/* Leave at 22 - not yet released. Change all BOOL parameters (int) to bool. jra. */
/* Leave at 22 - not yet released. Added recvfile. */
/* Leave at 22 - not yet released. Change get_nt_acl to return NTSTATUS - vl */
+/* Leave at 22 - not yet released. Change get_nt_acl to *not* take a
+ * files_struct. - obnox.*/
+
#define SMB_VFS_INTERFACE_VERSION 22
uint32 security_info,
struct security_descriptor **ppdesc);
NTSTATUS (*get_nt_acl)(struct vfs_handle_struct *handle,
- struct files_struct *fsp,
const char *name,
uint32 security_info,
struct security_descriptor **ppdesc);
/* NT ACL operations. */
#define SMB_VFS_FGET_NT_ACL(fsp, fd, security_info, ppdesc) ((fsp)->conn->vfs.ops.fget_nt_acl((fsp)->conn->vfs.handles.fget_nt_acl, (fsp), (fd), (security_info), (ppdesc)))
-#define SMB_VFS_GET_NT_ACL(fsp, name, security_info, ppdesc) ((fsp)->conn->vfs.ops.get_nt_acl((fsp)->conn->vfs.handles.get_nt_acl, (fsp), (name), (security_info), (ppdesc)))
+#define SMB_VFS_GET_NT_ACL(conn, name, security_info, ppdesc) ((conn)->vfs.ops.get_nt_acl((conn)->vfs.handles.get_nt_acl, (name), (security_info), (ppdesc)))
#define SMB_VFS_FSET_NT_ACL(fsp, fd, security_info_sent, psd) ((fsp)->conn->vfs.ops.fset_nt_acl((fsp)->conn->vfs.handles.fset_nt_acl, (fsp), (fd), (security_info_sent), (psd)))
#define SMB_VFS_SET_NT_ACL(fsp, name, security_info_sent, psd) ((fsp)->conn->vfs.ops.set_nt_acl((fsp)->conn->vfs.handles.set_nt_acl, (fsp), (name), (security_info_sent), (psd)))
/* NT ACL operations. */
#define SMB_VFS_OPAQUE_FGET_NT_ACL(fsp, fd, security_info, ppdesc) ((fsp)->conn->vfs_opaque.ops.fget_nt_acl((fsp)->conn->vfs_opaque.handles.fget_nt_acl, (fsp), (fd), (security_info), (ppdesc)))
-#define SMB_VFS_OPAQUE_GET_NT_ACL(fsp, name, security_info, ppdesc) ((fsp)->conn->vfs_opaque.ops.get_nt_acl((fsp)->conn->vfs_opaque.handles.get_nt_acl, (fsp), (name), (security_info), (ppdesc)))
+#define SMB_VFS_OPAQUE_GET_NT_ACL(conn, name, security_info, ppdesc) ((conn)->vfs_opaque.ops.get_nt_acl((conn)->vfs_opaque.handles.get_nt_acl, (name), (security_info), (ppdesc)))
#define SMB_VFS_OPAQUE_FSET_NT_ACL(fsp, fd, security_info_sent, psd) ((fsp)->conn->vfs_opaque.ops.fset_nt_acl((fsp)->conn->vfs_opaque.handles.fset_nt_acl, (fsp), (fd), (security_info_sent), (psd)))
#define SMB_VFS_OPAQUE_SET_NT_ACL(fsp, name, security_info_sent, psd) ((fsp)->conn->vfs_opaque.ops.set_nt_acl((fsp)->conn->vfs_opaque.handles.set_nt_acl, (fsp), (name), (security_info_sent), (psd)))
/* NT ACL operations. */
#define SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info, ppdesc) ((handle)->vfs_next.ops.fget_nt_acl((handle)->vfs_next.handles.fget_nt_acl, (fsp), (fd), (security_info), (ppdesc)))
-#define SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info, ppdesc) ((handle)->vfs_next.ops.get_nt_acl((handle)->vfs_next.handles.get_nt_acl, (fsp), (name), (security_info), (ppdesc)))
+#define SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc) ((handle)->vfs_next.ops.get_nt_acl((handle)->vfs_next.handles.get_nt_acl, (name), (security_info), (ppdesc)))
#define SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, fd, security_info_sent, psd) ((handle)->vfs_next.ops.fset_nt_acl((handle)->vfs_next.handles.fset_nt_acl, (fsp), (fd), (security_info_sent), (psd)))
#define SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent, psd) ((handle)->vfs_next.ops.set_nt_acl((handle)->vfs_next.handles.set_nt_acl, (fsp), (name), (security_info_sent), (psd)))
}
static NTSTATUS afsacl_get_nt_acl(struct vfs_handle_struct *handle,
- struct files_struct *fsp,
const char *name, uint32 security_info,
struct security_descriptor **ppdesc)
{
const char *name, uint32 security_info,
struct security_descriptor **ppdesc)
{
- return SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info,
- ppdesc);
+ return SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
}
static NTSTATUS catia_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
}
static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle,
- files_struct *fsp, const char *name,
+ const char *name,
uint32 security_info, SEC_DESC **ppdesc)
{
NTSTATUS result;
START_PROFILE(get_nt_acl);
- result = posix_get_nt_acl(fsp->conn, fsp->fsp_name, security_info, ppdesc);
+ result = posix_get_nt_acl(handle->conn, name, security_info, ppdesc);
END_PROFILE(get_nt_acl);
return result;
}
{
NTSTATUS result;
- result = SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info,
- ppdesc);
+ result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, ppdesc);
do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
"%s", fsp->fsp_name);
}
static NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle,
- files_struct *fsp, const char *name,
+ const char *name,
uint32 security_info, SEC_DESC **ppdesc)
{
SMB4ACL_T *pacl = NULL;
}
static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
- struct files_struct *fsp,
const char *name, uint32 security_info,
struct security_descriptor **ppdesc)
{
char *filename_in = NULL;
char *filename = NULL;
char *qualname = NULL;
- files_struct *fsp = NULL;
SMB_STRUCT_STAT st;
NTSTATUS nt_status;
struct current_user user;
goto error_exit;
}
- nt_status = open_file_stat(conn, NULL, filename, &st, &fsp);
- /* Perhaps it is a directory */
- if (NT_STATUS_EQUAL(nt_status, NT_STATUS_FILE_IS_A_DIRECTORY)) {
- nt_status = open_directory(conn, NULL, filename, &st,
- READ_CONTROL_ACCESS,
- FILE_SHARE_READ|FILE_SHARE_WRITE,
- FILE_OPEN,
- 0,
- FILE_ATTRIBUTE_DIRECTORY,
- NULL, &fsp);
- }
-
- if (!NT_STATUS_IS_OK(nt_status)) {
- DEBUG(3,("_srv_net_file_query_secdesc: Unable to open file %s\n", filename));
- r_u->status = ntstatus_to_werror(nt_status);
- goto error_exit;
- }
-
- nt_status = SMB_VFS_GET_NT_ACL(fsp, fsp->fsp_name,
+ nt_status = SMB_VFS_GET_NT_ACL(conn, filename,
(OWNER_SECURITY_INFORMATION
|GROUP_SECURITY_INFORMATION
|DACL_SECURITY_INFORMATION), &psd);
psd->dacl->revision = (uint16) NT4_ACL_REVISION;
- close_file(fsp, NORMAL_CLOSE);
unbecome_user();
close_cnum(conn, user.vuid);
return r_u->status;
error_exit:
- if(fsp) {
- close_file(fsp, NORMAL_CLOSE);
- }
-
if (became_user)
unbecome_user();
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_ACLS
-/****************************************************************************
- Helper function that gets a security descriptor by connection and
- file name.
- NOTE: This is transitional, in the sense that SMB_VFS_GET_NT_ACL really
- should *not* get a files_struct pointer but a connection_struct ptr
- (automatic by the vfs handle) and the file name and _use_ that!
-****************************************************************************/
-static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx,
- struct connection_struct *conn,
- const char *fname,
- SMB_STRUCT_STAT *psbuf,
- struct security_descriptor **psd)
-{
- NTSTATUS status;
- struct files_struct *fsp = NULL;
- struct security_descriptor *secdesc = NULL;
-
- if (!VALID_STAT(*psbuf)) {
- if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
- return map_nt_error_from_unix(errno);
- }
- }
-
- /* fake a files_struct ptr: */
-
- if (S_ISDIR(psbuf->st_mode)) {
- status = open_directory(conn, NULL, fname, psbuf,
- READ_CONTROL_ACCESS,
- FILE_SHARE_READ|FILE_SHARE_WRITE,
- FILE_OPEN,
- 0,
- FILE_ATTRIBUTE_DIRECTORY,
- NULL, &fsp);
- }
- else {
- status = open_file_stat(conn, NULL, fname, psbuf, &fsp);
- }
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(3, ("Unable to open file %s: %s\n", fname,
- nt_errstr(status)));
- return status;
- }
-
- status = SMB_VFS_GET_NT_ACL(fsp, fname,
- (OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION),
- &secdesc);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(5, ("Unable to get NT ACL for file %s\n", fname));
- goto done;
- }
-
- *psd = talloc_move(mem_ctx, &secdesc);
-
-done:
- close_file(fsp, NORMAL_CLOSE);
- return status;
-}
-
static bool can_access_file_acl(struct connection_struct *conn,
const char * fname, SMB_STRUCT_STAT *psbuf,
uint32_t access_mask)
uint32_t access_granted;
struct security_descriptor *secdesc = NULL;
- status = conn_get_nt_acl(talloc_tos(), conn, fname, psbuf, &secdesc);
+ status = SMB_VFS_GET_NT_ACL(conn, fname,
+ (OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION),
+ &secdesc);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("Could not get acl: %s\n", nt_errstr(status)));
return false;
}
else {
status = SMB_VFS_GET_NT_ACL(
- fsp, fsp->fsp_name, security_info_wanted, &psd);
+ conn, fsp->fsp_name, security_info_wanted, &psd);
}
}
return status;
}
- status = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name,
+ status = SMB_VFS_GET_NT_ACL(parent_fsp->conn, parent_fsp->fsp_name,
DACL_SECURITY_INFORMATION, &parent_sd );
close_file(parent_fsp, NORMAL_CLOSE);