modules/vfs_afsacl.c

ソースコードを見る。

データ構造

struct  afs_ace
struct  afs_acl
struct  afs_iob
struct  static_dir_ace_mapping

関数

int afs_syscall (int, char *, int, char *, int)
static BOOL init_afs_acl (struct afs_acl *acl)
static void free_afs_acl (struct afs_acl *acl)
static struct afs_aceclone_afs_ace (TALLOC_CTX *mem_ctx, struct afs_ace *ace)
static struct afs_acenew_afs_ace (TALLOC_CTX *mem_ctx, BOOL positive, const char *name, uint32 rights)
static void add_afs_ace (struct afs_acl *acl, BOOL positive, const char *name, uint32 rights)
static BOOL parse_afs_acl (struct afs_acl *acl, const char *acl_str)
static BOOL unparse_afs_acl (struct afs_acl *acl, char *acl_str)
static uint32 afs_to_nt_file_rights (uint32 rights)
static void afs_to_nt_dir_rights (uint32 afs_rights, uint32 *nt_rights, uint8 *flag)
static void split_afs_acl (struct afs_acl *acl, struct afs_acl *dir_acl, struct afs_acl *file_acl)
static BOOL same_principal (struct afs_ace *x, struct afs_ace *y)
static void merge_afs_acls (struct afs_acl *dir_acl, struct afs_acl *file_acl, struct afs_acl *target)
static uint32 nt_to_afs_dir_rights (const char *filename, const SEC_ACE *ace)
static uint32 nt_to_afs_file_rights (const char *filename, const SEC_ACE *ace)
static size_t afs_to_nt_acl (struct afs_acl *afs_acl, struct files_struct *fsp, uint32 security_info, struct security_descriptor **ppdesc)
static BOOL mappable_sid (const DOM_SID *sid)
static BOOL nt_to_afs_acl (const char *filename, uint32 security_info_sent, struct security_descriptor *psd, uint32(*nt_to_afs_rights)(const char *filename, const SEC_ACE *ace), struct afs_acl *afs_acl)
static BOOL afs_get_afs_acl (char *filename, struct afs_acl *acl)
static size_t afs_get_nt_acl (struct files_struct *fsp, uint32 security_info, struct security_descriptor **ppdesc)
static void merge_unknown_aces (struct afs_acl *src, struct afs_acl *dst)
static BOOL afs_set_nt_acl (vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, struct security_descriptor *psd)
static size_t afsacl_fget_nt_acl (struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, struct security_descriptor **ppdesc)
static size_t afsacl_get_nt_acl (struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc)
BOOL afsacl_fset_nt_acl (vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd)
BOOL afsacl_set_nt_acl (vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd)
static int afsacl_connect (vfs_handle_struct *handle, const char *service, const char *user)
NTSTATUS vfs_afsacl_init (void)

変数

const DOM_SID global_sid_World
const DOM_SID global_sid_Builtin_Administrators
const DOM_SID global_sid_Builtin_Backup_Operators
const DOM_SID global_sid_Authenticated_Users
const DOM_SID global_sid_NULL
static char space_replacement = '%'
static BOOL sidpts
static struct static_dir_ace_mapping ace_mappings []
static vfs_op_tuple afsacl_ops []


関数

int afs_syscall ( int  ,
char *  ,
int  ,
char *  ,
int   
)

afs_settoken.c35 行で定義されています。

参照元 afs_get_afs_acl()afs_set_nt_acl()afs_settoken().

00040 {
00041         return( syscall( SYS_afs_syscall, subcall, path, cmd, cmarg, follow));
00042 }

static BOOL init_afs_acl ( struct afs_acl acl  )  [static]

vfs_afsacl.c69 行で定義されています。

参照先 afs_acl::ctxtalloc_init().

参照元 afs_get_afs_acl()merge_afs_acls()nt_to_afs_acl()split_afs_acl().

00070 {
00071         ZERO_STRUCT(*acl);
00072         acl->ctx = talloc_init("afs_acl");
00073         if (acl->ctx == NULL) {
00074                 DEBUG(10, ("Could not init afs_acl"));
00075                 return False;
00076         }
00077         return True;
00078 }

static void free_afs_acl ( struct afs_acl acl  )  [static]

vfs_afsacl.c80 行で定義されています。

参照先 afs_acl::acelistafs_acl::ctxafs_acl::num_aces.

参照元 afs_get_afs_acl()afs_get_nt_acl()afs_set_nt_acl().

00081 {
00082         if (acl->ctx != NULL)
00083                 talloc_destroy(acl->ctx);
00084         acl->ctx = NULL;
00085         acl->num_aces = 0;
00086         acl->acelist = NULL;
00087 }

static struct afs_ace* clone_afs_ace ( TALLOC_CTX mem_ctx,
struct afs_ace ace 
) [static]

vfs_afsacl.c89 行で定義されています。

参照先 afs_ace::nameresulttalloc_strdup().

参照元 merge_unknown_aces().

00090 {
00091         struct afs_ace *result = TALLOC_P(mem_ctx, struct afs_ace);
00092 
00093         if (result == NULL)
00094                 return NULL;
00095 
00096         *result = *ace;
00097 
00098         result->next = NULL;
00099         result->name = talloc_strdup(mem_ctx, ace->name);
00100 
00101         if (result->name == NULL) {
00102                 return NULL;
00103         }
00104 
00105         return result;
00106 }

static struct afs_ace* new_afs_ace ( TALLOC_CTX mem_ctx,
BOOL  positive,
const char *  name,
uint32  rights 
) [static]

vfs_afsacl.c108 行で定義されています。

参照先 global_sid_Authenticated_Usersglobal_sid_Builtin_Administratorsglobal_sid_Builtin_Backup_Operatorsglobal_sid_NULLglobal_sid_Worldlookup_name()lookup_sid()resultafs_ace::sidsid_copy()SID_NAME_ALIASSID_NAME_UNKNOWNSID_NAME_WKN_GRPsidptsstrchr_m()string_to_sid()talloc_strdup()tmp_talloc_ctx()type.

参照元 add_afs_ace().

00111 {
00112         DOM_SID sid;
00113         enum lsa_SidType type;
00114         struct afs_ace *result;
00115 
00116         if (strcmp(name, "system:administrators") == 0) {
00117 
00118                 sid_copy(&sid, &global_sid_Builtin_Administrators);
00119                 type = SID_NAME_ALIAS;
00120 
00121         } else if (strcmp(name, "system:anyuser") == 0) {
00122 
00123                 sid_copy(&sid, &global_sid_World);
00124                 type = SID_NAME_ALIAS;
00125 
00126         } else if (strcmp(name, "system:authuser") == 0) {
00127 
00128                 sid_copy(&sid, &global_sid_Authenticated_Users);
00129                 type = SID_NAME_WKN_GRP;
00130 
00131         } else if (strcmp(name, "system:backup") == 0) {
00132 
00133                 sid_copy(&sid, &global_sid_Builtin_Backup_Operators);
00134                 type = SID_NAME_ALIAS;
00135 
00136         } else if (sidpts) {
00137                 /* All PTS users/groups are expressed as SIDs */
00138 
00139                 sid_copy(&sid, &global_sid_NULL);
00140                 type = SID_NAME_UNKNOWN;
00141 
00142                 if (string_to_sid(&sid, name)) {
00143                         const char *user, *domain;
00144                         /* We have to find the type, look up the SID */
00145                         lookup_sid(tmp_talloc_ctx(), &sid,
00146                                    &domain, &user, &type);
00147                 }
00148 
00149         } else {
00150 
00151                 const char *domain, *uname;
00152                 char *p;
00153 
00154                 p = strchr_m(name, *lp_winbind_separator());
00155                 if (p != NULL) {
00156                         *p = '\\';
00157                 }
00158 
00159                 if (!lookup_name(tmp_talloc_ctx(), name, LOOKUP_NAME_ALL,
00160                                  &domain, &uname, &sid, &type)) {
00161                         DEBUG(10, ("Could not find AFS user %s\n", name));
00162 
00163                         sid_copy(&sid, &global_sid_NULL);
00164                         type = SID_NAME_UNKNOWN;
00165 
00166                 }
00167         }
00168 
00169         result = TALLOC_P(mem_ctx, struct afs_ace);
00170 
00171         if (result == NULL) {
00172                 DEBUG(0, ("Could not talloc AFS ace\n"));
00173                 return NULL;
00174         }
00175 
00176         result->name = talloc_strdup(mem_ctx, name);
00177         if (result->name == NULL) {
00178                 DEBUG(0, ("Could not talloc AFS ace name\n"));
00179                 return NULL;
00180         }
00181 
00182         result->sid = sid;
00183         result->type = type;
00184 
00185         result->positive = positive;
00186         result->rights = rights;
00187 
00188         return result;
00189 }

static void add_afs_ace ( struct afs_acl acl,
BOOL  positive,
const char *  name,
uint32  rights 
) [static]

vfs_afsacl.c191 行で定義されています。

参照先 afs_acl::acelistafs_acl::ctxafs_ace::namenew_afs_ace()afs_ace::nextafs_acl::num_acesafs_ace::positiveafs_ace::rightsstrequal().

参照元 merge_afs_acls()parse_afs_acl()split_afs_acl().

00194 {
00195         struct afs_ace *ace;
00196 
00197         for (ace = acl->acelist; ace != NULL; ace = ace->next) {
00198                 if ((ace->positive == positive) &&
00199                     (strequal(ace->name, name))) {
00200                         ace->rights |= rights;
00201                         return;
00202                 }
00203         }
00204 
00205         ace = new_afs_ace(acl->ctx, positive, name, rights);
00206 
00207         ace->next = acl->acelist;
00208         acl->acelist = ace;
00209 
00210         acl->num_aces += 1;
00211 
00212         DEBUG(10, ("add_afs_ace: Added %s entry for %s with rights %d\n",
00213                    ace->positive?"positive":"negative",
00214                    ace->name, ace->rights));
00215 
00216         return;
00217 }

static BOOL parse_afs_acl ( struct afs_acl acl,
const char *  acl_str 
) [static]

vfs_afsacl.c231 行で定義されています。

参照先 add_afs_ace()nameafs_ace::rightsspacespace_replacementstrchr_m().

参照元 afs_get_afs_acl().

00232 {
00233         int nplus, nminus;
00234         int aces;
00235 
00236         char str[MAXSIZE+1];
00237         char *p = str;
00238 
00239         strncpy(str, acl_str, MAXSIZE);
00240 
00241         if (sscanf(p, "%d", &nplus) != 1)
00242                 return False;
00243 
00244         DEBUG(10, ("Found %d positive entries\n", nplus));
00245 
00246         if ((p = strchr(p, '\n')) == NULL)
00247                 return False;
00248         p += 1;
00249 
00250         if (sscanf(p, "%d", &nminus) != 1)
00251                 return False;
00252         
00253         DEBUG(10, ("Found %d negative entries\n", nminus));
00254 
00255         if ((p = strchr(p, '\n')) == NULL)
00256                 return False;
00257         p += 1;
00258 
00259         for (aces = nplus+nminus; aces > 0; aces--)
00260         {
00261 
00262                 const char *namep;
00263                 fstring name;
00264                 uint32 rights;
00265                 char *space;
00266 
00267                 namep = p;
00268 
00269                 if ((p = strchr(p, '\t')) == NULL)
00270                         return False;
00271                 *p = '\0';
00272                 p += 1;
00273 
00274                 if (sscanf(p, "%d", &rights) != 1)
00275                         return False;
00276 
00277                 if ((p = strchr(p, '\n')) == NULL)
00278                         return False;
00279                 p += 1;
00280 
00281                 fstrcpy(name, namep);
00282 
00283                 while ((space = strchr_m(name, space_replacement)) != NULL)
00284                         *space = ' ';
00285 
00286                 add_afs_ace(acl, nplus>0, name, rights);
00287 
00288                 nplus -= 1;
00289         }
00290 
00291         return True;
00292 }

static BOOL unparse_afs_acl ( struct afs_acl acl,
char *  acl_str 
) [static]

vfs_afsacl.c294 行で定義されています。

参照先 afs_acl::acelistfstr_sprintf()lineafs_ace::nameafs_ace::nextafs_ace::positiveafs_ace::rights.

参照元 afs_set_nt_acl().

00295 {
00296         /* TODO: String length checks!!!! */
00297 
00298         int positives = 0;
00299         int negatives = 0;
00300         fstring line;
00301 
00302         *acl_str = 0;
00303 
00304         struct afs_ace *ace = acl->acelist;
00305 
00306         while (ace != NULL) {
00307                 if (ace->positive)
00308                         positives++;
00309                 else
00310                         negatives++;
00311                 ace = ace->next;
00312         }
00313 
00314         fstr_sprintf(line, "%d\n", positives);
00315         safe_strcat(acl_str, line, MAXSIZE);
00316 
00317         fstr_sprintf(line, "%d\n", negatives);
00318         safe_strcat(acl_str, line, MAXSIZE);
00319 
00320         ace = acl->acelist;
00321 
00322         while (ace != NULL) {
00323                 fstr_sprintf(line, "%s\t%d\n", ace->name, ace->rights);
00324                 safe_strcat(acl_str, line, MAXSIZE);
00325                 ace = ace->next;
00326         }
00327         return True;
00328 }

static uint32 afs_to_nt_file_rights ( uint32  rights  )  [static]

vfs_afsacl.c330 行で定義されています。

参照先 result.

参照元 afs_to_nt_acl().

00331 {
00332         uint32 result = 0;
00333 
00334         if (rights & PRSFS_READ)
00335                 result |= FILE_READ_DATA | FILE_READ_EA | 
00336                         FILE_EXECUTE | FILE_READ_ATTRIBUTES |
00337                         READ_CONTROL_ACCESS | SYNCHRONIZE_ACCESS;
00338 
00339         if (rights & PRSFS_WRITE)
00340                 result |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES |
00341                         FILE_WRITE_EA | FILE_APPEND_DATA;
00342 
00343         if (rights & PRSFS_LOCK)
00344                 result |= WRITE_OWNER_ACCESS;
00345 
00346         if (rights & PRSFS_DELETE)
00347                 result |= DELETE_ACCESS;
00348 
00349         return result;
00350 }

static void afs_to_nt_dir_rights ( uint32  afs_rights,
uint32 *  nt_rights,
uint8 *  flag 
) [static]

vfs_afsacl.c352 行で定義されています。

参照元 afs_to_nt_acl().

00354 {
00355         *nt_rights = 0;
00356         *flag = SEC_ACE_FLAG_OBJECT_INHERIT |
00357                 SEC_ACE_FLAG_CONTAINER_INHERIT;
00358 
00359         if (afs_rights & PRSFS_INSERT)
00360                 *nt_rights |= FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY;
00361 
00362         if (afs_rights & PRSFS_LOOKUP)
00363                 *nt_rights |= FILE_READ_DATA | FILE_READ_EA | 
00364                         FILE_EXECUTE | FILE_READ_ATTRIBUTES |
00365                         READ_CONTROL_ACCESS | SYNCHRONIZE_ACCESS;
00366 
00367         if (afs_rights & PRSFS_WRITE)
00368                 *nt_rights |= FILE_WRITE_ATTRIBUTES | FILE_WRITE_DATA |
00369                         FILE_APPEND_DATA | FILE_WRITE_EA;
00370 
00371         if ((afs_rights & (PRSFS_INSERT|PRSFS_LOOKUP|PRSFS_DELETE)) ==
00372             (PRSFS_INSERT|PRSFS_LOOKUP|PRSFS_DELETE))
00373                 *nt_rights |= FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA |
00374                         GENERIC_WRITE_ACCESS;
00375 
00376         if (afs_rights & PRSFS_DELETE)
00377                 *nt_rights |= DELETE_ACCESS;
00378 
00379         if (afs_rights & PRSFS_ADMINISTER)
00380                 *nt_rights |= FILE_DELETE_CHILD | WRITE_DAC_ACCESS |
00381                         WRITE_OWNER_ACCESS;
00382 
00383         if ( (afs_rights & PRSFS_LOOKUP) ==
00384              (afs_rights & (PRSFS_LOOKUP|PRSFS_READ)) ) {
00385                 /* Only lookup right */
00386                 *flag = SEC_ACE_FLAG_CONTAINER_INHERIT;
00387         }
00388 
00389         return;
00390 }

static void split_afs_acl ( struct afs_acl acl,
struct afs_acl dir_acl,
struct afs_acl file_acl 
) [static]

vfs_afsacl.c395 行で定義されています。

参照先 afs_acl::acelistadd_afs_ace()init_afs_acl()afs_ace::nameafs_ace::nextafs_ace::positiveafs_ace::rights.

参照元 afs_set_nt_acl().

00398 {
00399         struct afs_ace *ace;
00400 
00401         init_afs_acl(dir_acl);
00402         init_afs_acl(file_acl);
00403 
00404         for (ace = acl->acelist; ace != NULL; ace = ace->next) {
00405                 if (ace->rights & AFS_FILE_RIGHTS) {
00406                         add_afs_ace(file_acl, ace->positive, ace->name,
00407                                     ace->rights & AFS_FILE_RIGHTS);
00408                 }
00409 
00410                 if (ace->rights & AFS_DIR_RIGHTS) {
00411                         add_afs_ace(dir_acl, ace->positive, ace->name,
00412                                     ace->rights & AFS_DIR_RIGHTS);
00413                 }
00414         }
00415         return;
00416 }

static BOOL same_principal ( struct afs_ace x,
struct afs_ace y 
) [static]

vfs_afsacl.c418 行で定義されています。

参照先 afs_ace::positiveafs_ace::sidsid_compare().

参照元 merge_afs_acls().

00419 {
00420         return ( (x->positive == y->positive) &&
00421                  (sid_compare(&x->sid, &y->sid) == 0) );
00422 }

static void merge_afs_acls ( struct afs_acl dir_acl,
struct afs_acl file_acl,
struct afs_acl target 
) [static]

vfs_afsacl.c424 行で定義されています。

参照先 afs_acl::acelistadd_afs_ace()init_afs_acl()afs_ace::nameafs_ace::nextafs_ace::positiveafs_ace::rightssame_principal().

参照元 afs_set_nt_acl().

00427 {
00428         struct afs_ace *ace;
00429 
00430         init_afs_acl(target);
00431 
00432         for (ace = dir_acl->acelist; ace != NULL; ace = ace->next) {
00433                 struct afs_ace *file_ace;
00434                 BOOL found = False;
00435 
00436                 for (file_ace = file_acl->acelist;
00437                      file_ace != NULL;
00438                      file_ace = file_ace->next) {
00439                         if (!same_principal(ace, file_ace))
00440                                 continue;
00441 
00442                         add_afs_ace(target, ace->positive, ace->name,
00443                                     ace->rights | file_ace->rights);
00444                         found = True;
00445                         break;
00446                 }
00447                 if (!found)
00448                         add_afs_ace(target, ace->positive, ace->name,
00449                                     ace->rights);
00450         }
00451 
00452         for (ace = file_acl->acelist; ace != NULL; ace = ace->next) {
00453                 struct afs_ace *dir_ace;
00454                 BOOL already_seen = False;
00455 
00456                 for (dir_ace = dir_acl->acelist;
00457                      dir_ace != NULL;
00458                      dir_ace = dir_ace->next) {
00459                         if (!same_principal(ace, dir_ace))
00460                                 continue;
00461                         already_seen = True;
00462                         break;
00463                 }
00464                 if (!already_seen)
00465                         add_afs_ace(target, ace->positive, ace->name,
00466                                     ace->rights);
00467         }
00468 }

static uint32 nt_to_afs_dir_rights ( const char *  filename,
const SEC_ACE ace 
) [static]

vfs_afsacl.c532 行で定義されています。

参照先 ace_mappingsstatic_dir_ace_mapping::afs_rightsstatic_dir_ace_mapping::flagssecurity_ace_info::flagsflagsstatic_dir_ace_mapping::maskresultstatic_dir_ace_mapping::typesecurity_ace_info::type.

参照元 afs_set_nt_acl().

00533 {
00534         uint32 result = 0;
00535         uint32 rights = ace->info.mask;
00536         uint8 flags = ace->flags;
00537 
00538         struct static_dir_ace_mapping *m;
00539 
00540         for (m = &ace_mappings[0]; m->afs_rights != 9999; m++) {
00541                 if ( (ace->type == m->type) &&
00542                      (ace->flags == m->flags) &&
00543                      (ace->info.mask == m->mask) )
00544                         return m->afs_rights;
00545         }
00546 
00547         DEBUG(1, ("AFSACL FALLBACK: 0x%X 0x%X 0x%X %s %X\n",
00548                   ace->type, ace->flags, ace->info.mask, filename, rights));
00549 
00550         if (rights & (GENERIC_ALL_ACCESS|WRITE_DAC_ACCESS)) {
00551                 result |= PRSFS_READ | PRSFS_WRITE | PRSFS_INSERT |
00552                         PRSFS_LOOKUP | PRSFS_DELETE | PRSFS_LOCK |
00553                         PRSFS_ADMINISTER;
00554         }
00555 
00556         if (rights & (GENERIC_READ_ACCESS|FILE_READ_DATA)) {
00557                 result |= PRSFS_LOOKUP;
00558                 if (flags & SEC_ACE_FLAG_OBJECT_INHERIT) {
00559                         result |= PRSFS_READ;
00560                 }
00561         }
00562 
00563         if (rights & (GENERIC_WRITE_ACCESS|FILE_WRITE_DATA)) {
00564                 result |= PRSFS_INSERT | PRSFS_DELETE;
00565                 if (flags & SEC_ACE_FLAG_OBJECT_INHERIT) {
00566                         result |= PRSFS_WRITE | PRSFS_LOCK;
00567                 }
00568         }
00569 
00570         return result;
00571 }

static uint32 nt_to_afs_file_rights ( const char *  filename,
const SEC_ACE ace 
) [static]

vfs_afsacl.c573 行で定義されています。

参照先 result.

参照元 afs_set_nt_acl().

00574 {
00575         uint32 result = 0;
00576         uint32 rights = ace->info.mask;
00577 
00578         if (rights & (GENERIC_READ_ACCESS|FILE_READ_DATA)) {
00579                 result |= PRSFS_READ;
00580         }
00581 
00582         if (rights & (GENERIC_WRITE_ACCESS|FILE_WRITE_DATA)) {
00583                 result |= PRSFS_WRITE | PRSFS_LOCK;
00584         }
00585 
00586         return result;
00587 }

static size_t afs_to_nt_acl ( struct afs_acl afs_acl,
struct files_struct fsp,
uint32  security_info,
struct security_descriptor **  ppdesc 
) [static]

vfs_afsacl.c589 行で定義されています。

参照先 afs_acl::acelistafs_to_nt_dir_rights()afs_to_nt_file_rights()files_struct::connfd_handle::fdfiles_struct::fhfiles_struct::fsp_namegid_to_sid()init_sec_access()init_sec_ace()files_struct::is_directorymain_loop_talloc_get()make_sec_acl()make_sec_desc()static_dir_ace_mapping::maskafs_ace::nameafs_ace::nextafs_acl::num_acesafs_ace::rightsSEC_ACE_TYPE_ACCESS_ALLOWEDafs_ace::sidSID_NAME_UNKNOWNafs_ace::typeuid_to_sid().

参照元 afs_get_nt_acl().

00593 {
00594         SEC_ACE *nt_ace_list;
00595         DOM_SID owner_sid, group_sid;
00596         SEC_ACCESS mask;
00597         SMB_STRUCT_STAT sbuf;
00598         SEC_ACL *psa = NULL;
00599         int good_aces;
00600         size_t sd_size;
00601         TALLOC_CTX *mem_ctx = main_loop_talloc_get();
00602 
00603         struct afs_ace *afs_ace;
00604 
00605         if (fsp->is_directory || fsp->fh->fd == -1) {
00606                 /* Get the stat struct for the owner info. */
00607                 if(SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf) != 0) {
00608                         return 0;
00609                 }
00610         } else {
00611                 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) != 0) {
00612                         return 0;
00613                 }
00614         }
00615 
00616         uid_to_sid(&owner_sid, sbuf.st_uid);
00617         gid_to_sid(&group_sid, sbuf.st_gid);
00618 
00619         if (afs_acl->num_aces) {
00620                 nt_ace_list = TALLOC_ARRAY(mem_ctx, SEC_ACE, afs_acl->num_aces);
00621 
00622                 if (nt_ace_list == NULL)
00623                         return 0;
00624         } else {
00625                 nt_ace_list = NULL;
00626         }
00627 
00628         afs_ace = afs_acl->acelist;
00629         good_aces = 0;
00630 
00631         while (afs_ace != NULL) {
00632                 uint32 nt_rights;
00633                 uint8 flag = SEC_ACE_FLAG_OBJECT_INHERIT |
00634                         SEC_ACE_FLAG_CONTAINER_INHERIT;
00635 
00636                 if (afs_ace->type == SID_NAME_UNKNOWN) {
00637                         DEBUG(10, ("Ignoring unknown name %s\n",
00638                                    afs_ace->name));
00639                         afs_ace = afs_ace->next;
00640                         continue;
00641                 }
00642 
00643                 if (fsp->is_directory)
00644                         afs_to_nt_dir_rights(afs_ace->rights, &nt_rights,
00645                                              &flag);
00646                 else
00647                         nt_rights = afs_to_nt_file_rights(afs_ace->rights);
00648 
00649                 init_sec_access(&mask, nt_rights);
00650                 init_sec_ace(&nt_ace_list[good_aces++], &(afs_ace->sid),
00651                              SEC_ACE_TYPE_ACCESS_ALLOWED, mask, flag);
00652                 afs_ace = afs_ace->next;
00653         }
00654 
00655         psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION,
00656                            good_aces, nt_ace_list);
00657         if (psa == NULL)
00658                 return 0;
00659 
00660         
00661         *ppdesc = make_sec_desc(mem_ctx, SEC_DESC_REVISION,
00662                                 SEC_DESC_SELF_RELATIVE,
00663                                 (security_info & OWNER_SECURITY_INFORMATION)
00664                                 ? &owner_sid : NULL,
00665                                 (security_info & GROUP_SECURITY_INFORMATION)
00666                                 ? &group_sid : NULL,
00667                                 NULL, psa, &sd_size);
00668 
00669         return sd_size;
00670 }

static BOOL mappable_sid ( const DOM_SID sid  )  [static]

vfs_afsacl.c672 行で定義されています。

参照先 domain_sidglobal_sid_Authenticated_Usersglobal_sid_Builtin_Administratorsglobal_sid_Builtin_Backup_Operatorsglobal_sid_Worldafs_ace::sidsid_compare()sid_compare_domain()string_to_sid().

参照元 nt_to_afs_acl().

00673 {
00674         DOM_SID domain_sid;
00675         
00676         if (sid_compare(sid, &global_sid_Builtin_Administrators) == 0)
00677                 return True;
00678 
00679         if (sid_compare(sid, &global_sid_World) == 0)
00680                 return True;
00681 
00682         if (sid_compare(sid, &global_sid_Authenticated_Users) == 0)
00683                 return True;
00684 
00685         if (sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0)
00686                 return True;
00687 
00688         string_to_sid(&domain_sid, "S-1-5-21");
00689 
00690         if (sid_compare_domain(sid, &domain_sid) == 0)
00691                 return True;
00692 
00693         return False;
00694 }

static BOOL nt_to_afs_acl ( const char *  filename,
uint32  security_info_sent,
struct security_descriptor psd,
uint32(*)(const char *filename, const SEC_ACE *ace)  nt_to_afs_rights,
struct afs_acl afs_acl 
) [static]

vfs_afsacl.c696 行で定義されています。

参照先 security_descriptor::daclinit_afs_acl()mappable_sid()namename_typesecurity_acl_info::num_acesSEC_ACE_TYPE_ACCESS_ALLOWEDsid_string_static()security_ace_info::trusteesecurity_ace_info::type.

参照元 afs_set_nt_acl().

00702 {
00703         SEC_ACL *dacl;
00704         int i;
00705 
00706         /* Currently we *only* look at the dacl */
00707 
00708         if (((security_info_sent & DACL_SECURITY_INFORMATION) == 0) ||
00709             (psd->dacl == NULL))
00710                 return True;
00711 
00712         if (!init_afs_acl(afs_acl))
00713                 return False;
00714 
00715         dacl = psd->dacl;
00716 
00717         for (i = 0; i < dacl->num_aces; i++) {
00718                 SEC_ACE *ace = &(dacl->ace[i]);
00719                 const char *dom_name, *name;
00720                 enum lsa_SidType name_type;
00721                 char *p;
00722 
00723                 if (ace->type != SEC_ACE_TYPE_ACCESS_ALLOWED) {
00724                         /* First cut: Only positive ACEs */
00725                         return False;
00726                 }
00727 
00728                 if (!mappable_sid(&ace->trustee)) {
00729                         DEBUG(10, ("Ignoring unmappable SID %s\n",
00730                                    sid_string_static(&ace->trustee)));
00731                         continue;
00732                 }
00733 
00734                 if (sid_compare(&ace->trustee,
00735                                 &global_sid_Builtin_Administrators) == 0) {
00736 
00737                         name = "system:administrators";
00738 
00739                 } else if (sid_compare(&ace->trustee,
00740                                        &global_sid_World) == 0) {
00741 
00742                         name = "system:anyuser";
00743 
00744                 } else if (sid_compare(&ace->trustee,
00745                                        &global_sid_Authenticated_Users) == 0) {
00746 
00747                         name = "system:authuser";
00748 
00749                 } else if (sid_compare(&ace->trustee,
00750                                        &global_sid_Builtin_Backup_Operators)
00751                            == 0) {
00752 
00753                         name = "system:backup";
00754 
00755                 } else {
00756 
00757                         if (!lookup_sid(tmp_talloc_ctx(), &ace->trustee,
00758                                         &dom_name, &name, &name_type)) {
00759                                 DEBUG(1, ("AFSACL: Could not lookup SID %s on file %s\n",
00760                                           sid_string_static(&ace->trustee), filename));
00761                                 continue;
00762                         }
00763 
00764                         if ( (name_type == SID_NAME_USER) ||
00765                              (name_type == SID_NAME_DOM_GRP) ||
00766                              (name_type == SID_NAME_ALIAS) ) {
00767                                 char *tmp;
00768                                 tmp = talloc_asprintf(tmp_talloc_ctx(), "%s%s%s",
00769                                                        dom_name, lp_winbind_separator(),
00770                                                        name);
00771                                 if (tmp == NULL) {
00772                                         return False;
00773                                 }
00774                                 strlower_m(tmp);
00775                                 name = tmp;
00776                         }
00777 
00778                         if (sidpts) {
00779                                 /* Expect all users/groups in pts as SIDs */
00780                                 name = talloc_strdup(
00781                                         tmp_talloc_ctx(),
00782                                         sid_string_static(&ace->trustee));
00783                                 if (name == NULL) {
00784                                         return False;
00785                                 }
00786                         }
00787                 }
00788 
00789                 while ((p = strchr_m(name, ' ')) != NULL)
00790                         *p = space_replacement;
00791 
00792                 add_afs_ace(afs_acl, True, name,
00793                             nt_to_afs_rights(filename, ace));
00794         }
00795 
00796         return True;
00797 }

static BOOL afs_get_afs_acl ( char *  filename,
struct afs_acl acl 
) [static]

vfs_afsacl.c799 行で定義されています。

参照先 afs_syscall()free_afs_acl()afs_iob::inafs_iob::in_sizeinit_afs_acl()afs_iob::outafs_iob::out_sizeparse_afs_acl()space.

参照元 afs_get_nt_acl()afs_set_nt_acl().

00800 {
00801         struct afs_iob iob;
00802 
00803         int ret;
00804 
00805         char space[MAXSIZE];
00806 
00807         DEBUG(5, ("afs_get_afs_acl: %s\n", filename));
00808 
00809         iob.in_size = 0;
00810         iob.out_size = MAXSIZE;
00811         iob.in = iob.out = space;
00812 
00813         ret = afs_syscall(AFSCALL_PIOCTL, filename, VIOCGETAL,
00814                           (char *)&iob, 0);
00815 
00816         if (ret) {
00817                 DEBUG(1, ("got error from PIOCTL: %d\n", ret));
00818                 return False;
00819         }
00820 
00821         if (!init_afs_acl(acl))
00822                 return False;
00823 
00824         if (!parse_afs_acl(acl, space)) {
00825                 DEBUG(1, ("Could not parse AFS acl\n"));
00826                 free_afs_acl(acl);
00827                 return False;
00828         }
00829 
00830         return True;
00831 }

static size_t afs_get_nt_acl ( struct files_struct fsp,
uint32  security_info,
struct security_descriptor **  ppdesc 
) [static]

vfs_afsacl.c833 行で定義されています。

参照先 afs_get_afs_acl()afs_to_nt_acl()files_struct::connfree_afs_acl()files_struct::fsp_namelp_parm_bool()sidpts.

参照元 afsacl_fget_nt_acl()afsacl_get_nt_acl().

00835 {
00836         struct afs_acl acl;
00837         size_t sd_size;
00838 
00839         DEBUG(5, ("afs_get_nt_acl: %s\n", fsp->fsp_name));
00840 
00841         sidpts = lp_parm_bool(SNUM(fsp->conn), "afsacl", "sidpts", False);
00842 
00843         if (!afs_get_afs_acl(fsp->fsp_name, &acl)) {
00844                 return 0;
00845         }
00846 
00847         sd_size = afs_to_nt_acl(&acl, fsp, security_info, ppdesc);
00848 
00849         free_afs_acl(&acl);
00850 
00851         return sd_size;
00852 }

static void merge_unknown_aces ( struct afs_acl src,
struct afs_acl dst 
) [static]

vfs_afsacl.c857 行で定義されています。

参照先 afs_acl::acelistclone_afs_ace()afs_acl::ctxafs_ace::nameafs_ace::nextafs_acl::num_acesSID_NAME_UNKNOWNafs_ace::type.

参照元 afs_set_nt_acl().

00858 {
00859         struct afs_ace *ace;
00860 
00861         for (ace = src->acelist; ace != NULL; ace = ace->next)
00862         {
00863                 struct afs_ace *copy;
00864 
00865                 if (ace->type != SID_NAME_UNKNOWN) {
00866                         DEBUG(10, ("Not merging known ACE for %s\n",
00867                                    ace->name));
00868                         continue;
00869                 }
00870 
00871                 DEBUG(10, ("Merging unknown ACE for %s\n", ace->name));
00872 
00873                 copy = clone_afs_ace(dst->ctx, ace);
00874 
00875                 if (copy == NULL) {
00876                         DEBUG(0, ("Could not clone ACE for %s\n", ace->name));
00877                         continue;
00878                 }
00879 
00880                 copy->next = dst->acelist;
00881                 dst->acelist = copy;
00882                 dst->num_aces += 1;
00883         }
00884 }

static BOOL afs_set_nt_acl ( vfs_handle_struct handle,
files_struct fsp,
uint32  security_info_sent,
struct security_descriptor psd 
) [static]

vfs_afsacl.c886 行で定義されています。

参照先 afs_get_afs_acl()afs_syscall()free_afs_acl()files_struct::fsp_namehandleafs_iob::inafs_iob::in_sizefiles_struct::is_directorylp_parm_bool()lp_parm_const_string()merge_afs_acls()merge_unknown_aces()nament_to_afs_acl()nt_to_afs_dir_rights()nt_to_afs_file_rights()afs_iob::outafs_iob::out_sizesidptssplit_afs_acl()strequal()unparse_afs_acl().

参照元 afsacl_fset_nt_acl()afsacl_set_nt_acl().

00889 {
00890         struct afs_acl old_afs_acl, new_afs_acl;
00891         struct afs_acl dir_acl, file_acl;
00892         char acl_string[2049];
00893         struct afs_iob iob;
00894         int ret = -1;
00895         pstring name;
00896         const char *fileacls;
00897 
00898         fileacls = lp_parm_const_string(SNUM(handle->conn), "afsacl", "fileacls",
00899                                         "yes");
00900 
00901         sidpts = lp_parm_bool(SNUM(handle->conn), "afsacl", "sidpts", False);
00902 
00903         ZERO_STRUCT(old_afs_acl);
00904         ZERO_STRUCT(new_afs_acl);
00905         ZERO_STRUCT(dir_acl);
00906         ZERO_STRUCT(file_acl);
00907 
00908         pstrcpy(name, fsp->fsp_name);
00909 
00910         if (!fsp->is_directory) {
00911                 /* We need to get the name of the directory containing the
00912                  * file, this is where the AFS acls live */
00913                 char *p = strrchr(name, '/');
00914                 if (p != NULL) {
00915                         *p = '\0';
00916                 } else {
00917                         pstrcpy(name, ".");
00918                 }
00919         }
00920 
00921         if (!afs_get_afs_acl(name, &old_afs_acl)) {
00922                 DEBUG(3, ("Could not get old ACL of %s\n", fsp->fsp_name));
00923                 goto done;
00924         }
00925 
00926         split_afs_acl(&old_afs_acl, &dir_acl, &file_acl);
00927 
00928         if (fsp->is_directory) {
00929 
00930                 if (!strequal(fileacls, "yes")) {
00931                         /* Throw away file acls, we depend on the
00932                          * inheritance ACEs that also give us file
00933                          * permissions */
00934                         free_afs_acl(&file_acl);
00935                 }
00936 
00937                 free_afs_acl(&dir_acl);
00938                 if (!nt_to_afs_acl(fsp->fsp_name, security_info_sent, psd,
00939                                    nt_to_afs_dir_rights, &dir_acl))
00940                         goto done;
00941         } else {
00942                 if (strequal(fileacls, "no")) {
00943                         ret = -1;
00944                         goto done;
00945                 }
00946 
00947                 if (strequal(fileacls, "ignore")) {
00948                         ret = 0;
00949                         goto done;
00950                 }
00951 
00952                 free_afs_acl(&file_acl);
00953                 if (!nt_to_afs_acl(fsp->fsp_name, security_info_sent, psd,
00954                                    nt_to_afs_file_rights, &file_acl))
00955                         goto done;
00956         }
00957 
00958         merge_afs_acls(&dir_acl, &file_acl, &new_afs_acl);
00959 
00960         merge_unknown_aces(&old_afs_acl, &new_afs_acl);
00961 
00962         unparse_afs_acl(&new_afs_acl, acl_string);
00963 
00964         iob.in = acl_string;
00965         iob.in_size = 1+strlen(iob.in);
00966         iob.out = NULL;
00967         iob.out_size = 0;
00968 
00969         DEBUG(10, ("trying to set acl '%s' on file %s\n", iob.in, name));
00970 
00971         ret = afs_syscall(AFSCALL_PIOCTL, name, VIOCSETAL, (char *)&iob, 0);
00972 
00973         if (ret != 0) {
00974                 DEBUG(10, ("VIOCSETAL returned %d\n", ret));
00975         }
00976 
00977  done:
00978         free_afs_acl(&dir_acl);
00979         free_afs_acl(&file_acl);
00980         free_afs_acl(&old_afs_acl);
00981         free_afs_acl(&new_afs_acl);
00982 
00983         return (ret == 0);
00984 }

static size_t afsacl_fget_nt_acl ( struct vfs_handle_struct handle,
struct files_struct fsp,
int  fd,
uint32  security_info,
struct security_descriptor **  ppdesc 
) [static]

vfs_afsacl.c986 行で定義されています。

参照先 afs_get_nt_acl().

00990 {
00991         return afs_get_nt_acl(fsp, security_info, ppdesc);
00992 }

static size_t afsacl_get_nt_acl ( struct vfs_handle_struct handle,
struct files_struct fsp,
const char *  name,
uint32  security_info,
struct security_descriptor **  ppdesc 
) [static]

vfs_afsacl.c993 行で定義されています。

参照先 afs_get_nt_acl().

00997 {
00998         return afs_get_nt_acl(fsp, security_info, ppdesc);
00999 }

BOOL afsacl_fset_nt_acl ( vfs_handle_struct handle,
files_struct fsp,
int  fd,
uint32  security_info_sent,
SEC_DESC psd 
)

vfs_afsacl.c1001 行で定義されています。

参照先 afs_set_nt_acl()handle.

01005 {
01006         return afs_set_nt_acl(handle, fsp, security_info_sent, psd);
01007 }

BOOL afsacl_set_nt_acl ( vfs_handle_struct handle,
files_struct fsp,
const char *  name,
uint32  security_info_sent,
SEC_DESC psd 
)

vfs_afsacl.c1009 行で定義されています。

参照先 afs_set_nt_acl()handle.

01013 {
01014         return afs_set_nt_acl(handle, fsp, security_info_sent, psd);
01015 }

static int afsacl_connect ( vfs_handle_struct handle,
const char *  service,
const char *  user 
) [static]

vfs_afsacl.c1017 行で定義されています。

参照先 handlelp_parm_const_string()space_replacement.

01020 {
01021         const char *spc;
01022 
01023         spc = lp_parm_const_string(SNUM(handle->conn), "afsacl", "space", "%");
01024 
01025         if (spc != NULL)
01026                 space_replacement = spc[0];
01027         
01028         return SMB_VFS_NEXT_CONNECT(handle, service, user);
01029 }

NTSTATUS vfs_afsacl_init ( void   ) 

vfs_afsacl.c1048 行で定義されています。

参照先 afsacl_opssmb_register_vfs().

01049 {
01050         return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "afsacl",
01051                                 afsacl_ops);
01052 }


変数

const DOM_SID global_sid_World

util_sid.c35 行で定義されています。

const DOM_SID global_sid_Builtin_Administrators

util_sid.c59 行で定義されています。

const DOM_SID global_sid_Builtin_Backup_Operators

util_sid.c73 行で定義されています。

const DOM_SID global_sid_Authenticated_Users

util_sid.c45 行で定義されています。

const DOM_SID global_sid_NULL

util_sid.c43 行で定義されています。

char space_replacement = '%' [static]

vfs_afsacl.c40 行で定義されています。

参照元 afsacl_connect()parse_afs_acl().

BOOL sidpts [static]

vfs_afsacl.c43 行で定義されています。

参照元 afs_get_nt_acl()afs_set_nt_acl()new_afs_ace().

struct static_dir_ace_mapping ace_mappings[] [static]

参照元 nt_to_afs_dir_rights().

vfs_op_tuple afsacl_ops[] [static]

初期値:

 {      
        {SMB_VFS_OP(afsacl_connect), SMB_VFS_OP_CONNECT,
         SMB_VFS_LAYER_TRANSPARENT},
        {SMB_VFS_OP(afsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL,
         SMB_VFS_LAYER_TRANSPARENT},
        {SMB_VFS_OP(afsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL,
         SMB_VFS_LAYER_TRANSPARENT},
        {SMB_VFS_OP(afsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL,
         SMB_VFS_LAYER_TRANSPARENT},
        {SMB_VFS_OP(afsacl_set_nt_acl), SMB_VFS_OP_SET_NT_ACL,
         SMB_VFS_LAYER_TRANSPARENT},
        {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP}
}

vfs_afsacl.c1033 行で定義されています。

参照元 vfs_afsacl_init().


Sambaに対してSat Aug 29 21:23:51 2009に生成されました。  doxygen 1.4.7