diff options
| -rw-r--r-- | source3/modules/nfs4_acls.c | 33 | ||||
| -rw-r--r-- | source3/modules/nfs4_acls.h | 2 | ||||
| -rw-r--r-- | source3/modules/vfs_aixacl2.c | 15 | ||||
| -rw-r--r-- | source3/modules/vfs_gpfs.c | 28 | ||||
| -rw-r--r-- | source3/modules/vfs_zfsacl.c | 33 |
5 files changed, 78 insertions, 33 deletions
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index fa9efc12e9..fa6b2fe2a0 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -142,9 +142,8 @@ static SMB_ACE4_INT_T *get_validated_aceint(SMB4ACE_T *ace) return aceint; } -SMB4ACL_T *smb_create_smb4acl(void) +SMB4ACL_T *smb_create_smb4acl(TALLOC_CTX *mem_ctx) { - TALLOC_CTX *mem_ctx = talloc_tos(); SMB_ACL4_INT_T *theacl = (SMB_ACL4_INT_T *)TALLOC_ZERO_SIZE( mem_ctx, sizeof(SMB_ACL4_INT_T)); if (theacl==NULL) @@ -379,10 +378,12 @@ static NTSTATUS smb_get_nt_acl_nfs4_common(const SMB_STRUCT_STAT *sbuf, struct security_acl *psa = NULL; TALLOC_CTX *frame = talloc_stackframe(); - if (theacl==NULL || smb_get_naces(theacl)==0) + if (theacl==NULL || smb_get_naces(theacl)==0) { + TALLOC_FREE(frame); return NT_STATUS_ACCESS_DENIED; /* special because we * shouldn't alloc 0 for * win */ + } uid_to_sid(&sid_owner, sbuf->st_ex_uid); gid_to_sid(&sid_group, sbuf->st_ex_gid); @@ -691,6 +692,7 @@ static int smbacl4_MergeIgnoreReject( } static SMB4ACL_T *smbacl4_win2nfs4( + TALLOC_CTX *mem_ctx, const files_struct *fsp, const struct security_acl *dacl, smbacl4_vfs_params *pparams, @@ -704,7 +706,7 @@ static SMB4ACL_T *smbacl4_win2nfs4( DEBUG(10, ("smbacl4_win2nfs4 invoked\n")); - theacl = smb_create_smb4acl(); + theacl = smb_create_smb4acl(mem_ctx); if (theacl==NULL) return NULL; @@ -748,6 +750,7 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, uid_t newUID = (uid_t)-1; gid_t newGID = (gid_t)-1; int saved_errno; + TALLOC_CTX *frame = talloc_stackframe(); DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp_str_dbg(fsp))); @@ -756,16 +759,21 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, { DEBUG(9, ("security_info_sent (0x%x) ignored\n", security_info_sent)); + TALLOC_FREE(frame); return NT_STATUS_OK; /* won't show error - later to be * refined... */ } /* Special behaviours */ - if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME, fsp, ¶ms)) + if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME, fsp, ¶ms)) { + TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; + } - if (smbacl4_fGetFileOwner(fsp, &sbuf)) + if (smbacl4_fGetFileOwner(fsp, &sbuf)) { + TALLOC_FREE(frame); return map_nt_error_from_unix(errno); + } if (params.do_chown) { /* chown logic is a copy/paste from posix_acl.c:set_nt_acl */ @@ -773,6 +781,7 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, security_info_sent, psd); if (!NT_STATUS_IS_OK(status)) { DEBUG(8, ("unpack_nt_owners failed")); + TALLOC_FREE(frame); return status; } if (((newUID != (uid_t)-1) && (sbuf.st_ex_uid != newUID)) || @@ -785,6 +794,7 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, (unsigned int)newUID, (unsigned int)newGID, nt_errstr(status))); + TALLOC_FREE(frame); return status; } @@ -794,6 +804,7 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, if (smbacl4_GetFileOwner(fsp->conn, fsp->fsp_name->base_name, &sbuf)) + TALLOC_FREE(frame); return map_nt_error_from_unix(errno); /* If we successfully chowned, we know we must @@ -806,13 +817,16 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, if (!(security_info_sent & SECINFO_DACL) || psd->dacl ==NULL) { DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n", security_info_sent)); + TALLOC_FREE(frame); return NT_STATUS_OK; } - theacl = smbacl4_win2nfs4(fsp, psd->dacl, ¶ms, + theacl = smbacl4_win2nfs4(frame, fsp, psd->dacl, ¶ms, sbuf.st_ex_uid, sbuf.st_ex_gid); - if (!theacl) + if (!theacl) { + TALLOC_FREE(frame); return map_nt_error_from_unix(errno); + } smbacl4_dump_nfs4acl(10, theacl); @@ -824,6 +838,9 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp, if (set_acl_as_root) { unbecome_root(); } + + TALLOC_FREE(frame); + if (result!=True) { errno = saved_errno; DEBUG(10, ("set_nfs4_native failed with %s\n", diff --git a/source3/modules/nfs4_acls.h b/source3/modules/nfs4_acls.h index f450396361..1bde81baf0 100644 --- a/source3/modules/nfs4_acls.h +++ b/source3/modules/nfs4_acls.h @@ -114,7 +114,7 @@ typedef struct _SMB_ACE4PROP_T { typedef struct _SMB4ACL_T {char dontuse;} SMB4ACL_T; typedef struct _SMB4ACE_T {char dontuse;} SMB4ACE_T; -SMB4ACL_T *smb_create_smb4acl(void); +SMB4ACL_T *smb_create_smb4acl(TALLOC_CTX *mem_ctx); /* prop's contents are copied */ /* it doesn't change the order, appends */ diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c index aca7a652d6..c97cd577f2 100644 --- a/source3/modules/vfs_aixacl2.c +++ b/source3/modules/vfs_aixacl2.c @@ -93,7 +93,7 @@ static AIXJFS2_ACL_T *aixjfs2_getacl_alloc(const char *fname, acl_type_t *type) return acl; } -static bool aixjfs2_get_nfs4_acl(const char *name, +static bool aixjfs2_get_nfs4_acl(TALLOC_CTX *mem_ctx, const char *name SMB4ACL_T **ppacl, bool *pretryPosix) { int32_t i; @@ -121,7 +121,7 @@ static bool aixjfs2_get_nfs4_acl(const char *name, DEBUG(10, ("len: %d, version: %d, nace: %d, type: 0x%x\n", jfs2_acl->aclLength, jfs2_acl->aclVersion, jfs2_acl->aclEntryN, type.u64)); - *ppacl = smb_create_smb4acl(); + *ppacl = smb_create_smb4acl(mem_ctx); if (*ppacl==NULL) return False; @@ -158,15 +158,18 @@ static NTSTATUS aixjfs2_fget_nt_acl(vfs_handle_struct *handle, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc) { + NTSTATUS status; SMB4ACL_T *pacl = NULL; bool result; bool retryPosix = False; + TALLOC_CTX *frame = talloc_stackframe(); *ppdesc = NULL; - result = aixjfs2_get_nfs4_acl(fsp->fsp_name->base_name, &pacl, + result = aixjfs2_get_nfs4_acl(frame, fsp->fsp_name->base_name, &pacl, &retryPosix); if (retryPosix) { + TALLOC_FREE(frame); DEBUG(10, ("retrying with posix acl...\n")); return posix_fget_nt_acl(fsp, security_info, mem_ctx, ppdesc); @@ -174,8 +177,10 @@ static NTSTATUS aixjfs2_fget_nt_acl(vfs_handle_struct *handle, if (result==False) return NT_STATUS_ACCESS_DENIED; - return smb_fget_nt_acl_nfs4(fsp, security_info, ppdesc, - mem_ctx, pacl); + status = smb_fget_nt_acl_nfs4(fsp, security_info, ppdesc, + mem_ctx, pacl); + TALLOC_FREE(frame); + return status; } static NTSTATUS aixjfs2_get_nt_acl(vfs_handle_struct *handle, diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 33a81a0262..39f4bb9437 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -299,7 +299,7 @@ again: * On failure returns -1 if there is system (GPFS) error, check errno. * Returns 0 on success */ -static int gpfs_get_nfs4_acl(const char *fname, SMB4ACL_T **ppacl) +static int gpfs_get_nfs4_acl(TALLOC_CTX *mem_ctx, const char *fname, SMB4ACL_T **ppacl) { gpfs_aclCount_t i; struct gpfs_acl *gacl = NULL; @@ -321,7 +321,7 @@ static int gpfs_get_nfs4_acl(const char *fname, SMB4ACL_T **ppacl) return 1; } - *ppacl = smb_create_smb4acl(); + *ppacl = smb_create_smb4acl(mem_ctx); DEBUG(10, ("len: %d, level: %d, version: %d, nace: %d\n", gacl->acl_len, gacl->acl_level, gacl->acl_version, @@ -399,20 +399,30 @@ static NTSTATUS gpfsacl_fget_nt_acl(vfs_handle_struct *handle, return NT_STATUS_INTERNAL_ERROR); if (!config->acl) { - return SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, - mem_ctx, ppdesc); + status = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, + mem_ctx, ppdesc); + TALLOC_FREE(frame); + return status; } - result = gpfs_get_nfs4_acl(fsp->fsp_name->base_name, &pacl); + result = gpfs_get_nfs4_acl(frame, fsp->fsp_name->base_name, &pacl); - if (result == 0) - return smb_fget_nt_acl_nfs4(fsp, security_info, mem_ctx, ppdesc, pacl); + if (result == 0) { + statys = smb_fget_nt_acl_nfs4(fsp, security_info, mem_ctx, ppdesc, pacl); + TALLOC_FREE(frame); + return status; + } if (result > 0) { DEBUG(10, ("retrying with posix acl...\n")); - return posix_fget_nt_acl(fsp, security_info, mem_ctx, ppdesc); + status = posix_fget_nt_acl(fsp, security_info, mem_ctx, ppdesc); + TALLOC_FREE(frame); + return status; + } + TALLOC_FREE(frame); + /* GPFS ACL was not read, something wrong happened, error code is set in errno */ return map_nt_error_from_unix(errno); } @@ -425,6 +435,8 @@ static NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle, SMB4ACL_T *pacl = NULL; int result; struct gpfs_config_data *config; + TALLOC_CTX *frame = talloc_stackframe(); + NTSTATUS status; *ppdesc = NULL; diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 91e31e9c4e..743f33b821 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -40,14 +40,14 @@ * read the local file's acls and return it in NT form * using the NFSv4 format conversion */ -static NTSTATUS zfs_get_nt_acl_common(const char *name, +static NTSTATUS zfs_get_nt_acl_common(TALLOC_CTX *mem_ctx, + const char *name, uint32 security_info, SMB4ACL_T **ppacl) { int naces, i; ace_t *acebuf; SMB4ACL_T *pacl; - TALLOC_CTX *mem_ctx; /* read the number of file aces */ if((naces = acl(name, ACE_GETACLCNT, 0, NULL)) == -1) { @@ -74,7 +74,7 @@ static NTSTATUS zfs_get_nt_acl_common(const char *name, return map_nt_error_from_unix(errno); } /* create SMB4ACL data */ - if((pacl = smb_create_smb4acl()) == NULL) { + if((pacl = smb_create_smb4acl(mem_ctx)) == NULL) { return NT_STATUS_NO_MEMORY; } for(i=0; i<naces; i++) { @@ -199,15 +199,20 @@ static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, { SMB4ACL_T *pacl; NTSTATUS status; + TALLOC_CTX *frame = talloc_stackframe(); - status = zfs_get_nt_acl_common(fsp->fsp_name->base_name, + status = zfs_get_nt_acl_common(frame, + fsp->fsp_name->base_name, security_info, &pacl); if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); return status; } - return smb_fget_nt_acl_nfs4(fsp, security_info, mem_ctx, ppdesc, pacl); + status = smb_fget_nt_acl_nfs4(fsp, security_info, mem_ctx, ppdesc, pacl); + TALLOC_FREE(frame); + return status; } static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, @@ -217,15 +222,19 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, { SMB4ACL_T *pacl; NTSTATUS status; + TALLOC_CTX *frame = talloc_stackframe(); - status = zfs_get_nt_acl_common(name, security_info, &pacl); + status = zfs_get_nt_acl_common(frame, name, security_info, &pacl); if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); return status; } - return smb_get_nt_acl_nfs4(handle->conn, name, security_info, - mem_ctx, ppdesc, - pacl); + status = smb_get_nt_acl_nfs4(handle->conn, name, security_info, + mem_ctx, ppdesc, + pacl); + TALLOC_FREE(frame); + return status; } static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle, @@ -269,13 +278,15 @@ static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle, static SMB_ACL_T zfsacl_fail__sys_acl_get_file(vfs_handle_struct *handle, const char *path_p, - SMB_ACL_TYPE_T type) + SMB_ACL_TYPE_T type, + TALLOC_CTX *mem_ctx) { return (SMB_ACL_T)NULL; } static SMB_ACL_T zfsacl_fail__sys_acl_get_fd(vfs_handle_struct *handle, - files_struct *fsp) + files_struct *fsp, + TALLOC_CTX *mem_ctx) { return (SMB_ACL_T)NULL; } |