From ac804f0d7f5a93ff2710e213d9213ad9960a15d6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 7 Sep 2012 15:49:47 +1000 Subject: smbd-posix_acls: Use a IDL union to store the ACL entry This is a clearer, long-term-stable structure we can hash without risking it changing. Andrew Bartlett --- librpc/idl/smb_acl.idl | 26 +++++++++--- source3/lib/sysacls.c | 16 ++++---- source3/modules/vfs_posixacl.c | 8 ++-- source4/scripting/python/samba/tests/posixacl.py | 52 +++++------------------- 4 files changed, 43 insertions(+), 59 deletions(-) diff --git a/librpc/idl/smb_acl.idl b/librpc/idl/smb_acl.idl index 7f672996b0..2904c3afa4 100644 --- a/librpc/idl/smb_acl.idl +++ b/librpc/idl/smb_acl.idl @@ -40,18 +40,34 @@ interface smb_acl SMB_ACL_OTHER = 5, SMB_ACL_MASK = 6 } smb_acl_tag_t; - + typedef struct { - smb_acl_tag_t a_type; - mode_t a_perm; uid_t uid; + } smb_acl_user; + + typedef struct { gid_t gid; + } smb_acl_group; + + typedef [switch_type(uint16)] union { + [case (SMB_ACL_USER)] smb_acl_user user; + [case (SMB_ACL_USER_OBJ)]; + [case (SMB_ACL_GROUP)] smb_acl_group group; + [case (SMB_ACL_GROUP_OBJ)]; + [case (SMB_ACL_OTHER)]; + [case (SMB_ACL_MASK)]; + } smb_acl_entry_info; + + typedef struct { + smb_acl_tag_t a_type; + [switch_is(a_type)] smb_acl_entry_info info; + mode_t a_perm; } smb_acl_entry; [public] typedef struct { - int size; + [value(0)] int size; int count; - int next; + [value(0)] int next; [size_is(count)] smb_acl_entry acl[*]; } smb_acl_t; diff --git a/source3/lib/sysacls.c b/source3/lib/sysacls.c index 31966c6077..1b6eb9a35c 100644 --- a/source3/lib/sysacls.c +++ b/source3/lib/sysacls.c @@ -107,11 +107,11 @@ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d) { if (entry_d->a_type == SMB_ACL_USER) { - return &entry_d->uid; + return &entry_d->info.user.uid; } if (entry_d->a_type == SMB_ACL_GROUP) { - return &entry_d->gid; + return &entry_d->info.group.gid; } errno = EINVAL; @@ -189,15 +189,15 @@ char *sys_acl_to_text(const struct smb_acl_t *acl_d, ssize_t *len_p) break; case SMB_ACL_USER: - id = uidtoname(ap->uid); + id = uidtoname(ap->info.user.uid); case SMB_ACL_USER_OBJ: tag = "user"; break; case SMB_ACL_GROUP: - if ((gr = getgrgid(ap->gid)) == NULL) { + if ((gr = getgrgid(ap->info.group.gid)) == NULL) { slprintf(idbuf, sizeof(idbuf)-1, "%ld", - (long)ap->gid); + (long)ap->info.group.gid); id = idbuf; } else { id = gr->gr_name; @@ -294,8 +294,6 @@ int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p) entry_d = &acl_d->acl[acl_d->count++]; entry_d->a_type = SMB_ACL_TAG_INVALID; - entry_d->uid = -1; - entry_d->gid = -1; entry_d->a_perm = 0; *entry_p = entry_d; @@ -324,11 +322,11 @@ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type) int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p) { if (entry_d->a_type == SMB_ACL_USER) { - entry_d->uid = *((uid_t *)qual_p); + entry_d->info.user.uid = *((uid_t *)qual_p); return 0; } if (entry_d->a_type == SMB_ACL_GROUP) { - entry_d->gid = *((gid_t *)qual_p); + entry_d->info.group.gid = *((gid_t *)qual_p); return 0; } diff --git a/source3/modules/vfs_posixacl.c b/source3/modules/vfs_posixacl.c index 407a3a1724..c9f8bd5f2d 100644 --- a/source3/modules/vfs_posixacl.c +++ b/source3/modules/vfs_posixacl.c @@ -177,7 +177,7 @@ static bool smb_ace_to_internal(acl_entry_t posix_ace, DEBUG(0, ("smb_acl_get_qualifier failed\n")); return False; } - ace->uid = *puid; + ace->info.user.uid = *puid; acl_free(puid); break; } @@ -188,7 +188,7 @@ static bool smb_ace_to_internal(acl_entry_t posix_ace, DEBUG(0, ("smb_acl_get_qualifier failed\n")); return False; } - ace->gid = *pgid; + ace->info.group.gid = *pgid; acl_free(pgid); break; } @@ -323,14 +323,14 @@ static acl_t smb_acl_to_posix(const struct smb_acl_t *acl) switch (entry->a_type) { case SMB_ACL_USER: - if (acl_set_qualifier(e, &entry->uid) != 0) { + if (acl_set_qualifier(e, &entry->info.user.uid) != 0) { DEBUG(1, ("acl_set_qualifiier failed: %s\n", strerror(errno))); goto fail; } break; case SMB_ACL_GROUP: - if (acl_set_qualifier(e, &entry->gid) != 0) { + if (acl_set_qualifier(e, &entry->info.group.gid) != 0) { DEBUG(1, ("acl_set_qualifiier failed: %s\n", strerror(errno))); goto fail; diff --git a/source4/scripting/python/samba/tests/posixacl.py b/source4/scripting/python/samba/tests/posixacl.py index ba0911d78c..b323f91f1a 100644 --- a/source4/scripting/python/samba/tests/posixacl.py +++ b/source4/scripting/python/samba/tests/posixacl.py @@ -35,9 +35,6 @@ from samba.samba3 import param as s3param # print "uid: %d" % entry.uid # print "gid: %d" % entry.gid -def is_minus_one(val): - return (val == -1 or val == 4294967295) - class PosixAclMappingTests(TestCase): def test_setntacl(self): @@ -162,48 +159,35 @@ class PosixAclMappingTests(TestCase): self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP) self.assertEquals(posix_acl.acl[0].a_perm, 7) - self.assertEquals(posix_acl.acl[0].gid, BA_gid) - self.assertTrue(is_minus_one(posix_acl.acl[0].uid)) + self.assertEquals(posix_acl.acl[0].info.gid, BA_gid) self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER) self.assertEquals(posix_acl.acl[1].a_perm, 6) - self.assertEquals(posix_acl.acl[1].uid, LA_uid) - self.assertTrue(is_minus_one(posix_acl.acl[1].gid)) + self.assertEquals(posix_acl.acl[1].info.uid, LA_uid) self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER) self.assertEquals(posix_acl.acl[2].a_perm, 0) - self.assertTrue(is_minus_one(posix_acl.acl[2].uid)) - self.assertTrue(is_minus_one(posix_acl.acl[2].gid)) self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ) self.assertEquals(posix_acl.acl[3].a_perm, 6) - self.assertTrue(is_minus_one(posix_acl.acl[3].uid)) - self.assertTrue(is_minus_one(posix_acl.acl[3].gid)) self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_GROUP_OBJ) self.assertEquals(posix_acl.acl[4].a_perm, 7) - self.assertTrue(is_minus_one(posix_acl.acl[4].uid)) - self.assertTrue(is_minus_one(posix_acl.acl[4].gid)) self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP) self.assertEquals(posix_acl.acl[5].a_perm, 5) - self.assertEquals(posix_acl.acl[5].gid, SO_gid) - self.assertTrue(is_minus_one(posix_acl.acl[5].uid)) + self.assertEquals(posix_acl.acl[5].info.gid, SO_gid) self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_GROUP) self.assertEquals(posix_acl.acl[6].a_perm, 7) - self.assertEquals(posix_acl.acl[6].gid, SY_gid) - self.assertTrue(is_minus_one(posix_acl.acl[6].uid)) + self.assertEquals(posix_acl.acl[6].info.gid, SY_gid) self.assertEquals(posix_acl.acl[7].a_type, smb_acl.SMB_ACL_GROUP) self.assertEquals(posix_acl.acl[7].a_perm, 5) - self.assertEquals(posix_acl.acl[7].gid, AU_gid) - self.assertTrue(is_minus_one(posix_acl.acl[7].uid)) + self.assertEquals(posix_acl.acl[7].info.gid, AU_gid) self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_MASK) self.assertEquals(posix_acl.acl[8].a_perm, 7) - self.assertTrue(is_minus_one(posix_acl.acl[8].uid)) - self.assertTrue(is_minus_one(posix_acl.acl[8].gid)) # check that it matches: @@ -304,53 +288,39 @@ class PosixAclMappingTests(TestCase): self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP) self.assertEquals(posix_acl.acl[0].a_perm, 7) - self.assertEquals(posix_acl.acl[0].gid, BA_gid) - self.assertTrue(is_minus_one(posix_acl.acl[0].uid)) + self.assertEquals(posix_acl.acl[0].info.gid, BA_gid) self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER) self.assertEquals(posix_acl.acl[1].a_perm, 6) - self.assertEquals(posix_acl.acl[1].uid, LA_uid) - self.assertTrue(is_minus_one(posix_acl.acl[1].gid)) + self.assertEquals(posix_acl.acl[1].info.uid, LA_uid) self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER) self.assertEquals(posix_acl.acl[2].a_perm, 0) - self.assertTrue(is_minus_one(posix_acl.acl[2].uid)) - self.assertTrue(is_minus_one(posix_acl.acl[2].gid)) self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ) self.assertEquals(posix_acl.acl[3].a_perm, 6) - self.assertTrue(is_minus_one(posix_acl.acl[3].uid)) - self.assertTrue(is_minus_one(posix_acl.acl[3].gid)) self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_GROUP_OBJ) self.assertEquals(posix_acl.acl[4].a_perm, 7) - self.assertTrue(is_minus_one(posix_acl.acl[4].uid)) - self.assertTrue(is_minus_one(posix_acl.acl[4].gid)) self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP) self.assertEquals(posix_acl.acl[5].a_perm, 5) - self.assertEquals(posix_acl.acl[5].gid, SO_gid) - self.assertTrue(is_minus_one(posix_acl.acl[5].uid)) + self.assertEquals(posix_acl.acl[5].info.gid, SO_gid) self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_GROUP) self.assertEquals(posix_acl.acl[6].a_perm, 7) - self.assertEquals(posix_acl.acl[6].gid, SY_gid) - self.assertTrue(is_minus_one(posix_acl.acl[6].uid)) + self.assertEquals(posix_acl.acl[6].info.gid, SY_gid) self.assertEquals(posix_acl.acl[7].a_type, smb_acl.SMB_ACL_GROUP) self.assertEquals(posix_acl.acl[7].a_perm, 5) - self.assertEquals(posix_acl.acl[7].gid, AU_gid) - self.assertTrue(is_minus_one(posix_acl.acl[7].uid)) + self.assertEquals(posix_acl.acl[7].info.gid, AU_gid) self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_GROUP) self.assertEquals(posix_acl.acl[8].a_perm, 7) - self.assertEquals(posix_acl.acl[8].gid, PA_gid) - self.assertTrue(is_minus_one(posix_acl.acl[8].uid)) + self.assertEquals(posix_acl.acl[8].info.gid, PA_gid) self.assertEquals(posix_acl.acl[9].a_type, smb_acl.SMB_ACL_MASK) self.assertEquals(posix_acl.acl[9].a_perm, 7) - self.assertTrue(is_minus_one(posix_acl.acl[9].uid)) - self.assertTrue(is_minus_one(posix_acl.acl[9].gid)) # check that it matches: -- cgit