Bumps VFS version to 35.
Preparing to reduce use of lp_posix_pathnames().
Most of this is boilerplate, the only subtleties are in
the modules:
vfs_catia.c
vfs_media_harmony.c
vfs_shadow_copy2.c
vfs_unityed_media.c
Where the path is modified then passed to SMB_VFS_NEXT_GET_NT_ACL().
In these cases the change uses synthetic_smb_fname() to
create a new struct smb_filename from the modified path.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>
}
static NTSTATUS skel_get_nt_acl(vfs_handle_struct *handle,
- const char *name, uint32_t security_info,
+ const struct smb_filename *smb_fname,
+ uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
}
static NTSTATUS skel_get_nt_acl(vfs_handle_struct *handle,
- const char *name, uint32_t security_info,
+ const struct smb_filename *smb_fname,
+ uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
- return SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, mem_ctx,
- ppdesc);
+ return SMB_VFS_NEXT_GET_NT_ACL(handle,
+ smb_fname,
+ security_info,
+ mem_ctx,
+ ppdesc);
}
static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
/* Bump to version 34 - Samba 4.4 will ship with that */
/* Version 34 - Remove bool posix_open, add uint64_t posix_flags */
/* Version 34 - Added bool posix_pathnames to struct smb_request */
+/* Bump to version 35 - Samba 4.5 will ship with that */
+/* Version 35 - Change get_nt_acl_fn from const char *, to
+ const struct smb_filename * */
-#define SMB_VFS_INTERFACE_VERSION 34
+#define SMB_VFS_INTERFACE_VERSION 35
/*
All intercepted VFS operations must be declared as static functions inside module source
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc);
NTSTATUS (*get_nt_acl_fn)(struct vfs_handle_struct *handle,
- const char *name,
+ const struct smb_filename *smb_fname,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc);
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc);
NTSTATUS smb_vfs_call_get_nt_acl(struct vfs_handle_struct *handle,
- const char *name,
+ const struct smb_filename *smb_fname,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc);
#define SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, mem_ctx, ppdesc) \
smb_vfs_call_fget_nt_acl((handle)->next, (fsp), (security_info), (mem_ctx), (ppdesc))
-#define SMB_VFS_GET_NT_ACL(conn, name, security_info, mem_ctx, ppdesc) \
- smb_vfs_call_get_nt_acl((conn)->vfs_handles, (name), (security_info), (mem_ctx), (ppdesc))
-#define SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, mem_ctx, ppdesc) \
- smb_vfs_call_get_nt_acl((handle)->next, (name), (security_info), (mem_ctx), (ppdesc))
+#define SMB_VFS_GET_NT_ACL(conn, smb_fname, security_info, mem_ctx, ppdesc) \
+ smb_vfs_call_get_nt_acl((conn)->vfs_handles, (smb_fname), (security_info), (mem_ctx), (ppdesc))
+#define SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info, mem_ctx, ppdesc) \
+ smb_vfs_call_get_nt_acl((handle)->next, (smb_fname), (security_info), (mem_ctx), (ppdesc))
#define SMB_VFS_AUDIT_FILE(conn, name, sacl, access_requested, access_denied) \
smb_vfs_call_audit_file((conn)->vfs_handles, (name), (sacl), (access_requested), (access_denied))
static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
files_struct *fsp,
- const char *name,
+ const struct smb_filename *smb_fname,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
uint8_t sys_acl_hash_tmp[XATTR_SD_HASH_SIZE];
struct security_descriptor *psd = NULL;
struct security_descriptor *pdesc_next = NULL;
+ const char *name = NULL;
bool ignore_file_system_acl = lp_parm_bool(SNUM(handle->conn),
ACL_MODULE_NAME,
"ignore system acls",
false);
TALLOC_CTX *frame = talloc_stackframe();
- if (fsp && name == NULL) {
+ if (fsp && smb_fname == NULL) {
name = fsp->fsp_name->base_name;
+ } else {
+ name = smb_fname->base_name;
}
DEBUG(10, ("get_nt_acl_internal: name=%s\n", name));
&pdesc_next);
} else {
status = SMB_VFS_NEXT_GET_NT_ACL(handle,
- name,
+ smb_fname,
HASH_SECURITY_INFO,
mem_ctx,
&pdesc_next);
&pdesc_next);
} else {
status = SMB_VFS_NEXT_GET_NT_ACL(handle,
- name,
+ smb_fname,
security_info,
mem_ctx,
&pdesc_next);
*********************************************************************/
static NTSTATUS get_nt_acl_common(vfs_handle_struct *handle,
- const char *name,
+ const struct smb_filename *smb_fname,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
- return get_nt_acl_internal(handle, NULL,
- name, security_info, mem_ctx, ppdesc);
+ return get_nt_acl_internal(handle,
+ NULL,
+ smb_fname,
+ security_info,
+ mem_ctx,
+ ppdesc);
}
/*********************************************************************
static NTSTATUS
catia_get_nt_acl(struct vfs_handle_struct *handle,
- const char *path,
+ const struct smb_filename *smb_fname,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
char *mapped_name = NULL;
+ const char *path = smb_fname->base_name;
+ struct smb_filename *mapped_smb_fname = NULL;
NTSTATUS status;
status = catia_string_replace_allocate(handle->conn,
errno = map_errno_from_nt_status(status);
return status;
}
- status = SMB_VFS_NEXT_GET_NT_ACL(handle, mapped_name,
+ mapped_smb_fname = synthetic_smb_fname(talloc_tos(),
+ mapped_name,
+ NULL,
+ NULL);
+ if (mapped_smb_fname == NULL) {
+ TALLOC_FREE(mapped_name);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = SMB_VFS_NEXT_GET_NT_ACL(handle, mapped_smb_fname,
security_info, mem_ctx, ppdesc);
TALLOC_FREE(mapped_name);
+ TALLOC_FREE(mapped_smb_fname);
return status;
}
}
static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle,
- const char *name,
+ const struct smb_filename *smb_fname,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
NTSTATUS result;
START_PROFILE(get_nt_acl);
- result = posix_get_nt_acl(handle->conn, name, security_info,
- mem_ctx, ppdesc);
+ result = posix_get_nt_acl(handle->conn,
+ smb_fname->base_name,
+ security_info,
+ mem_ctx,
+ ppdesc);
END_PROFILE(get_nt_acl);
return result;
}
}
static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
- const char *name,
+ const struct smb_filename *smb_fname,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
NTSTATUS result;
- result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info,
+ result = SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info,
mem_ctx, ppdesc);
do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
- "%s", name);
+ "%s", smb_fname_str_do_log(smb_fname));
return result;
}
* In this case, "name" is a path.
*/
static NTSTATUS mh_get_nt_acl(vfs_handle_struct *handle,
- const char *name,
+ const struct smb_filename *smb_fname,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
NTSTATUS status;
char *clientPath;
+ struct smb_filename *client_smb_fname = NULL;
TALLOC_CTX *ctx;
DEBUG(MH_INFO_DEBUG, ("Entering mh_get_nt_acl\n"));
- if (!is_in_media_files(name))
+ if (!is_in_media_files(smb_fname->base_name))
{
- status = SMB_VFS_NEXT_GET_NT_ACL(handle, name,
+ status = SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname,
security_info,
mem_ctx, ppdesc);
goto out;
ctx = talloc_tos();
if (alloc_get_client_path(handle, ctx,
- name,
+ smb_fname->base_name,
&clientPath))
{
status = map_nt_error_from_unix(errno);
goto err;
}
- status = SMB_VFS_NEXT_GET_NT_ACL(handle, clientPath,
+ client_smb_fname = synthetic_smb_fname(talloc_tos(),
+ clientPath,
+ NULL,
+ NULL);
+ if (client_smb_fname == NULL) {
+ TALLOC_FREE(clientPath);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = SMB_VFS_NEXT_GET_NT_ACL(handle, client_smb_fname,
security_info,
mem_ctx, ppdesc);
err:
TALLOC_FREE(clientPath);
+ TALLOC_FREE(client_smb_fname);
out:
return status;
}
}
static NTSTATUS nfs4acl_xattr_get_nt_acl(struct vfs_handle_struct *handle,
- const char *name, uint32_t security_info,
+ const struct smb_filename *smb_fname,
+ uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
struct SMB4ACL_T *pacl;
NTSTATUS status;
+ const char *name = smb_fname->base_name;
TALLOC_CTX *frame = talloc_stackframe();
status = nfs4_get_nfs4_acl(handle, frame, name, &pacl);
char *stripped;
NTSTATUS status;
char *conv;
+ struct smb_filename *smb_fname = NULL;
if (!shadow_copy2_strip_snapshot(talloc_tos(), handle,
fsp->fsp_name->base_name,
if (conv == NULL) {
return map_nt_error_from_unix(errno);
}
- status = SMB_VFS_NEXT_GET_NT_ACL(handle, conv, security_info,
+ smb_fname = synthetic_smb_fname(talloc_tos(),
+ conv,
+ NULL,
+ NULL);
+ if (smb_fname == NULL) {
+ TALLOC_FREE(conv);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info,
mem_ctx, ppdesc);
TALLOC_FREE(conv);
+ TALLOC_FREE(smb_fname);
return status;
}
static NTSTATUS shadow_copy2_get_nt_acl(vfs_handle_struct *handle,
- const char *fname,
+ const struct smb_filename *smb_fname,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
char *stripped;
NTSTATUS status;
char *conv;
+ struct smb_filename *conv_smb_fname = NULL;
- if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, fname,
- ×tamp, &stripped)) {
+ if (!shadow_copy2_strip_snapshot(talloc_tos(),
+ handle,
+ smb_fname->base_name,
+ ×tamp,
+ &stripped)) {
return map_nt_error_from_unix(errno);
}
if (timestamp == 0) {
- return SMB_VFS_NEXT_GET_NT_ACL(handle, fname, security_info,
+ return SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info,
mem_ctx, ppdesc);
}
conv = shadow_copy2_convert(talloc_tos(), handle, stripped, timestamp);
if (conv == NULL) {
return map_nt_error_from_unix(errno);
}
- status = SMB_VFS_NEXT_GET_NT_ACL(handle, conv, security_info,
+ conv_smb_fname = synthetic_smb_fname(talloc_tos(),
+ conv,
+ NULL,
+ NULL);
+ if (conv_smb_fname == NULL) {
+ TALLOC_FREE(conv);
+ return NT_STATUS_NO_MEMORY;
+ }
+ status = SMB_VFS_NEXT_GET_NT_ACL(handle, conv_smb_fname, security_info,
mem_ctx, ppdesc);
TALLOC_FREE(conv);
+ TALLOC_FREE(conv_smb_fname);
return status;
}
}
static NTSTATUS smb_time_audit_get_nt_acl(vfs_handle_struct *handle,
- const char *name,
+ const struct smb_filename *smb_fname,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
double timediff;
clock_gettime_mono(&ts1);
- result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info,
+ result = SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info,
mem_ctx, ppdesc);
clock_gettime_mono(&ts2);
timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9;
if (timediff > audit_timeout) {
- smb_time_audit_log_fname("get_nt_acl", timediff, name);
+ smb_time_audit_log_fname("get_nt_acl",
+ timediff,
+ smb_fname->base_name);
}
return result;
*/
static NTSTATUS um_get_nt_acl(vfs_handle_struct *handle,
- const char *name,
+ const struct smb_filename *smb_fname,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
NTSTATUS status;
char *client_path = NULL;
+ struct smb_filename *client_smb_fname = NULL;
int ret;
DEBUG(10, ("Entering um_get_nt_acl\n"));
- if (!is_in_media_files(name)) {
- return SMB_VFS_NEXT_GET_NT_ACL(handle, name,
+ if (!is_in_media_files(smb_fname->base_name)) {
+ return SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname,
security_info,
mem_ctx, ppdesc);
}
ret = alloc_get_client_path(handle, talloc_tos(),
- name, &client_path);
+ smb_fname->base_name, &client_path);
if (ret != 0) {
status = map_nt_error_from_unix(errno);
goto err;
}
- status = SMB_VFS_NEXT_GET_NT_ACL(handle, client_path,
+ client_smb_fname = synthetic_smb_fname(talloc_tos(),
+ client_path,
+ NULL,
+ NULL);
+ if (client_smb_fname == NULL) {
+ TALLOC_FREE(client_path);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = SMB_VFS_NEXT_GET_NT_ACL(handle, client_smb_fname,
security_info,
mem_ctx, ppdesc);
err:
+ TALLOC_FREE(client_smb_fname);
TALLOC_FREE(client_path);
return status;
}
}
status = SMB_VFS_GET_NT_ACL(conn,
- smb_fname->base_name,
+ smb_fname,
(SECINFO_OWNER |
SECINFO_GROUP |
SECINFO_DACL),
{
struct security_descriptor *secdesc = NULL;
unsigned int i;
- NTSTATUS status = SMB_VFS_GET_NT_ACL(conn, fname,
+ NTSTATUS status;
+ struct smb_filename *smb_fname = synthetic_smb_fname(talloc_tos(),
+ fname,
+ NULL,
+ NULL);
+
+ if (smb_fname == NULL) {
+ return false;
+ }
+
+ status = SMB_VFS_GET_NT_ACL(conn, smb_fname,
SECINFO_DACL, talloc_tos(),
&secdesc);
return NT_STATUS_OK;
}
- status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
+ status = SMB_VFS_GET_NT_ACL(conn, smb_fname,
(SECINFO_OWNER |
SECINFO_GROUP |
SECINFO_DACL), talloc_tos(), &sd);
char *parent_dir = NULL;
struct security_descriptor *parent_sd = NULL;
uint32_t access_granted = 0;
+ struct smb_filename *parent_smb_fname = NULL;
if (!parent_dirname(talloc_tos(),
smb_fname->base_name,
return NT_STATUS_NO_MEMORY;
}
+ parent_smb_fname = synthetic_smb_fname(talloc_tos(),
+ parent_dir,
+ NULL,
+ NULL);
+ if (parent_smb_fname == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
if (get_current_uid(conn) == (uid_t)0) {
/* I'm sorry sir, I didn't know you were root... */
DEBUG(10,("check_parent_access: root override "
}
status = SMB_VFS_GET_NT_ACL(conn,
- parent_dir,
+ parent_smb_fname,
SECINFO_DACL,
talloc_tos(),
&parent_sd);
return NT_STATUS_OK;
}
- status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
+ status = SMB_VFS_GET_NT_ACL(conn, smb_fname,
(SECINFO_OWNER |
SECINFO_GROUP |
SECINFO_DACL),
const struct dom_sid *SY_U_sid = NULL;
const struct dom_sid *SY_G_sid = NULL;
size_t size = 0;
+ struct smb_filename *parent_smb_fname = NULL;
if (!parent_dirname(frame, fsp->fsp_name->base_name, &parent_name, NULL)) {
TALLOC_FREE(frame);
return NT_STATUS_NO_MEMORY;
}
+ parent_smb_fname = synthetic_smb_fname(talloc_tos(),
+ parent_name,
+ NULL,
+ NULL);
+
+ if (parent_smb_fname == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
status = SMB_VFS_GET_NT_ACL(fsp->conn,
- parent_name,
+ parent_smb_fname,
(SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL),
frame,
&parent_desc);
TALLOC_CTX *frame = talloc_stackframe();
connection_struct *conn;
NTSTATUS status = NT_STATUS_OK;
+ struct smb_filename *smb_fname = synthetic_smb_fname(talloc_tos(),
+ fname,
+ NULL,
+ NULL);
+
+ if (smb_fname == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
if (!posix_locking_init(false)) {
TALLOC_FREE(frame);
return status;
}
- status = SMB_VFS_GET_NT_ACL(conn, fname, security_info_wanted, ctx, sd);
+ status = SMB_VFS_GET_NT_ACL(conn,
+ smb_fname,
+ security_info_wanted,
+ ctx,
+ sd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0, ("get_nt_acl_no_snum: SMB_VFS_GET_NT_ACL returned %s.\n",
nt_errstr(status)));
struct security_descriptor **sd)
{
TALLOC_CTX *frame = talloc_stackframe();
- NTSTATUS status = SMB_VFS_GET_NT_ACL( conn, fname, security_info_wanted,
- mem_ctx, sd);
+ NTSTATUS status;
+ struct smb_filename *smb_fname = synthetic_smb_fname(talloc_tos(),
+ fname,
+ NULL,
+ NULL);
+
+ if (smb_fname == NULL) {
+ TALLOC_FREE(frame);
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = SMB_VFS_GET_NT_ACL(conn,
+ smb_fname,
+ security_info_wanted,
+ mem_ctx,
+ sd);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("get_nt_acl_conn: get_nt_acl returned %s.\n", nt_errstr(status)));
}
}
NTSTATUS smb_vfs_call_get_nt_acl(struct vfs_handle_struct *handle,
- const char *name,
+ const struct smb_filename *smb_fname,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
VFS_FIND(get_nt_acl);
- return handle->fns->get_nt_acl_fn(handle, name, security_info, mem_ctx, ppdesc);
+ return handle->fns->get_nt_acl_fn(handle,
+ smb_fname,
+ security_info,
+ mem_ctx,
+ ppdesc);
}
NTSTATUS smb_vfs_call_fset_nt_acl(struct vfs_handle_struct *handle,
{
NTSTATUS status;
struct security_descriptor *sd;
+ struct smb_filename *smb_fname = NULL;
if (argc != 2) {
printf("Usage: get_nt_acl <path>\n");
return NT_STATUS_OK;
}
- status = SMB_VFS_GET_NT_ACL(vfs->conn, argv[1],
+ smb_fname = synthetic_smb_fname(talloc_tos(),
+ argv[1],
+ NULL,
+ NULL);
+
+ if (smb_fname == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+
+ status = SMB_VFS_GET_NT_ACL(vfs->conn, smb_fname,
SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL,
talloc_tos(), &sd);
if (!NT_STATUS_IS_OK(status)) {