ret = SMB_VFS_FSETXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME,
pai_buf, store_size, 0);
} else {
- ret = SMB_VFS_SETXATTR(fsp->conn, fsp->fsp_name->base_name,
+ ret = SMB_VFS_SETXATTR(fsp->conn, fsp->fsp_name,
SAMBA_POSIX_INHERITANCE_EA_NAME,
pai_buf, store_size, 0);
}
const char *entry_offset,
bool def_entry)
{
- int i;
+ unsigned int i;
for (i = 0; i < paiv->num_entries; i++) {
struct pai_entry *paie = talloc(talloc_tos(), struct pai_entry);
pai_buf, pai_buf_size);
} else {
ret = SMB_VFS_GETXATTR(fsp->conn,
- fsp->fsp_name->base_name,
+ fsp->fsp_name,
SAMBA_POSIX_INHERITANCE_EA_NAME,
pai_buf, pai_buf_size);
}
************************************************************************/
static struct pai_val *load_inherited_info(const struct connection_struct *conn,
- const char *fname)
+ const struct smb_filename *smb_fname)
{
char *pai_buf;
size_t pai_buf_size = 1024;
}
do {
- ret = SMB_VFS_GETXATTR(conn, fname,
+ ret = SMB_VFS_GETXATTR(conn, smb_fname,
SAMBA_POSIX_INHERITANCE_EA_NAME,
pai_buf, pai_buf_size);
}
} while (ret == -1);
- DEBUG(10,("load_inherited_info: ret = %lu for file %s\n", (unsigned long)ret, fname));
+ DEBUG(10,("load_inherited_info: ret = %lu for file %s\n",
+ (unsigned long)ret, smb_fname->base_name));
if (ret == -1) {
/* No attribute or not supported. */
if (paiv) {
DEBUG(10,("load_inherited_info: ACL type 0x%x for file %s\n",
(unsigned int)paiv->sd_type,
- fname));
+ smb_fname->base_name));
}
TALLOC_FREE(pai_buf);
dbgtext( "canon_ace index %d. Type = %s ", num, pace->attr == ALLOW_ACE ? "allow" : "deny" );
dbgtext( "SID = %s ", sid_string_dbg(&pace->trustee));
if (pace->owner_type == UID_ACE) {
- const char *u_name = uidtoname(pace->unix_ug.id);
- dbgtext( "uid %u (%s) ", (unsigned int)pace->unix_ug.id, u_name );
+ dbgtext( "uid %u ", (unsigned int)pace->unix_ug.id);
} else if (pace->owner_type == GID_ACE) {
- char *g_name = gidtoname(pace->unix_ug.id);
- dbgtext( "gid %u (%s) ", (unsigned int)pace->unix_ug.id, g_name );
+ dbgtext( "gid %u ", (unsigned int)pace->unix_ug.id);
} else
dbgtext( "other ");
switch (pace->type) {
Function to create owner and group SIDs from a SMB_STRUCT_STAT.
****************************************************************************/
-void create_file_sids(const SMB_STRUCT_STAT *psbuf, struct dom_sid *powner_sid, struct dom_sid *pgroup_sid)
+static void create_file_sids(const SMB_STRUCT_STAT *psbuf,
+ struct dom_sid *powner_sid,
+ struct dom_sid *pgroup_sid)
{
uid_to_sid( powner_sid, psbuf->st_ex_uid );
gid_to_sid( pgroup_sid, psbuf->st_ex_gid );
canon_ace *current_ace = NULL;
bool got_dir_allow = False;
bool got_file_allow = False;
- int i, j;
+ uint32_t i, j;
*ppfile_ace = NULL;
*ppdir_ace = NULL;
* Now go through the DACL and create the canon_ace lists.
*/
- if (!create_canon_ace_lists( fsp, pst, pfile_owner_sid, pfile_grp_sid,
- &file_ace, &dir_ace, psd->dacl))
+ if (!create_canon_ace_lists(fsp, pst, pfile_owner_sid, pfile_grp_sid,
+ &file_ace, &dir_ace, psd->dacl)) {
return False;
+ }
if ((file_ace == NULL) && (dir_ace == NULL)) {
/* W2K traverse DACL set - ignore. */
.attr = ALLOW_ACE,
.trustee = sid,
.unix_ug = unix_ug,
- .owner_type = owner_type,
- .ace_flags = get_pai_flags(pal, ace, is_default_acl)
+ .owner_type = owner_type
};
+ ace->ace_flags = get_pai_flags(pal, ace, is_default_acl);
DLIST_ADD(l_head, ace);
}
bool current_user_in_group(connection_struct *conn, gid_t gid)
{
- int i;
+ uint32_t i;
const struct security_unix_token *utok = get_current_utok(conn);
for (i = 0; i < utok->ngroups; i++) {
*/
if(default_ace || fsp->is_directory || fsp->fh->fd == -1) {
- if (SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name->base_name,
+ if (SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name,
the_acl_type, the_acl) == -1) {
/*
* Some systems allow all the above calls and only fail with no ACL support
become_root();
sret = SMB_VFS_SYS_ACL_SET_FILE(conn,
- fsp->fsp_name->base_name, the_acl_type,
+ fsp->fsp_name, the_acl_type,
the_acl);
unbecome_root();
if (sret == 0) {
const struct dom_sid *sid, enum security_ace_type type,
uint32_t mask, uint8_t flags)
{
- int i;
+ size_t i;
/* first search for a duplicate */
for (i = 0; i < *num_aces; i++) {
if (i < *num_aces) { /* found */
nt_ace_list[i].type = type;
nt_ace_list[i].access_mask = mask;
- DEBUG(10, ("Replacing ACE %d with SID %s and flags %02x\n",
+ DEBUG(10, ("Replacing ACE %zu with SID %s and flags %02x\n",
i, sid_string_dbg(sid), flags));
return;
}
size_t num_profile_acls = 0;
struct dom_sid orig_owner_sid;
struct security_descriptor *psd = NULL;
- int i;
/*
* Get the owner, group and world SIDs.
* would lead to usability problems under Windows: The Creator entries
* are only available in browse lists of directories and not for files;
* additionally the identity of the owning group couldn't be determined.
- * We therefore use those identities only for Default ACLs.
+ * We therefore use those identities only for Default ACLs.
*/
/* Create the canon_ace lists. */
SMB_ACL_TYPE_ACCESS);
/* We must have *some* ACLS. */
-
+
if (count_canon_ace_list(file_ace) == 0) {
DEBUG(0,("get_nt_acl : No ACLs on file (%s) !\n", name));
goto done;
num_acls = count_canon_ace_list(file_ace);
num_def_acls = count_canon_ace_list(dir_ace);
- /* Allocate the ace list. */
- if ((nt_ace_list = talloc_array(talloc_tos(), struct security_ace,num_acls + num_profile_acls + num_def_acls)) == NULL) {
+ nt_ace_list = talloc_zero_array(
+ talloc_tos(), struct security_ace,
+ num_acls + num_profile_acls + num_def_acls);
+
+ if (nt_ace_list == NULL) {
DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
goto done;
}
- memset(nt_ace_list, '\0', (num_acls + num_def_acls) * sizeof(struct security_ace) );
-
/*
* Create the NT ACE list from the canonical ace lists.
*/
num_aces = merge_default_aces(nt_ace_list, num_aces);
if (lp_profile_acls(SNUM(conn))) {
+ size_t i;
+
for (i = 0; i < num_aces; i++) {
if (dom_sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
add_or_replace_ace(nt_ace_list, &num_aces,
}
/* Get the ACL from the path. */
- posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname->base_name,
+ posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname,
SMB_ACL_TYPE_ACCESS, frame);
/* If it's a directory get the default POSIX ACL. */
if(S_ISDIR(smb_fname->st.st_ex_mode)) {
- def_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname->base_name,
+ def_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname,
SMB_ACL_TYPE_DEFAULT, frame);
def_acl = free_empty_sys_acl(conn, def_acl);
}
- pal = load_inherited_info(conn, smb_fname->base_name);
+ pal = load_inherited_info(conn, smb_fname);
status = posix_get_nt_acl_common(conn,
smb_fname->base_name,
become_root();
}
sret = SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn,
- fsp->fsp_name->base_name);
+ fsp->fsp_name);
if (set_acl_as_root) {
unbecome_root();
}
sret =
SMB_VFS_SYS_ACL_DELETE_DEF_FILE(
conn,
- fsp->fsp_name->base_name);
+ fsp->fsp_name);
unbecome_root();
}
the mask bits, not the real group bits, for a file with an ACL.
****************************************************************************/
-int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode )
+int get_acl_group_bits( connection_struct *conn,
+ const struct smb_filename *smb_fname,
+ mode_t *mode )
{
int entry_id = SMB_ACL_FIRST_ENTRY;
SMB_ACL_ENTRY_T entry;
SMB_ACL_T posix_acl;
int result = -1;
- posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname,
+ posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname,
SMB_ACL_TYPE_ACCESS, talloc_tos());
if (posix_acl == (SMB_ACL_T)NULL)
return -1;
resulting ACL on TO. Note that name is in UNIX character set.
****************************************************************************/
-static int copy_access_posix_acl(connection_struct *conn, const char *from, const char *to, mode_t mode)
+static int copy_access_posix_acl(connection_struct *conn,
+ const struct smb_filename *smb_fname_from,
+ const struct smb_filename *smb_fname_to,
+ mode_t mode)
{
SMB_ACL_T posix_acl = NULL;
int ret = -1;
- if ((posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, from,
+ if ((posix_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname_from,
SMB_ACL_TYPE_ACCESS,
talloc_tos())) == NULL)
return -1;
if ((ret = chmod_acl_internals(conn, posix_acl, mode)) == -1)
goto done;
- ret = SMB_VFS_SYS_ACL_SET_FILE(conn, to, SMB_ACL_TYPE_ACCESS, posix_acl);
+ ret = SMB_VFS_SYS_ACL_SET_FILE(conn, smb_fname_to,
+ SMB_ACL_TYPE_ACCESS, posix_acl);
done:
Note that name is in UNIX character set.
****************************************************************************/
-int chmod_acl(connection_struct *conn, const char *name, mode_t mode)
+int chmod_acl(connection_struct *conn,
+ const struct smb_filename *smb_fname,
+ mode_t mode)
{
- return copy_access_posix_acl(conn, name, name, mode);
+ return copy_access_posix_acl(conn, smb_fname, smb_fname, mode);
}
/****************************************************************************
Check for an existing default POSIX ACL on a directory.
****************************************************************************/
-static bool directory_has_default_posix_acl(connection_struct *conn, const char *fname)
+static bool directory_has_default_posix_acl(connection_struct *conn,
+ const struct smb_filename *smb_fname)
{
- SMB_ACL_T def_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname,
+ SMB_ACL_T def_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname,
SMB_ACL_TYPE_DEFAULT,
talloc_tos());
bool has_acl = False;
inherit this Access ACL to file name.
****************************************************************************/
-int inherit_access_posix_acl(connection_struct *conn, const char *inherit_from_dir,
- const char *name, mode_t mode)
+int inherit_access_posix_acl(connection_struct *conn,
+ const char *inherit_from_dir,
+ const struct smb_filename *smb_fname,
+ mode_t mode)
{
- if (directory_has_default_posix_acl(conn, inherit_from_dir))
+ struct smb_filename *inherit_from_fname =
+ synthetic_smb_fname(talloc_tos(),
+ smb_fname->base_name,
+ NULL,
+ NULL,
+ smb_fname->flags);
+ if (inherit_from_fname == NULL) {
+ return-1;
+ }
+
+ if (directory_has_default_posix_acl(conn, inherit_from_fname))
return 0;
- return copy_access_posix_acl(conn, inherit_from_dir, name, mode);
+ return copy_access_posix_acl(conn, inherit_from_fname, smb_fname, mode);
}
/****************************************************************************
on the directory.
****************************************************************************/
-bool set_unix_posix_default_acl(connection_struct *conn, const char *fname, const SMB_STRUCT_STAT *psbuf,
- uint16_t num_def_acls, const char *pdata)
+bool set_unix_posix_default_acl(connection_struct *conn,
+ const struct smb_filename *smb_fname,
+ uint16_t num_def_acls,
+ const char *pdata)
{
SMB_ACL_T def_acl = NULL;
- if (!S_ISDIR(psbuf->st_ex_mode)) {
+ if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
if (num_def_acls) {
- DEBUG(5,("set_unix_posix_default_acl: Can't set default ACL on non-directory file %s\n", fname ));
+ DEBUG(5,("set_unix_posix_default_acl: Can't "
+ "set default ACL on non-directory file %s\n",
+ smb_fname->base_name ));
errno = EISDIR;
return False;
} else {
if (!num_def_acls) {
/* Remove the default ACL. */
- if (SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fname) == -1) {
+ if (SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, smb_fname) == -1) {
DEBUG(5,("set_unix_posix_default_acl: acl_delete_def_file failed on directory %s (%s)\n",
- fname, strerror(errno) ));
+ smb_fname->base_name, strerror(errno) ));
return False;
}
return True;
return False;
}
- if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_DEFAULT, def_acl) == -1) {
+ if (SMB_VFS_SYS_ACL_SET_FILE(conn, smb_fname,
+ SMB_ACL_TYPE_DEFAULT, def_acl) == -1) {
DEBUG(5,("set_unix_posix_default_acl: acl_set_file failed on directory %s (%s)\n",
- fname, strerror(errno) ));
+ smb_fname->base_name, strerror(errno) ));
TALLOC_FREE(def_acl);
return False;
}
- DEBUG(10,("set_unix_posix_default_acl: set default acl for file %s\n", fname ));
+ DEBUG(10,("set_unix_posix_default_acl: set default acl for file %s\n",
+ smb_fname->base_name ));
TALLOC_FREE(def_acl);
return True;
}
FIXME ! How does the share mask/mode fit into this.... ?
****************************************************************************/
-static bool remove_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname)
+static bool remove_posix_acl(connection_struct *conn,
+ files_struct *fsp,
+ const struct smb_filename *smb_fname)
{
SMB_ACL_T file_acl = NULL;
int entry_id = SMB_ACL_FIRST_ENTRY;
SMB_ACL_ENTRY_T entry;
bool ret = False;
+ const char *fname = smb_fname->base_name;
/* Create a new ACL with only 3 entries, u/g/w. */
SMB_ACL_T new_file_acl = sys_acl_init(talloc_tos());
SMB_ACL_ENTRY_T user_ent = NULL;
if (fsp && fsp->fh->fd != -1) {
file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, talloc_tos());
} else {
- file_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, fname,
+ file_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname,
SMB_ACL_TYPE_ACCESS,
talloc_tos());
}
goto done;
}
} else {
- if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS, new_file_acl) == -1) {
+ if (SMB_VFS_SYS_ACL_SET_FILE(conn,
+ smb_fname,
+ SMB_ACL_TYPE_ACCESS,
+ new_file_acl) == -1) {
DEBUG(5,("remove_posix_acl: acl_set_file failed on %s (%s)\n",
fname, strerror(errno) ));
goto done;
except SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER.
****************************************************************************/
-bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16_t num_acls, const char *pdata)
+bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp,
+ const struct smb_filename *smb_fname,
+ uint16_t num_acls,
+ const char *pdata)
{
SMB_ACL_T file_acl = NULL;
+ const char *fname = smb_fname->base_name;
if (!num_acls) {
/* Remove the ACL from the file. */
- return remove_posix_acl(conn, fsp, fname);
+ return remove_posix_acl(conn, fsp, smb_fname);
}
if ((file_acl = create_posix_acl_from_wire(conn, num_acls,
return False;
}
} else {
- if (SMB_VFS_SYS_ACL_SET_FILE(conn, fname, SMB_ACL_TYPE_ACCESS, file_acl) == -1) {
+ if (SMB_VFS_SYS_ACL_SET_FILE(conn, smb_fname,
+ SMB_ACL_TYPE_ACCESS, file_acl) == -1) {
DEBUG(5,("set_unix_posix_acl: acl_set_file failed on %s (%s)\n",
fname, strerror(errno) ));
TALLOC_FREE(file_acl);
}
int posix_sys_acl_blob_get_file(vfs_handle_struct *handle,
- const char *path_p,
+ const struct smb_filename *smb_fname_in,
TALLOC_CTX *mem_ctx,
char **blob_description,
DATA_BLOB *blob)
struct smb_acl_wrapper acl_wrapper = {
NULL
};
- struct smb_filename *smb_fname;
-
- smb_fname = synthetic_smb_fname(frame, path_p, NULL, NULL, 0);
+ struct smb_filename *smb_fname = cp_smb_filename_nostream(frame,
+ smb_fname_in);
if (smb_fname == NULL) {
TALLOC_FREE(frame);
errno = ENOMEM;
acl_wrapper.access_acl
= smb_vfs_call_sys_acl_get_file(handle,
- path_p,
+ smb_fname,
SMB_ACL_TYPE_ACCESS,
frame);
if (S_ISDIR(smb_fname->st.st_ex_mode)) {
acl_wrapper.default_acl
= smb_vfs_call_sys_acl_get_file(handle,
- path_p,
+ smb_fname,
SMB_ACL_TYPE_DEFAULT,
frame);
}
/* This ensures that we also consider the default ACL */
if (fsp->is_directory || fsp->fh->fd == -1) {
- return posix_sys_acl_blob_get_file(handle, fsp->fsp_name->base_name,
- mem_ctx, blob_description, blob);
+ return posix_sys_acl_blob_get_file(handle,
+ fsp->fsp_name,
+ mem_ctx,
+ blob_description,
+ blob);
}
frame = talloc_stackframe();
acl_wrapper.default_acl = NULL;
- acl_wrapper.access_acl = smb_vfs_call_sys_acl_get_file(handle, fsp->fsp_name->base_name,
- SMB_ACL_TYPE_ACCESS, frame);
+ acl_wrapper.access_acl = smb_vfs_call_sys_acl_get_file(handle,
+ fsp->fsp_name,
+ SMB_ACL_TYPE_ACCESS,
+ frame);
ret = smb_vfs_call_fstat(handle, fsp, &sbuf);
if (ret == -1) {