sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-02 09:47:23 +03:00
Code

acl_common: Avoid "#include vfs_acl_common.c"

Browse Source 
This makes vfs_acl_common.c a subsystem of its own that acl_xattr and acl_tdb
now link against, not #include it.

This patch is a bit on the large and clumsy side, but splitting it up would
(I believe) involve a separate intermediate copy of acl_common.c.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
Volker Lendecke 2017-08-18 14:41:57 +02:00 committed by Jeremy Allison
parent ce8a22d296
commit 48815f8c3e
6 changed files with 209 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

109
source3/modules/vfs_acl_common.c
View File

@ -20,11 +20,15 @@
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#include "includes.h"
#include "vfs_acl_common.h"
#include "smbd/smbd.h"
#include "system/filesys.h"
#include "librpc/gen_ndr/ndr_xattr.h"
#include "../libcli/security/security.h"
#include "../librpc/gen_ndr/ndr_security.h"
#include "../lib/util/bitmap.h"
#include "lib/crypto/sha256.h"
#include "passdb/lookup_sid.h"
static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
@ -32,34 +36,18 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
uint16_t hash_type,
uint8_t hash[XATTR_SD_HASH_SIZE]);
static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
vfs_handle_struct *handle,
files_struct *fsp,
const struct smb_filename *smb_fname,
DATA_BLOB *pblob);
static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle,
files_struct *fsp,
DATA_BLOB *pblob);
#define HASH_SECURITY_INFO (SECINFO_OWNER | \
SECINFO_GROUP | \
SECINFO_DACL | \
SECINFO_SACL)
enum default_acl_style {DEFAULT_ACL_POSIX, DEFAULT_ACL_WINDOWS};
static const struct enum_list default_acl_style[] = {
{DEFAULT_ACL_POSIX, "posix"},
{DEFAULT_ACL_WINDOWS, "windows"}
};
struct acl_common_config {
bool ignore_system_acls;
enum default_acl_style default_acl_style;
};
static bool init_acl_common_config(vfs_handle_struct *handle)
bool init_acl_common_config(vfs_handle_struct *handle,
const char *module_name)
{
struct acl_common_config *config = NULL;
@ -71,11 +59,11 @@ static bool init_acl_common_config(vfs_handle_struct *handle)
}
config->ignore_system_acls = lp_parm_bool(SNUM(handle->conn),
ACL_MODULE_NAME,
module_name,
"ignore system acls",
false);
config->default_acl_style = lp_parm_enum(SNUM(handle->conn),
ACL_MODULE_NAME,
module_name,
"default acl style",
default_acl_style,
DEFAULT_ACL_POSIX);
@ -854,7 +842,7 @@ static NTSTATUS stat_fsp_or_smb_fname(vfs_handle_struct *handle,
filesystem sd.
*******************************************************************/
static NTSTATUS get_nt_acl_internal(
NTSTATUS get_nt_acl_common(
NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
vfs_handle_struct *handle,
files_struct *fsp,
@ -1022,34 +1010,6 @@ fail:
return status;
}
/*********************************************************************
Fetch a security descriptor given an fsp.
*********************************************************************/
static NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle,
files_struct *fsp,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
return get_nt_acl_internal(get_acl_blob, handle, fsp, NULL,
security_info, mem_ctx, ppdesc);
}
/*********************************************************************
Fetch a security descriptor given a pathname.
*********************************************************************/
static NTSTATUS get_nt_acl_common(vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
return get_nt_acl_internal(get_acl_blob, handle, NULL, smb_fname,
security_info, mem_ctx, ppdesc);
}
/*********************************************************************
Set the underlying ACL (e.g. POSIX ACLS, POSIX owner, etc)
*********************************************************************/
@ -1130,8 +1090,19 @@ static NTSTATUS store_v3_blob(
Store a security descriptor given an fsp.
*********************************************************************/
static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
uint32_t security_info_sent, const struct security_descriptor *orig_psd)
NTSTATUS fset_nt_acl_common(
NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
vfs_handle_struct *handle,
files_struct *fsp,
const struct smb_filename *smb_fname,
DATA_BLOB *pblob),
NTSTATUS (*store_acl_blob_fsp_fn)(vfs_handle_struct *handle,
files_struct *fsp,
DATA_BLOB *pblob),
const char *module_name,
vfs_handle_struct *handle, files_struct *fsp,
uint32_t security_info_sent,
const struct security_descriptor *orig_psd)
{
NTSTATUS status;
int ret;
@ -1144,7 +1115,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
char *sys_acl_description;
TALLOC_CTX *frame = talloc_stackframe();
bool ignore_file_system_acl = lp_parm_bool(
SNUM(handle->conn), ACL_MODULE_NAME, "ignore system acls", false);
SNUM(handle->conn), module_name, "ignore system acls", false);
if (DEBUGLEVEL >= 10) {
DBG_DEBUG("incoming sd for file %s\n", fsp_str_dbg(fsp));
@ -1152,7 +1123,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
discard_const_p(struct security_descriptor, orig_psd));
}
status = get_nt_acl_internal(get_acl_blob, handle, fsp,
status = get_nt_acl_common(get_acl_blob_fn, handle, fsp,
NULL,
SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL,
frame,
@ -1211,7 +1182,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
}
}
ZERO_ARRAY(hash);
status = store_v3_blob(store_acl_blob_fsp, handle, fsp, psd,
status = store_v3_blob(store_acl_blob_fsp_fn, handle, fsp, psd,
NULL, hash);
TALLOC_FREE(frame);
@ -1253,7 +1224,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
/* If we fail to get the ACL blob (for some reason) then this
* is not fatal, we just work based on the NT ACL only */
if (ret != 0) {
status = store_v3_blob(store_acl_blob_fsp, handle, fsp, psd,
status = store_v3_blob(store_acl_blob_fsp_fn, handle, fsp, psd,
pdesc_next, hash);
TALLOC_FREE(frame);
@ -1289,7 +1260,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
return status;
}
status = store_acl_blob_fsp(handle, fsp, &blob);
status = store_acl_blob_fsp_fn(handle, fsp, &blob);
TALLOC_FREE(frame);
return status;
@ -1390,8 +1361,8 @@ static int acl_common_remove_object(vfs_handle_struct *handle,
return ret;
}
static int rmdir_acl_common(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname)
int rmdir_acl_common(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname)
{
int ret;
@ -1414,7 +1385,7 @@ static int rmdir_acl_common(struct vfs_handle_struct *handle,
return -1;
}
static int unlink_acl_common(struct vfs_handle_struct *handle,
int unlink_acl_common(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname)
{
int ret;
@ -1443,9 +1414,9 @@ static int unlink_acl_common(struct vfs_handle_struct *handle,
return -1;
}
static int chmod_acl_module_common(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
mode_t mode)
int chmod_acl_module_common(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
mode_t mode)
{
if (smb_fname->flags & SMB_FILENAME_POSIX_PATH) {
/* Only allow this on POSIX pathnames. */
@ -1454,8 +1425,8 @@ static int chmod_acl_module_common(struct vfs_handle_struct *handle,
return 0;
}
static int fchmod_acl_module_common(struct vfs_handle_struct *handle,
struct files_struct *fsp, mode_t mode)
int fchmod_acl_module_common(struct vfs_handle_struct *handle,
struct files_struct *fsp, mode_t mode)
{
if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
/* Only allow this on POSIX opens. */
@ -1464,9 +1435,9 @@ static int fchmod_acl_module_common(struct vfs_handle_struct *handle,
return 0;
}
static int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
mode_t mode)
int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
mode_t mode)
{
if (smb_fname->flags & SMB_FILENAME_POSIX_PATH) {
/* Only allow this on POSIX pathnames. */
@ -1475,8 +1446,8 @@ static int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
return 0;
}
static int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
struct files_struct *fsp, mode_t mode)
int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
struct files_struct *fsp, mode_t mode)
{
if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) {
/* Only allow this on POSIX opens. */

79
source3/modules/vfs_acl_common.h Normal file
View File

@ -0,0 +1,79 @@
/*
* Store Windows ACLs in data store - common functions.
*
* Copyright (C) Volker Lendecke, 2008
* Copyright (C) Jeremy Allison, 2009
* Copyright (C) Ralph Böhme, 2016
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __VFS_ACL_COMMON_H__
#define __VFS_ACL_COMMON_H__
enum default_acl_style {DEFAULT_ACL_POSIX, DEFAULT_ACL_WINDOWS};
struct acl_common_config {
bool ignore_system_acls;
enum default_acl_style default_acl_style;
};
bool init_acl_common_config(vfs_handle_struct *handle,
const char *module_name);
int rmdir_acl_common(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname);
int unlink_acl_common(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname);
int chmod_acl_module_common(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
mode_t mode);
int fchmod_acl_module_common(struct vfs_handle_struct *handle,
struct files_struct *fsp, mode_t mode);
int chmod_acl_acl_module_common(struct vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
mode_t mode);
int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle,
struct files_struct *fsp, mode_t mode);
NTSTATUS get_nt_acl_common(
NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
vfs_handle_struct *handle,
files_struct *fsp,
const struct smb_filename *smb_fname,
DATA_BLOB *pblob),
vfs_handle_struct *handle,
files_struct *fsp,
const struct smb_filename *smb_fname_in,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc);
NTSTATUS fset_nt_acl_common(
NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx,
vfs_handle_struct *handle,
files_struct *fsp,
const struct smb_filename *smb_fname,
DATA_BLOB *pblob),
NTSTATUS (*store_acl_blob_fsp_fn)(vfs_handle_struct *handle,
files_struct *fsp,
DATA_BLOB *pblob),
const char *module_name,
vfs_handle_struct *handle, files_struct *fsp,
uint32_t security_info_sent,
const struct security_descriptor *orig_psd);
#endif

47
source3/modules/vfs_acl_tdb.c
View File

@ -22,18 +22,17 @@
#include "smbd/smbd.h"
#include "system/filesys.h"
#include "librpc/gen_ndr/xattr.h"
#include "librpc/gen_ndr/ndr_xattr.h"
#include "../lib/crypto/sha256.h"
#include "dbwrap/dbwrap.h"
#include "dbwrap/dbwrap_open.h"
#include "auth.h"
#include "util_tdb.h"
#include "vfs_acl_common.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_VFS
#define ACL_MODULE_NAME "acl_tdb"
#include "modules/vfs_acl_common.c"
static unsigned int ref_count;
static struct db_context *acl_db;
@ -320,7 +319,7 @@ static int connect_acl_tdb(struct vfs_handle_struct *handle,
return -1;
}
ok = init_acl_common_config(handle);
ok = init_acl_common_config(handle, ACL_MODULE_NAME);
if (!ok) {
DBG_ERR("init_acl_common_config failed\n");
return -1;
@ -451,6 +450,42 @@ static int sys_acl_set_fd_tdb(vfs_handle_struct *handle,
return 0;
}
static NTSTATUS acl_tdb_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
NTSTATUS status;
status = get_nt_acl_common(get_acl_blob, handle, fsp, NULL,
security_info, mem_ctx, ppdesc);
return status;
}
static NTSTATUS acl_tdb_get_nt_acl(vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
NTSTATUS status;
status = get_nt_acl_common(get_acl_blob, handle, NULL, smb_fname,
security_info, mem_ctx, ppdesc);
return status;
}
static NTSTATUS acl_tdb_fset_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
uint32_t security_info_sent,
const struct security_descriptor *psd)
{
NTSTATUS status;
status = fset_nt_acl_common(get_acl_blob, store_acl_blob_fsp,
ACL_MODULE_NAME,
handle, fsp, security_info_sent, psd);
return status;
}
static struct vfs_fn_pointers vfs_acl_tdb_fns = {
.connect_fn = connect_acl_tdb,
.disconnect_fn = disconnect_acl_tdb,
@ -458,9 +493,9 @@ static struct vfs_fn_pointers vfs_acl_tdb_fns = {
.unlink_fn = unlink_acl_tdb,
.chmod_fn = chmod_acl_module_common,
.fchmod_fn = fchmod_acl_module_common,
.fget_nt_acl_fn = fget_nt_acl_common,
.get_nt_acl_fn = get_nt_acl_common,
.fset_nt_acl_fn = fset_nt_acl_common,
.fget_nt_acl_fn = acl_tdb_fget_nt_acl,
.get_nt_acl_fn = acl_tdb_get_nt_acl,
.fset_nt_acl_fn = acl_tdb_fset_nt_acl,
.chmod_acl_fn = chmod_acl_acl_module_common,
.fchmod_acl_fn = fchmod_acl_acl_module_common,
.sys_acl_set_file_fn = sys_acl_set_file_tdb,

52
source3/modules/vfs_acl_xattr.c
View File

@ -21,17 +21,15 @@
#include "includes.h"
#include "smbd/smbd.h"
#include "librpc/gen_ndr/xattr.h"
#include "librpc/gen_ndr/ndr_xattr.h"
#include "../lib/crypto/sha256.h"
#include "auth.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_VFS
#include "vfs_acl_common.h"
/* Pull in the common functions. */
#define ACL_MODULE_NAME "acl_xattr"
#include "modules/vfs_acl_common.c"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_VFS
/*******************************************************************
Pull a security descriptor into a DATA_BLOB from a xattr.
@ -222,7 +220,7 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle,
return ret;
}
ok = init_acl_common_config(handle);
ok = init_acl_common_config(handle, ACL_MODULE_NAME);
if (!ok) {
DBG_ERR("init_acl_common_config failed\n");
return -1;
@ -280,15 +278,51 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle,
return 0;
}
static NTSTATUS acl_xattr_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
NTSTATUS status;
status = get_nt_acl_common(get_acl_blob, handle, fsp, NULL,
security_info, mem_ctx, ppdesc);
return status;
}
static NTSTATUS acl_xattr_get_nt_acl(vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
uint32_t security_info,
TALLOC_CTX *mem_ctx,
struct security_descriptor **ppdesc)
{
NTSTATUS status;
status = get_nt_acl_common(get_acl_blob, handle, NULL, smb_fname,
security_info, mem_ctx, ppdesc);
return status;
}
static NTSTATUS acl_xattr_fset_nt_acl(vfs_handle_struct *handle,
files_struct *fsp,
uint32_t security_info_sent,
const struct security_descriptor *psd)
{
NTSTATUS status;
status = fset_nt_acl_common(get_acl_blob, store_acl_blob_fsp,
ACL_MODULE_NAME,
handle, fsp, security_info_sent, psd);
return status;
}
static struct vfs_fn_pointers vfs_acl_xattr_fns = {
.connect_fn = connect_acl_xattr,
.rmdir_fn = rmdir_acl_common,
.unlink_fn = unlink_acl_common,
.chmod_fn = chmod_acl_module_common,
.fchmod_fn = fchmod_acl_module_common,
.fget_nt_acl_fn = fget_nt_acl_common,
.get_nt_acl_fn = get_nt_acl_common,
.fset_nt_acl_fn = fset_nt_acl_common,
.fget_nt_acl_fn = acl_xattr_fget_nt_acl,
.get_nt_acl_fn = acl_xattr_get_nt_acl,
.fset_nt_acl_fn = acl_xattr_fset_nt_acl,
.chmod_acl_fn = chmod_acl_acl_module_common,
.fchmod_acl_fn = fchmod_acl_acl_module_common,
.sys_acl_set_file_fn = sys_acl_set_file_xattr,

7
source3/modules/wscript_build
View File

@ -4,6 +4,9 @@ bld.SAMBA3_SUBSYSTEM('NFS4_ACLS',
source='nfs4_acls.c',
deps='samba-util tdb')
bld.SAMBA3_SUBSYSTEM('vfs_acl_common',
source='vfs_acl_common.c')
bld.SAMBA3_SUBSYSTEM('POSIXACL_XATTR',
source='posixacl_xattr.c',
enabled=(bld.SAMBA3_IS_ENABLED_MODULE('vfs_ceph') or bld.SAMBA3_IS_ENABLED_MODULE('vfs_glusterfs')),
@ -357,7 +360,7 @@ bld.SAMBA3_MODULE('vfs_syncops',
bld.SAMBA3_MODULE('vfs_acl_xattr',
subsystem='vfs',
source='vfs_acl_xattr.c',
deps='samba-util',
deps='samba-util vfs_acl_common',
init_function='',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_acl_xattr'),
enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_acl_xattr'))
@ -365,7 +368,7 @@ bld.SAMBA3_MODULE('vfs_acl_xattr',
bld.SAMBA3_MODULE('vfs_acl_tdb',
subsystem='vfs',
source='vfs_acl_tdb.c',
deps='NDR_XATTR tdb',
deps='samba-util vfs_acl_common',
init_function='',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_acl_tdb'),
enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_acl_tdb'))

1
source3/wscript_build
View File

@ -748,6 +748,7 @@ bld.SAMBA3_LIBRARY('smbd_base',
netapi
NDR_IOCTL
notifyd
vfs_acl_common
''' +
bld.env['dmapi_lib'] +
bld.env['legacy_quota_libs'] +