mirror of
https://github.com/samba-team/samba.git
synced 2025-07-30 19:42:05 +03:00
smbd-posix_acls: Use a IDL union to store the ACL entry
This is a clearer, long-term-stable structure we can hash without risking it changing. Andrew Bartlett
This commit is contained in:
Andrew Bartlett
@ -40,18 +40,34 @@ interface smb_acl
|
||||
SMB_ACL_OTHER = 5,
|
||||
SMB_ACL_MASK = 6
|
||||
} smb_acl_tag_t;
|
||||
|
||||
|
||||
typedef struct {
|
||||
uid_t uid;
|
||||
} smb_acl_user;
|
||||
|
||||
typedef struct {
|
||||
gid_t gid;
|
||||
} smb_acl_group;
|
||||
|
||||
typedef [switch_type(uint16)] union {
|
||||
[case (SMB_ACL_USER)] smb_acl_user user;
|
||||
[case (SMB_ACL_USER_OBJ)];
|
||||
[case (SMB_ACL_GROUP)] smb_acl_group group;
|
||||
[case (SMB_ACL_GROUP_OBJ)];
|
||||
[case (SMB_ACL_OTHER)];
|
||||
[case (SMB_ACL_MASK)];
|
||||
} smb_acl_entry_info;
|
||||
|
||||
typedef struct {
|
||||
smb_acl_tag_t a_type;
|
||||
[switch_is(a_type)] smb_acl_entry_info info;
|
||||
mode_t a_perm;
|
||||
uid_t uid;
|
||||
gid_t gid;
|
||||
} smb_acl_entry;
|
||||
|
||||
[public] typedef struct {
|
||||
int size;
|
||||
[value(0)] int size;
|
||||
int count;
|
||||
int next;
|
||||
[value(0)] int next;
|
||||
[size_is(count)] smb_acl_entry acl[*];
|
||||
} smb_acl_t;
|
||||
|
||||
|
||||
@ -107,11 +107,11 @@ int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p)
|
||||
void *sys_acl_get_qualifier(SMB_ACL_ENTRY_T entry_d)
|
||||
{
|
||||
if (entry_d->a_type == SMB_ACL_USER) {
|
||||
return &entry_d->uid;
|
||||
return &entry_d->info.user.uid;
|
||||
}
|
||||
|
||||
if (entry_d->a_type == SMB_ACL_GROUP) {
|
||||
return &entry_d->gid;
|
||||
return &entry_d->info.group.gid;
|
||||
}
|
||||
|
||||
errno = EINVAL;
|
||||
@ -189,15 +189,15 @@ char *sys_acl_to_text(const struct smb_acl_t *acl_d, ssize_t *len_p)
|
||||
break;
|
||||
|
||||
case SMB_ACL_USER:
|
||||
id = uidtoname(ap->uid);
|
||||
id = uidtoname(ap->info.user.uid);
|
||||
case SMB_ACL_USER_OBJ:
|
||||
tag = "user";
|
||||
break;
|
||||
|
||||
case SMB_ACL_GROUP:
|
||||
if ((gr = getgrgid(ap->gid)) == NULL) {
|
||||
if ((gr = getgrgid(ap->info.group.gid)) == NULL) {
|
||||
slprintf(idbuf, sizeof(idbuf)-1, "%ld",
|
||||
(long)ap->gid);
|
||||
(long)ap->info.group.gid);
|
||||
id = idbuf;
|
||||
} else {
|
||||
id = gr->gr_name;
|
||||
@ -294,8 +294,6 @@ int sys_acl_create_entry(SMB_ACL_T *acl_p, SMB_ACL_ENTRY_T *entry_p)
|
||||
|
||||
entry_d = &acl_d->acl[acl_d->count++];
|
||||
entry_d->a_type = SMB_ACL_TAG_INVALID;
|
||||
entry_d->uid = -1;
|
||||
entry_d->gid = -1;
|
||||
entry_d->a_perm = 0;
|
||||
*entry_p = entry_d;
|
||||
|
||||
@ -324,11 +322,11 @@ int sys_acl_set_tag_type(SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T tag_type)
|
||||
int sys_acl_set_qualifier(SMB_ACL_ENTRY_T entry_d, void *qual_p)
|
||||
{
|
||||
if (entry_d->a_type == SMB_ACL_USER) {
|
||||
entry_d->uid = *((uid_t *)qual_p);
|
||||
entry_d->info.user.uid = *((uid_t *)qual_p);
|
||||
return 0;
|
||||
}
|
||||
if (entry_d->a_type == SMB_ACL_GROUP) {
|
||||
entry_d->gid = *((gid_t *)qual_p);
|
||||
entry_d->info.group.gid = *((gid_t *)qual_p);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
||||
@ -177,7 +177,7 @@ static bool smb_ace_to_internal(acl_entry_t posix_ace,
|
||||
DEBUG(0, ("smb_acl_get_qualifier failed\n"));
|
||||
return False;
|
||||
}
|
||||
ace->uid = *puid;
|
||||
ace->info.user.uid = *puid;
|
||||
acl_free(puid);
|
||||
break;
|
||||
}
|
||||
@ -188,7 +188,7 @@ static bool smb_ace_to_internal(acl_entry_t posix_ace,
|
||||
DEBUG(0, ("smb_acl_get_qualifier failed\n"));
|
||||
return False;
|
||||
}
|
||||
ace->gid = *pgid;
|
||||
ace->info.group.gid = *pgid;
|
||||
acl_free(pgid);
|
||||
break;
|
||||
}
|
||||
@ -323,14 +323,14 @@ static acl_t smb_acl_to_posix(const struct smb_acl_t *acl)
|
||||
|
||||
switch (entry->a_type) {
|
||||
case SMB_ACL_USER:
|
||||
if (acl_set_qualifier(e, &entry->uid) != 0) {
|
||||
if (acl_set_qualifier(e, &entry->info.user.uid) != 0) {
|
||||
DEBUG(1, ("acl_set_qualifiier failed: %s\n",
|
||||
strerror(errno)));
|
||||
goto fail;
|
||||
}
|
||||
break;
|
||||
case SMB_ACL_GROUP:
|
||||
if (acl_set_qualifier(e, &entry->gid) != 0) {
|
||||
if (acl_set_qualifier(e, &entry->info.group.gid) != 0) {
|
||||
DEBUG(1, ("acl_set_qualifiier failed: %s\n",
|
||||
strerror(errno)));
|
||||
goto fail;
|
||||
|
||||
@ -35,9 +35,6 @@ from samba.samba3 import param as s3param
|
||||
# print "uid: %d" % entry.uid
|
||||
# print "gid: %d" % entry.gid
|
||||
|
||||
def is_minus_one(val):
|
||||
return (val == -1 or val == 4294967295)
|
||||
|
||||
class PosixAclMappingTests(TestCase):
|
||||
|
||||
def test_setntacl(self):
|
||||
@ -162,48 +159,35 @@ class PosixAclMappingTests(TestCase):
|
||||
|
||||
self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP)
|
||||
self.assertEquals(posix_acl.acl[0].a_perm, 7)
|
||||
self.assertEquals(posix_acl.acl[0].gid, BA_gid)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[0].uid))
|
||||
self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)
|
||||
|
||||
self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
|
||||
self.assertEquals(posix_acl.acl[1].a_perm, 6)
|
||||
self.assertEquals(posix_acl.acl[1].uid, LA_uid)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[1].gid))
|
||||
self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)
|
||||
|
||||
self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
|
||||
self.assertEquals(posix_acl.acl[2].a_perm, 0)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[2].uid))
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[2].gid))
|
||||
|
||||
self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
|
||||
self.assertEquals(posix_acl.acl[3].a_perm, 6)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[3].uid))
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[3].gid))
|
||||
|
||||
self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
|
||||
self.assertEquals(posix_acl.acl[4].a_perm, 7)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[4].uid))
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[4].gid))
|
||||
|
||||
self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP)
|
||||
self.assertEquals(posix_acl.acl[5].a_perm, 5)
|
||||
self.assertEquals(posix_acl.acl[5].gid, SO_gid)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[5].uid))
|
||||
self.assertEquals(posix_acl.acl[5].info.gid, SO_gid)
|
||||
|
||||
self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_GROUP)
|
||||
self.assertEquals(posix_acl.acl[6].a_perm, 7)
|
||||
self.assertEquals(posix_acl.acl[6].gid, SY_gid)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[6].uid))
|
||||
self.assertEquals(posix_acl.acl[6].info.gid, SY_gid)
|
||||
|
||||
self.assertEquals(posix_acl.acl[7].a_type, smb_acl.SMB_ACL_GROUP)
|
||||
self.assertEquals(posix_acl.acl[7].a_perm, 5)
|
||||
self.assertEquals(posix_acl.acl[7].gid, AU_gid)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[7].uid))
|
||||
self.assertEquals(posix_acl.acl[7].info.gid, AU_gid)
|
||||
|
||||
self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_MASK)
|
||||
self.assertEquals(posix_acl.acl[8].a_perm, 7)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[8].uid))
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[8].gid))
|
||||
|
||||
|
||||
# check that it matches:
|
||||
@ -304,53 +288,39 @@ class PosixAclMappingTests(TestCase):
|
||||
|
||||
self.assertEquals(posix_acl.acl[0].a_type, smb_acl.SMB_ACL_GROUP)
|
||||
self.assertEquals(posix_acl.acl[0].a_perm, 7)
|
||||
self.assertEquals(posix_acl.acl[0].gid, BA_gid)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[0].uid))
|
||||
self.assertEquals(posix_acl.acl[0].info.gid, BA_gid)
|
||||
|
||||
self.assertEquals(posix_acl.acl[1].a_type, smb_acl.SMB_ACL_USER)
|
||||
self.assertEquals(posix_acl.acl[1].a_perm, 6)
|
||||
self.assertEquals(posix_acl.acl[1].uid, LA_uid)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[1].gid))
|
||||
self.assertEquals(posix_acl.acl[1].info.uid, LA_uid)
|
||||
|
||||
self.assertEquals(posix_acl.acl[2].a_type, smb_acl.SMB_ACL_OTHER)
|
||||
self.assertEquals(posix_acl.acl[2].a_perm, 0)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[2].uid))
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[2].gid))
|
||||
|
||||
self.assertEquals(posix_acl.acl[3].a_type, smb_acl.SMB_ACL_USER_OBJ)
|
||||
self.assertEquals(posix_acl.acl[3].a_perm, 6)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[3].uid))
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[3].gid))
|
||||
|
||||
self.assertEquals(posix_acl.acl[4].a_type, smb_acl.SMB_ACL_GROUP_OBJ)
|
||||
self.assertEquals(posix_acl.acl[4].a_perm, 7)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[4].uid))
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[4].gid))
|
||||
|
||||
self.assertEquals(posix_acl.acl[5].a_type, smb_acl.SMB_ACL_GROUP)
|
||||
self.assertEquals(posix_acl.acl[5].a_perm, 5)
|
||||
self.assertEquals(posix_acl.acl[5].gid, SO_gid)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[5].uid))
|
||||
self.assertEquals(posix_acl.acl[5].info.gid, SO_gid)
|
||||
|
||||
self.assertEquals(posix_acl.acl[6].a_type, smb_acl.SMB_ACL_GROUP)
|
||||
self.assertEquals(posix_acl.acl[6].a_perm, 7)
|
||||
self.assertEquals(posix_acl.acl[6].gid, SY_gid)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[6].uid))
|
||||
self.assertEquals(posix_acl.acl[6].info.gid, SY_gid)
|
||||
|
||||
self.assertEquals(posix_acl.acl[7].a_type, smb_acl.SMB_ACL_GROUP)
|
||||
self.assertEquals(posix_acl.acl[7].a_perm, 5)
|
||||
self.assertEquals(posix_acl.acl[7].gid, AU_gid)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[7].uid))
|
||||
self.assertEquals(posix_acl.acl[7].info.gid, AU_gid)
|
||||
|
||||
self.assertEquals(posix_acl.acl[8].a_type, smb_acl.SMB_ACL_GROUP)
|
||||
self.assertEquals(posix_acl.acl[8].a_perm, 7)
|
||||
self.assertEquals(posix_acl.acl[8].gid, PA_gid)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[8].uid))
|
||||
self.assertEquals(posix_acl.acl[8].info.gid, PA_gid)
|
||||
|
||||
self.assertEquals(posix_acl.acl[9].a_type, smb_acl.SMB_ACL_MASK)
|
||||
self.assertEquals(posix_acl.acl[9].a_perm, 7)
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[9].uid))
|
||||
self.assertTrue(is_minus_one(posix_acl.acl[9].gid))
|
||||
|
||||
|
||||
# check that it matches:
|
||||
|
||||
Reference in New Issue
Block a user