summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/smb_acls.h91
-rw-r--r--source3/lib/sysacls.c110
-rw-r--r--source3/smbd/posix_acls.c21
3 files changed, 211 insertions, 11 deletions
diff --git a/source3/include/smb_acls.h b/source3/include/smb_acls.h
new file mode 100644
index 0000000000..6acd17c321
--- /dev/null
+++ b/source3/include/smb_acls.h
@@ -0,0 +1,91 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 2.2.x
+ Portable SMB ACL interface
+ Copyright (C) Jeremy Allison 2000
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#ifndef _SMB_ACLS_H
+#define _SMB_ACLS_H
+
+#include "includes.h"
+
+#if defined(HAVE_POSIX_ACLS)
+
+/* This is an identity mapping (just remove the SMB_). */
+
+#define SMB_ACL_TAG_T acl_tag_t
+#define SMB_ACL_PERMSET_T acl_permset_t
+#define SMB_ACL_READ ACL_READ
+#define SMB_ACL_WRITE ACL_WRITE
+#define SMB_ACL_EXECUTE ACL_EXECUTE
+
+/* Types of ACLs. */
+#define SMB_ACL_USER ACL_USER
+#define SMB_ACL_USER_OBJ ACL_USER_OBJ
+#define SMB_ACL_GROUP ACL_GROUP
+#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ
+#define SMB_ACL_OTHER_OBJ ACL_OTHER_OBJ
+#define SMB_ACL_MASK ACL_MASK
+
+#define SMB_ACL_T acl_t
+
+#define SMB_ACL_ENTRY_T acl_entry_t
+
+#define SMB_ACL_FIRST_ENTRY ACL_FIRST_ENTRY
+#define SMB_ACL_NEXT_ENTRY ACL_NEXT_ENTRY
+
+#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS
+#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT
+
+#elif defined(HAVE_SOLARIS_ACLS)
+
+#elif defined(HAVE_IRIX_ACLS)
+
+#else /* No ACLs. */
+
+/* No ACLS - fake it. */
+#define SMB_ACL_TAG_T int
+#define SMB_ACL_PERMSET_T mode_t
+#define SMB_ACL_READ S_IRUSR
+#define SMB_ACL_WRITE S_IWUSR
+#define SMB_ACL_EXECUTE S_IXUSR
+
+/* Types of ACLs. */
+#define SMB_ACL_USER 0
+#define SMB_ACL_USER_OBJ 1
+#define SMB_ACL_GROUP 2
+#define SMB_ACL_GROUP_OBJ 3
+#define SMB_ACL_OTHER_OBJ 4
+#define SMB_ACL_MASK 5
+
+typdef struct SMB_ACL_T {
+ int dummy;
+} *SMB_ACL_T;
+
+typdef struct SMB_ACL_ENTRY_T {
+ int dummy;
+} *SMB_ACL_ENTRY_T;
+
+#define SMB_ACL_FIRST_ENTRY 0
+#define SMB_ACL_NEXT_ENTRY 1
+
+#define SMB_ACL_TYPE_ACCESS 0
+#define SMB_ACL_TYPE_DEFAULT 1
+
+#endif /* No ACLs. */
+#endif /* _SMB_ACLS_H */
diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c
new file mode 100644
index 0000000000..50d9757acd
--- /dev/null
+++ b/source3/lib/sysacls.c
@@ -0,0 +1,110 @@
+/*
+ Unix SMB/Netbios implementation.
+ Version 2.2.
+ Samba system utilities for ACL support.
+ Copyright (C) Jeremy Allison 2000.
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program; if not, write to the Free Software
+ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+*/
+
+#include "includes.h"
+
+extern int DEBUGLEVEL;
+
+/*
+ This file wraps all differing system ACL interfaces into a consistent
+ one based on the POSIX interface. It also returns the correct errors
+ for older UNIX systems that don't support ACLs.
+
+ The interfaces that each ACL implementation must support are as follows :
+
+ int sys_acl_get_entry( SMB_ACL_T acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
+ int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
+ int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p
+ void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
+ SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
+ SMB_ACL_T sys_acl_get_fd(int fd)
+ int sys_acl_free( void *obj_p)
+
+*/
+
+#if defined(HAVE_POSIX_ACLS)
+
+/* Identity mapping - easy. */
+
+int sys_acl_get_entry( SMB_ACL_T acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
+{
+ return acl_get_entry( acl, entry_id, entry_p);
+}
+
+int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
+{
+ return acl_get_tag_type( entry_d, tag_type_p);
+}
+
+int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
+{
+ return acl_get_permset( entry_d, permset_p);
+}
+
+void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
+{
+ return acl_get_qualifier( entry_d);
+}
+
+SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
+{
+ sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
+}
+
+SMB_ACL_T sys_acl_get_fd(int fd)
+{
+ return acl_get_fd(fd);
+}
+
+int sys_acl_free( void *obj_p)
+{
+ return acl_free(obj_p);
+}
+
+#elif defined(HAVE_SOLARIS_ACLS)
+
+#elif defined(HAVE_IRIX_ACLS)
+
+#else /* No ACLs. */
+int sys_acl_get_entry( SMB_ACL_T acl, int entry_id, SMB_ACL_ENTRY_T *entry_p)
+{
+}
+
+int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p)
+{
+}
+
+int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
+{
+}
+
+void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d)
+{
+}
+
+SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type)
+{
+}
+
+int sys_acl_free( void *obj_p)
+{
+}
+#endif /* No ACLs. */
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index d9c044ec18..b106975a86 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -26,7 +26,7 @@
typedef struct canon_ace {
struct canon_ace *next, *prev;
SMB_ACL_TAG_T type;
- SMB_ACL_PERM_T perms;
+ SMB_ACL_PERMSET_T perms;
DOM_SID sid;
} canon_ace;
@@ -309,9 +309,9 @@ static BOOL unpack_nt_permissions(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *p
Map generic UNIX permissions to POSIX ACL perms.
****************************************************************************/
-static SMB_ACL_PERM_T unix_perms_to_acl_perms(mode_t mode, int r_mask, int w_mask, int x_mask)
+static SMB_ACL_PERMSET_T unix_perms_to_acl_perms(mode_t mode, int r_mask, int w_mask, int x_mask)
{
- acl_perm_t ret = 0;
+ SMB_ACL_PERMSET_T ret = 0;
ret |= (mode & r_mask) ? SMB_ACL_READ : 0;
ret |= (mode & w_mask) ? SMB_ACL_WRITE : 0;
@@ -360,6 +360,9 @@ static canon_ace *unix_canonicalise_acl(files_struct *fsp, SMB_STRUCT_STAT *psbu
canon_ace *owner_ace = NULL;
canon_ace *group_ace = NULL;
canon_ace *other_ace = NULL;
+ SMB_ACL_TAG_T type;
+ SMB_ACL_PERMSET_T perms;
+ DOM_SID sid;
/*
* Create 3 linked list entries.
@@ -378,10 +381,6 @@ static canon_ace *unix_canonicalise_acl(files_struct *fsp, SMB_STRUCT_STAT *psbu
ZERO_STRUCTP(group_ace);
ZERO_STRUCTP(other_ace);
- acl_tag_t type;
- acl_perm_t perms;
- DOM_SID sid;
-
owner_ace->type = SMB_ACL_USER_OBJ;
owner_ace->sid = *powner;
@@ -423,10 +422,10 @@ static canon_ace *unix_canonicalise_acl(files_struct *fsp, SMB_STRUCT_STAT *psbu
entries are at the front of the list, as NT requires.
****************************************************************************/
-static canon_ace *canonicalise_acl( acl_t posix_acl, SMB_STRUCT_STAT *psbuf)
+static canon_ace *canonicalise_acl( SMB_ACL_T posix_acl, SMB_STRUCT_STAT *psbuf)
{
extern DOM_SID global_sid_World;
- SMB_ACL_PERMSET_T acl_mask = (ACL_READ|ACL_WRITE|ACL_EXECUTE);
+ SMB_ACL_PERMSET_T acl_mask = (SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE);
canon_ace *list_head = NULL;
canon_ace *ace = NULL;
canon_ace *next_ace = NULL;
@@ -443,10 +442,10 @@ static canon_ace *canonicalise_acl( acl_t posix_acl, SMB_STRUCT_STAT *psbuf)
entry_id = SMB_ACL_NEXT_ENTRY;
/* Is this a MASK entry ? */
- if (acl_get_tag_type(entry, &tagtype) == -1)
+ if (sys_acl_get_tag_type(entry, &tagtype) == -1)
continue;
- if (acl_get_permset(entry, &permset) == -1)
+ if (sys_acl_get_permset(entry, &permset) == -1)
continue;
/* Decide which SID to use based on the ACL type. */