2008-09-16 15:55:06 -07:00
/*
* Store Windows ACLs in xattrs .
*
* Copyright ( C ) Volker Lendecke , 2008
* Copyright ( C ) Jeremy Allison , 2008
*
* This program is free software ; you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation ; either version 3 of the License , or
* ( at your option ) any later version .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with this program ; if not , see < http : //www.gnu.org/licenses/>.
*/
# include "includes.h"
2011-03-22 22:34:22 +01:00
# include "smbd/smbd.h"
2008-09-16 15:55:06 -07:00
# include "librpc/gen_ndr/xattr.h"
# include "librpc/gen_ndr/ndr_xattr.h"
2009-07-24 14:09:42 -07:00
# include "../lib/crypto/crypto.h"
2011-03-24 14:15:54 +01:00
# include "auth.h"
2008-09-16 15:55:06 -07:00
# undef DBGC_CLASS
# define DBGC_CLASS DBGC_VFS
2009-07-27 12:09:40 -07:00
/* Pull in the common functions. */
2010-10-15 15:56:09 -07:00
# define ACL_MODULE_NAME "acl_xattr"
2009-07-27 12:09:40 -07:00
# include "modules/vfs_acl_common.c"
2008-11-10 17:57:22 -08:00
/*******************************************************************
Pull a security descriptor into a DATA_BLOB from a xattr .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-07-27 12:09:40 -07:00
static NTSTATUS get_acl_blob ( TALLOC_CTX * ctx ,
2008-09-17 12:34:09 -07:00
vfs_handle_struct * handle ,
2008-09-16 15:55:06 -07:00
files_struct * fsp ,
const char * name ,
DATA_BLOB * pblob )
{
size_t size = 1024 ;
uint8_t * val = NULL ;
uint8_t * tmp ;
ssize_t sizeret ;
2008-10-07 20:16:04 -07:00
int saved_errno = 0 ;
2008-09-16 15:55:06 -07:00
ZERO_STRUCTP ( pblob ) ;
again :
2011-06-07 11:10:15 +10:00
tmp = talloc_realloc ( ctx , val , uint8_t , size ) ;
2008-09-16 15:55:06 -07:00
if ( tmp = = NULL ) {
TALLOC_FREE ( val ) ;
return NT_STATUS_NO_MEMORY ;
}
val = tmp ;
become_root ( ) ;
2008-09-17 13:44:29 -07:00
if ( fsp & & fsp - > fh - > fd ! = - 1 ) {
2008-09-16 15:55:06 -07:00
sizeret = SMB_VFS_FGETXATTR ( fsp , XATTR_NTACL_NAME , val , size ) ;
} else {
sizeret = SMB_VFS_GETXATTR ( handle - > conn , name ,
XATTR_NTACL_NAME , val , size ) ;
}
if ( sizeret = = - 1 ) {
saved_errno = errno ;
}
unbecome_root ( ) ;
/* Max ACL size is 65536 bytes. */
if ( sizeret = = - 1 ) {
errno = saved_errno ;
if ( ( errno = = ERANGE ) & & ( size ! = 65536 ) ) {
/* Too small, try again. */
size = 65536 ;
goto again ;
}
/* Real error - exit here. */
TALLOC_FREE ( val ) ;
return map_nt_error_from_unix ( errno ) ;
}
pblob - > data = val ;
pblob - > length = sizeret ;
return NT_STATUS_OK ;
}
2008-11-10 17:57:22 -08:00
/*******************************************************************
Store a DATA_BLOB into an xattr given an fsp pointer .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
2009-07-27 12:09:40 -07:00
static NTSTATUS store_acl_blob_fsp ( vfs_handle_struct * handle ,
2008-11-10 17:57:22 -08:00
files_struct * fsp ,
2008-10-29 13:27:14 -07:00
DATA_BLOB * pblob )
{
int ret ;
int saved_errno = 0 ;
2008-10-30 13:51:28 -07:00
DEBUG ( 10 , ( " store_acl_blob_fsp: storing blob length %u on file %s \n " ,
2009-07-10 18:11:32 -07:00
( unsigned int ) pblob - > length , fsp_str_dbg ( fsp ) ) ) ;
2008-10-29 13:27:14 -07:00
become_root ( ) ;
if ( fsp - > fh - > fd ! = - 1 ) {
ret = SMB_VFS_FSETXATTR ( fsp , XATTR_NTACL_NAME ,
pblob - > data , pblob - > length , 0 ) ;
} else {
2009-07-10 18:11:32 -07:00
ret = SMB_VFS_SETXATTR ( fsp - > conn , fsp - > fsp_name - > base_name ,
2008-10-29 13:27:14 -07:00
XATTR_NTACL_NAME ,
pblob - > data , pblob - > length , 0 ) ;
}
if ( ret ) {
saved_errno = errno ;
}
unbecome_root ( ) ;
if ( ret ) {
2008-10-30 13:51:28 -07:00
DEBUG ( 5 , ( " store_acl_blob_fsp: setting attr failed for file %s "
2008-10-29 13:27:14 -07:00
" with error %s \n " ,
2009-07-10 18:11:32 -07:00
fsp_str_dbg ( fsp ) ,
2012-05-15 07:47:14 -07:00
strerror ( saved_errno ) ) ) ;
errno = saved_errno ;
return map_nt_error_from_unix ( saved_errno ) ;
2008-10-29 13:27:14 -07:00
}
return NT_STATUS_OK ;
}
2008-11-19 12:24:53 -08:00
/*********************************************************************
Remove a Windows ACL - we ' re setting the underlying POSIX ACL .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int sys_acl_set_file_xattr ( vfs_handle_struct * handle ,
const char * name ,
SMB_ACL_TYPE_T type ,
SMB_ACL_T theacl )
{
int ret = SMB_VFS_NEXT_SYS_ACL_SET_FILE ( handle ,
name ,
type ,
theacl ) ;
if ( ret = = - 1 ) {
return - 1 ;
}
become_root ( ) ;
SMB_VFS_REMOVEXATTR ( handle - > conn , name , XATTR_NTACL_NAME ) ;
unbecome_root ( ) ;
return ret ;
}
/*********************************************************************
Remove a Windows ACL - we ' re setting the underlying POSIX ACL .
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
static int sys_acl_set_fd_xattr ( vfs_handle_struct * handle ,
files_struct * fsp ,
SMB_ACL_T theacl )
{
int ret = SMB_VFS_NEXT_SYS_ACL_SET_FD ( handle ,
fsp ,
theacl ) ;
if ( ret = = - 1 ) {
return - 1 ;
}
become_root ( ) ;
SMB_VFS_FREMOVEXATTR ( fsp , XATTR_NTACL_NAME ) ;
unbecome_root ( ) ;
return ret ;
}
2009-11-06 21:53:07 -08:00
static int connect_acl_xattr ( struct vfs_handle_struct * handle ,
const char * service ,
const char * user )
{
2009-11-30 15:53:04 -08:00
int ret = SMB_VFS_NEXT_CONNECT ( handle , service , user ) ;
if ( ret < 0 ) {
return ret ;
}
2010-10-15 19:54:51 -07:00
/* Ensure we have the parameters correct if we're
2009-11-06 21:53:07 -08:00
* using this module . */
2009-11-11 18:35:18 -08:00
DEBUG ( 2 , ( " connect_acl_xattr: setting 'inherit acls = true' "
2010-10-15 19:54:51 -07:00
" 'dos filemode = true' and "
" 'force unknown acl user = true' for service %s \n " ,
2009-11-06 21:53:07 -08:00
service ) ) ;
2009-11-11 18:35:18 -08:00
lp_do_parameter ( SNUM ( handle - > conn ) , " inherit acls " , " true " ) ;
lp_do_parameter ( SNUM ( handle - > conn ) , " dos filemode " , " true " ) ;
2010-10-15 19:54:51 -07:00
lp_do_parameter ( SNUM ( handle - > conn ) , " force unknown acl user " , " true " ) ;
2009-11-11 18:35:18 -08:00
2009-11-06 21:53:07 -08:00
return 0 ;
}
2008-09-16 15:55:06 -07:00
2009-07-23 20:28:58 -04:00
static struct vfs_fn_pointers vfs_acl_xattr_fns = {
2009-11-06 21:53:07 -08:00
. connect_fn = connect_acl_xattr ,
2011-12-03 20:45:04 -08:00
. rmdir_fn = rmdir_acl_common ,
. unlink_fn = unlink_acl_common ,
. chmod_fn = chmod_acl_module_common ,
. fchmod_fn = fchmod_acl_module_common ,
. fget_nt_acl_fn = fget_nt_acl_common ,
. get_nt_acl_fn = get_nt_acl_common ,
. fset_nt_acl_fn = fset_nt_acl_common ,
. chmod_acl_fn = chmod_acl_acl_module_common ,
. fchmod_acl_fn = fchmod_acl_acl_module_common ,
. sys_acl_set_file_fn = sys_acl_set_file_xattr ,
. sys_acl_set_fd_fn = sys_acl_set_fd_xattr
2008-09-16 15:55:06 -07:00
} ;
NTSTATUS vfs_acl_xattr_init ( void )
{
2009-07-23 20:28:58 -04:00
return smb_register_vfs ( SMB_VFS_INTERFACE_VERSION , " acl_xattr " ,
& vfs_acl_xattr_fns ) ;
2008-09-16 15:55:06 -07:00
}