summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichael Adam <obnox@samba.org>2007-12-04 09:45:14 +0100
committerMichael Adam <obnox@samba.org>2007-12-19 23:08:00 +0100
commit9460dfc93343f395f6a3867f9f8ec4dfb47bfbc7 (patch)
tree68fc66b7c40ffe870e241eb9ccdbac956107f58c
parentaca40f29d5aa96c980fbe010e91be4c0dc608f5f (diff)
downloadsamba-9460dfc93343f395f6a3867f9f8ec4dfb47bfbc7.tar.gz
samba-9460dfc93343f395f6a3867f9f8ec4dfb47bfbc7.tar.bz2
samba-9460dfc93343f395f6a3867f9f8ec4dfb47bfbc7.zip
Prepare the afs acl module for the api change in get_nt_acl().
This makes both of afsacl_[f]get_nt_acl() more specific, eliminating the need for afs_get_nt_acl(). Instead, split afs_to_nt_acl. Michael (This used to be commit 15caf58c81ce6b68eefa03c8f8510c2ecb5fdeb3)
-rw-r--r--source3/modules/vfs_afsacl.c120
1 files changed, 77 insertions, 43 deletions
diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c
index a923ce188f..9dd4d7ec93 100644
--- a/source3/modules/vfs_afsacl.c
+++ b/source3/modules/vfs_afsacl.c
@@ -585,15 +585,14 @@ static uint32 nt_to_afs_file_rights(const char *filename, const SEC_ACE *ace)
return result;
}
-static size_t afs_to_nt_acl(struct afs_acl *afs_acl,
- struct files_struct *fsp,
- uint32 security_info,
- struct security_descriptor **ppdesc)
+static size_t afs_to_nt_acl_common(struct afs_acl *afs_acl,
+ SMB_STRUCT_STAT *psbuf,
+ uint32 security_info,
+ struct security_descriptor **ppdesc)
{
SEC_ACE *nt_ace_list;
DOM_SID owner_sid, group_sid;
SEC_ACCESS mask;
- SMB_STRUCT_STAT sbuf;
SEC_ACL *psa = NULL;
int good_aces;
size_t sd_size;
@@ -601,19 +600,8 @@ static size_t afs_to_nt_acl(struct afs_acl *afs_acl,
struct afs_ace *afs_ace;
- if (fsp->is_directory || fsp->fh->fd == -1) {
- /* Get the stat struct for the owner info. */
- if(SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf) != 0) {
- return 0;
- }
- } else {
- if(SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) != 0) {
- return 0;
- }
- }
-
- uid_to_sid(&owner_sid, sbuf.st_uid);
- gid_to_sid(&group_sid, sbuf.st_gid);
+ uid_to_sid(&owner_sid, psbuf->st_uid);
+ gid_to_sid(&group_sid, psbuf->st_gid);
if (afs_acl->num_aces) {
nt_ace_list = TALLOC_ARRAY(mem_ctx, SEC_ACE, afs_acl->num_aces);
@@ -639,7 +627,7 @@ static size_t afs_to_nt_acl(struct afs_acl *afs_acl,
continue;
}
- if (fsp->is_directory)
+ if (S_ISDIR(psbuf->st_mode))
afs_to_nt_dir_rights(afs_ace->rights, &nt_rights,
&flag);
else
@@ -656,7 +644,6 @@ static size_t afs_to_nt_acl(struct afs_acl *afs_acl,
if (psa == NULL)
return 0;
-
*ppdesc = make_sec_desc(mem_ctx, SEC_DESC_REVISION,
SEC_DESC_SELF_RELATIVE,
(security_info & OWNER_SECURITY_INFORMATION)
@@ -668,6 +655,42 @@ static size_t afs_to_nt_acl(struct afs_acl *afs_acl,
return sd_size;
}
+static size_t afs_to_nt_acl(struct afs_acl *afs_acl,
+ struct connection_struct *conn,
+ const char *name,
+ uint32 security_info,
+ struct security_descriptor **ppdesc)
+{
+ SMB_STRUCT_STAT sbuf;
+
+ /* Get the stat struct for the owner info. */
+ if(SMB_VFS_STAT(conn, name, &sbuf) != 0) {
+ return 0;
+ }
+
+ return afs_to_nt_acl_common(afs_acl, &sbuf, security_info, ppdesc);
+}
+
+static size_t afs_fto_nt_acl(struct afs_acl *afs_acl,
+ struct files_struct *fsp,
+ uint32 security_info,
+ struct security_descriptor **ppdesc)
+{
+ SMB_STRUCT_STAT sbuf;
+
+ if (fsp->is_directory || fsp->fh->fd == -1) {
+ /* Get the stat struct for the owner info. */
+ return afs_to_nt_acl(afs_acl, fsp->conn, fsp->fsp_name,
+ security_info, ppdesc);
+ }
+
+ if(SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) != 0) {
+ return 0;
+ }
+
+ return afs_to_nt_acl_common(afs_acl, &sbuf, security_info, ppdesc);
+}
+
static bool mappable_sid(const DOM_SID *sid)
{
DOM_SID domain_sid;
@@ -830,27 +853,6 @@ static bool afs_get_afs_acl(char *filename, struct afs_acl *acl)
return True;
}
-static NTSTATUS afs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
- struct security_descriptor **ppdesc)
-{
- struct afs_acl acl;
- size_t sd_size;
-
- DEBUG(5, ("afs_get_nt_acl: %s\n", fsp->fsp_name));
-
- sidpts = lp_parm_bool(SNUM(fsp->conn), "afsacl", "sidpts", False);
-
- if (!afs_get_afs_acl(fsp->fsp_name, &acl)) {
- return NT_STATUS_ACCESS_DENIED;
- }
-
- sd_size = afs_to_nt_acl(&acl, fsp, security_info, ppdesc);
-
- free_afs_acl(&acl);
-
- return (sd_size != 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
-}
-
/* For setting an AFS ACL we have to take care of the ACEs we could
* not properly map to SIDs. Merge all of them into the new ACL. */
@@ -994,14 +996,46 @@ static NTSTATUS afsacl_fget_nt_acl(struct vfs_handle_struct *handle,
int fd, uint32 security_info,
struct security_descriptor **ppdesc)
{
- return afs_get_nt_acl(fsp, security_info, ppdesc);
+ struct afs_acl acl;
+ size_t sd_size;
+
+ DEBUG(5, ("afsacl_fget_nt_acl: %s\n", fsp->fsp_name));
+
+ sidpts = lp_parm_bool(SNUM(fsp->conn), "afsacl", "sidpts", False);
+
+ if (!afs_get_afs_acl(fsp->fsp_name, &acl)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ sd_size = afs_fto_nt_acl(&acl, fsp, security_info, ppdesc);
+
+ free_afs_acl(&acl);
+
+ return (sd_size != 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
}
+
static NTSTATUS afsacl_get_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp,
const char *name, uint32 security_info,
struct security_descriptor **ppdesc)
{
- return afs_get_nt_acl(fsp, security_info, ppdesc);
+ struct afs_acl acl;
+ size_t sd_size;
+
+ DEBUG(5, ("afsacl_get_nt_acl: %s\n", name));
+
+ sidpts = lp_parm_bool(SNUM(handle->conn), "afsacl", "sidpts", False);
+
+ if (!afs_get_afs_acl(name, &acl)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ sd_size = afs_to_nt_acl(&acl, handle->conn, name, security_info,
+ ppdesc);
+
+ free_afs_acl(&acl);
+
+ return (sd_size != 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
}
NTSTATUS afsacl_fset_nt_acl(vfs_handle_struct *handle,