smbd-posix_acls: Use a IDL union to store the ACL entry

This is a clearer, long-term-stable structure we can hash without
risking it changing.

Andrew Bartlett

diff --git a/librpc/idl/smb_acl.idl b/librpc/idl/smb_acl.idl
index 7f672996b0b4196dee9de8a36bfe4f32e561a79b..2904c3afa487825091808111c60a0f77d609cb49 100644 (file)
--- a/librpc/idl/smb_acl.idl
+++ b/librpc/idl/smb_acl.idl
@@ -40,18 +40,34 @@ interface smb_acl
                SMB_ACL_OTHER       = 5,
                SMB_ACL_MASK        = 6
        } smb_acl_tag_t;
-       
+
        typedef struct {
-               smb_acl_tag_t a_type;
-               mode_t a_perm;
                uid_t uid;
+       } smb_acl_user;
+
+       typedef struct {
                gid_t gid;
+       } smb_acl_group;
+
+       typedef [switch_type(uint16)] union {
+               [case (SMB_ACL_USER)] smb_acl_user user;
+               [case (SMB_ACL_USER_OBJ)];
+               [case (SMB_ACL_GROUP)] smb_acl_group group;
+               [case (SMB_ACL_GROUP_OBJ)];
+               [case (SMB_ACL_OTHER)];
+               [case (SMB_ACL_MASK)];          
+       } smb_acl_entry_info;
+
+       typedef struct {
+               smb_acl_tag_t a_type;
+               [switch_is(a_type)] smb_acl_entry_info info;
+               mode_t a_perm;
        } smb_acl_entry;
        
        [public] typedef struct {
-               int     size;
+               [value(0)] int  size;
                int     count;
-               int     next;
+               [value(0)] int  next;
                [size_is(count)] smb_acl_entry acl[*];
        } smb_acl_t;
        

diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c
index 31966c6077e9b08cfad5a2894c4e74a252bc6d1b..1b6eb9a35c5bd3dab4492c541c875f764414a8df 100644 (file)
--- a/source3/lib/sysacls.c
+++ b/source3/lib/sysacls.c
@@ -107,11 +107,11 @@ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
 void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
 {
        if (entry_d->a_type == SMB_ACL_USER) {
-               return &entry_d->uid;
+               return &entry_d->info.user.uid;
                }
 
        if (entry_d->a_type == SMB_ACL_GROUP) {
-               return &entry_d->gid;
+               return &entry_d->info.group.gid;
        }
 
        errno = EINVAL;
@@ -189,15 +189,15 @@ char *sys_acl_to_text(const struct smb_acl_t *acl_d, ssize_t *len_p)
                                break;
  
                        case SMB_ACL_USER:
-                               id = uidtoname(ap->uid);
+                               id = uidtoname(ap->info.user.uid);
                        case SMB_ACL_USER_OBJ:
                                tag = "user";
                                break;
 
                        case SMB_ACL_GROUP:
-                               if ((gr = getgrgid(ap->gid)) == NULL) {
+                               if ((gr = getgrgid(ap->info.group.gid)) == NULL) {
                                        slprintf(idbuf, sizeof(idbuf)-1, "%ld",
-                                               (long)ap->gid);
+                                               (long)ap->info.group.gid);
                                        id = idbuf;
                                } else {
                                        id = gr->gr_name;
@@ -294,8 +294,6 @@ int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
 
        entry_d         = &acl_d->acl[acl_d->count++];
        entry_d->a_type = SMB_ACL_TAG_INVALID;
-       entry_d->uid    = -1;
-       entry_d->gid    = -1;
        entry_d->a_perm = 0;
        *entry_p        = entry_d;
 
@@ -324,11 +322,11 @@ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
 int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
 {
        if (entry_d->a_type == SMB_ACL_USER) {
-               entry_d->uid = *((uid_t *)qual_p);
+               entry_d->info.user.uid = *((uid_t *)qual_p);
                return 0;
                }
        if (entry_d->a_type == SMB_ACL_GROUP) {
-               entry_d->gid = *((gid_t *)qual_p);
+               entry_d->info.group.gid = *((gid_t *)qual_p);
                return 0;
        }
 

diff --git a/source3/modules/vfs_posixacl.c b/source3/modules/vfs_posixacl.c
index 407a3a1724f7f8733b6e04c578aac696dfdfe52d..c9f8bd5f2d17440de307766e2b681193e3a85be8 100644 (file)
--- a/source3/modules/vfs_posixacl.c
+++ b/source3/modules/vfs_posixacl.c
@@ -177,7 +177,7 @@ static bool smb_ace_to_internal(acl_entry_t posix_ace,
                        DEBUG(0, ("smb_acl_get_qualifier failed\n"));
                        return False;
                }
-               ace->uid = *puid;
+               ace->info.user.uid = *puid;
                acl_free(puid);
                break;
        }
@@ -188,7 +188,7 @@ static bool smb_ace_to_internal(acl_entry_t posix_ace,
                        DEBUG(0, ("smb_acl_get_qualifier failed\n"));
                        return False;
                }
-               ace->gid = *pgid;
+               ace->info.group.gid = *pgid;
                acl_free(pgid);
                break;
        }
@@ -323,14 +323,14 @@ static acl_t smb_acl_to_posix(const struct smb_acl_t *acl)
 
                switch (entry->a_type) {
                case SMB_ACL_USER:
-                       if (acl_set_qualifier(e, &entry->uid) != 0) {
+                       if (acl_set_qualifier(e, &entry->info.user.uid) != 0) {
                                DEBUG(1, ("acl_set_qualifiier failed: %s\n",
                                          strerror(errno)));
                                goto fail;
                        }
                        break;
                case SMB_ACL_GROUP:
-                       if (acl_set_qualifier(e, &entry->gid) != 0) {
+                       if (acl_set_qualifier(e, &entry->info.group.gid) != 0) {
                                DEBUG(1, ("acl_set_qualifiier failed: %s\n",
                                          strerror(errno)));
                                goto fail;

diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py
index ba0911d78c70955ddb79b95ba1bd549654790683..b323f91f1a3c57eccf69ecde0e62c6daad714f87 100644 (file)
--- a/source4/scripting/python/samba/tests/posixacl.py
+++ b/source4/scripting/python/samba/tests/posixacl.py
@@ -35,9 +35,6 @@ from samba.samba3 import param as s3param
 #            print "uid: %d" % entry.uid
 #            print "gid: %d" % entry.gid
             
-def is_minus_one(val):
-    return (val == -1 or val == 4294967295)
-
 class PosixAclMappingTests(TestCase):
 
     def test_setntacl(self):
@@ -162,48 +159,35 @@ class PosixAclMappingTests(TestCase):
 
         self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP)
         self.assertEquals(posix_acl.acl[0].a_perm, 7)
-        self.assertEquals(posix_acl.acl[0].gid, BA_gid)
-        self.assertTrue(is_minus_one(posix_acl.acl[0].uid))
+        self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)
 
         self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
         self.assertEquals(posix_acl.acl[1].a_perm, 6)
-        self.assertEquals(posix_acl.acl[1].uid, LA_uid)
-        self.assertTrue(is_minus_one(posix_acl.acl[1].gid))
+        self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)
 
         self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
         self.assertEquals(posix_acl.acl[2].a_perm, 0)
-        self.assertTrue(is_minus_one(posix_acl.acl[2].uid))
-        self.assertTrue(is_minus_one(posix_acl.acl[2].gid))
 
         self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
         self.assertEquals(posix_acl.acl[3].a_perm, 6)
-        self.assertTrue(is_minus_one(posix_acl.acl[3].uid))
-        self.assertTrue(is_minus_one(posix_acl.acl[3].gid))
 
         self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
         self.assertEquals(posix_acl.acl[4].a_perm, 7)
-        self.assertTrue(is_minus_one(posix_acl.acl[4].uid))
-        self.assertTrue(is_minus_one(posix_acl.acl[4].gid))
 
         self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP)
         self.assertEquals(posix_acl.acl[5].a_perm, 5)
-        self.assertEquals(posix_acl.acl[5].gid, SO_gid)
-        self.assertTrue(is_minus_one(posix_acl.acl[5].uid))
+        self.assertEquals(posix_acl.acl[5].info.gid, SO_gid)
 
         self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_GROUP)
         self.assertEquals(posix_acl.acl[6].a_perm, 7)
-        self.assertEquals(posix_acl.acl[6].gid, SY_gid)
-        self.assertTrue(is_minus_one(posix_acl.acl[6].uid))
+        self.assertEquals(posix_acl.acl[6].info.gid, SY_gid)
 
         self.assertEquals(posix_acl.acl[7].a_type, smb_acl.SMB_ACL_GROUP)
         self.assertEquals(posix_acl.acl[7].a_perm, 5)
-        self.assertEquals(posix_acl.acl[7].gid, AU_gid)
-        self.assertTrue(is_minus_one(posix_acl.acl[7].uid))
+        self.assertEquals(posix_acl.acl[7].info.gid, AU_gid)
 
         self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_MASK)
         self.assertEquals(posix_acl.acl[8].a_perm, 7)
-        self.assertTrue(is_minus_one(posix_acl.acl[8].uid))
-        self.assertTrue(is_minus_one(posix_acl.acl[8].gid))
 
 
 # check that it matches:
@@ -304,53 +288,39 @@ class PosixAclMappingTests(TestCase):
 
         self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP)
         self.assertEquals(posix_acl.acl[0].a_perm, 7)
-        self.assertEquals(posix_acl.acl[0].gid, BA_gid)
-        self.assertTrue(is_minus_one(posix_acl.acl[0].uid))
+        self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)
 
         self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
         self.assertEquals(posix_acl.acl[1].a_perm, 6)
-        self.assertEquals(posix_acl.acl[1].uid, LA_uid)
-        self.assertTrue(is_minus_one(posix_acl.acl[1].gid))
+        self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)
 
         self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
         self.assertEquals(posix_acl.acl[2].a_perm, 0)
-        self.assertTrue(is_minus_one(posix_acl.acl[2].uid))
-        self.assertTrue(is_minus_one(posix_acl.acl[2].gid))
 
         self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
         self.assertEquals(posix_acl.acl[3].a_perm, 6)
-        self.assertTrue(is_minus_one(posix_acl.acl[3].uid))
-        self.assertTrue(is_minus_one(posix_acl.acl[3].gid))
 
         self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
         self.assertEquals(posix_acl.acl[4].a_perm, 7)
-        self.assertTrue(is_minus_one(posix_acl.acl[4].uid))
-        self.assertTrue(is_minus_one(posix_acl.acl[4].gid))
 
         self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP)
         self.assertEquals(posix_acl.acl[5].a_perm, 5)
-        self.assertEquals(posix_acl.acl[5].gid, SO_gid)
-        self.assertTrue(is_minus_one(posix_acl.acl[5].uid))
+        self.assertEquals(posix_acl.acl[5].info.gid, SO_gid)
 
         self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_GROUP)
         self.assertEquals(posix_acl.acl[6].a_perm, 7)
-        self.assertEquals(posix_acl.acl[6].gid, SY_gid)
-        self.assertTrue(is_minus_one(posix_acl.acl[6].uid))
+        self.assertEquals(posix_acl.acl[6].info.gid, SY_gid)
 
         self.assertEquals(posix_acl.acl[7].a_type, smb_acl.SMB_ACL_GROUP)
         self.assertEquals(posix_acl.acl[7].a_perm, 5)
-        self.assertEquals(posix_acl.acl[7].gid, AU_gid)
-        self.assertTrue(is_minus_one(posix_acl.acl[7].uid))
+        self.assertEquals(posix_acl.acl[7].info.gid, AU_gid)
 
         self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_GROUP)
         self.assertEquals(posix_acl.acl[8].a_perm, 7)
-        self.assertEquals(posix_acl.acl[8].gid, PA_gid)
-        self.assertTrue(is_minus_one(posix_acl.acl[8].uid))
+        self.assertEquals(posix_acl.acl[8].info.gid, PA_gid)
 
         self.assertEquals(posix_acl.acl[9].a_type, smb_acl.SMB_ACL_MASK)
         self.assertEquals(posix_acl.acl[9].a_perm, 7)
-        self.assertTrue(is_minus_one(posix_acl.acl[9].uid))
-        self.assertTrue(is_minus_one(posix_acl.acl[9].gid))
 
 
 # check that it matches: