+                               mode_t mode);
+int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
+                                struct files_struct *fsp, mode_t mode);
+
+NTSTATUS get_nt_acl_common(
+       NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
+                                   vfs_handle_struct *handle,
+                                   files_struct *fsp,
+                                   const struct smb_filename *smb_fname,
+                                   DATA_BLOB *pblob),
+       vfs_handle_struct *handle,
+       files_struct *fsp,
+       const struct smb_filename *smb_fname_in,
+       uint32_t security_info,
+       TALLOC_CTX *mem_ctx,
+       struct security_descriptor **ppdesc);
+
+NTSTATUS fset_nt_acl_common(
+       NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
+                                   vfs_handle_struct *handle,
+                                   files_struct *fsp,
+                                   const struct smb_filename *smb_fname,
+                                   DATA_BLOB *pblob),
+       NTSTATUS (*store_acl_blob_fsp_fn)(vfs_handle_struct *handle,
+                                         files_struct *fsp,
+                                         DATA_BLOB *pblob),
+       const char *module_name,
+       vfs_handle_struct *handle, files_struct *fsp,
+        uint32_t security_info_sent,
+       const struct security_descriptor *orig_psd);
+
+
+
+#endif
index 817add7..c5ffa5e 100644 (file)
 #include "smbd/smbd.h"
 #include "system/filesys.h"
 #include "librpc/gen_ndr/xattr.h"
-#include "librpc/gen_ndr/ndr_xattr.h"
 #include "../lib/crypto/sha256.h"
 #include "dbwrap/dbwrap.h"
 #include "dbwrap/dbwrap_open.h"
 #include "auth.h"
 #include "util_tdb.h"
+#include "vfs_acl_common.h"
 
 #undef DBGC_CLASS
 #define DBGC_CLASS DBGC_VFS
 
 #define ACL_MODULE_NAME "acl_tdb"
-#include "modules/vfs_acl_common.c"
 
 static unsigned int ref_count;
 static struct db_context *acl_db;
@@ -320,7 +319,7 @@ static int connect_acl_tdb(struct vfs_handle_struct *handle,
                return -1;
        }
 
-       ok = init_acl_common_config(handle);
+       ok = init_acl_common_config(handle, ACL_MODULE_NAME);
        if (!ok) {
                DBG_ERR("init_acl_common_config failed\n");
                return -1;
@@ -451,6 +450,42 @@ static int sys_acl_set_fd_tdb(vfs_handle_struct *handle,
        return 0;
 }
 
+static NTSTATUS acl_tdb_fget_nt_acl(vfs_handle_struct *handle,
+                                   files_struct *fsp,
+                                   uint32_t security_info,
+                                   TALLOC_CTX *mem_ctx,
+                                   struct security_descriptor **ppdesc)
+{
+       NTSTATUS status;
+       status = get_nt_acl_common(get_acl_blob, handle, fsp, NULL,
+                                  security_info, mem_ctx, ppdesc);
+       return status;
+}
+
+static NTSTATUS acl_tdb_get_nt_acl(vfs_handle_struct *handle,
+                                  const struct smb_filename *smb_fname,
+                                  uint32_t security_info,
+                                  TALLOC_CTX *mem_ctx,
+                                  struct security_descriptor **ppdesc)
+{
+       NTSTATUS status;
+       status = get_nt_acl_common(get_acl_blob, handle, NULL, smb_fname,
+                                  security_info, mem_ctx, ppdesc);
+       return status;
+}
+
+static NTSTATUS acl_tdb_fset_nt_acl(vfs_handle_struct *handle,
+                                   files_struct *fsp,
+                                   uint32_t security_info_sent,
+                                   const struct security_descriptor *psd)
+{
+       NTSTATUS status;
+       status = fset_nt_acl_common(get_acl_blob, store_acl_blob_fsp,
+                                   ACL_MODULE_NAME,
+                                   handle, fsp, security_info_sent, psd);
+       return status;
+}
+
 static struct vfs_fn_pointers vfs_acl_tdb_fns = {
        .connect_fn = connect_acl_tdb,
        .disconnect_fn = disconnect_acl_tdb,
@@ -458,9 +493,9 @@ static struct vfs_fn_pointers vfs_acl_tdb_fns = {
        .unlink_fn = unlink_acl_tdb,
        .chmod_fn = chmod_acl_module_common,
        .fchmod_fn = fchmod_acl_module_common,
-       .fget_nt_acl_fn = fget_nt_acl_common,
-       .get_nt_acl_fn = get_nt_acl_common,
-       .fset_nt_acl_fn = fset_nt_acl_common,
+       .fget_nt_acl_fn = acl_tdb_fget_nt_acl,
+       .get_nt_acl_fn = acl_tdb_get_nt_acl,
+       .fset_nt_acl_fn = acl_tdb_fset_nt_acl,
        .chmod_acl_fn = chmod_acl_acl_module_common,
        .fchmod_acl_fn = fchmod_acl_acl_module_common,
        .sys_acl_set_file_fn = sys_acl_set_file_tdb,
index 367be65..38ad81c 100644 (file)
 #include "includes.h"
 #include "smbd/smbd.h"
 #include "librpc/gen_ndr/xattr.h"
-#include "librpc/gen_ndr/ndr_xattr.h"
 #include "../lib/crypto/sha256.h"
 #include "auth.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_VFS
+#include "vfs_acl_common.h"
 
 /* Pull in the common functions. */
 #define ACL_MODULE_NAME "acl_xattr"
 
-#include "modules/vfs_acl_common.c"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_VFS
 
 /*******************************************************************
  Pull a security descriptor into a DATA_BLOB from a xattr.
@@ -222,7 +220,7 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle,
                return ret;
        }
 
-       ok = init_acl_common_config(handle);
+       ok = init_acl_common_config(handle, ACL_MODULE_NAME);
        if (!ok) {
                DBG_ERR("init_acl_common_config failed\n");
                return -1;
@@ -280,15 +278,51 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle,
        return 0;
 }
 
+static NTSTATUS acl_xattr_fget_nt_acl(vfs_handle_struct *handle,
+                                     files_struct *fsp,
+                                     uint32_t security_info,
+                                     TALLOC_CTX *mem_ctx,
+                                     struct security_descriptor **ppdesc)
+{
+       NTSTATUS status;
+       status = get_nt_acl_common(get_acl_blob, handle, fsp, NULL,
+                                  security_info, mem_ctx, ppdesc);
+       return status;
+}
+
+static NTSTATUS acl_xattr_get_nt_acl(vfs_handle_struct *handle,
+                                    const struct smb_filename *smb_fname,
+                                    uint32_t security_info,
+                                    TALLOC_CTX *mem_ctx,
+                                    struct security_descriptor **ppdesc)
+{
+       NTSTATUS status;
+       status = get_nt_acl_common(get_acl_blob, handle, NULL, smb_fname,
+                                  security_info, mem_ctx, ppdesc);
+       return status;
+}
+
+static NTSTATUS acl_xattr_fset_nt_acl(vfs_handle_struct *handle,
+                                     files_struct *fsp,
+                                     uint32_t security_info_sent,
+                                     const struct security_descriptor *psd)
+{
+       NTSTATUS status;
+       status = fset_nt_acl_common(get_acl_blob, store_acl_blob_fsp,
+                                   ACL_MODULE_NAME,
+                                   handle, fsp, security_info_sent, psd);
+       return status;
+}
+
 static struct vfs_fn_pointers vfs_acl_xattr_fns = {
        .connect_fn = connect_acl_xattr,
        .rmdir_fn = rmdir_acl_common,
        .unlink_fn = unlink_acl_common,
        .chmod_fn = chmod_acl_module_common,
        .fchmod_fn = fchmod_acl_module_common,
-       .fget_nt_acl_fn = fget_nt_acl_common,
-       .get_nt_acl_fn = get_nt_acl_common,
-       .fset_nt_acl_fn = fset_nt_acl_common,
+       .fget_nt_acl_fn = acl_xattr_fget_nt_acl,
+       .get_nt_acl_fn = acl_xattr_get_nt_acl,
+       .fset_nt_acl_fn = acl_xattr_fset_nt_acl,
        .chmod_acl_fn = chmod_acl_acl_module_common,
        .fchmod_acl_fn = fchmod_acl_acl_module_common,
        .sys_acl_set_file_fn = sys_acl_set_file_xattr,
index 840fdef..58aaf2e 100644 (file)
@@ -4,6 +4,9 @@ bld.SAMBA3_SUBSYSTEM('NFS4_ACLS',
                     source='nfs4_acls.c',
                     deps='samba-util tdb')
 
+bld.SAMBA3_SUBSYSTEM('vfs_acl_common',
+                     source='vfs_acl_common.c')
+
 bld.SAMBA3_SUBSYSTEM('POSIXACL_XATTR',
                  source='posixacl_xattr.c',
                  enabled=(bld.SAMBA3_IS_ENABLED_MODULE('vfs_ceph') or bld.SAMBA3_IS_ENABLED_MODULE('vfs_glusterfs')),
@@ -357,7 +360,7 @@ bld.SAMBA3_MODULE('vfs_syncops',
 bld.SAMBA3_MODULE('vfs_acl_xattr',
                  subsystem='vfs',
                  source='vfs_acl_xattr.c',
-                 deps='samba-util',
+                 deps='samba-util vfs_acl_common',
                  init_function='',
                  internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_acl_xattr'),
                  enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_acl_xattr'))
@@ -365,7 +368,7 @@ bld.SAMBA3_MODULE('vfs_acl_xattr',
 bld.SAMBA3_MODULE('vfs_acl_tdb',
                  subsystem='vfs',
                  source='vfs_acl_tdb.c',
-                 deps='NDR_XATTR tdb',
+                 deps='samba-util vfs_acl_common',
                  init_function='',
                  internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_acl_tdb'),
                  enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_acl_tdb'))
index 4230b6a..7cf757b 100644 (file)
@@ -748,6 +748,7 @@ bld.SAMBA3_LIBRARY('smbd_base',
                         netapi
                         NDR_IOCTL
                         notifyd
+                        vfs_acl_common
                    ''' +
                    bld.env['dmapi_lib'] +
                    bld.env['legacy_quota_libs'] +