diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2013-04-14 18:13:42 +1000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2013-05-09 06:18:20 +0200 |
| commit | a65568750be92439de26dd2ecb88c09468264fe7 (patch) | |
| tree | b1b5c8fbc8b69d32c72d51603489a6bda477efce /source3/modules/nfs4_acls.c | |
| parent | 67bb7d93ba8fccd030bd8d01536f3222c85134b7 (diff) | |
| download | samba-a65568750be92439de26dd2ecb88c09468264fe7.tar.gz samba-a65568750be92439de26dd2ecb88c09468264fe7.tar.bz2 samba-a65568750be92439de26dd2ecb88c09468264fe7.zip | |
vfs: Allocate SMB4ACL_T on an explict memory context
This ensures the caller knows exactly what the memory lifetime of this
returned object is. This makes the NFSv4 ACL code consistent with the
POSIX and NT ACL code, to avoid supprising developers who have worked
on those other parts of the ACL code.
Most of this patch is adding a memory context to the callers and passing it in.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source3/modules/nfs4_acls.c')
| -rw-r--r-- | source3/modules/nfs4_acls.c | 33 |
1 files changed, 25 insertions, 8 deletions
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index fa9efc12e9..fa6b2fe2a0 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -142,9 +142,8 @@ static SMB_ACE4_INT_T *get_validated_aceint(SMB4ACE_T *ace) return aceint; } -SMB4ACL_T *smb_create_smb4acl(void) +SMB4ACL_T *smb_create_smb4acl(TALLOC_CTX *mem_ctx) { - TALLOC_CTX *mem_ctx = talloc_tos(); SMB_ACL4_INT_T *theacl = (SMB_ACL4_INT_T *)TALLOC_ZERO_SIZE( mem_ctx, sizeof(SMB_ACL4_INT_T)); if (theacl==NULL) @@ -379,10 +378,12 @@ static NTSTATUS smb_get_nt_acl_nfs4_common(const SMB_STRUCT_STAT *sbuf, struct security_acl *psa = NULL; TALLOC_CTX *frame = talloc_stackframe(); - if (theacl==NULL || smb_get_naces(theacl)==0) + if (theacl==NULL || smb_get_naces(theacl)==0) { + TALLOC_FREE(frame); return NT_STATUS_ACCESS_DENIED; /* special because we * shouldn't alloc 0 for * win */ + } uid_to_sid(&sid_owner, sbuf->st_ex_uid); gid_to_sid(&sid_group, sbuf->st_ex_gid); @@ -691,6 +692,7 @@ static int smbacl4_MergeIgnoreReject( } static SMB4ACL_T *smbacl4_win2nfs4( + TALLOC_CTX *mem_ctx, const files_struct *fsp, const struct security_acl *dacl, smbacl4_vfs_params *pparams, @@ -704,7 +706,7 @@ static SMB4ACL_T *smbacl4_win2nfs4( DEBUG(10, ("smbacl4_win2nfs4 invoked\n")); - theacl = smb_create_smb4acl(); + theacl = smb_create_smb4acl(mem_ctx); if (theacl==NULL) return NULL; @@ -748,6 +750,7 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, uid_t newUID = (uid_t)-1; gid_t newGID = (gid_t)-1; int saved_errno; + TALLOC_CTX *frame = talloc_stackframe(); DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp))); @@ -756,16 +759,21 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, { DEBUG(9, ("security_info_sent (0x%x) ignored\n", security_info_sent)); + TALLOC_FREE(frame); return NT_STATUS_OK; /* won't show error - later to be * refined... */ } /* Special behaviours */ - if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME, fsp, ¶ms)) + if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME, fsp, ¶ms)) { + TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; + } - if (smbacl4_fGetFileOwner(fsp, &sbuf)) + if (smbacl4_fGetFileOwner(fsp, &sbuf)) { + TALLOC_FREE(frame); return map_nt_error_from_unix(errno); + } if (params.do_chown) { /* chown logic is a copy/paste from posix_acl.c:set_nt_acl */ @@ -773,6 +781,7 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, security_info_sent, psd); if (!NT_STATUS_IS_OK(status)) { DEBUG(8, ("unpack_nt_owners failed")); + TALLOC_FREE(frame); return status; } if (((newUID != (uid_t)-1) && (sbuf.st_ex_uid != newUID)) || @@ -785,6 +794,7 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, (unsigned int)newUID, (unsigned int)newGID, nt_errstr(status))); + TALLOC_FREE(frame); return status; } @@ -794,6 +804,7 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, if (smbacl4_GetFileOwner(fsp->conn, fsp->fsp_name->base_name, &sbuf)) + TALLOC_FREE(frame); return map_nt_error_from_unix(errno); /* If we successfully chowned, we know we must @@ -806,13 +817,16 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, if (!(security_info_sent & SECINFO_DACL) || psd->dacl ==NULL) { DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n", security_info_sent)); + TALLOC_FREE(frame); return NT_STATUS_OK; } - theacl = smbacl4_win2nfs4(fsp, psd->dacl, ¶ms, + theacl = smbacl4_win2nfs4(frame, fsp, psd->dacl, ¶ms, sbuf.st_ex_uid, sbuf.st_ex_gid); - if (!theacl) + if (!theacl) { + TALLOC_FREE(frame); return map_nt_error_from_unix(errno); + } smbacl4_dump_nfs4acl(10, theacl); @@ -824,6 +838,9 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, if (set_acl_as_root) { unbecome_root(); } + + TALLOC_FREE(frame); + if (result!=True) { errno = saved_errno; DEBUG(10, ("set_nfs4_native failed with %s\n", |