データ構造 | |
struct | afs_ace |
struct | afs_acl |
struct | afs_iob |
struct | static_dir_ace_mapping |
関数 | |
int | afs_syscall (int, char *, int, char *, int) |
static BOOL | init_afs_acl (struct afs_acl *acl) |
static void | free_afs_acl (struct afs_acl *acl) |
static struct afs_ace * | clone_afs_ace (TALLOC_CTX *mem_ctx, struct afs_ace *ace) |
static struct afs_ace * | new_afs_ace (TALLOC_CTX *mem_ctx, BOOL positive, const char *name, uint32 rights) |
static void | add_afs_ace (struct afs_acl *acl, BOOL positive, const char *name, uint32 rights) |
static BOOL | parse_afs_acl (struct afs_acl *acl, const char *acl_str) |
static BOOL | unparse_afs_acl (struct afs_acl *acl, char *acl_str) |
static uint32 | afs_to_nt_file_rights (uint32 rights) |
static void | afs_to_nt_dir_rights (uint32 afs_rights, uint32 *nt_rights, uint8 *flag) |
static void | split_afs_acl (struct afs_acl *acl, struct afs_acl *dir_acl, struct afs_acl *file_acl) |
static BOOL | same_principal (struct afs_ace *x, struct afs_ace *y) |
static void | merge_afs_acls (struct afs_acl *dir_acl, struct afs_acl *file_acl, struct afs_acl *target) |
static uint32 | nt_to_afs_dir_rights (const char *filename, const SEC_ACE *ace) |
static uint32 | nt_to_afs_file_rights (const char *filename, const SEC_ACE *ace) |
static size_t | afs_to_nt_acl (struct afs_acl *afs_acl, struct files_struct *fsp, uint32 security_info, struct security_descriptor **ppdesc) |
static BOOL | mappable_sid (const DOM_SID *sid) |
static BOOL | nt_to_afs_acl (const char *filename, uint32 security_info_sent, struct security_descriptor *psd, uint32(*nt_to_afs_rights)(const char *filename, const SEC_ACE *ace), struct afs_acl *afs_acl) |
static BOOL | afs_get_afs_acl (char *filename, struct afs_acl *acl) |
static size_t | afs_get_nt_acl (struct files_struct *fsp, uint32 security_info, struct security_descriptor **ppdesc) |
static void | merge_unknown_aces (struct afs_acl *src, struct afs_acl *dst) |
static BOOL | afs_set_nt_acl (vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, struct security_descriptor *psd) |
static size_t | afsacl_fget_nt_acl (struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, struct security_descriptor **ppdesc) |
static size_t | afsacl_get_nt_acl (struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc) |
BOOL | afsacl_fset_nt_acl (vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd) |
BOOL | afsacl_set_nt_acl (vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd) |
static int | afsacl_connect (vfs_handle_struct *handle, const char *service, const char *user) |
NTSTATUS | vfs_afsacl_init (void) |
変数 | |
const DOM_SID | global_sid_World |
const DOM_SID | global_sid_Builtin_Administrators |
const DOM_SID | global_sid_Builtin_Backup_Operators |
const DOM_SID | global_sid_Authenticated_Users |
const DOM_SID | global_sid_NULL |
static char | space_replacement = '%' |
static BOOL | sidpts |
static struct static_dir_ace_mapping | ace_mappings [] |
static vfs_op_tuple | afsacl_ops [] |
int afs_syscall | ( | int | , | |
char * | , | |||
int | , | |||
char * | , | |||
int | ||||
) |
vfs_afsacl.c の 69 行で定義されています。
参照先 afs_acl::ctx・talloc_init().
参照元 afs_get_afs_acl()・merge_afs_acls()・nt_to_afs_acl()・split_afs_acl().
00070 { 00071 ZERO_STRUCT(*acl); 00072 acl->ctx = talloc_init("afs_acl"); 00073 if (acl->ctx == NULL) { 00074 DEBUG(10, ("Could not init afs_acl")); 00075 return False; 00076 } 00077 return True; 00078 }
static void free_afs_acl | ( | struct afs_acl * | acl | ) | [static] |
vfs_afsacl.c の 80 行で定義されています。
参照先 afs_acl::acelist・afs_acl::ctx・afs_acl::num_aces.
参照元 afs_get_afs_acl()・afs_get_nt_acl()・afs_set_nt_acl().
00081 { 00082 if (acl->ctx != NULL) 00083 talloc_destroy(acl->ctx); 00084 acl->ctx = NULL; 00085 acl->num_aces = 0; 00086 acl->acelist = NULL; 00087 }
static struct afs_ace* clone_afs_ace | ( | TALLOC_CTX * | mem_ctx, | |
struct afs_ace * | ace | |||
) | [static] |
vfs_afsacl.c の 89 行で定義されています。
参照先 afs_ace::name・result・talloc_strdup().
参照元 merge_unknown_aces().
00090 { 00091 struct afs_ace *result = TALLOC_P(mem_ctx, struct afs_ace); 00092 00093 if (result == NULL) 00094 return NULL; 00095 00096 *result = *ace; 00097 00098 result->next = NULL; 00099 result->name = talloc_strdup(mem_ctx, ace->name); 00100 00101 if (result->name == NULL) { 00102 return NULL; 00103 } 00104 00105 return result; 00106 }
static struct afs_ace* new_afs_ace | ( | TALLOC_CTX * | mem_ctx, | |
BOOL | positive, | |||
const char * | name, | |||
uint32 | rights | |||
) | [static] |
vfs_afsacl.c の 108 行で定義されています。
参照先 global_sid_Authenticated_Users・global_sid_Builtin_Administrators・global_sid_Builtin_Backup_Operators・global_sid_NULL・global_sid_World・lookup_name()・lookup_sid()・result・afs_ace::sid・sid_copy()・SID_NAME_ALIAS・SID_NAME_UNKNOWN・SID_NAME_WKN_GRP・sidpts・strchr_m()・string_to_sid()・talloc_strdup()・tmp_talloc_ctx()・type.
参照元 add_afs_ace().
00111 { 00112 DOM_SID sid; 00113 enum lsa_SidType type; 00114 struct afs_ace *result; 00115 00116 if (strcmp(name, "system:administrators") == 0) { 00117 00118 sid_copy(&sid, &global_sid_Builtin_Administrators); 00119 type = SID_NAME_ALIAS; 00120 00121 } else if (strcmp(name, "system:anyuser") == 0) { 00122 00123 sid_copy(&sid, &global_sid_World); 00124 type = SID_NAME_ALIAS; 00125 00126 } else if (strcmp(name, "system:authuser") == 0) { 00127 00128 sid_copy(&sid, &global_sid_Authenticated_Users); 00129 type = SID_NAME_WKN_GRP; 00130 00131 } else if (strcmp(name, "system:backup") == 0) { 00132 00133 sid_copy(&sid, &global_sid_Builtin_Backup_Operators); 00134 type = SID_NAME_ALIAS; 00135 00136 } else if (sidpts) { 00137 /* All PTS users/groups are expressed as SIDs */ 00138 00139 sid_copy(&sid, &global_sid_NULL); 00140 type = SID_NAME_UNKNOWN; 00141 00142 if (string_to_sid(&sid, name)) { 00143 const char *user, *domain; 00144 /* We have to find the type, look up the SID */ 00145 lookup_sid(tmp_talloc_ctx(), &sid, 00146 &domain, &user, &type); 00147 } 00148 00149 } else { 00150 00151 const char *domain, *uname; 00152 char *p; 00153 00154 p = strchr_m(name, *lp_winbind_separator()); 00155 if (p != NULL) { 00156 *p = '\\'; 00157 } 00158 00159 if (!lookup_name(tmp_talloc_ctx(), name, LOOKUP_NAME_ALL, 00160 &domain, &uname, &sid, &type)) { 00161 DEBUG(10, ("Could not find AFS user %s\n", name)); 00162 00163 sid_copy(&sid, &global_sid_NULL); 00164 type = SID_NAME_UNKNOWN; 00165 00166 } 00167 } 00168 00169 result = TALLOC_P(mem_ctx, struct afs_ace); 00170 00171 if (result == NULL) { 00172 DEBUG(0, ("Could not talloc AFS ace\n")); 00173 return NULL; 00174 } 00175 00176 result->name = talloc_strdup(mem_ctx, name); 00177 if (result->name == NULL) { 00178 DEBUG(0, ("Could not talloc AFS ace name\n")); 00179 return NULL; 00180 } 00181 00182 result->sid = sid; 00183 result->type = type; 00184 00185 result->positive = positive; 00186 result->rights = rights; 00187 00188 return result; 00189 }
static void add_afs_ace | ( | struct afs_acl * | acl, | |
BOOL | positive, | |||
const char * | name, | |||
uint32 | rights | |||
) | [static] |
vfs_afsacl.c の 191 行で定義されています。
参照先 afs_acl::acelist・afs_acl::ctx・afs_ace::name・new_afs_ace()・afs_ace::next・afs_acl::num_aces・afs_ace::positive・afs_ace::rights・strequal().
参照元 merge_afs_acls()・parse_afs_acl()・split_afs_acl().
00194 { 00195 struct afs_ace *ace; 00196 00197 for (ace = acl->acelist; ace != NULL; ace = ace->next) { 00198 if ((ace->positive == positive) && 00199 (strequal(ace->name, name))) { 00200 ace->rights |= rights; 00201 return; 00202 } 00203 } 00204 00205 ace = new_afs_ace(acl->ctx, positive, name, rights); 00206 00207 ace->next = acl->acelist; 00208 acl->acelist = ace; 00209 00210 acl->num_aces += 1; 00211 00212 DEBUG(10, ("add_afs_ace: Added %s entry for %s with rights %d\n", 00213 ace->positive?"positive":"negative", 00214 ace->name, ace->rights)); 00215 00216 return; 00217 }
vfs_afsacl.c の 231 行で定義されています。
参照先 add_afs_ace()・name・afs_ace::rights・space・space_replacement・strchr_m().
参照元 afs_get_afs_acl().
00232 { 00233 int nplus, nminus; 00234 int aces; 00235 00236 char str[MAXSIZE+1]; 00237 char *p = str; 00238 00239 strncpy(str, acl_str, MAXSIZE); 00240 00241 if (sscanf(p, "%d", &nplus) != 1) 00242 return False; 00243 00244 DEBUG(10, ("Found %d positive entries\n", nplus)); 00245 00246 if ((p = strchr(p, '\n')) == NULL) 00247 return False; 00248 p += 1; 00249 00250 if (sscanf(p, "%d", &nminus) != 1) 00251 return False; 00252 00253 DEBUG(10, ("Found %d negative entries\n", nminus)); 00254 00255 if ((p = strchr(p, '\n')) == NULL) 00256 return False; 00257 p += 1; 00258 00259 for (aces = nplus+nminus; aces > 0; aces--) 00260 { 00261 00262 const char *namep; 00263 fstring name; 00264 uint32 rights; 00265 char *space; 00266 00267 namep = p; 00268 00269 if ((p = strchr(p, '\t')) == NULL) 00270 return False; 00271 *p = '\0'; 00272 p += 1; 00273 00274 if (sscanf(p, "%d", &rights) != 1) 00275 return False; 00276 00277 if ((p = strchr(p, '\n')) == NULL) 00278 return False; 00279 p += 1; 00280 00281 fstrcpy(name, namep); 00282 00283 while ((space = strchr_m(name, space_replacement)) != NULL) 00284 *space = ' '; 00285 00286 add_afs_ace(acl, nplus>0, name, rights); 00287 00288 nplus -= 1; 00289 } 00290 00291 return True; 00292 }
vfs_afsacl.c の 294 行で定義されています。
参照先 afs_acl::acelist・fstr_sprintf()・line・afs_ace::name・afs_ace::next・afs_ace::positive・afs_ace::rights.
参照元 afs_set_nt_acl().
00295 { 00296 /* TODO: String length checks!!!! */ 00297 00298 int positives = 0; 00299 int negatives = 0; 00300 fstring line; 00301 00302 *acl_str = 0; 00303 00304 struct afs_ace *ace = acl->acelist; 00305 00306 while (ace != NULL) { 00307 if (ace->positive) 00308 positives++; 00309 else 00310 negatives++; 00311 ace = ace->next; 00312 } 00313 00314 fstr_sprintf(line, "%d\n", positives); 00315 safe_strcat(acl_str, line, MAXSIZE); 00316 00317 fstr_sprintf(line, "%d\n", negatives); 00318 safe_strcat(acl_str, line, MAXSIZE); 00319 00320 ace = acl->acelist; 00321 00322 while (ace != NULL) { 00323 fstr_sprintf(line, "%s\t%d\n", ace->name, ace->rights); 00324 safe_strcat(acl_str, line, MAXSIZE); 00325 ace = ace->next; 00326 } 00327 return True; 00328 }
static uint32 afs_to_nt_file_rights | ( | uint32 | rights | ) | [static] |
vfs_afsacl.c の 330 行で定義されています。
参照先 result.
参照元 afs_to_nt_acl().
00331 { 00332 uint32 result = 0; 00333 00334 if (rights & PRSFS_READ) 00335 result |= FILE_READ_DATA | FILE_READ_EA | 00336 FILE_EXECUTE | FILE_READ_ATTRIBUTES | 00337 READ_CONTROL_ACCESS | SYNCHRONIZE_ACCESS; 00338 00339 if (rights & PRSFS_WRITE) 00340 result |= FILE_WRITE_DATA | FILE_WRITE_ATTRIBUTES | 00341 FILE_WRITE_EA | FILE_APPEND_DATA; 00342 00343 if (rights & PRSFS_LOCK) 00344 result |= WRITE_OWNER_ACCESS; 00345 00346 if (rights & PRSFS_DELETE) 00347 result |= DELETE_ACCESS; 00348 00349 return result; 00350 }
static void afs_to_nt_dir_rights | ( | uint32 | afs_rights, | |
uint32 * | nt_rights, | |||
uint8 * | flag | |||
) | [static] |
vfs_afsacl.c の 352 行で定義されています。
参照元 afs_to_nt_acl().
00354 { 00355 *nt_rights = 0; 00356 *flag = SEC_ACE_FLAG_OBJECT_INHERIT | 00357 SEC_ACE_FLAG_CONTAINER_INHERIT; 00358 00359 if (afs_rights & PRSFS_INSERT) 00360 *nt_rights |= FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY; 00361 00362 if (afs_rights & PRSFS_LOOKUP) 00363 *nt_rights |= FILE_READ_DATA | FILE_READ_EA | 00364 FILE_EXECUTE | FILE_READ_ATTRIBUTES | 00365 READ_CONTROL_ACCESS | SYNCHRONIZE_ACCESS; 00366 00367 if (afs_rights & PRSFS_WRITE) 00368 *nt_rights |= FILE_WRITE_ATTRIBUTES | FILE_WRITE_DATA | 00369 FILE_APPEND_DATA | FILE_WRITE_EA; 00370 00371 if ((afs_rights & (PRSFS_INSERT|PRSFS_LOOKUP|PRSFS_DELETE)) == 00372 (PRSFS_INSERT|PRSFS_LOOKUP|PRSFS_DELETE)) 00373 *nt_rights |= FILE_WRITE_ATTRIBUTES | FILE_WRITE_EA | 00374 GENERIC_WRITE_ACCESS; 00375 00376 if (afs_rights & PRSFS_DELETE) 00377 *nt_rights |= DELETE_ACCESS; 00378 00379 if (afs_rights & PRSFS_ADMINISTER) 00380 *nt_rights |= FILE_DELETE_CHILD | WRITE_DAC_ACCESS | 00381 WRITE_OWNER_ACCESS; 00382 00383 if ( (afs_rights & PRSFS_LOOKUP) == 00384 (afs_rights & (PRSFS_LOOKUP|PRSFS_READ)) ) { 00385 /* Only lookup right */ 00386 *flag = SEC_ACE_FLAG_CONTAINER_INHERIT; 00387 } 00388 00389 return; 00390 }
static void split_afs_acl | ( | struct afs_acl * | acl, | |
struct afs_acl * | dir_acl, | |||
struct afs_acl * | file_acl | |||
) | [static] |
vfs_afsacl.c の 395 行で定義されています。
参照先 afs_acl::acelist・add_afs_ace()・init_afs_acl()・afs_ace::name・afs_ace::next・afs_ace::positive・afs_ace::rights.
参照元 afs_set_nt_acl().
00398 { 00399 struct afs_ace *ace; 00400 00401 init_afs_acl(dir_acl); 00402 init_afs_acl(file_acl); 00403 00404 for (ace = acl->acelist; ace != NULL; ace = ace->next) { 00405 if (ace->rights & AFS_FILE_RIGHTS) { 00406 add_afs_ace(file_acl, ace->positive, ace->name, 00407 ace->rights & AFS_FILE_RIGHTS); 00408 } 00409 00410 if (ace->rights & AFS_DIR_RIGHTS) { 00411 add_afs_ace(dir_acl, ace->positive, ace->name, 00412 ace->rights & AFS_DIR_RIGHTS); 00413 } 00414 } 00415 return; 00416 }
vfs_afsacl.c の 418 行で定義されています。
参照先 afs_ace::positive・afs_ace::sid・sid_compare().
参照元 merge_afs_acls().
00419 { 00420 return ( (x->positive == y->positive) && 00421 (sid_compare(&x->sid, &y->sid) == 0) ); 00422 }
static void merge_afs_acls | ( | struct afs_acl * | dir_acl, | |
struct afs_acl * | file_acl, | |||
struct afs_acl * | target | |||
) | [static] |
vfs_afsacl.c の 424 行で定義されています。
参照先 afs_acl::acelist・add_afs_ace()・init_afs_acl()・afs_ace::name・afs_ace::next・afs_ace::positive・afs_ace::rights・same_principal().
参照元 afs_set_nt_acl().
00427 { 00428 struct afs_ace *ace; 00429 00430 init_afs_acl(target); 00431 00432 for (ace = dir_acl->acelist; ace != NULL; ace = ace->next) { 00433 struct afs_ace *file_ace; 00434 BOOL found = False; 00435 00436 for (file_ace = file_acl->acelist; 00437 file_ace != NULL; 00438 file_ace = file_ace->next) { 00439 if (!same_principal(ace, file_ace)) 00440 continue; 00441 00442 add_afs_ace(target, ace->positive, ace->name, 00443 ace->rights | file_ace->rights); 00444 found = True; 00445 break; 00446 } 00447 if (!found) 00448 add_afs_ace(target, ace->positive, ace->name, 00449 ace->rights); 00450 } 00451 00452 for (ace = file_acl->acelist; ace != NULL; ace = ace->next) { 00453 struct afs_ace *dir_ace; 00454 BOOL already_seen = False; 00455 00456 for (dir_ace = dir_acl->acelist; 00457 dir_ace != NULL; 00458 dir_ace = dir_ace->next) { 00459 if (!same_principal(ace, dir_ace)) 00460 continue; 00461 already_seen = True; 00462 break; 00463 } 00464 if (!already_seen) 00465 add_afs_ace(target, ace->positive, ace->name, 00466 ace->rights); 00467 } 00468 }
static uint32 nt_to_afs_dir_rights | ( | const char * | filename, | |
const SEC_ACE * | ace | |||
) | [static] |
vfs_afsacl.c の 532 行で定義されています。
参照先 ace_mappings・static_dir_ace_mapping::afs_rights・static_dir_ace_mapping::flags・security_ace_info::flags・flags・static_dir_ace_mapping::mask・result・static_dir_ace_mapping::type・security_ace_info::type.
参照元 afs_set_nt_acl().
00533 { 00534 uint32 result = 0; 00535 uint32 rights = ace->info.mask; 00536 uint8 flags = ace->flags; 00537 00538 struct static_dir_ace_mapping *m; 00539 00540 for (m = &ace_mappings[0]; m->afs_rights != 9999; m++) { 00541 if ( (ace->type == m->type) && 00542 (ace->flags == m->flags) && 00543 (ace->info.mask == m->mask) ) 00544 return m->afs_rights; 00545 } 00546 00547 DEBUG(1, ("AFSACL FALLBACK: 0x%X 0x%X 0x%X %s %X\n", 00548 ace->type, ace->flags, ace->info.mask, filename, rights)); 00549 00550 if (rights & (GENERIC_ALL_ACCESS|WRITE_DAC_ACCESS)) { 00551 result |= PRSFS_READ | PRSFS_WRITE | PRSFS_INSERT | 00552 PRSFS_LOOKUP | PRSFS_DELETE | PRSFS_LOCK | 00553 PRSFS_ADMINISTER; 00554 } 00555 00556 if (rights & (GENERIC_READ_ACCESS|FILE_READ_DATA)) { 00557 result |= PRSFS_LOOKUP; 00558 if (flags & SEC_ACE_FLAG_OBJECT_INHERIT) { 00559 result |= PRSFS_READ; 00560 } 00561 } 00562 00563 if (rights & (GENERIC_WRITE_ACCESS|FILE_WRITE_DATA)) { 00564 result |= PRSFS_INSERT | PRSFS_DELETE; 00565 if (flags & SEC_ACE_FLAG_OBJECT_INHERIT) { 00566 result |= PRSFS_WRITE | PRSFS_LOCK; 00567 } 00568 } 00569 00570 return result; 00571 }
static uint32 nt_to_afs_file_rights | ( | const char * | filename, | |
const SEC_ACE * | ace | |||
) | [static] |
vfs_afsacl.c の 573 行で定義されています。
参照先 result.
参照元 afs_set_nt_acl().
00574 { 00575 uint32 result = 0; 00576 uint32 rights = ace->info.mask; 00577 00578 if (rights & (GENERIC_READ_ACCESS|FILE_READ_DATA)) { 00579 result |= PRSFS_READ; 00580 } 00581 00582 if (rights & (GENERIC_WRITE_ACCESS|FILE_WRITE_DATA)) { 00583 result |= PRSFS_WRITE | PRSFS_LOCK; 00584 } 00585 00586 return result; 00587 }
static size_t afs_to_nt_acl | ( | struct afs_acl * | afs_acl, | |
struct files_struct * | fsp, | |||
uint32 | security_info, | |||
struct security_descriptor ** | ppdesc | |||
) | [static] |
vfs_afsacl.c の 589 行で定義されています。
参照先 afs_acl::acelist・afs_to_nt_dir_rights()・afs_to_nt_file_rights()・files_struct::conn・fd_handle::fd・files_struct::fh・files_struct::fsp_name・gid_to_sid()・init_sec_access()・init_sec_ace()・files_struct::is_directory・main_loop_talloc_get()・make_sec_acl()・make_sec_desc()・static_dir_ace_mapping::mask・afs_ace::name・afs_ace::next・afs_acl::num_aces・afs_ace::rights・SEC_ACE_TYPE_ACCESS_ALLOWED・afs_ace::sid・SID_NAME_UNKNOWN・afs_ace::type・uid_to_sid().
参照元 afs_get_nt_acl().
00593 { 00594 SEC_ACE *nt_ace_list; 00595 DOM_SID owner_sid, group_sid; 00596 SEC_ACCESS mask; 00597 SMB_STRUCT_STAT sbuf; 00598 SEC_ACL *psa = NULL; 00599 int good_aces; 00600 size_t sd_size; 00601 TALLOC_CTX *mem_ctx = main_loop_talloc_get(); 00602 00603 struct afs_ace *afs_ace; 00604 00605 if (fsp->is_directory || fsp->fh->fd == -1) { 00606 /* Get the stat struct for the owner info. */ 00607 if(SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf) != 0) { 00608 return 0; 00609 } 00610 } else { 00611 if(SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) != 0) { 00612 return 0; 00613 } 00614 } 00615 00616 uid_to_sid(&owner_sid, sbuf.st_uid); 00617 gid_to_sid(&group_sid, sbuf.st_gid); 00618 00619 if (afs_acl->num_aces) { 00620 nt_ace_list = TALLOC_ARRAY(mem_ctx, SEC_ACE, afs_acl->num_aces); 00621 00622 if (nt_ace_list == NULL) 00623 return 0; 00624 } else { 00625 nt_ace_list = NULL; 00626 } 00627 00628 afs_ace = afs_acl->acelist; 00629 good_aces = 0; 00630 00631 while (afs_ace != NULL) { 00632 uint32 nt_rights; 00633 uint8 flag = SEC_ACE_FLAG_OBJECT_INHERIT | 00634 SEC_ACE_FLAG_CONTAINER_INHERIT; 00635 00636 if (afs_ace->type == SID_NAME_UNKNOWN) { 00637 DEBUG(10, ("Ignoring unknown name %s\n", 00638 afs_ace->name)); 00639 afs_ace = afs_ace->next; 00640 continue; 00641 } 00642 00643 if (fsp->is_directory) 00644 afs_to_nt_dir_rights(afs_ace->rights, &nt_rights, 00645 &flag); 00646 else 00647 nt_rights = afs_to_nt_file_rights(afs_ace->rights); 00648 00649 init_sec_access(&mask, nt_rights); 00650 init_sec_ace(&nt_ace_list[good_aces++], &(afs_ace->sid), 00651 SEC_ACE_TYPE_ACCESS_ALLOWED, mask, flag); 00652 afs_ace = afs_ace->next; 00653 } 00654 00655 psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 00656 good_aces, nt_ace_list); 00657 if (psa == NULL) 00658 return 0; 00659 00660 00661 *ppdesc = make_sec_desc(mem_ctx, SEC_DESC_REVISION, 00662 SEC_DESC_SELF_RELATIVE, 00663 (security_info & OWNER_SECURITY_INFORMATION) 00664 ? &owner_sid : NULL, 00665 (security_info & GROUP_SECURITY_INFORMATION) 00666 ? &group_sid : NULL, 00667 NULL, psa, &sd_size); 00668 00669 return sd_size; 00670 }
vfs_afsacl.c の 672 行で定義されています。
参照先 domain_sid・global_sid_Authenticated_Users・global_sid_Builtin_Administrators・global_sid_Builtin_Backup_Operators・global_sid_World・afs_ace::sid・sid_compare()・sid_compare_domain()・string_to_sid().
参照元 nt_to_afs_acl().
00673 { 00674 DOM_SID domain_sid; 00675 00676 if (sid_compare(sid, &global_sid_Builtin_Administrators) == 0) 00677 return True; 00678 00679 if (sid_compare(sid, &global_sid_World) == 0) 00680 return True; 00681 00682 if (sid_compare(sid, &global_sid_Authenticated_Users) == 0) 00683 return True; 00684 00685 if (sid_compare(sid, &global_sid_Builtin_Backup_Operators) == 0) 00686 return True; 00687 00688 string_to_sid(&domain_sid, "S-1-5-21"); 00689 00690 if (sid_compare_domain(sid, &domain_sid) == 0) 00691 return True; 00692 00693 return False; 00694 }
static BOOL nt_to_afs_acl | ( | const char * | filename, | |
uint32 | security_info_sent, | |||
struct security_descriptor * | psd, | |||
uint32(*)(const char *filename, const SEC_ACE *ace) | nt_to_afs_rights, | |||
struct afs_acl * | afs_acl | |||
) | [static] |
vfs_afsacl.c の 696 行で定義されています。
参照先 security_descriptor::dacl・init_afs_acl()・mappable_sid()・name・name_type・security_acl_info::num_aces・SEC_ACE_TYPE_ACCESS_ALLOWED・sid_string_static()・security_ace_info::trustee・security_ace_info::type.
参照元 afs_set_nt_acl().
00702 { 00703 SEC_ACL *dacl; 00704 int i; 00705 00706 /* Currently we *only* look at the dacl */ 00707 00708 if (((security_info_sent & DACL_SECURITY_INFORMATION) == 0) || 00709 (psd->dacl == NULL)) 00710 return True; 00711 00712 if (!init_afs_acl(afs_acl)) 00713 return False; 00714 00715 dacl = psd->dacl; 00716 00717 for (i = 0; i < dacl->num_aces; i++) { 00718 SEC_ACE *ace = &(dacl->ace[i]); 00719 const char *dom_name, *name; 00720 enum lsa_SidType name_type; 00721 char *p; 00722 00723 if (ace->type != SEC_ACE_TYPE_ACCESS_ALLOWED) { 00724 /* First cut: Only positive ACEs */ 00725 return False; 00726 } 00727 00728 if (!mappable_sid(&ace->trustee)) { 00729 DEBUG(10, ("Ignoring unmappable SID %s\n", 00730 sid_string_static(&ace->trustee))); 00731 continue; 00732 } 00733 00734 if (sid_compare(&ace->trustee, 00735 &global_sid_Builtin_Administrators) == 0) { 00736 00737 name = "system:administrators"; 00738 00739 } else if (sid_compare(&ace->trustee, 00740 &global_sid_World) == 0) { 00741 00742 name = "system:anyuser"; 00743 00744 } else if (sid_compare(&ace->trustee, 00745 &global_sid_Authenticated_Users) == 0) { 00746 00747 name = "system:authuser"; 00748 00749 } else if (sid_compare(&ace->trustee, 00750 &global_sid_Builtin_Backup_Operators) 00751 == 0) { 00752 00753 name = "system:backup"; 00754 00755 } else { 00756 00757 if (!lookup_sid(tmp_talloc_ctx(), &ace->trustee, 00758 &dom_name, &name, &name_type)) { 00759 DEBUG(1, ("AFSACL: Could not lookup SID %s on file %s\n", 00760 sid_string_static(&ace->trustee), filename)); 00761 continue; 00762 } 00763 00764 if ( (name_type == SID_NAME_USER) || 00765 (name_type == SID_NAME_DOM_GRP) || 00766 (name_type == SID_NAME_ALIAS) ) { 00767 char *tmp; 00768 tmp = talloc_asprintf(tmp_talloc_ctx(), "%s%s%s", 00769 dom_name, lp_winbind_separator(), 00770 name); 00771 if (tmp == NULL) { 00772 return False; 00773 } 00774 strlower_m(tmp); 00775 name = tmp; 00776 } 00777 00778 if (sidpts) { 00779 /* Expect all users/groups in pts as SIDs */ 00780 name = talloc_strdup( 00781 tmp_talloc_ctx(), 00782 sid_string_static(&ace->trustee)); 00783 if (name == NULL) { 00784 return False; 00785 } 00786 } 00787 } 00788 00789 while ((p = strchr_m(name, ' ')) != NULL) 00790 *p = space_replacement; 00791 00792 add_afs_ace(afs_acl, True, name, 00793 nt_to_afs_rights(filename, ace)); 00794 } 00795 00796 return True; 00797 }
vfs_afsacl.c の 799 行で定義されています。
参照先 afs_syscall()・free_afs_acl()・afs_iob::in・afs_iob::in_size・init_afs_acl()・afs_iob::out・afs_iob::out_size・parse_afs_acl()・space.
参照元 afs_get_nt_acl()・afs_set_nt_acl().
00800 { 00801 struct afs_iob iob; 00802 00803 int ret; 00804 00805 char space[MAXSIZE]; 00806 00807 DEBUG(5, ("afs_get_afs_acl: %s\n", filename)); 00808 00809 iob.in_size = 0; 00810 iob.out_size = MAXSIZE; 00811 iob.in = iob.out = space; 00812 00813 ret = afs_syscall(AFSCALL_PIOCTL, filename, VIOCGETAL, 00814 (char *)&iob, 0); 00815 00816 if (ret) { 00817 DEBUG(1, ("got error from PIOCTL: %d\n", ret)); 00818 return False; 00819 } 00820 00821 if (!init_afs_acl(acl)) 00822 return False; 00823 00824 if (!parse_afs_acl(acl, space)) { 00825 DEBUG(1, ("Could not parse AFS acl\n")); 00826 free_afs_acl(acl); 00827 return False; 00828 } 00829 00830 return True; 00831 }
static size_t afs_get_nt_acl | ( | struct files_struct * | fsp, | |
uint32 | security_info, | |||
struct security_descriptor ** | ppdesc | |||
) | [static] |
vfs_afsacl.c の 833 行で定義されています。
参照先 afs_get_afs_acl()・afs_to_nt_acl()・files_struct::conn・free_afs_acl()・files_struct::fsp_name・lp_parm_bool()・sidpts.
参照元 afsacl_fget_nt_acl()・afsacl_get_nt_acl().
00835 { 00836 struct afs_acl acl; 00837 size_t sd_size; 00838 00839 DEBUG(5, ("afs_get_nt_acl: %s\n", fsp->fsp_name)); 00840 00841 sidpts = lp_parm_bool(SNUM(fsp->conn), "afsacl", "sidpts", False); 00842 00843 if (!afs_get_afs_acl(fsp->fsp_name, &acl)) { 00844 return 0; 00845 } 00846 00847 sd_size = afs_to_nt_acl(&acl, fsp, security_info, ppdesc); 00848 00849 free_afs_acl(&acl); 00850 00851 return sd_size; 00852 }
vfs_afsacl.c の 857 行で定義されています。
参照先 afs_acl::acelist・clone_afs_ace()・afs_acl::ctx・afs_ace::name・afs_ace::next・afs_acl::num_aces・SID_NAME_UNKNOWN・afs_ace::type.
参照元 afs_set_nt_acl().
00858 { 00859 struct afs_ace *ace; 00860 00861 for (ace = src->acelist; ace != NULL; ace = ace->next) 00862 { 00863 struct afs_ace *copy; 00864 00865 if (ace->type != SID_NAME_UNKNOWN) { 00866 DEBUG(10, ("Not merging known ACE for %s\n", 00867 ace->name)); 00868 continue; 00869 } 00870 00871 DEBUG(10, ("Merging unknown ACE for %s\n", ace->name)); 00872 00873 copy = clone_afs_ace(dst->ctx, ace); 00874 00875 if (copy == NULL) { 00876 DEBUG(0, ("Could not clone ACE for %s\n", ace->name)); 00877 continue; 00878 } 00879 00880 copy->next = dst->acelist; 00881 dst->acelist = copy; 00882 dst->num_aces += 1; 00883 } 00884 }
static BOOL afs_set_nt_acl | ( | vfs_handle_struct * | handle, | |
files_struct * | fsp, | |||
uint32 | security_info_sent, | |||
struct security_descriptor * | psd | |||
) | [static] |
vfs_afsacl.c の 886 行で定義されています。
参照先 afs_get_afs_acl()・afs_syscall()・free_afs_acl()・files_struct::fsp_name・handle・afs_iob::in・afs_iob::in_size・files_struct::is_directory・lp_parm_bool()・lp_parm_const_string()・merge_afs_acls()・merge_unknown_aces()・name・nt_to_afs_acl()・nt_to_afs_dir_rights()・nt_to_afs_file_rights()・afs_iob::out・afs_iob::out_size・sidpts・split_afs_acl()・strequal()・unparse_afs_acl().
参照元 afsacl_fset_nt_acl()・afsacl_set_nt_acl().
00889 { 00890 struct afs_acl old_afs_acl, new_afs_acl; 00891 struct afs_acl dir_acl, file_acl; 00892 char acl_string[2049]; 00893 struct afs_iob iob; 00894 int ret = -1; 00895 pstring name; 00896 const char *fileacls; 00897 00898 fileacls = lp_parm_const_string(SNUM(handle->conn), "afsacl", "fileacls", 00899 "yes"); 00900 00901 sidpts = lp_parm_bool(SNUM(handle->conn), "afsacl", "sidpts", False); 00902 00903 ZERO_STRUCT(old_afs_acl); 00904 ZERO_STRUCT(new_afs_acl); 00905 ZERO_STRUCT(dir_acl); 00906 ZERO_STRUCT(file_acl); 00907 00908 pstrcpy(name, fsp->fsp_name); 00909 00910 if (!fsp->is_directory) { 00911 /* We need to get the name of the directory containing the 00912 * file, this is where the AFS acls live */ 00913 char *p = strrchr(name, '/'); 00914 if (p != NULL) { 00915 *p = '\0'; 00916 } else { 00917 pstrcpy(name, "."); 00918 } 00919 } 00920 00921 if (!afs_get_afs_acl(name, &old_afs_acl)) { 00922 DEBUG(3, ("Could not get old ACL of %s\n", fsp->fsp_name)); 00923 goto done; 00924 } 00925 00926 split_afs_acl(&old_afs_acl, &dir_acl, &file_acl); 00927 00928 if (fsp->is_directory) { 00929 00930 if (!strequal(fileacls, "yes")) { 00931 /* Throw away file acls, we depend on the 00932 * inheritance ACEs that also give us file 00933 * permissions */ 00934 free_afs_acl(&file_acl); 00935 } 00936 00937 free_afs_acl(&dir_acl); 00938 if (!nt_to_afs_acl(fsp->fsp_name, security_info_sent, psd, 00939 nt_to_afs_dir_rights, &dir_acl)) 00940 goto done; 00941 } else { 00942 if (strequal(fileacls, "no")) { 00943 ret = -1; 00944 goto done; 00945 } 00946 00947 if (strequal(fileacls, "ignore")) { 00948 ret = 0; 00949 goto done; 00950 } 00951 00952 free_afs_acl(&file_acl); 00953 if (!nt_to_afs_acl(fsp->fsp_name, security_info_sent, psd, 00954 nt_to_afs_file_rights, &file_acl)) 00955 goto done; 00956 } 00957 00958 merge_afs_acls(&dir_acl, &file_acl, &new_afs_acl); 00959 00960 merge_unknown_aces(&old_afs_acl, &new_afs_acl); 00961 00962 unparse_afs_acl(&new_afs_acl, acl_string); 00963 00964 iob.in = acl_string; 00965 iob.in_size = 1+strlen(iob.in); 00966 iob.out = NULL; 00967 iob.out_size = 0; 00968 00969 DEBUG(10, ("trying to set acl '%s' on file %s\n", iob.in, name)); 00970 00971 ret = afs_syscall(AFSCALL_PIOCTL, name, VIOCSETAL, (char *)&iob, 0); 00972 00973 if (ret != 0) { 00974 DEBUG(10, ("VIOCSETAL returned %d\n", ret)); 00975 } 00976 00977 done: 00978 free_afs_acl(&dir_acl); 00979 free_afs_acl(&file_acl); 00980 free_afs_acl(&old_afs_acl); 00981 free_afs_acl(&new_afs_acl); 00982 00983 return (ret == 0); 00984 }
static size_t afsacl_fget_nt_acl | ( | struct vfs_handle_struct * | handle, | |
struct files_struct * | fsp, | |||
int | fd, | |||
uint32 | security_info, | |||
struct security_descriptor ** | ppdesc | |||
) | [static] |
vfs_afsacl.c の 986 行で定義されています。
参照先 afs_get_nt_acl().
00990 { 00991 return afs_get_nt_acl(fsp, security_info, ppdesc); 00992 }
static size_t afsacl_get_nt_acl | ( | struct vfs_handle_struct * | handle, | |
struct files_struct * | fsp, | |||
const char * | name, | |||
uint32 | security_info, | |||
struct security_descriptor ** | ppdesc | |||
) | [static] |
vfs_afsacl.c の 993 行で定義されています。
参照先 afs_get_nt_acl().
00997 { 00998 return afs_get_nt_acl(fsp, security_info, ppdesc); 00999 }
BOOL afsacl_fset_nt_acl | ( | vfs_handle_struct * | handle, | |
files_struct * | fsp, | |||
int | fd, | |||
uint32 | security_info_sent, | |||
SEC_DESC * | psd | |||
) |
vfs_afsacl.c の 1001 行で定義されています。
参照先 afs_set_nt_acl()・handle.
01005 { 01006 return afs_set_nt_acl(handle, fsp, security_info_sent, psd); 01007 }
BOOL afsacl_set_nt_acl | ( | vfs_handle_struct * | handle, | |
files_struct * | fsp, | |||
const char * | name, | |||
uint32 | security_info_sent, | |||
SEC_DESC * | psd | |||
) |
vfs_afsacl.c の 1009 行で定義されています。
参照先 afs_set_nt_acl()・handle.
01013 { 01014 return afs_set_nt_acl(handle, fsp, security_info_sent, psd); 01015 }
static int afsacl_connect | ( | vfs_handle_struct * | handle, | |
const char * | service, | |||
const char * | user | |||
) | [static] |
vfs_afsacl.c の 1017 行で定義されています。
参照先 handle・lp_parm_const_string()・space_replacement.
01020 { 01021 const char *spc; 01022 01023 spc = lp_parm_const_string(SNUM(handle->conn), "afsacl", "space", "%"); 01024 01025 if (spc != NULL) 01026 space_replacement = spc[0]; 01027 01028 return SMB_VFS_NEXT_CONNECT(handle, service, user); 01029 }
NTSTATUS vfs_afsacl_init | ( | void | ) |
vfs_afsacl.c の 1048 行で定義されています。
参照先 afsacl_ops・smb_register_vfs().
01049 { 01050 return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "afsacl", 01051 afsacl_ops); 01052 }
const DOM_SID global_sid_World |
util_sid.c の 35 行で定義されています。
util_sid.c の 59 行で定義されています。
util_sid.c の 73 行で定義されています。
util_sid.c の 45 行で定義されています。
const DOM_SID global_sid_NULL |
util_sid.c の 43 行で定義されています。
char space_replacement = '%' [static] |
struct static_dir_ace_mapping ace_mappings[] [static] |
vfs_op_tuple afsacl_ops[] [static] |
初期値:
{ {SMB_VFS_OP(afsacl_connect), SMB_VFS_OP_CONNECT, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(afsacl_fget_nt_acl), SMB_VFS_OP_FGET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(afsacl_get_nt_acl), SMB_VFS_OP_GET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(afsacl_fset_nt_acl), SMB_VFS_OP_FSET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(afsacl_set_nt_acl), SMB_VFS_OP_SET_NT_ACL, SMB_VFS_LAYER_TRANSPARENT}, {SMB_VFS_OP(NULL), SMB_VFS_OP_NOOP, SMB_VFS_LAYER_NOOP} }
vfs_afsacl.c の 1033 行で定義されています。
参照元 vfs_afsacl_init().