diff options
-rw-r--r-- | source3/include/smb_acls.h | 91 | ||||
-rw-r--r-- | source3/lib/sysacls.c | 110 | ||||
-rw-r--r-- | source3/smbd/posix_acls.c | 21 |
3 files changed, 211 insertions, 11 deletions
diff --git a/source3/include/smb_acls.h b/source3/include/smb_acls.h new file mode 100644 index 0000000000..6acd17c321 --- /dev/null +++ b/source3/include/smb_acls.h @@ -0,0 +1,91 @@ +/* + Unix SMB/Netbios implementation. + Version 2.2.x + Portable SMB ACL interface + Copyright (C) Jeremy Allison 2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _SMB_ACLS_H +#define _SMB_ACLS_H + +#include "includes.h" + +#if defined(HAVE_POSIX_ACLS) + +/* This is an identity mapping (just remove the SMB_). */ + +#define SMB_ACL_TAG_T acl_tag_t +#define SMB_ACL_PERMSET_T acl_permset_t +#define SMB_ACL_READ ACL_READ +#define SMB_ACL_WRITE ACL_WRITE +#define SMB_ACL_EXECUTE ACL_EXECUTE + +/* Types of ACLs. */ +#define SMB_ACL_USER ACL_USER +#define SMB_ACL_USER_OBJ ACL_USER_OBJ +#define SMB_ACL_GROUP ACL_GROUP +#define SMB_ACL_GROUP_OBJ ACL_GROUP_OBJ +#define SMB_ACL_OTHER_OBJ ACL_OTHER_OBJ +#define SMB_ACL_MASK ACL_MASK + +#define SMB_ACL_T acl_t + +#define SMB_ACL_ENTRY_T acl_entry_t + +#define SMB_ACL_FIRST_ENTRY ACL_FIRST_ENTRY +#define SMB_ACL_NEXT_ENTRY ACL_NEXT_ENTRY + +#define SMB_ACL_TYPE_ACCESS ACL_TYPE_ACCESS +#define SMB_ACL_TYPE_DEFAULT ACL_TYPE_DEFAULT + +#elif defined(HAVE_SOLARIS_ACLS) + +#elif defined(HAVE_IRIX_ACLS) + +#else /* No ACLs. */ + +/* No ACLS - fake it. */ +#define SMB_ACL_TAG_T int +#define SMB_ACL_PERMSET_T mode_t +#define SMB_ACL_READ S_IRUSR +#define SMB_ACL_WRITE S_IWUSR +#define SMB_ACL_EXECUTE S_IXUSR + +/* Types of ACLs. */ +#define SMB_ACL_USER 0 +#define SMB_ACL_USER_OBJ 1 +#define SMB_ACL_GROUP 2 +#define SMB_ACL_GROUP_OBJ 3 +#define SMB_ACL_OTHER_OBJ 4 +#define SMB_ACL_MASK 5 + +typdef struct SMB_ACL_T { + int dummy; +} *SMB_ACL_T; + +typdef struct SMB_ACL_ENTRY_T { + int dummy; +} *SMB_ACL_ENTRY_T; + +#define SMB_ACL_FIRST_ENTRY 0 +#define SMB_ACL_NEXT_ENTRY 1 + +#define SMB_ACL_TYPE_ACCESS 0 +#define SMB_ACL_TYPE_DEFAULT 1 + +#endif /* No ACLs. */ +#endif /* _SMB_ACLS_H */ diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c new file mode 100644 index 0000000000..50d9757acd --- /dev/null +++ b/source3/lib/sysacls.c @@ -0,0 +1,110 @@ +/* + Unix SMB/Netbios implementation. + Version 2.2. + Samba system utilities for ACL support. + Copyright (C) Jeremy Allison 2000. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +extern int DEBUGLEVEL; + +/* + This file wraps all differing system ACL interfaces into a consistent + one based on the POSIX interface. It also returns the correct errors + for older UNIX systems that don't support ACLs. + + The interfaces that each ACL implementation must support are as follows : + + int sys_acl_get_entry( SMB_ACL_T acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) + int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) + int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p + void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) + SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) + SMB_ACL_T sys_acl_get_fd(int fd) + int sys_acl_free( void *obj_p) + +*/ + +#if defined(HAVE_POSIX_ACLS) + +/* Identity mapping - easy. */ + +int sys_acl_get_entry( SMB_ACL_T acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + return acl_get_entry( acl, entry_id, entry_p); +} + +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) +{ + return acl_get_tag_type( entry_d, tag_type_p); +} + +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + return acl_get_permset( entry_d, permset_p); +} + +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) +{ + return acl_get_qualifier( entry_d); +} + +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) +{ + sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) +} + +SMB_ACL_T sys_acl_get_fd(int fd) +{ + return acl_get_fd(fd); +} + +int sys_acl_free( void *obj_p) +{ + return acl_free(obj_p); +} + +#elif defined(HAVE_SOLARIS_ACLS) + +#elif defined(HAVE_IRIX_ACLS) + +#else /* No ACLs. */ +int sys_acl_get_entry( SMB_ACL_T acl, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ +} + +int sys_acl_get_tag_type( SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) +{ +} + +int sys_acl_get_permset( SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ +} + +void *sys_acl_get_qualifier( SMB_ACL_ENTRY_T entry_d) +{ +} + +SMB_ACL_T sys_acl_get_file( const char *path_p, SMB_ACL_TYPE_T type) +{ +} + +int sys_acl_free( void *obj_p) +{ +} +#endif /* No ACLs. */ diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index d9c044ec18..b106975a86 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -26,7 +26,7 @@ typedef struct canon_ace { struct canon_ace *next, *prev; SMB_ACL_TAG_T type; - SMB_ACL_PERM_T perms; + SMB_ACL_PERMSET_T perms; DOM_SID sid; } canon_ace; @@ -309,9 +309,9 @@ static BOOL unpack_nt_permissions(SMB_STRUCT_STAT *psbuf, uid_t *puser, gid_t *p Map generic UNIX permissions to POSIX ACL perms. ****************************************************************************/ -static SMB_ACL_PERM_T unix_perms_to_acl_perms(mode_t mode, int r_mask, int w_mask, int x_mask) +static SMB_ACL_PERMSET_T unix_perms_to_acl_perms(mode_t mode, int r_mask, int w_mask, int x_mask) { - acl_perm_t ret = 0; + SMB_ACL_PERMSET_T ret = 0; ret |= (mode & r_mask) ? SMB_ACL_READ : 0; ret |= (mode & w_mask) ? SMB_ACL_WRITE : 0; @@ -360,6 +360,9 @@ static canon_ace *unix_canonicalise_acl(files_struct *fsp, SMB_STRUCT_STAT *psbu canon_ace *owner_ace = NULL; canon_ace *group_ace = NULL; canon_ace *other_ace = NULL; + SMB_ACL_TAG_T type; + SMB_ACL_PERMSET_T perms; + DOM_SID sid; /* * Create 3 linked list entries. @@ -378,10 +381,6 @@ static canon_ace *unix_canonicalise_acl(files_struct *fsp, SMB_STRUCT_STAT *psbu ZERO_STRUCTP(group_ace); ZERO_STRUCTP(other_ace); - acl_tag_t type; - acl_perm_t perms; - DOM_SID sid; - owner_ace->type = SMB_ACL_USER_OBJ; owner_ace->sid = *powner; @@ -423,10 +422,10 @@ static canon_ace *unix_canonicalise_acl(files_struct *fsp, SMB_STRUCT_STAT *psbu entries are at the front of the list, as NT requires. ****************************************************************************/ -static canon_ace *canonicalise_acl( acl_t posix_acl, SMB_STRUCT_STAT *psbuf) +static canon_ace *canonicalise_acl( SMB_ACL_T posix_acl, SMB_STRUCT_STAT *psbuf) { extern DOM_SID global_sid_World; - SMB_ACL_PERMSET_T acl_mask = (ACL_READ|ACL_WRITE|ACL_EXECUTE); + SMB_ACL_PERMSET_T acl_mask = (SMB_ACL_READ|SMB_ACL_WRITE|SMB_ACL_EXECUTE); canon_ace *list_head = NULL; canon_ace *ace = NULL; canon_ace *next_ace = NULL; @@ -443,10 +442,10 @@ static canon_ace *canonicalise_acl( acl_t posix_acl, SMB_STRUCT_STAT *psbuf) entry_id = SMB_ACL_NEXT_ENTRY; /* Is this a MASK entry ? */ - if (acl_get_tag_type(entry, &tagtype) == -1) + if (sys_acl_get_tag_type(entry, &tagtype) == -1) continue; - if (acl_get_permset(entry, &permset) == -1) + if (sys_acl_get_permset(entry, &permset) == -1) continue; /* Decide which SID to use based on the ACL type. */ |