Map POSIX ACL perms to canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits).
****************************************************************************/
-static mode_t convert_permset_to_mode_t(connection_struct *conn, SMB_ACL_PERMSET_T permset)
+static mode_t convert_permset_to_mode_t(SMB_ACL_PERMSET_T permset)
{
mode_t ret = 0;
- ret |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_READ) ? S_IRUSR : 0);
- ret |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_WRITE) ? S_IWUSR : 0);
- ret |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_EXECUTE) ? S_IXUSR : 0);
+ ret |= (sys_acl_get_perm(permset, SMB_ACL_READ) ? S_IRUSR : 0);
+ ret |= (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? S_IWUSR : 0);
+ ret |= (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? S_IXUSR : 0);
return ret;
}
static int map_acl_perms_to_permset(connection_struct *conn, mode_t mode, SMB_ACL_PERMSET_T *p_permset)
{
- if (SMB_VFS_SYS_ACL_CLEAR_PERMS(conn, *p_permset) == -1)
+ if (sys_acl_clear_perms(*p_permset) == -1)
return -1;
if (mode & S_IRUSR) {
- if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_READ) == -1)
+ if (sys_acl_add_perm(*p_permset, SMB_ACL_READ) == -1)
return -1;
}
if (mode & S_IWUSR) {
- if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_WRITE) == -1)
+ if (sys_acl_add_perm(*p_permset, SMB_ACL_WRITE) == -1)
return -1;
}
if (mode & S_IXUSR) {
- if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_EXECUTE) == -1)
+ if (sys_acl_add_perm(*p_permset, SMB_ACL_EXECUTE) == -1)
return -1;
}
return 0;
/* Get the initial bits to apply. */
if (is_directory) {
- and_bits = lp_dir_security_mask(params->service);
- or_bits = lp_force_dir_security_mode(params->service);
+ and_bits = lp_dir_mask(params->service);
+ or_bits = lp_force_dir_mode(params->service);
} else {
- and_bits = lp_security_mask(params->service);
- or_bits = lp_force_security_mode(params->service);
+ and_bits = lp_create_mask(params->service);
+ or_bits = lp_force_create_mode(params->service);
}
/* Now bounce them into the S_USR space. */
type.
****************************************************************************/
-static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace,
- const struct share_params *params,
- const bool is_directory,
- const struct dom_sid *pfile_owner_sid,
- const struct dom_sid *pfile_grp_sid,
- const SMB_STRUCT_STAT *pst,
- bool setting_acl)
+static bool ensure_canon_entry_valid(connection_struct *conn,
+ canon_ace **pp_ace,
+ bool is_default_acl,
+ const struct share_params *params,
+ const bool is_directory,
+ const struct dom_sid *pfile_owner_sid,
+ const struct dom_sid *pfile_grp_sid,
+ const SMB_STRUCT_STAT *pst,
+ bool setting_acl)
{
canon_ace *pace;
canon_ace *pace_user = NULL;
for (pace = *pp_ace; pace; pace = pace->next) {
if (pace->type == SMB_ACL_USER_OBJ) {
- if (setting_acl)
+ if (setting_acl && !is_default_acl) {
apply_default_perms(params, is_directory, pace, S_IRUSR);
+ }
pace_user = pace;
} else if (pace->type == SMB_ACL_GROUP_OBJ) {
* Ensure create mask/force create mode is respected on set.
*/
- if (setting_acl)
+ if (setting_acl && !is_default_acl) {
apply_default_perms(params, is_directory, pace, S_IRGRP);
+ }
pace_group = pace;
} else if (pace->type == SMB_ACL_OTHER) {
* Ensure create mask/force create mode is respected on set.
*/
- if (setting_acl)
+ if (setting_acl && !is_default_acl) {
apply_default_perms(params, is_directory, pace, S_IROTH);
+ }
pace_other = pace;
+
+ } else if (pace->type == SMB_ACL_USER || pace->type == SMB_ACL_GROUP) {
+
+ /*
+ * Ensure create mask/force create mode is respected on set.
+ */
+
+ if (setting_acl && !is_default_acl) {
+ apply_default_perms(params, is_directory, pace, S_IRGRP);
+ }
}
}
pace->perms = pace_other->perms;
}
- apply_default_perms(params, is_directory, pace, S_IRUSR);
+ if (!is_default_acl) {
+ apply_default_perms(params, is_directory, pace, S_IRUSR);
+ }
} else {
pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR);
}
pace->perms = pace_other->perms;
else
pace->perms = 0;
- apply_default_perms(params, is_directory, pace, S_IRGRP);
+ if (!is_default_acl) {
+ apply_default_perms(params, is_directory, pace, S_IRGRP);
+ }
} else {
pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRGRP, S_IWGRP, S_IXGRP);
}
pace->attr = ALLOW_ACE;
if (setting_acl) {
pace->perms = 0;
- apply_default_perms(params, is_directory, pace, S_IROTH);
+ if (!is_default_acl) {
+ apply_default_perms(params, is_directory, pace, S_IROTH);
+ }
} else
pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IROTH, S_IWOTH, S_IXOTH);
print_canon_ace_list( "file ace - before valid", file_ace);
- if (!ensure_canon_entry_valid(fsp->conn, &file_ace, fsp->conn->params,
+ if (!ensure_canon_entry_valid(fsp->conn, &file_ace, false, fsp->conn->params,
fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
print_canon_ace_list( "dir ace - before valid", dir_ace);
- if (dir_ace && !ensure_canon_entry_valid(fsp->conn, &dir_ace, fsp->conn->params,
+ if (dir_ace && !ensure_canon_entry_valid(fsp->conn, &dir_ace, true, fsp->conn->params,
fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
canon_ace *ace = NULL;
canon_ace *next_ace = NULL;
int entry_id = SMB_ACL_FIRST_ENTRY;
+ bool is_default_acl = (the_acl_type == SMB_ACL_TYPE_DEFAULT);
SMB_ACL_ENTRY_T entry;
size_t ace_count;
- while ( posix_acl && (SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1)) {
+ while ( posix_acl && (sys_acl_get_entry(posix_acl, entry_id, &entry) == 1)) {
SMB_ACL_TAG_T tagtype;
SMB_ACL_PERMSET_T permset;
struct dom_sid sid;
entry_id = SMB_ACL_NEXT_ENTRY;
/* Is this a MASK entry ? */
- if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1)
+ if (sys_acl_get_tag_type(entry, &tagtype) == -1)
continue;
- if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1)
+ if (sys_acl_get_permset(entry, &permset) == -1)
continue;
/* Decide which SID to use based on the ACL type. */
break;
case SMB_ACL_USER:
{
- uid_t *puid = (uid_t *)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry);
+ uid_t *puid = (uid_t *)sys_acl_get_qualifier(entry);
if (puid == NULL) {
DEBUG(0,("canonicalise_acl: Failed to get uid.\n"));
continue;
unix_ug.type = ID_TYPE_UID;
unix_ug.id = *puid;
owner_type = UID_ACE;
- SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)puid,tagtype);
break;
}
case SMB_ACL_GROUP_OBJ:
break;
case SMB_ACL_GROUP:
{
- gid_t *pgid = (gid_t *)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry);
+ gid_t *pgid = (gid_t *)sys_acl_get_qualifier(entry);
if (pgid == NULL) {
DEBUG(0,("canonicalise_acl: Failed to get gid.\n"));
continue;
unix_ug.type = ID_TYPE_GID;
unix_ug.id = *pgid;
owner_type = GID_ACE;
- SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)pgid,tagtype);
break;
}
case SMB_ACL_MASK:
- acl_mask = convert_permset_to_mode_t(conn, permset);
+ acl_mask = convert_permset_to_mode_t(permset);
continue; /* Don't count the mask as an entry. */
case SMB_ACL_OTHER:
/* Use the Everyone SID */
ZERO_STRUCTP(ace);
ace->type = tagtype;
- ace->perms = convert_permset_to_mode_t(conn, permset);
+ ace->perms = convert_permset_to_mode_t(permset);
ace->attr = ALLOW_ACE;
ace->trustee = sid;
ace->unix_ug = unix_ug;
ace->owner_type = owner_type;
- ace->ace_flags = get_pai_flags(pal, ace, (the_acl_type == SMB_ACL_TYPE_DEFAULT));
+ ace->ace_flags = get_pai_flags(pal, ace, is_default_acl);
DLIST_ADD(l_head, ace);
}
* This next call will ensure we have at least a user/group/world set.
*/
- if (!ensure_canon_entry_valid(conn, &l_head, conn->params,
+ if (!ensure_canon_entry_valid(conn, &l_head, is_default_acl, conn->params,
S_ISDIR(psbuf->st_ex_mode), powner, pgroup,
psbuf, False))
goto fail;
* acl_mask. Ensure all DENY Entries are at the start of the list.
*/
- DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", the_acl_type == SMB_ACL_TYPE_ACCESS ? "Access" : "Default" ));
+ DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", is_default_acl ? "Default" : "Access"));
for ( ace_count = 0, ace = l_head; ace; ace = next_ace, ace_count++) {
next_ace = ace->next;
{
connection_struct *conn = fsp->conn;
bool ret = False;
- SMB_ACL_T the_acl = SMB_VFS_SYS_ACL_INIT(conn, (int)count_canon_ace_list(the_ace) + 1);
+ SMB_ACL_T the_acl = sys_acl_init();
canon_ace *p_ace;
int i;
SMB_ACL_ENTRY_T mask_entry;
#endif
if (the_acl == NULL) {
-
- if (!no_acl_syscall_error(errno)) {
- /*
- * Only print this error message if we have some kind of ACL
- * support that's not working. Otherwise we would always get this.
- */
- DEBUG(0,("set_canon_ace_list: Unable to init %s ACL. (%s)\n",
- default_ace ? "default" : "file", strerror(errno) ));
- }
- *pacl_set_support = False;
- goto fail;
+ DEBUG(0, ("sys_acl_init failed to allocate an ACL\n"));
+ return false;
}
if( DEBUGLVL( 10 )) {
* Get the entry for this ACE.
*/
- if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &the_acl, &the_entry) == -1) {
+ if (sys_acl_create_entry(&the_acl, &the_entry) == -1) {
DEBUG(0,("set_canon_ace_list: Failed to create entry %d. (%s)\n",
i, strerror(errno) ));
goto fail;
* First tell the entry what type of ACE this is.
*/
- if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, the_entry, p_ace->type) == -1) {
+ if (sys_acl_set_tag_type(the_entry, p_ace->type) == -1) {
DEBUG(0,("set_canon_ace_list: Failed to set tag type on entry %d. (%s)\n",
i, strerror(errno) ));
goto fail;
*/
if ((p_ace->type == SMB_ACL_USER) || (p_ace->type == SMB_ACL_GROUP)) {
- if (SMB_VFS_SYS_ACL_SET_QUALIFIER(conn, the_entry,(void *)&p_ace->unix_ug.id) == -1) {
+ if (sys_acl_set_qualifier(the_entry,(void *)&p_ace->unix_ug.id) == -1) {
DEBUG(0,("set_canon_ace_list: Failed to set qualifier on entry %d. (%s)\n",
i, strerror(errno) ));
goto fail;
* Convert the mode_t perms in the canon_ace to a POSIX permset.
*/
- if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, the_entry, &the_permset) == -1) {
+ if (sys_acl_get_permset(the_entry, &the_permset) == -1) {
DEBUG(0,("set_canon_ace_list: Failed to get permset on entry %d. (%s)\n",
i, strerror(errno) ));
goto fail;
* ..and apply them to the entry.
*/
- if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, the_entry, the_permset) == -1) {
+ if (sys_acl_set_permset(the_entry, the_permset) == -1) {
DEBUG(0,("set_canon_ace_list: Failed to add permset on entry %d. (%s)\n",
i, strerror(errno) ));
goto fail;
}
if (needs_mask && !got_mask_entry) {
- if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &the_acl, &mask_entry) == -1) {
+ if (sys_acl_create_entry(&the_acl, &mask_entry) == -1) {
DEBUG(0,("set_canon_ace_list: Failed to create mask entry. (%s)\n", strerror(errno) ));
goto fail;
}
- if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, mask_entry, SMB_ACL_MASK) == -1) {
+ if (sys_acl_set_tag_type(mask_entry, SMB_ACL_MASK) == -1) {
DEBUG(0,("set_canon_ace_list: Failed to set tag type on mask entry. (%s)\n",strerror(errno) ));
goto fail;
}
- if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, mask_entry, &mask_permset) == -1) {
+ if (sys_acl_get_permset(mask_entry, &mask_permset) == -1) {
DEBUG(0,("set_canon_ace_list: Failed to get mask permset. (%s)\n", strerror(errno) ));
goto fail;
}
goto fail;
}
- if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, mask_entry, mask_permset) == -1) {
+ if (sys_acl_set_permset(mask_entry, mask_permset) == -1) {
DEBUG(0,("set_canon_ace_list: Failed to add mask permset. (%s)\n", strerror(errno) ));
goto fail;
}
fail:
if (the_acl != NULL) {
- SMB_VFS_SYS_ACL_FREE_ACL(conn, the_acl);
+ TALLOC_FREE(the_acl);
}
return ret;
if (!the_acl)
return NULL;
- if (SMB_VFS_SYS_ACL_GET_ENTRY(conn, the_acl, SMB_ACL_FIRST_ENTRY, &entry) != 1) {
- SMB_VFS_SYS_ACL_FREE_ACL(conn, the_acl);
+ if (sys_acl_get_entry(the_acl, SMB_ACL_FIRST_ENTRY, &entry) != 1) {
+ TALLOC_FREE(the_acl);
return NULL;
}
return the_acl;
/* Get the initial bits to apply. */
if (fsp->is_directory) {
- and_bits = lp_dir_security_mask(snum);
- or_bits = lp_force_dir_security_mode(snum);
+ and_bits = lp_dir_mask(snum);
+ or_bits = lp_force_dir_mode(snum);
} else {
- and_bits = lp_security_mask(snum);
- or_bits = lp_force_security_mode(snum);
+ and_bits = lp_create_mask(snum);
+ or_bits = lp_force_create_mode(snum);
}
*posix_perms = (((*posix_perms) & and_bits)|or_bits);
done:
if (posix_acl) {
- SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
+ TALLOC_FREE(posix_acl);
}
if (def_acl) {
- SMB_VFS_SYS_ACL_FREE_ACL(conn, def_acl);
+ TALLOC_FREE(def_acl);
}
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
if (posix_acl == (SMB_ACL_T)NULL)
return -1;
- while (SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1) {
+ while (sys_acl_get_entry(posix_acl, entry_id, &entry) == 1) {
SMB_ACL_TAG_T tagtype;
SMB_ACL_PERMSET_T permset;
entry_id = SMB_ACL_NEXT_ENTRY;
- if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) ==-1)
+ if (sys_acl_get_tag_type(entry, &tagtype) ==-1)
break;
if (tagtype == SMB_ACL_GROUP_OBJ) {
- if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1) {
+ if (sys_acl_get_permset(entry, &permset) == -1) {
break;
} else {
*mode &= ~(S_IRGRP|S_IWGRP|S_IXGRP);
- *mode |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_READ) ? S_IRGRP : 0);
- *mode |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_WRITE) ? S_IWGRP : 0);
- *mode |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_EXECUTE) ? S_IXGRP : 0);
+ *mode |= (sys_acl_get_perm(permset, SMB_ACL_READ) ? S_IRGRP : 0);
+ *mode |= (sys_acl_get_perm(permset, SMB_ACL_WRITE) ? S_IWGRP : 0);
+ *mode |= (sys_acl_get_perm(permset, SMB_ACL_EXECUTE) ? S_IXGRP : 0);
result = 0;
break;
}
}
}
- SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
+ TALLOC_FREE(posix_acl);
return result;
}
SMB_ACL_ENTRY_T entry;
int num_entries = 0;
- while ( SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1) {
+ while ( sys_acl_get_entry(posix_acl, entry_id, &entry) == 1) {
SMB_ACL_TAG_T tagtype;
SMB_ACL_PERMSET_T permset;
mode_t perms;
entry_id = SMB_ACL_NEXT_ENTRY;
- if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1)
+ if (sys_acl_get_tag_type(entry, &tagtype) == -1)
return -1;
- if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1)
+ if (sys_acl_get_permset(entry, &permset) == -1)
return -1;
num_entries++;
if (map_acl_perms_to_permset(conn, perms, &permset) == -1)
return -1;
- if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, entry, permset) == -1)
+ if (sys_acl_set_permset(entry, permset) == -1)
return -1;
}
done:
- SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
+ TALLOC_FREE(posix_acl);
return ret;
}
bool has_acl = False;
SMB_ACL_ENTRY_T entry;
- if (def_acl != NULL && (SMB_VFS_SYS_ACL_GET_ENTRY(conn, def_acl, SMB_ACL_FIRST_ENTRY, &entry) == 1)) {
+ if (def_acl != NULL && (sys_acl_get_entry(def_acl, SMB_ACL_FIRST_ENTRY, &entry) == 1)) {
has_acl = True;
}
if (def_acl) {
- SMB_VFS_SYS_ACL_FREE_ACL(conn, def_acl);
+ TALLOC_FREE(def_acl);
}
return has_acl;
}
done:
- SMB_VFS_SYS_ACL_FREE_ACL(conn, posix_acl);
+ TALLOC_FREE(posix_acl);
return ret;
}
return False;
}
- if (SMB_VFS_SYS_ACL_CLEAR_PERMS(conn, *p_permset) == -1) {
+ if (sys_acl_clear_perms(*p_permset) == -1) {
return False;
}
if (wire_perm & SMB_POSIX_ACL_READ) {
- if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_READ) == -1) {
+ if (sys_acl_add_perm(*p_permset, SMB_ACL_READ) == -1) {
return False;
}
}
if (wire_perm & SMB_POSIX_ACL_WRITE) {
- if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_WRITE) == -1) {
+ if (sys_acl_add_perm(*p_permset, SMB_ACL_WRITE) == -1) {
return False;
}
}
if (wire_perm & SMB_POSIX_ACL_EXECUTE) {
- if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_EXECUTE) == -1) {
+ if (sys_acl_add_perm(*p_permset, SMB_ACL_EXECUTE) == -1) {
return False;
}
}
static SMB_ACL_T create_posix_acl_from_wire(connection_struct *conn, uint16 num_acls, const char *pdata)
{
unsigned int i;
- SMB_ACL_T the_acl = SMB_VFS_SYS_ACL_INIT(conn, num_acls);
+ SMB_ACL_T the_acl = sys_acl_init();
if (the_acl == NULL) {
return NULL;
SMB_ACL_PERMSET_T the_permset;
SMB_ACL_TAG_T tag_type;
- if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &the_acl, &the_entry) == -1) {
+ if (sys_acl_create_entry(&the_acl, &the_entry) == -1) {
DEBUG(0,("create_posix_acl_from_wire: Failed to create entry %u. (%s)\n",
i, strerror(errno) ));
goto fail;
goto fail;
}
- if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, the_entry, tag_type) == -1) {
+ if (sys_acl_set_tag_type(the_entry, tag_type) == -1) {
DEBUG(0,("create_posix_acl_from_wire: Failed to set tagtype on entry %u. (%s)\n",
i, strerror(errno) ));
goto fail;
}
/* Get the permset pointer from the new ACL entry. */
- if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, the_entry, &the_permset) == -1) {
+ if (sys_acl_get_permset(the_entry, &the_permset) == -1) {
DEBUG(0,("create_posix_acl_from_wire: Failed to get permset on entry %u. (%s)\n",
i, strerror(errno) ));
goto fail;
}
/* Now apply to the new ACL entry. */
- if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, the_entry, the_permset) == -1) {
+ if (sys_acl_set_permset(the_entry, the_permset) == -1) {
DEBUG(0,("create_posix_acl_from_wire: Failed to add permset on entry %u. (%s)\n",
i, strerror(errno) ));
goto fail;
if (tag_type == SMB_ACL_USER) {
uint32 uidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2);
uid_t uid = (uid_t)uidval;
- if (SMB_VFS_SYS_ACL_SET_QUALIFIER(conn, the_entry,(void *)&uid) == -1) {
+ if (sys_acl_set_qualifier(the_entry,(void *)&uid) == -1) {
DEBUG(0,("create_posix_acl_from_wire: Failed to set uid %u on entry %u. (%s)\n",
(unsigned int)uid, i, strerror(errno) ));
goto fail;
if (tag_type == SMB_ACL_GROUP) {
uint32 gidval = IVAL(pdata,(i*SMB_POSIX_ACL_ENTRY_SIZE)+2);
gid_t gid = (uid_t)gidval;
- if (SMB_VFS_SYS_ACL_SET_QUALIFIER(conn, the_entry,(void *)&gid) == -1) {
+ if (sys_acl_set_qualifier(the_entry,(void *)&gid) == -1) {
DEBUG(0,("create_posix_acl_from_wire: Failed to set gid %u on entry %u. (%s)\n",
(unsigned int)gid, i, strerror(errno) ));
goto fail;
fail:
if (the_acl != NULL) {
- SMB_VFS_SYS_ACL_FREE_ACL(conn, the_acl);
+ TALLOC_FREE(the_acl);
}
return NULL;
}
if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_DEFAULT, def_acl) == -1) {
DEBUG(5,("set_unix_posix_default_acl: acl_set_file failed on directory %s (%s)\n",
fname, strerror(errno) ));
- SMB_VFS_SYS_ACL_FREE_ACL(conn, def_acl);
+ TALLOC_FREE(def_acl);
return False;
}
DEBUG(10,("set_unix_posix_default_acl: set default acl for file %s\n", fname ));
- SMB_VFS_SYS_ACL_FREE_ACL(conn, def_acl);
+ TALLOC_FREE(def_acl);
return True;
}
SMB_ACL_ENTRY_T entry;
bool ret = False;
/* Create a new ACL with only 3 entries, u/g/w. */
- SMB_ACL_T new_file_acl = SMB_VFS_SYS_ACL_INIT(conn, 3);
+ SMB_ACL_T new_file_acl = sys_acl_init();
SMB_ACL_ENTRY_T user_ent = NULL;
SMB_ACL_ENTRY_T group_ent = NULL;
SMB_ACL_ENTRY_T other_ent = NULL;
}
/* Now create the u/g/w entries. */
- if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &new_file_acl, &user_ent) == -1) {
+ if (sys_acl_create_entry(&new_file_acl, &user_ent) == -1) {
DEBUG(5,("remove_posix_acl: Failed to create user entry for file %s. (%s)\n",
fname, strerror(errno) ));
goto done;
}
- if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, user_ent, SMB_ACL_USER_OBJ) == -1) {
+ if (sys_acl_set_tag_type(user_ent, SMB_ACL_USER_OBJ) == -1) {
DEBUG(5,("remove_posix_acl: Failed to set user entry for file %s. (%s)\n",
fname, strerror(errno) ));
goto done;
}
- if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &new_file_acl, &group_ent) == -1) {
+ if (sys_acl_create_entry(&new_file_acl, &group_ent) == -1) {
DEBUG(5,("remove_posix_acl: Failed to create group entry for file %s. (%s)\n",
fname, strerror(errno) ));
goto done;
}
- if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, group_ent, SMB_ACL_GROUP_OBJ) == -1) {
+ if (sys_acl_set_tag_type(group_ent, SMB_ACL_GROUP_OBJ) == -1) {
DEBUG(5,("remove_posix_acl: Failed to set group entry for file %s. (%s)\n",
fname, strerror(errno) ));
goto done;
}
- if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &new_file_acl, &other_ent) == -1) {
+ if (sys_acl_create_entry(&new_file_acl, &other_ent) == -1) {
DEBUG(5,("remove_posix_acl: Failed to create other entry for file %s. (%s)\n",
fname, strerror(errno) ));
goto done;
}
- if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, other_ent, SMB_ACL_OTHER) == -1) {
+ if (sys_acl_set_tag_type(other_ent, SMB_ACL_OTHER) == -1) {
DEBUG(5,("remove_posix_acl: Failed to set other entry for file %s. (%s)\n",
fname, strerror(errno) ));
goto done;
goto done;
}
- while ( SMB_VFS_SYS_ACL_GET_ENTRY(conn, file_acl, entry_id, &entry) == 1) {
+ while ( sys_acl_get_entry(file_acl, entry_id, &entry) == 1) {
SMB_ACL_TAG_T tagtype;
SMB_ACL_PERMSET_T permset;
entry_id = SMB_ACL_NEXT_ENTRY;
- if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1) {
+ if (sys_acl_get_tag_type(entry, &tagtype) == -1) {
DEBUG(5,("remove_posix_acl: failed to get tagtype from ACL on file %s (%s).\n",
fname, strerror(errno) ));
goto done;
}
- if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1) {
+ if (sys_acl_get_permset(entry, &permset) == -1) {
DEBUG(5,("remove_posix_acl: failed to get permset from ACL on file %s (%s).\n",
fname, strerror(errno) ));
goto done;
}
if (tagtype == SMB_ACL_USER_OBJ) {
- if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, user_ent, permset) == -1) {
+ if (sys_acl_set_permset(user_ent, permset) == -1) {
DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
fname, strerror(errno) ));
}
} else if (tagtype == SMB_ACL_GROUP_OBJ) {
- if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, group_ent, permset) == -1) {
+ if (sys_acl_set_permset(group_ent, permset) == -1) {
DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
fname, strerror(errno) ));
}
} else if (tagtype == SMB_ACL_OTHER) {
- if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, other_ent, permset) == -1) {
+ if (sys_acl_set_permset(other_ent, permset) == -1) {
DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
fname, strerror(errno) ));
}
done:
if (file_acl) {
- SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl);
+ TALLOC_FREE(file_acl);
}
if (new_file_acl) {
- SMB_VFS_SYS_ACL_FREE_ACL(conn, new_file_acl);
+ TALLOC_FREE(new_file_acl);
}
return ret;
}
if (SMB_VFS_SYS_ACL_SET_FD(fsp, file_acl) == -1) {
DEBUG(5,("set_unix_posix_acl: acl_set_file failed on %s (%s)\n",
fname, strerror(errno) ));
- SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl);
+ TALLOC_FREE(file_acl);
return False;
}
} else {
if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS, file_acl) == -1) {
DEBUG(5,("set_unix_posix_acl: acl_set_file failed on %s (%s)\n",
fname, strerror(errno) ));
- SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl);
+ TALLOC_FREE(file_acl);
return False;
}
}
DEBUG(10,("set_unix_posix_acl: set acl for file %s\n", fname ));
- SMB_VFS_SYS_ACL_FREE_ACL(conn, file_acl);
+ TALLOC_FREE(file_acl);
return True;
}
Assume we are dealing with files (for now)
********************************************************************/
-struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname)
+struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname, uint32 security_info_wanted)
{
struct security_descriptor *psd, *ret_sd;
connection_struct *conn;
files_struct finfo;
struct fd_handle fh;
NTSTATUS status;
+ TALLOC_CTX *frame = talloc_stackframe();
- conn = talloc_zero(ctx, connection_struct);
+ conn = talloc_zero(frame, connection_struct);
if (conn == NULL) {
DEBUG(0, ("talloc failed\n"));
return NULL;
if (!(conn->params = talloc(conn, struct share_params))) {
DEBUG(0,("get_nt_acl_no_snum: talloc() failed!\n"));
- TALLOC_FREE(conn);
+ TALLOC_FREE(frame);
return NULL;
}
if (!smbd_vfs_init(conn)) {
DEBUG(0,("get_nt_acl_no_snum: Unable to create a fake connection struct!\n"));
conn_free(conn);
+ TALLOC_FREE(frame);
return NULL;
}
finfo.fh = &fh;
finfo.fh->fd = -1;
- status = create_synthetic_smb_fname(talloc_tos(), fname, NULL, NULL,
+ status = create_synthetic_smb_fname(frame, fname, NULL, NULL,
&finfo.fsp_name);
if (!NT_STATUS_IS_OK(status)) {
conn_free(conn);
+ TALLOC_FREE(frame);
return NULL;
}
- if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, SECINFO_DACL, &psd))) {
+ if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, security_info_wanted, &psd))) {
DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n"));
TALLOC_FREE(finfo.fsp_name);
conn_free(conn);
+ TALLOC_FREE(frame);
return NULL;
}
TALLOC_FREE(finfo.fsp_name);
conn_free(conn);
+ TALLOC_FREE(frame);
return ret_sd;
}