summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2000-10-05 19:04:41 +0000
committerJeremy Allison <jra@samba.org>2000-10-05 19:04:41 +0000
commit94c63f6ca473306a3e5607d76aa05a63a9da765c (patch)
treec1ea2d43ab22f602909454a72fd94452fb26c004
parentbbd7f7bf0fd4f6cda41989c3371d7bf18f49a592 (diff)
downloadsamba-94c63f6ca473306a3e5607d76aa05a63a9da765c.tar.gz
samba-94c63f6ca473306a3e5607d76aa05a63a9da765c.tar.bz2
samba-94c63f6ca473306a3e5607d76aa05a63a9da765c.zip
Vector get_nt_acl/set_nt_acl via vfs. POSIX ACL support should be added
above this layer. Jeremy. (This used to be commit b90af886a951b7b049ed7a42e6d99c332e43897b)
-rw-r--r--source3/include/rpc_secdes.h20
-rw-r--r--source3/include/vfs.h86
-rw-r--r--source3/smbd/nttrans.c5
-rw-r--r--source3/smbd/unix_acls.c32
-rw-r--r--source3/smbd/vfs-wrap.c12
-rw-r--r--source3/smbd/vfs.c43
6 files changed, 160 insertions, 38 deletions
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index 9acc4511e8..a5c5758434 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -74,14 +74,17 @@
#define SACL_SECURITY_INFORMATION 0x00000008
-
+#ifndef _SEC_ACCESS
/* SEC_ACCESS */
typedef struct security_info_info
{
uint32 mask;
} SEC_ACCESS;
+#define _SEC_ACCESS
+#endif
+#ifndef _SEC_ACE
/* SEC_ACE */
typedef struct security_ace_info
{
@@ -93,9 +96,14 @@ typedef struct security_ace_info
DOM_SID sid;
} SEC_ACE;
+#define _SEC_ACE
+#endif
+#ifndef ACL_REVISION
#define ACL_REVISION 0x3
+#endif
+#ifndef _SEC_ACL
/* SEC_ACL */
typedef struct security_acl_info
{
@@ -106,9 +114,14 @@ typedef struct security_acl_info
SEC_ACE *ace;
} SEC_ACL;
+#define _SEC_ACL
+#endif
+#ifndef SEC_DESC_REVISION
#define SEC_DESC_REVISION 0x1
+#endif
+#ifndef _SEC_DESC
/* SEC_DESC */
typedef struct security_descriptor_info
{
@@ -126,7 +139,10 @@ typedef struct security_descriptor_info
DOM_SID *grp_sid;
} SEC_DESC;
+#define _SEC_DESC
+#endif
+#ifndef _SEC_DESC_BUF
/* SEC_DESC_BUF */
typedef struct sec_desc_buf_info
{
@@ -137,5 +153,7 @@ typedef struct sec_desc_buf_info
SEC_DESC *sec;
} SEC_DESC_BUF;
+#define _SEC_DESC_BUF
+#endif
#endif /* _RPC_SECDES_H */
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index 840377627b..bb2239bf28 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -99,6 +99,74 @@ typedef struct sid_info
#define _DOM_SID
#endif
+#ifndef _SEC_ACCESS
+/* SEC_ACCESS */
+typedef struct security_info_info
+{
+ uint32 mask;
+
+} SEC_ACCESS;
+#define _SEC_ACCESS
+#endif
+
+#ifndef _SEC_ACE
+/* SEC_ACE */
+typedef struct security_ace_info
+{
+ uint8 type; /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */
+ uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */
+ uint16 size;
+
+ SEC_ACCESS info;
+ DOM_SID sid;
+
+} SEC_ACE;
+#define _SEC_ACE
+#endif
+
+#ifndef ACL_REVISION
+#define ACL_REVISION 0x3
+#endif
+
+#ifndef _SEC_ACL
+/* SEC_ACL */
+typedef struct security_acl_info
+{
+ uint16 revision; /* 0x0003 */
+ uint16 size; /* size in bytes of the entire ACL structure */
+ uint32 num_aces; /* number of Access Control Entries */
+
+ SEC_ACE *ace;
+
+} SEC_ACL;
+#define _SEC_ACL
+#endif
+
+#ifndef SEC_DESC_REVISION
+#define SEC_DESC_REVISION 0x1
+#endif
+
+#ifndef _SEC_DESC
+/* SEC_DESC */
+typedef struct security_descriptor_info
+{
+ uint16 revision; /* 0x0001 */
+ uint16 type; /* SEC_DESC_xxxx flags */
+
+ uint32 off_owner_sid; /* offset to owner sid */
+ uint32 off_grp_sid ; /* offset to group sid */
+ uint32 off_sacl ; /* offset to system list of permissions */
+ uint32 off_dacl ; /* offset to list of permissions */
+
+ SEC_ACL *dacl; /* user ACL */
+ SEC_ACL *sacl; /* system ACL */
+ DOM_SID *owner_sid;
+ DOM_SID *grp_sid;
+
+} SEC_DESC;
+#define _SEC_DESC
+#endif
+
/*
* The complete list of SIDS belonging to this user.
* Created when a vuid is registered.
@@ -112,6 +180,12 @@ typedef struct _nt_user_token {
#define _NT_USER_TOKEN
#endif
+/* Avoid conflict with an AIX include file */
+
+#ifdef vfs_ops
+#undef vfs_ops
+#endif
+
/* Information from the connection_struct passed to the vfs layer */
struct vfs_connection_struct {
@@ -144,20 +218,13 @@ struct vfs_connection_struct {
NT_USER_TOKEN *nt_user_token;
};
-/* Avoid conflict with an AIX include file */
-
-#ifdef vfs_ops
-#undef vfs_ops
-#endif
-
/* VFS operations structure */
struct vfs_ops {
/* Disk operations */
- int (*connect)(struct vfs_connection_struct *conn, char *service,
- char *user);
+ int (*connect)(struct vfs_connection_struct *conn, char *service, char *user);
void (*disconnect)(void);
SMB_BIG_UINT (*disk_free)(char *path, BOOL small_query, SMB_BIG_UINT *bsize,
SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize);
@@ -190,12 +257,11 @@ struct vfs_ops {
int (*utime)(char *path, struct utimbuf *times);
int (*ftruncate)(int fd, SMB_OFF_T offset);
BOOL (*lock)(int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type);
-#if 0
+
size_t (*fget_nt_acl)(int fd, SEC_DESC **ppdesc);
size_t (*get_nt_acl)(char *name, SEC_DESC **ppdesc);
BOOL (*fset_nt_acl)(int fd, uint32 security_info_sent, SEC_DESC *psd);
BOOL (*set_nt_acl)(char *name, uint32 security_info_sent, SEC_DESC *psd);
-#endif
};
struct vfs_options {
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 1599f01aa5..95010cddc8 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1611,6 +1611,7 @@ static int call_nt_transact_set_security_desc(connection_struct *conn,
files_struct *fsp = NULL;
uint32 security_info_sent = 0;
TALLOC_CTX *mem_ctx;
+ BOOL ret;
if(!lp_nt_acl_support())
return(UNIXERROR(ERRDOS,ERRnoaccess));
@@ -1659,7 +1660,9 @@ security descriptor.\n"));
return(UNIXERROR(ERRDOS,ERRnoaccess));
}
- if (!set_nt_acl(fsp, security_info_sent, psd)) {
+ ret = set_nt_acl( fsp, security_info_sent, psd);
+
+ if (!ret) {
free_sec_desc(&psd);
talloc_destroy(mem_ctx);
return(UNIXERROR(ERRDOS,ERRnoaccess));
diff --git a/source3/smbd/unix_acls.c b/source3/smbd/unix_acls.c
index 48f6163596..a564ec9ee5 100644
--- a/source3/smbd/unix_acls.c
+++ b/source3/smbd/unix_acls.c
@@ -59,6 +59,7 @@ static SEC_ACCESS map_unix_perms( int *pacl_type, mode_t perm, int r_mask, int w
return sa;
}
+#if 0
/****************************************************************************
Validate a SID.
****************************************************************************/
@@ -88,6 +89,7 @@ static BOOL validate_unix_sid( DOM_SID *psid, uint32 *prid, DOM_SID *sd_sid)
return True;
}
+#endif
/****************************************************************************
Map NT perms to UNIX.
@@ -350,6 +352,15 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
sid_copy( &group_sid, &global_sid_World);
} else {
+ /*
+ * If there is a VFS redirect, use it.
+ */
+
+ if ((fsp->is_directory || fsp->fd == -1) && fsp->conn->vfs_ops.get_nt_acl)
+ return fsp->conn->vfs_ops.get_nt_acl(dos_to_unix(fsp->fsp_name, False), ppdesc);
+ else if (fsp->conn->vfs_ops.fget_nt_acl)
+ return fsp->conn->vfs_ops.fget_nt_acl(fsp->fd, ppdesc);
+
if(fsp->is_directory || fsp->fd == -1) {
if(vfs_stat(fsp->conn,fsp->fsp_name, &sbuf) != 0) {
return 0;
@@ -452,22 +463,23 @@ BOOL set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
BOOL got_dacl = False;
/*
+ * If there is a VFS redirect, use it.
+ */
+
+ if ((fsp->is_directory || fsp->fd == -1) && fsp->conn->vfs_ops.set_nt_acl)
+ return fsp->conn->vfs_ops.set_nt_acl(dos_to_unix(fsp->fsp_name, False), security_info_sent, psd);
+ else if (fsp->conn->vfs_ops.fset_nt_acl)
+ return fsp->conn->vfs_ops.fset_nt_acl(fsp->fd, security_info_sent, psd);
+
+ /*
* Get the current state of the file.
*/
- if(fsp->is_directory) {
+ if(fsp->is_directory || fsp->fd == -1) {
if(vfs_stat(fsp->conn,fsp->fsp_name, &sbuf) != 0)
return False;
} else {
-
- int ret;
-
- if(fsp->fd == -1)
- ret = vfs_stat(fsp->conn,fsp->fsp_name,&sbuf);
- else
- ret = conn->vfs_ops.fstat(fsp->fd,&sbuf);
-
- if(ret != 0)
+ if(conn->vfs_ops.fstat(fsp->fd,&sbuf) != 0)
return False;
}
diff --git a/source3/smbd/vfs-wrap.c b/source3/smbd/vfs-wrap.c
index 12ba9bda84..d19be7fb71 100644
--- a/source3/smbd/vfs-wrap.c
+++ b/source3/smbd/vfs-wrap.c
@@ -1,7 +1,7 @@
/*
Unix SMB/Netbios implementation.
Version 1.9.
-s Wrap disk only vfs functions to sidestep dodgy compilers.
+ Wrap disk only vfs functions to sidestep dodgy compilers.
Copyright (C) Tim Potter 1998
This program is free software; you can redistribute it and/or modify
@@ -346,13 +346,3 @@ BOOL vfswrap_lock(int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type)
{
return fcntl_lock(fd, op, offset, count,type);
}
-
-#if 0
-size_t vfswrap_get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
-{
-}
-
-BOOL vfswrap_set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
-{
-}
-#endif
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 097f51d217..4a4b1b2cfa 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -69,11 +69,11 @@ struct vfs_ops default_vfs_ops = {
vfswrap_getwd,
vfswrap_utime,
vfswrap_ftruncate,
- vfswrap_lock,
-#if 0
- vfswrap_get_nt_acl,
- vfswrap_set_nt_acl
-#endif
+ vfswrap_lock,
+ NULL, /* The 4 security descriptor functions are not defined by default. */
+ NULL,
+ NULL,
+ NULL
};
/****************************************************************************
@@ -219,6 +219,14 @@ BOOL vfs_init_custom(connection_struct *conn)
conn->vfs_ops.chown = default_vfs_ops.chown;
}
+ if (conn->vfs_ops.chdir == NULL) {
+ conn->vfs_ops.chdir = default_vfs_ops.chdir;
+ }
+
+ if (conn->vfs_ops.getwd == NULL) {
+ conn->vfs_ops.getwd = default_vfs_ops.getwd;
+ }
+
if (conn->vfs_ops.utime == NULL) {
conn->vfs_ops.utime = default_vfs_ops.utime;
}
@@ -230,6 +238,22 @@ BOOL vfs_init_custom(connection_struct *conn)
if (conn->vfs_ops.lock == NULL) {
conn->vfs_ops.lock = default_vfs_ops.lock;
}
+
+ if (conn->vfs_ops.fget_nt_acl == NULL) {
+ conn->vfs_ops.fget_nt_acl = default_vfs_ops.fget_nt_acl;
+ }
+
+ if (conn->vfs_ops.get_nt_acl == NULL) {
+ conn->vfs_ops.get_nt_acl = default_vfs_ops.get_nt_acl;
+ }
+
+ if (conn->vfs_ops.fset_nt_acl == NULL) {
+ conn->vfs_ops.fset_nt_acl = default_vfs_ops.fset_nt_acl;
+ }
+
+ if (conn->vfs_ops.set_nt_acl == NULL) {
+ conn->vfs_ops.set_nt_acl = default_vfs_ops.set_nt_acl;
+ }
return True;
}
@@ -245,6 +269,15 @@ int vfs_stat(connection_struct *conn, char *fname, SMB_STRUCT_STAT *st)
}
/*******************************************************************
+ vfs fstat wrapper that calls dos_to_unix.
+********************************************************************/
+
+int vfs_fstat(connection_struct *conn, int fd, SMB_STRUCT_STAT *st)
+{
+ return(conn->vfs_ops.fstat(fd,st));
+}
+
+/*******************************************************************
Check if directory exists.
********************************************************************/