typedef struct _SMB_ACE4_INT_T SMB_ACE4_INT_T |
typedef struct _SMB_ACL4_INT_T SMB_ACL4_INT_T |
typedef struct _smbacl4_vfs_params smbacl4_vfs_params |
enum smbacl4_mode_enum |
enum smbacl4_acedup_enum |
int try_chown | ( | connection_struct * | conn, | |
const char * | fname, | |||
uid_t | uid, | |||
gid_t | gid | |||
) |
posix_acls.c の 3056 行で定義されています。
参照元 set_nt_acl()・smb_set_nt_acl_nfs4().
03057 { 03058 int ret; 03059 files_struct *fsp; 03060 SMB_STRUCT_STAT st; 03061 03062 if(!CAN_WRITE(conn)) { 03063 return -1; 03064 } 03065 03066 /* Case (1). */ 03067 /* try the direct way first */ 03068 ret = SMB_VFS_CHOWN(conn, fname, uid, gid); 03069 if (ret == 0) 03070 return 0; 03071 03072 /* Case (2) / (3) */ 03073 if (lp_enable_privileges()) { 03074 03075 BOOL has_take_ownership_priv = user_has_privileges(current_user.nt_user_token, 03076 &se_take_ownership); 03077 BOOL has_restore_priv = user_has_privileges(current_user.nt_user_token, 03078 &se_restore); 03079 03080 /* Case (2) */ 03081 if ( ( has_take_ownership_priv && ( uid == current_user.ut.uid ) ) || 03082 /* Case (3) */ 03083 ( has_restore_priv ) ) { 03084 03085 become_root(); 03086 /* Keep the current file gid the same - take ownership doesn't imply group change. */ 03087 ret = SMB_VFS_CHOWN(conn, fname, uid, (gid_t)-1); 03088 unbecome_root(); 03089 return ret; 03090 } 03091 } 03092 03093 /* Case (4). */ 03094 if (!lp_dos_filemode(SNUM(conn))) { 03095 return -1; 03096 } 03097 03098 /* only allow chown to the current user. This is more secure, 03099 and also copes with the case where the SID in a take ownership ACL is 03100 a local SID on the users workstation 03101 */ 03102 if (uid != current_user.ut.uid) { 03103 errno = EPERM; 03104 return -1; 03105 } 03106 03107 if (SMB_VFS_STAT(conn,fname,&st)) { 03108 return -1; 03109 } 03110 03111 if (!NT_STATUS_IS_OK(open_file_fchmod(conn,fname,&st,&fsp))) { 03112 return -1; 03113 } 03114 03115 become_root(); 03116 /* Keep the current file gid the same. */ 03117 ret = SMB_VFS_FCHOWN(fsp, fsp->fh->fd, uid, (gid_t)-1); 03118 unbecome_root(); 03119 03120 close_file_fchmod(fsp); 03121 03122 return ret; 03123 }
BOOL unpack_nt_owners | ( | int | snum, | |
uid_t * | puser, | |||
gid_t * | pgrp, | |||
uint32 | security_info_sent, | |||
SEC_DESC * | psd | |||
) |
posix_acls.c の 929 行で定義されています。
参照元 set_nt_acl()・smb_set_nt_acl_nfs4().
00930 { 00931 DOM_SID owner_sid; 00932 DOM_SID grp_sid; 00933 00934 *puser = (uid_t)-1; 00935 *pgrp = (gid_t)-1; 00936 00937 if(security_info_sent == 0) { 00938 DEBUG(0,("unpack_nt_owners: no security info sent !\n")); 00939 return True; 00940 } 00941 00942 /* 00943 * Validate the owner and group SID's. 00944 */ 00945 00946 memset(&owner_sid, '\0', sizeof(owner_sid)); 00947 memset(&grp_sid, '\0', sizeof(grp_sid)); 00948 00949 DEBUG(5,("unpack_nt_owners: validating owner_sids.\n")); 00950 00951 /* 00952 * Don't immediately fail if the owner sid cannot be validated. 00953 * This may be a group chown only set. 00954 */ 00955 00956 if (security_info_sent & OWNER_SECURITY_INFORMATION) { 00957 sid_copy(&owner_sid, psd->owner_sid); 00958 if (!sid_to_uid(&owner_sid, puser)) { 00959 if (lp_force_unknown_acl_user(snum)) { 00960 /* this allows take ownership to work 00961 * reasonably */ 00962 *puser = current_user.ut.uid; 00963 } else { 00964 DEBUG(3,("unpack_nt_owners: unable to validate" 00965 " owner sid for %s\n", 00966 sid_string_static(&owner_sid))); 00967 return False; 00968 } 00969 } 00970 } 00971 00972 /* 00973 * Don't immediately fail if the group sid cannot be validated. 00974 * This may be an owner chown only set. 00975 */ 00976 00977 if (security_info_sent & GROUP_SECURITY_INFORMATION) { 00978 sid_copy(&grp_sid, psd->group_sid); 00979 if (!sid_to_gid( &grp_sid, pgrp)) { 00980 if (lp_force_unknown_acl_user(snum)) { 00981 /* this allows take group ownership to work 00982 * reasonably */ 00983 *pgrp = current_user.ut.gid; 00984 } else { 00985 DEBUG(3,("unpack_nt_owners: unable to validate" 00986 " group sid.\n")); 00987 return False; 00988 } 00989 } 00990 } 00991 00992 DEBUG(5,("unpack_nt_owners: owner_sids validated.\n")); 00993 00994 return True; 00995 }
static SMB_ACL4_INT_T* get_validated_aclint | ( | SMB4ACL_T * | acl | ) | [static] |
nfs4_acls.c の 48 行で定義されています。
参照先 errno・_SMB_ACL4_INT_T::magic.
参照元 smb_add_ace4()・smb_first_ace4()・smb_get_naces()・smbacl4_dump_nfs4acl()・smbacl4_find_equal_special()・smbacl4_nfs42win().
00049 { 00050 SMB_ACL4_INT_T *aclint = (SMB_ACL4_INT_T *)acl; 00051 if (acl==NULL) 00052 { 00053 DEBUG(2, ("acl is NULL\n")); 00054 errno = EINVAL; 00055 return NULL; 00056 } 00057 if (aclint->magic!=SMB_ACL4_INT_MAGIC) 00058 { 00059 DEBUG(2, ("aclint bad magic 0x%x\n", aclint->magic)); 00060 errno = EINVAL; 00061 return NULL; 00062 } 00063 return aclint; 00064 }
static SMB_ACE4_INT_T* get_validated_aceint | ( | SMB4ACE_T * | ace | ) | [static] |
nfs4_acls.c の 66 行で定義されています。
参照先 errno・_SMB_ACE4_INT_T::magic.
参照元 smb_get_ace4()・smb_next_ace4().
00067 { 00068 SMB_ACE4_INT_T *aceint = (SMB_ACE4_INT_T *)ace; 00069 if (ace==NULL) 00070 { 00071 DEBUG(2, ("ace is NULL\n")); 00072 errno = EINVAL; 00073 return NULL; 00074 } 00075 if (aceint->magic!=SMB_ACE4_INT_MAGIC) 00076 { 00077 DEBUG(2, ("aceint bad magic 0x%x\n", aceint->magic)); 00078 errno = EINVAL; 00079 return NULL; 00080 } 00081 return aceint; 00082 }
SMB4ACL_T* smb_create_smb4acl | ( | void | ) |
nfs4_acls.c の 84 行で定義されています。
参照先 errno・_SMB_ACL4_INT_T::magic・main_loop_talloc_get().
参照元 aixjfs2_get_nfs4_acl()・gpfs_get_nfs4_acl()・smbacl4_win2nfs4().
00085 { 00086 TALLOC_CTX *mem_ctx = main_loop_talloc_get(); 00087 SMB_ACL4_INT_T *acl = (SMB_ACL4_INT_T *)TALLOC_SIZE(mem_ctx, sizeof(SMB_ACL4_INT_T)); 00088 if (acl==NULL) 00089 { 00090 DEBUG(0, ("TALLOC_SIZE failed\n")); 00091 errno = ENOMEM; 00092 return NULL; 00093 } 00094 memset(acl, 0, sizeof(SMB_ACL4_INT_T)); 00095 acl->magic = SMB_ACL4_INT_MAGIC; 00096 /* acl->first, last = NULL not needed */ 00097 return (SMB4ACL_T *)acl; 00098 }
SMB4ACE_T* smb_add_ace4 | ( | SMB4ACL_T * | acl, | |
SMB_ACE4PROP_T * | prop | |||
) |
nfs4_acls.c の 100 行で定義されています。
参照先 errno・_SMB_ACL4_INT_T::first・get_validated_aclint()・_SMB_ACL4_INT_T::last・_SMB_ACE4_INT_T::magic・main_loop_talloc_get()・_SMB_ACL4_INT_T::naces・_SMB_ACE4_INT_T::next・_SMB_ACE4_INT_T::prop.
参照元 aixjfs2_get_nfs4_acl()・gpfs_get_nfs4_acl()・smbacl4_win2nfs4().
00101 { 00102 SMB_ACL4_INT_T *aclint = get_validated_aclint(acl); 00103 TALLOC_CTX *mem_ctx = main_loop_talloc_get(); 00104 SMB_ACE4_INT_T *ace; 00105 00106 ace = (SMB_ACE4_INT_T *)TALLOC_SIZE(mem_ctx, sizeof(SMB_ACE4_INT_T)); 00107 if (ace==NULL) 00108 { 00109 DEBUG(0, ("TALLOC_SIZE failed\n")); 00110 errno = ENOMEM; 00111 return NULL; 00112 } 00113 memset(ace, 0, sizeof(SMB_ACE4_INT_T)); 00114 ace->magic = SMB_ACE4_INT_MAGIC; 00115 /* ace->next = NULL not needed */ 00116 memcpy(&ace->prop, prop, sizeof(SMB_ACE4PROP_T)); 00117 00118 if (aclint->first==NULL) 00119 { 00120 aclint->first = ace; 00121 aclint->last = ace; 00122 } else { 00123 aclint->last->next = (void *)ace; 00124 aclint->last = ace; 00125 } 00126 aclint->naces++; 00127 00128 return (SMB4ACE_T *)ace; 00129 }
SMB_ACE4PROP_T* smb_get_ace4 | ( | SMB4ACE_T * | ace | ) |
nfs4_acls.c の 131 行で定義されています。
参照先 get_validated_aceint()・_SMB_ACE4_INT_T::prop.
参照元 aixjfs2_process_smbacl()・gpfsacl_process_smbacl().
00132 { 00133 SMB_ACE4_INT_T *aceint = get_validated_aceint(ace); 00134 if (aceint==NULL) 00135 return NULL; 00136 00137 return &aceint->prop; 00138 }
nfs4_acls.c の 140 行で定義されています。
参照先 get_validated_aceint()・_SMB_ACE4_INT_T::next.
参照元 aixjfs2_process_smbacl()・gpfsacl_process_smbacl().
00141 { 00142 SMB_ACE4_INT_T *aceint = get_validated_aceint(ace); 00143 if (aceint==NULL) 00144 return NULL; 00145 00146 return (SMB4ACE_T *)aceint->next; 00147 }
nfs4_acls.c の 149 行で定義されています。
参照先 _SMB_ACL4_INT_T::first・get_validated_aclint().
参照元 aixjfs2_process_smbacl()・gpfsacl_process_smbacl().
00150 { 00151 SMB_ACL4_INT_T *aclint = get_validated_aclint(acl); 00152 if (aclint==NULL) 00153 return NULL; 00154 00155 return (SMB4ACE_T *)aclint->first; 00156 }
uint32 smb_get_naces | ( | SMB4ACL_T * | acl | ) |
nfs4_acls.c の 158 行で定義されています。
参照先 get_validated_aclint()・_SMB_ACL4_INT_T::naces.
参照元 aixjfs2_process_smbacl()・smb_get_nt_acl_nfs4().
00159 { 00160 SMB_ACL4_INT_T *aclint = get_validated_aclint(acl); 00161 if (aclint==NULL) 00162 return 0; 00163 00164 return aclint->naces; 00165 }
static int smbacl4_GetFileOwner | ( | files_struct * | fsp, | |
SMB_STRUCT_STAT * | psbuf | |||
) | [static] |
nfs4_acls.c の 167 行で定義されています。
参照先 files_struct::conn・errno・fd_handle::fd・files_struct::fh・files_struct::fsp_name・files_struct::is_directory・strerror().
参照元 smb_get_nt_acl_nfs4()・smb_set_nt_acl_nfs4().
00168 { 00169 memset(psbuf, 0, sizeof(SMB_STRUCT_STAT)); 00170 if (fsp->is_directory || fsp->fh->fd == -1) { 00171 /* Get the stat struct for the owner info. */ 00172 if (SMB_VFS_STAT(fsp->conn,fsp->fsp_name, psbuf) != 0) 00173 { 00174 DEBUG(8, ("SMB_VFS_STAT failed with error %s\n", 00175 strerror(errno))); 00176 return -1; 00177 } 00178 } else { 00179 if (SMB_VFS_FSTAT(fsp,fsp->fh->fd, psbuf) != 0) 00180 { 00181 DEBUG(8, ("SMB_VFS_FSTAT failed with error %s\n", 00182 strerror(errno))); 00183 return -1; 00184 } 00185 } 00186 00187 return 0; 00188 }
static BOOL smbacl4_nfs42win | ( | SMB4ACL_T * | acl, | |
DOM_SID * | psid_owner, | |||
DOM_SID * | psid_group, | |||
SEC_ACE ** | ppnt_ace_list, | |||
int * | pgood_aces | |||
) | [static] |
nfs4_acls.c の 190 行で定義されています。
参照先 _SMB_ACE4PROP_T::aceFlags・_SMB_ACE4PROP_T::aceMask・_SMB_ACE4PROP_T::aceType・errno・_SMB_ACL4_INT_T::first・_SMB_ACE4PROP_T::flags・get_validated_aclint()・_SMB_NFS4_ACEWHOID_T::gid・gid_to_sid()・global_sid_World・_SMB_NFS4_ACEWHOID_T::id・init_sec_access()・init_sec_ace()・_SMB_ACE4_INT_T::magic・main_loop_talloc_get()・_SMB_ACL4_INT_T::naces・_SMB_ACE4_INT_T::next・_SMB_ACE4_INT_T::prop・sid_copy()・sid_string_static()・_SMB_NFS4_ACEWHOID_T::special_id・_SMB_NFS4_ACEWHOID_T::uid・uid_to_sid()・_SMB_ACE4PROP_T::who.
00196 { 00197 SMB_ACL4_INT_T *aclint = (SMB_ACL4_INT_T *)acl; 00198 SMB_ACE4_INT_T *aceint; 00199 SEC_ACE *nt_ace_list = NULL; 00200 int good_aces = 0; 00201 TALLOC_CTX *mem_ctx = main_loop_talloc_get(); 00202 00203 DEBUG(10, ("smbacl_nfs42win entered")); 00204 00205 aclint = get_validated_aclint(acl); 00206 if (aclint==NULL) 00207 return False; 00208 00209 if (aclint->naces) { 00210 nt_ace_list = (SEC_ACE *)TALLOC_SIZE(mem_ctx, aclint->naces * sizeof(SEC_ACE)); 00211 if (nt_ace_list==NULL) 00212 { 00213 DEBUG(10, ("talloc error")); 00214 errno = ENOMEM; 00215 return False; 00216 } 00217 memset(nt_ace_list, 0, aclint->naces * sizeof(SEC_ACE)); 00218 } else { 00219 nt_ace_list = NULL; 00220 } 00221 00222 for (aceint=aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) { 00223 SEC_ACCESS mask; 00224 DOM_SID sid; 00225 SMB_ACE4PROP_T *ace = &aceint->prop; 00226 00227 DEBUG(10, ("magic: 0x%x, type: %d, iflags: %x, flags: %x, mask: %x, " 00228 "who: %d\n", aceint->magic, ace->aceType, ace->flags, 00229 ace->aceFlags, ace->aceMask, ace->who.id)); 00230 00231 SMB_ASSERT(aceint->magic==SMB_ACE4_INT_MAGIC); 00232 00233 if (ace->flags & SMB_ACE4_ID_SPECIAL) { 00234 switch (ace->who.special_id) { 00235 case SMB_ACE4_WHO_OWNER: 00236 sid_copy(&sid, psid_owner); 00237 break; 00238 case SMB_ACE4_WHO_GROUP: 00239 sid_copy(&sid, psid_group); 00240 break; 00241 case SMB_ACE4_WHO_EVERYONE: 00242 sid_copy(&sid, &global_sid_World); 00243 break; 00244 default: 00245 DEBUG(8, ("invalid special who id %d " 00246 "ignored\n", ace->who.special_id)); 00247 } 00248 } else { 00249 if (ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP) { 00250 gid_to_sid(&sid, ace->who.gid); 00251 } else { 00252 uid_to_sid(&sid, ace->who.uid); 00253 } 00254 } 00255 DEBUG(10, ("mapped %d to %s\n", ace->who.id, 00256 sid_string_static(&sid))); 00257 00258 init_sec_access(&mask, ace->aceMask); 00259 init_sec_ace(&nt_ace_list[good_aces++], &sid, 00260 ace->aceType, mask, 00261 ace->aceFlags & 0xf); 00262 } 00263 00264 *ppnt_ace_list = nt_ace_list; 00265 *pgood_aces = good_aces; 00266 00267 return True; 00268 }
size_t smb_get_nt_acl_nfs4 | ( | files_struct * | fsp, | |
uint32 | security_info, | |||
SEC_DESC ** | ppdesc, | |||
SMB4ACL_T * | acl | |||
) |
nfs4_acls.c の 270 行で定義されています。
参照先 files_struct::fsp_name・gid_to_sid()・main_loop_talloc_get()・make_sec_acl()・make_sec_desc()・smb_get_naces()・smbacl4_GetFileOwner()・smbacl4_nfs42win()・uid_to_sid().
参照元 aixjfs2_get_nt_acl_common()・gpfsacl_get_nt_acl_common().
00273 { 00274 int good_aces = 0; 00275 SMB_STRUCT_STAT sbuf; 00276 DOM_SID sid_owner, sid_group; 00277 size_t sd_size = 0; 00278 SEC_ACE *nt_ace_list = NULL; 00279 SEC_ACL *psa = NULL; 00280 TALLOC_CTX *mem_ctx = main_loop_talloc_get(); 00281 00282 DEBUG(10, ("smb_get_nt_acl_nfs4 invoked for %s\n", fsp->fsp_name)); 00283 00284 if (acl==NULL || smb_get_naces(acl)==0) 00285 return 0; /* special because we shouldn't alloc 0 for win */ 00286 00287 if (smbacl4_GetFileOwner(fsp, &sbuf)) 00288 return 0; 00289 00290 uid_to_sid(&sid_owner, sbuf.st_uid); 00291 gid_to_sid(&sid_group, sbuf.st_gid); 00292 00293 if (smbacl4_nfs42win(acl, 00294 &sid_owner, 00295 &sid_group, 00296 &nt_ace_list, 00297 &good_aces 00298 )==False) { 00299 DEBUG(8,("smbacl4_nfs42win failed\n")); 00300 return 0; 00301 } 00302 00303 psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 00304 good_aces, nt_ace_list); 00305 if (psa == NULL) { 00306 DEBUG(2,("make_sec_acl failed\n")); 00307 return 0; 00308 } 00309 00310 DEBUG(10,("after make sec_acl\n")); 00311 *ppdesc = make_sec_desc(mem_ctx, SEC_DESC_REVISION, 00312 SEC_DESC_SELF_RELATIVE, 00313 (security_info & OWNER_SECURITY_INFORMATION) 00314 ? &sid_owner : NULL, 00315 (security_info & GROUP_SECURITY_INFORMATION) 00316 ? &sid_group : NULL, 00317 NULL, psa, &sd_size); 00318 if (*ppdesc==NULL) { 00319 DEBUG(2,("make_sec_desc failed\n")); 00320 return 0; 00321 } 00322 00323 DEBUG(10, ("smb_get_nt_acl_nfs4 successfully exited with sd_size %d\n", sd_size)); 00324 return sd_size; 00325 }
static int smbacl4_get_vfs_params | ( | const char * | type_name, | |
files_struct * | fsp, | |||
smbacl4_vfs_params * | params | |||
) | [static] |
nfs4_acls.c の 339 行で定義されています。
参照先 _smbacl4_vfs_params::acedup・files_struct::conn・_smbacl4_vfs_params::do_chown・e_dontcare・e_ignore・e_merge・e_reject・e_simple・e_special・lp_parm_bool()・lp_parm_enum()・_smbacl4_vfs_params::mode.
00344 { 00345 static const struct enum_list enum_smbacl4_modes[] = { 00346 { e_simple, "simple" }, 00347 { e_special, "special" } 00348 }; 00349 static const struct enum_list enum_smbacl4_acedups[] = { 00350 { e_dontcare, "dontcare" }, 00351 { e_reject, "reject" }, 00352 { e_ignore, "ignore" }, 00353 { e_merge, "merge" }, 00354 }; 00355 00356 memset(params, 0, sizeof(smbacl4_vfs_params)); 00357 params->mode = (enum smbacl4_mode_enum)lp_parm_enum( 00358 SNUM(fsp->conn), type_name, 00359 "mode", enum_smbacl4_modes, e_simple); 00360 params->do_chown = lp_parm_bool(SNUM(fsp->conn), type_name, 00361 "chown", True); 00362 params->acedup = (enum smbacl4_acedup_enum)lp_parm_enum( 00363 SNUM(fsp->conn), type_name, 00364 "acedup", enum_smbacl4_acedups, e_dontcare); 00365 00366 DEBUG(10, ("mode:%s, do_chown:%s, acedup: %s\n", 00367 enum_smbacl4_modes[params->mode].name, 00368 params->do_chown ? "true" : "false", 00369 enum_smbacl4_acedups[params->acedup].name)); 00370 00371 return 0; 00372 }
static void smbacl4_dump_nfs4acl | ( | int | level, | |
SMB4ACL_T * | acl | |||
) | [static] |
nfs4_acls.c の 374 行で定義されています。
参照先 _SMB_ACE4PROP_T::aceFlags・_SMB_ACE4PROP_T::aceMask・_SMB_ACE4PROP_T::aceType・_SMB_ACL4_INT_T::first・_SMB_ACE4PROP_T::flags・get_validated_aclint()・_SMB_NFS4_ACEWHOID_T::id・_SMB_ACL4_INT_T::naces・_SMB_ACE4_INT_T::next・_SMB_ACE4_INT_T::prop・_SMB_ACE4PROP_T::who.
00375 { 00376 SMB_ACL4_INT_T *aclint = get_validated_aclint(acl); 00377 SMB_ACE4_INT_T *aceint; 00378 00379 DEBUG(level, ("NFS4ACL: size=%d\n", aclint->naces)); 00380 00381 for(aceint = aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) { 00382 SMB_ACE4PROP_T *ace = &aceint->prop; 00383 00384 DEBUG(level, ("\tACE: type=%d, flags=0x%x, fflags=0x%x, mask=0x%x, id=%d\n", 00385 ace->aceType, 00386 ace->aceFlags, ace->flags, 00387 ace->aceMask, 00388 ace->who.id)); 00389 } 00390 }
static SMB_ACE4PROP_T* smbacl4_find_equal_special | ( | SMB4ACL_T * | acl, | |
SMB_ACE4PROP_T * | aceNew | |||
) | [static] |
nfs4_acls.c の 397 行で定義されています。
参照先 _SMB_ACE4PROP_T::aceFlags・_SMB_ACE4PROP_T::aceType・_SMB_ACL4_INT_T::first・_SMB_ACE4PROP_T::flags・get_validated_aclint()・_SMB_NFS4_ACEWHOID_T::gid・_SMB_ACE4_INT_T::next・_SMB_ACE4_INT_T::prop・_SMB_NFS4_ACEWHOID_T::special_id・_SMB_NFS4_ACEWHOID_T::uid・_SMB_ACE4PROP_T::who.
参照元 smbacl4_MergeIgnoreReject().
00400 { 00401 SMB_ACL4_INT_T *aclint = get_validated_aclint(acl); 00402 SMB_ACE4_INT_T *aceint; 00403 00404 for(aceint = aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) { 00405 SMB_ACE4PROP_T *ace = &aceint->prop; 00406 00407 if (ace->flags == aceNew->flags && 00408 ace->aceType==aceNew->aceType && 00409 (ace->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)== 00410 (aceNew->aceFlags&SMB_ACE4_IDENTIFIER_GROUP) 00411 ) { 00412 /* keep type safety; e.g. gid is an u.short */ 00413 if (ace->flags & SMB_ACE4_ID_SPECIAL) 00414 { 00415 if (ace->who.special_id==aceNew->who.special_id) 00416 return ace; 00417 } else { 00418 if (ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP) 00419 { 00420 if (ace->who.gid==aceNew->who.gid) 00421 return ace; 00422 } else { 00423 if (ace->who.uid==aceNew->who.uid) 00424 return ace; 00425 } 00426 } 00427 } 00428 } 00429 00430 return NULL; 00431 }
static int smbacl4_fill_ace4 | ( | TALLOC_CTX * | mem_ctx, | |
smbacl4_vfs_params * | params, | |||
uid_t | ownerUID, | |||
gid_t | ownerGID, | |||
SEC_ACE * | ace_nt, | |||
SMB_ACE4PROP_T * | ace_v4 | |||
) | [static] |
nfs4_acls.c の 433 行で定義されています。
参照先 security_ace_info::access_mask・_SMB_ACE4PROP_T::aceFlags・_SMB_ACE4PROP_T::aceMask・_SMB_ACE4PROP_T::aceType・e_special・errno・_SMB_ACE4PROP_T::flags・security_ace_info::flags・_SMB_NFS4_ACEWHOID_T::gid・global_sid_World・lookup_sid()・_smbacl4_vfs_params::mode・name・sid_equal()・SID_NAME_USER・sid_string_static()・sid_to_gid()・sid_to_uid()・_SMB_NFS4_ACEWHOID_T::special_id・security_ace_info::trustee・security_ace_info::type・type・_SMB_NFS4_ACEWHOID_T::uid・_SMB_ACE4PROP_T::who.
参照元 smbacl4_win2nfs4().
00441 { 00442 const char *dom, *name; 00443 enum lsa_SidType type; 00444 uid_t uid; 00445 gid_t gid; 00446 00447 DEBUG(10, ("got ace for %s\n", 00448 sid_string_static(&ace_nt->trustee))); 00449 00450 memset(ace_v4, 0, sizeof(SMB_ACE4PROP_T)); 00451 ace_v4->aceType = ace_nt->type; /* only ACCES|DENY supported right now */ 00452 ace_v4->aceFlags = ace_nt->flags & SEC_ACE_FLAG_VALID_INHERIT; 00453 ace_v4->aceMask = ace_nt->access_mask & 00454 (STD_RIGHT_ALL_ACCESS | SA_RIGHT_FILE_ALL_ACCESS); 00455 00456 if (ace_v4->aceFlags!=ace_nt->flags) 00457 DEBUG(9, ("ace_v4->aceFlags(0x%x)!=ace_nt->flags(0x%x)\n", 00458 ace_v4->aceFlags, ace_nt->flags)); 00459 00460 if (ace_v4->aceMask!=ace_nt->access_mask) 00461 DEBUG(9, ("ace_v4->aceMask(0x%x)!=ace_nt->access_mask(0x%x)\n", 00462 ace_v4->aceMask, ace_nt->access_mask)); 00463 00464 if (sid_equal(&ace_nt->trustee, &global_sid_World)) { 00465 ace_v4->who.special_id = SMB_ACE4_WHO_EVERYONE; 00466 ace_v4->flags |= SMB_ACE4_ID_SPECIAL; 00467 } else { 00468 if (!lookup_sid(mem_ctx, &ace_nt->trustee, &dom, &name, &type)) { 00469 DEBUG(8, ("Could not find %s' type\n", 00470 sid_string_static(&ace_nt->trustee))); 00471 errno = EINVAL; 00472 return -1; 00473 } 00474 00475 if (type == SID_NAME_USER) { 00476 if (!sid_to_uid(&ace_nt->trustee, &uid)) { 00477 DEBUG(2, ("Could not convert %s to uid\n", 00478 sid_string_static(&ace_nt->trustee))); 00479 return -1; 00480 } 00481 00482 if (params->mode==e_special && uid==ownerUID) { 00483 ace_v4->flags |= SMB_ACE4_ID_SPECIAL; 00484 ace_v4->who.special_id = SMB_ACE4_WHO_OWNER; 00485 } else { 00486 ace_v4->who.uid = uid; 00487 } 00488 } else { /* else group? - TODO check it... */ 00489 if (!sid_to_gid(&ace_nt->trustee, &gid)) { 00490 DEBUG(2, ("Could not convert %s to gid\n", 00491 sid_string_static(&ace_nt->trustee))); 00492 return -1; 00493 } 00494 ace_v4->aceFlags |= SMB_ACE4_IDENTIFIER_GROUP; 00495 00496 if (params->mode==e_special && gid==ownerGID) { 00497 ace_v4->flags |= SMB_ACE4_ID_SPECIAL; 00498 ace_v4->who.special_id = SMB_ACE4_WHO_GROUP; 00499 } else { 00500 ace_v4->who.gid = gid; 00501 } 00502 } 00503 } 00504 00505 return 0; /* OK */ 00506 }
static int smbacl4_MergeIgnoreReject | ( | enum smbacl4_acedup_enum | acedup, | |
SMB4ACL_T * | acl, | |||
SMB_ACE4PROP_T * | ace, | |||
BOOL * | paddNewACE, | |||
int | i | |||
) | [static] |
nfs4_acls.c の 508 行で定義されています。
参照先 _SMB_ACE4PROP_T::aceFlags・_SMB_ACE4PROP_T::aceMask・e_ignore・e_merge・e_reject・errno・result・smbacl4_find_equal_special().
参照元 smbacl4_win2nfs4().
00515 { 00516 int result = 0; 00517 SMB_ACE4PROP_T *ace4found = smbacl4_find_equal_special(acl, ace); 00518 if (ace4found) 00519 { 00520 switch(acedup) 00521 { 00522 case e_merge: /* "merge" flags */ 00523 *paddNewACE = False; 00524 ace4found->aceFlags |= ace->aceFlags; 00525 ace4found->aceMask |= ace->aceMask; 00526 break; 00527 case e_ignore: /* leave out this record */ 00528 *paddNewACE = False; 00529 break; 00530 case e_reject: /* do an error */ 00531 DEBUG(8, ("ACL rejected by duplicate nt ace#%d\n", i)); 00532 errno = EINVAL; /* SHOULD be set on any _real_ error */ 00533 result = -1; 00534 break; 00535 default: 00536 break; 00537 } 00538 } 00539 return result; 00540 }
static SMB4ACL_T* smbacl4_win2nfs4 | ( | SEC_ACL * | dacl, | |
smbacl4_vfs_params * | pparams, | |||
uid_t | ownerUID, | |||
gid_t | ownerGID | |||
) | [static] |
nfs4_acls.c の 542 行で定義されています。
参照先 _smbacl4_vfs_params::acedup・security_acl_info::aces・e_dontcare・main_loop_talloc_get()・security_acl_info::num_aces・smb_add_ace4()・smb_create_smb4acl()・smbacl4_fill_ace4()・smbacl4_MergeIgnoreReject().
00548 { 00549 SMB4ACL_T *acl; 00550 uint32 i; 00551 TALLOC_CTX *mem_ctx = main_loop_talloc_get(); 00552 00553 DEBUG(10, ("smbacl4_win2nfs4 invoked\n")); 00554 00555 acl = smb_create_smb4acl(); 00556 if (acl==NULL) 00557 return NULL; 00558 00559 for(i=0; i<dacl->num_aces; i++) { 00560 SMB_ACE4PROP_T ace_v4; 00561 BOOL addNewACE = True; 00562 00563 if (smbacl4_fill_ace4(mem_ctx, pparams, ownerUID, ownerGID, 00564 dacl->aces + i, &ace_v4)) 00565 return NULL; 00566 00567 if (pparams->acedup!=e_dontcare) { 00568 if (smbacl4_MergeIgnoreReject(pparams->acedup, acl, 00569 &ace_v4, &addNewACE, i)) 00570 return NULL; 00571 } 00572 00573 if (addNewACE) 00574 smb_add_ace4(acl, &ace_v4); 00575 } 00576 00577 return acl; 00578 }
BOOL smb_set_nt_acl_nfs4 | ( | files_struct * | fsp, | |
uint32 | security_info_sent, | |||
SEC_DESC * | psd, | |||
set_nfs4acl_native_fn_t | set_nfs4_native | |||
) |
nfs4_acls.c の 580 行で定義されています。
参照先 files_struct::conn・current_user・security_descriptor_info::dacl・_smbacl4_vfs_params::do_chown・errno・files_struct::fsp_name・result・smbacl4_dump_nfs4acl()・smbacl4_get_vfs_params()・smbacl4_GetFileOwner()・smbacl4_win2nfs4()・strerror()・try_chown()・_unix_token::uid・unpack_nt_owners()・current_user::ut.
参照元 aixjfs2_set_nt_acl_common()・gpfsacl_set_nt_acl_internal().
00584 { 00585 smbacl4_vfs_params params; 00586 SMB4ACL_T *acl = NULL; 00587 BOOL result; 00588 00589 SMB_STRUCT_STAT sbuf; 00590 BOOL need_chown = False; 00591 uid_t newUID = (uid_t)-1; 00592 gid_t newGID = (gid_t)-1; 00593 00594 DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp->fsp_name)); 00595 00596 if ((security_info_sent & (DACL_SECURITY_INFORMATION | 00597 GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION)) == 0) 00598 { 00599 DEBUG(9, ("security_info_sent (0x%x) ignored\n", 00600 security_info_sent)); 00601 return True; /* won't show error - later to be refined... */ 00602 } 00603 00604 /* Special behaviours */ 00605 if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME, fsp, ¶ms)) 00606 return False; 00607 00608 if (smbacl4_GetFileOwner(fsp, &sbuf)) 00609 return False; 00610 00611 if (params.do_chown) { 00612 /* chown logic is a copy/paste from posix_acl.c:set_nt_acl */ 00613 if (!unpack_nt_owners(SNUM(fsp->conn), &newUID, &newGID, security_info_sent, psd)) 00614 { 00615 DEBUG(8, ("unpack_nt_owners failed")); 00616 return False; 00617 } 00618 if (((newUID != (uid_t)-1) && (sbuf.st_uid != newUID)) || 00619 ((newGID != (gid_t)-1) && (sbuf.st_gid != newGID))) { 00620 need_chown = True; 00621 } 00622 if (need_chown) { 00623 if ((newUID == (uid_t)-1 || newUID == current_user.ut.uid)) { 00624 if(try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) { 00625 DEBUG(3,("chown %s, %u, %u failed. Error = %s.\n", 00626 fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID, strerror(errno) )); 00627 return False; 00628 } 00629 DEBUG(10,("chown %s, %u, %u succeeded.\n", 00630 fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID)); 00631 if (smbacl4_GetFileOwner(fsp, &sbuf)) 00632 return False; 00633 need_chown = False; 00634 } else { /* chown is needed, but _after_ changing acl */ 00635 sbuf.st_uid = newUID; /* OWNER@ in case of e_special */ 00636 sbuf.st_gid = newGID; /* GROUP@ in case of e_special */ 00637 } 00638 } 00639 } 00640 00641 if ((security_info_sent & DACL_SECURITY_INFORMATION)!=0 && psd->dacl!=NULL) 00642 { 00643 acl = smbacl4_win2nfs4(psd->dacl, ¶ms, sbuf.st_uid, sbuf.st_gid); 00644 if (!acl) 00645 return False; 00646 00647 smbacl4_dump_nfs4acl(10, acl); 00648 00649 result = set_nfs4_native(fsp, acl); 00650 if (result!=True) 00651 { 00652 DEBUG(10, ("set_nfs4_native failed with %s\n", strerror(errno))); 00653 return False; 00654 } 00655 } else 00656 DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n", security_info_sent)); 00657 00658 /* Any chown pending? */ 00659 if (need_chown) { 00660 DEBUG(3,("chown#2 %s. uid = %u, gid = %u.\n", 00661 fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID)); 00662 if (try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) { 00663 DEBUG(2,("chown#2 %s, %u, %u failed. Error = %s.\n", 00664 fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID, 00665 strerror(errno))); 00666 return False; 00667 } 00668 DEBUG(10,("chown#2 %s, %u, %u succeeded.\n", 00669 fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID)); 00670 } 00671 00672 DEBUG(10, ("smb_set_nt_acl_nfs4 succeeded\n")); 00673 return True; 00674 }
struct current_user current_user |