* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
+#include "includes.h"
+#include "vfs_acl_common.h"
#include "smbd/smbd.h"
#include "system/filesys.h"
+#include "librpc/gen_ndr/ndr_xattr.h"
#include "../libcli/security/security.h"
#include "../librpc/gen_ndr/ndr_security.h"
#include "../lib/util/bitmap.h"
+#include "lib/crypto/sha256.h"
#include "passdb/lookup_sid.h"
static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
uint16_t hash_type,
uint8_t hash[XATTR_SD_HASH_SIZE]);
-static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
- vfs_handle_struct *handle,
- files_struct *fsp,
- const struct smb_filename *smb_fname,
- DATA_BLOB *pblob);
-
-static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
- files_struct *fsp,
- DATA_BLOB *pblob);
-
#define HASH_SECURITY_INFO (SECINFO_OWNER | \
SECINFO_GROUP | \
SECINFO_DACL | \
SECINFO_SACL)
-enum default_acl_style {DEFAULT_ACL_POSIX, DEFAULT_ACL_WINDOWS};
-
static const struct enum_list default_acl_style[] = {
{DEFAULT_ACL_POSIX, "posix"},
{DEFAULT_ACL_WINDOWS, "windows"}
};
-struct acl_common_config {
- bool ignore_system_acls;
- enum default_acl_style default_acl_style;
-};
-
-static bool init_acl_common_config(vfs_handle_struct *handle)
+bool init_acl_common_config(vfs_handle_struct *handle,
+ const char *module_name)
{
struct acl_common_config *config = NULL;
}
config->ignore_system_acls = lp_parm_bool(SNUM(handle->conn),
- ACL_MODULE_NAME,
+ module_name,
"ignore system acls",
false);
config->default_acl_style = lp_parm_enum(SNUM(handle->conn),
- ACL_MODULE_NAME,
+ module_name,
"default acl style",
default_acl_style,
DEFAULT_ACL_POSIX);
filesystem sd.
*******************************************************************/
-static NTSTATUS get_nt_acl_internal(
+NTSTATUS get_nt_acl_common(
NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
vfs_handle_struct *handle,
files_struct *fsp,
return status;
}
-/*********************************************************************
- Fetch a security descriptor given an fsp.
-*********************************************************************/
-
-static NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle,
- files_struct *fsp,
- uint32_t security_info,
- TALLOC_CTX *mem_ctx,
- struct security_descriptor **ppdesc)
-{
- return get_nt_acl_internal(get_acl_blob, handle, fsp, NULL,
- security_info, mem_ctx, ppdesc);
-}
-
-/*********************************************************************
- Fetch a security descriptor given a pathname.
-*********************************************************************/
-
-static NTSTATUS get_nt_acl_common(vfs_handle_struct *handle,
- const struct smb_filename *smb_fname,
- uint32_t security_info,
- TALLOC_CTX *mem_ctx,
- struct security_descriptor **ppdesc)
-{
- return get_nt_acl_internal(get_acl_blob, handle, NULL, smb_fname,
- security_info, mem_ctx, ppdesc);
-}
-
/*********************************************************************
Set the underlying ACL (e.g. POSIX ACLS, POSIX owner, etc)
*********************************************************************/
Store a security descriptor given an fsp.
*********************************************************************/
-static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
- uint32_t security_info_sent, const struct security_descriptor *orig_psd)
+NTSTATUS fset_nt_acl_common(
+ NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
+ vfs_handle_struct *handle,
+ files_struct *fsp,
+ const struct smb_filename *smb_fname,
+ DATA_BLOB *pblob),
+ NTSTATUS (*store_acl_blob_fsp_fn)(vfs_handle_struct *handle,
+ files_struct *fsp,
+ DATA_BLOB *pblob),
+ const char *module_name,
+ vfs_handle_struct *handle, files_struct *fsp,
+ uint32_t security_info_sent,
+ const struct security_descriptor *orig_psd)
{
NTSTATUS status;
int ret;
char *sys_acl_description;
TALLOC_CTX *frame = talloc_stackframe();
bool ignore_file_system_acl = lp_parm_bool(
- SNUM(handle->conn), ACL_MODULE_NAME, "ignore system acls", false);
+ SNUM(handle->conn), module_name, "ignore system acls", false);
if (DEBUGLEVEL >= 10) {
DBG_DEBUG("incoming sd for file %s\n", fsp_str_dbg(fsp));
discard_const_p(struct security_descriptor, orig_psd));
}
- status = get_nt_acl_internal(get_acl_blob, handle, fsp,
+ status = get_nt_acl_common(get_acl_blob_fn, handle, fsp,
NULL,
SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL,
frame,
}
}
ZERO_ARRAY(hash);
- status = store_v3_blob(store_acl_blob_fsp, handle, fsp, psd,
+ status = store_v3_blob(store_acl_blob_fsp_fn, handle, fsp, psd,
NULL, hash);
TALLOC_FREE(frame);
/* If we fail to get the ACL blob (for some reason) then this
* is not fatal, we just work based on the NT ACL only */
if (ret != 0) {
- status = store_v3_blob(store_acl_blob_fsp, handle, fsp, psd,
+ status = store_v3_blob(store_acl_blob_fsp_fn, handle, fsp, psd,
pdesc_next, hash);
TALLOC_FREE(frame);
return status;
}
- status = store_acl_blob_fsp(handle, fsp, &blob);
+ status = store_acl_blob_fsp_fn(handle, fsp, &blob);
TALLOC_FREE(frame);
return status;
return ret;
}
-static int rmdir_acl_common(struct vfs_handle_struct *handle,
- const struct smb_filename *smb_fname)
+int rmdir_acl_common(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname)
{
int ret;
return -1;
}
-static int unlink_acl_common(struct vfs_handle_struct *handle,
+int unlink_acl_common(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname)
{
int ret;
return -1;
}
-static int chmod_acl_module_common(struct vfs_handle_struct *handle,
- const struct smb_filename *smb_fname,
- mode_t mode)
+int chmod_acl_module_common(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ mode_t mode)
{
if (smb_fname->flags & SMB_FILENAME_POSIX_PATH) {
/* Only allow this on POSIX pathnames. */
return 0;
}
-static int fchmod_acl_module_common(struct vfs_handle_struct *handle,
- struct files_struct *fsp, mode_t mode)
+int fchmod_acl_module_common(struct vfs_handle_struct *handle,
+ struct files_struct *fsp, mode_t mode)
{
if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
/* Only allow this on POSIX opens. */
return 0;
}
-static int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
- const struct smb_filename *smb_fname,
- mode_t mode)
+int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ mode_t mode)
{
if (smb_fname->flags & SMB_FILENAME_POSIX_PATH) {
/* Only allow this on POSIX pathnames. */
return 0;
}
-static int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
- struct files_struct *fsp, mode_t mode)
+int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
+ struct files_struct *fsp, mode_t mode)
{
if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
/* Only allow this on POSIX opens. */
--- /dev/null
+/*
+ * Store Windows ACLs in data store - common functions.
+ *
+ * Copyright (C) Volker Lendecke, 2008
+ * Copyright (C) Jeremy Allison, 2009
+ * Copyright (C) Ralph Böhme, 2016
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef __VFS_ACL_COMMON_H__
+#define __VFS_ACL_COMMON_H__
+
+enum default_acl_style {DEFAULT_ACL_POSIX, DEFAULT_ACL_WINDOWS};
+
+struct acl_common_config {
+ bool ignore_system_acls;
+ enum default_acl_style default_acl_style;
+};
+
+bool init_acl_common_config(vfs_handle_struct *handle,
+ const char *module_name);
+
+int rmdir_acl_common(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname);
+int unlink_acl_common(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname);
+int chmod_acl_module_common(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ mode_t mode);
+int fchmod_acl_module_common(struct vfs_handle_struct *handle,
+ struct files_struct *fsp, mode_t mode);
+int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ mode_t mode);
+int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
+ struct files_struct *fsp, mode_t mode);
+
+NTSTATUS get_nt_acl_common(
+ NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
+ vfs_handle_struct *handle,
+ files_struct *fsp,
+ const struct smb_filename *smb_fname,
+ DATA_BLOB *pblob),
+ vfs_handle_struct *handle,
+ files_struct *fsp,
+ const struct smb_filename *smb_fname_in,
+ uint32_t security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc);
+
+NTSTATUS fset_nt_acl_common(
+ NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
+ vfs_handle_struct *handle,
+ files_struct *fsp,
+ const struct smb_filename *smb_fname,
+ DATA_BLOB *pblob),
+ NTSTATUS (*store_acl_blob_fsp_fn)(vfs_handle_struct *handle,
+ files_struct *fsp,
+ DATA_BLOB *pblob),
+ const char *module_name,
+ vfs_handle_struct *handle, files_struct *fsp,
+ uint32_t security_info_sent,
+ const struct security_descriptor *orig_psd);
+
+
+
+#endif
#include "smbd/smbd.h"
#include "system/filesys.h"
#include "librpc/gen_ndr/xattr.h"
-#include "librpc/gen_ndr/ndr_xattr.h"
#include "../lib/crypto/sha256.h"
#include "dbwrap/dbwrap.h"
#include "dbwrap/dbwrap_open.h"
#include "auth.h"
#include "util_tdb.h"
+#include "vfs_acl_common.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_VFS
#define ACL_MODULE_NAME "acl_tdb"
-#include "modules/vfs_acl_common.c"
static unsigned int ref_count;
static struct db_context *acl_db;
return -1;
}
- ok = init_acl_common_config(handle);
+ ok = init_acl_common_config(handle, ACL_MODULE_NAME);
if (!ok) {
DBG_ERR("init_acl_common_config failed\n");
return -1;
return 0;
}
+static NTSTATUS acl_tdb_fget_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ uint32_t security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
+{
+ NTSTATUS status;
+ status = get_nt_acl_common(get_acl_blob, handle, fsp, NULL,
+ security_info, mem_ctx, ppdesc);
+ return status;
+}
+
+static NTSTATUS acl_tdb_get_nt_acl(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uint32_t security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
+{
+ NTSTATUS status;
+ status = get_nt_acl_common(get_acl_blob, handle, NULL, smb_fname,
+ security_info, mem_ctx, ppdesc);
+ return status;
+}
+
+static NTSTATUS acl_tdb_fset_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ uint32_t security_info_sent,
+ const struct security_descriptor *psd)
+{
+ NTSTATUS status;
+ status = fset_nt_acl_common(get_acl_blob, store_acl_blob_fsp,
+ ACL_MODULE_NAME,
+ handle, fsp, security_info_sent, psd);
+ return status;
+}
+
static struct vfs_fn_pointers vfs_acl_tdb_fns = {
.connect_fn = connect_acl_tdb,
.disconnect_fn = disconnect_acl_tdb,
.unlink_fn = unlink_acl_tdb,
.chmod_fn = chmod_acl_module_common,
.fchmod_fn = fchmod_acl_module_common,
- .fget_nt_acl_fn = fget_nt_acl_common,
- .get_nt_acl_fn = get_nt_acl_common,
- .fset_nt_acl_fn = fset_nt_acl_common,
+ .fget_nt_acl_fn = acl_tdb_fget_nt_acl,
+ .get_nt_acl_fn = acl_tdb_get_nt_acl,
+ .fset_nt_acl_fn = acl_tdb_fset_nt_acl,
.chmod_acl_fn = chmod_acl_acl_module_common,
.fchmod_acl_fn = fchmod_acl_acl_module_common,
.sys_acl_set_file_fn = sys_acl_set_file_tdb,
#include "includes.h"
#include "smbd/smbd.h"
#include "librpc/gen_ndr/xattr.h"
-#include "librpc/gen_ndr/ndr_xattr.h"
#include "../lib/crypto/sha256.h"
#include "auth.h"
-
-#undef DBGC_CLASS
-#define DBGC_CLASS DBGC_VFS
+#include "vfs_acl_common.h"
/* Pull in the common functions. */
#define ACL_MODULE_NAME "acl_xattr"
-#include "modules/vfs_acl_common.c"
+#undef DBGC_CLASS
+#define DBGC_CLASS DBGC_VFS
/*******************************************************************
Pull a security descriptor into a DATA_BLOB from a xattr.
return ret;
}
- ok = init_acl_common_config(handle);
+ ok = init_acl_common_config(handle, ACL_MODULE_NAME);
if (!ok) {
DBG_ERR("init_acl_common_config failed\n");
return -1;
return 0;
}
+static NTSTATUS acl_xattr_fget_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ uint32_t security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
+{
+ NTSTATUS status;
+ status = get_nt_acl_common(get_acl_blob, handle, fsp, NULL,
+ security_info, mem_ctx, ppdesc);
+ return status;
+}
+
+static NTSTATUS acl_xattr_get_nt_acl(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ uint32_t security_info,
+ TALLOC_CTX *mem_ctx,
+ struct security_descriptor **ppdesc)
+{
+ NTSTATUS status;
+ status = get_nt_acl_common(get_acl_blob, handle, NULL, smb_fname,
+ security_info, mem_ctx, ppdesc);
+ return status;
+}
+
+static NTSTATUS acl_xattr_fset_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ uint32_t security_info_sent,
+ const struct security_descriptor *psd)
+{
+ NTSTATUS status;
+ status = fset_nt_acl_common(get_acl_blob, store_acl_blob_fsp,
+ ACL_MODULE_NAME,
+ handle, fsp, security_info_sent, psd);
+ return status;
+}
+
static struct vfs_fn_pointers vfs_acl_xattr_fns = {
.connect_fn = connect_acl_xattr,
.rmdir_fn = rmdir_acl_common,
.unlink_fn = unlink_acl_common,
.chmod_fn = chmod_acl_module_common,
.fchmod_fn = fchmod_acl_module_common,
- .fget_nt_acl_fn = fget_nt_acl_common,
- .get_nt_acl_fn = get_nt_acl_common,
- .fset_nt_acl_fn = fset_nt_acl_common,
+ .fget_nt_acl_fn = acl_xattr_fget_nt_acl,
+ .get_nt_acl_fn = acl_xattr_get_nt_acl,
+ .fset_nt_acl_fn = acl_xattr_fset_nt_acl,
.chmod_acl_fn = chmod_acl_acl_module_common,
.fchmod_acl_fn = fchmod_acl_acl_module_common,
.sys_acl_set_file_fn = sys_acl_set_file_xattr,
source='nfs4_acls.c',
deps='samba-util tdb')
+bld.SAMBA3_SUBSYSTEM('vfs_acl_common',
+ source='vfs_acl_common.c')
+
bld.SAMBA3_SUBSYSTEM('POSIXACL_XATTR',
source='posixacl_xattr.c',
enabled=(bld.SAMBA3_IS_ENABLED_MODULE('vfs_ceph') or bld.SAMBA3_IS_ENABLED_MODULE('vfs_glusterfs')),
bld.SAMBA3_MODULE('vfs_acl_xattr',
subsystem='vfs',
source='vfs_acl_xattr.c',
- deps='samba-util',
+ deps='samba-util vfs_acl_common',
init_function='',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_acl_xattr'),
enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_acl_xattr'))
bld.SAMBA3_MODULE('vfs_acl_tdb',
subsystem='vfs',
source='vfs_acl_tdb.c',
- deps='NDR_XATTR tdb',
+ deps='samba-util vfs_acl_common',
init_function='',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_acl_tdb'),
enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_acl_tdb'))
netapi
NDR_IOCTL
notifyd
+ vfs_acl_common
''' +
bld.env['dmapi_lib'] +
bld.env['legacy_quota_libs'] +