1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

Remove the mkdir and open functions from the ACL modules - main code paths now handle this.

This commit is contained in:
Jeremy Allison 2011-10-26 16:02:40 -07:00
parent 8a65e2c747
commit 30a599684a
3 changed files with 6 additions and 138 deletions

View File

@ -599,124 +599,6 @@ static NTSTATUS check_parent_acl_common(vfs_handle_struct *handle,
return NT_STATUS_OK;
}
/*********************************************************************
Check ACL on open. For new files inherit from parent directory.
*********************************************************************/
static int open_acl_common(vfs_handle_struct *handle,
struct smb_filename *smb_fname,
files_struct *fsp,
int flags,
mode_t mode)
{
uint32_t access_granted = 0;
struct security_descriptor *pdesc = NULL;
bool file_existed = true;
char *fname = NULL;
NTSTATUS status;
if (fsp->base_fsp) {
/* Stream open. Base filename open already did the ACL check. */
DEBUG(10,("open_acl_common: stream open on %s\n",
fsp_str_dbg(fsp) ));
return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
}
status = get_full_smb_filename(talloc_tos(), smb_fname,
&fname);
if (!NT_STATUS_IS_OK(status)) {
goto err;
}
status = get_nt_acl_internal(handle,
NULL,
fname,
(SECINFO_OWNER |
SECINFO_GROUP |
SECINFO_DACL),
&pdesc);
if (NT_STATUS_IS_OK(status)) {
/* See if we can access it. */
status = smb1_file_se_access_check(handle->conn,
pdesc,
get_current_nttok(handle->conn),
fsp->access_mask,
&access_granted);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10,("open_acl_xattr: %s open "
"refused with error %s\n",
fsp_str_dbg(fsp),
nt_errstr(status) ));
goto err;
}
} else if (NT_STATUS_EQUAL(status,NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
file_existed = false;
/*
* If O_CREAT is true then we're trying to create a file.
* Check the parent directory ACL will allow this.
*/
if (flags & O_CREAT) {
struct security_descriptor *parent_desc = NULL;
struct security_descriptor **pp_psd = NULL;
status = check_parent_acl_common(handle, fname,
SEC_DIR_ADD_FILE, &parent_desc);
if (!NT_STATUS_IS_OK(status)) {
goto err;
}
/* Cache the parent security descriptor for
* later use. */
pp_psd = (struct security_descriptor **)
VFS_ADD_FSP_EXTENSION(handle,
fsp,
struct security_descriptor *,
NULL);
if (!pp_psd) {
status = NT_STATUS_NO_MEMORY;
goto err;
}
*pp_psd = parent_desc;
status = NT_STATUS_OK;
}
}
DEBUG(10,("open_acl_xattr: get_nt_acl_attr_internal for "
"%s returned %s\n",
fsp_str_dbg(fsp),
nt_errstr(status) ));
fsp->fh->fd = SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
return fsp->fh->fd;
err:
errno = map_errno_from_nt_status(status);
return -1;
}
static int mkdir_acl_common(vfs_handle_struct *handle, const char *path, mode_t mode)
{
int ret;
NTSTATUS status;
SMB_STRUCT_STAT sbuf;
ret = vfs_stat_smb_fname(handle->conn, path, &sbuf);
if (ret == -1 && errno == ENOENT) {
/* We're creating a new directory. */
status = check_parent_acl_common(handle, path,
SEC_DIR_ADD_SUBDIR, NULL);
if (!NT_STATUS_IS_OK(status)) {
errno = map_errno_from_nt_status(status);
return -1;
}
}
return SMB_VFS_NEXT_MKDIR(handle, path, mode);
}
/*********************************************************************
Fetch a security descriptor given an fsp.
*********************************************************************/
@ -965,7 +847,6 @@ static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
files_struct *fsp = NULL;
int info;
struct security_descriptor *parent_sd = NULL;
struct security_descriptor **pp_parent_sd = NULL;
status = SMB_VFS_NEXT_CREATE_FILE(handle,
req,
@ -1010,18 +891,11 @@ static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
goto out;
}
/* See if we have a cached parent sd, if so, use it. */
pp_parent_sd = (struct security_descriptor **)VFS_FETCH_FSP_EXTENSION(handle, fsp);
if (!pp_parent_sd) {
/* Must be a directory, fetch again (sigh). */
status = get_parent_acl_common(handle,
fsp->fsp_name->base_name,
&parent_sd);
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
} else {
parent_sd = *pp_parent_sd;
status = get_parent_acl_common(handle,
fsp->fsp_name->base_name,
&parent_sd);
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
if (!parent_sd) {
@ -1040,9 +914,7 @@ static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
out:
if (fsp) {
VFS_REMOVE_FSP_EXTENSION(handle, fsp);
}
TALLOC_FREE(parent_sd);
if (NT_STATUS_IS_OK(status) && pinfo) {
*pinfo = info;

View File

@ -401,9 +401,7 @@ static struct vfs_fn_pointers vfs_acl_tdb_fns = {
.connect_fn = connect_acl_tdb,
.disconnect = disconnect_acl_tdb,
.opendir = opendir_acl_common,
.mkdir = mkdir_acl_common,
.rmdir = rmdir_acl_tdb,
.open_fn = open_acl_common,
.create_file = create_file_acl_common,
.unlink = unlink_acl_tdb,
.chmod = chmod_acl_module_common,

View File

@ -202,9 +202,7 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle,
static struct vfs_fn_pointers vfs_acl_xattr_fns = {
.connect_fn = connect_acl_xattr,
.opendir = opendir_acl_common,
.mkdir = mkdir_acl_common,
.rmdir = rmdir_acl_common,
.open_fn = open_acl_common,
.create_file = create_file_acl_common,
.unlink = unlink_acl_common,
.chmod = chmod_acl_module_common,