diff options
author | Volker Lendecke <vl@samba.org> | 2017-08-18 14:41:57 +0200 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2017-08-24 01:46:07 +0200 |
commit | 48815f8c3ed54edc418018b991c222e317302602 (patch) | |
tree | d75dd98f02ab9544935d17f2873f56016bfdb4c4 | |
parent | ce8a22d2963a989a9a0cf730c15a8f3cb6f0c3d7 (diff) | |
download | samba-48815f8c3ed54edc418018b991c222e317302602.tar.gz |
acl_common: Avoid "#include vfs_acl_common.c"
This makes vfs_acl_common.c a subsystem of its own that acl_xattr and acl_tdb
now link against, not #include it.
This patch is a bit on the large and clumsy side, but splitting it up would
(I believe) involve a separate intermediate copy of acl_common.c.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | source3/modules/vfs_acl_common.c | 109 | ||||
-rw-r--r-- | source3/modules/vfs_acl_common.h | 79 | ||||
-rw-r--r-- | source3/modules/vfs_acl_tdb.c | 47 | ||||
-rw-r--r-- | source3/modules/vfs_acl_xattr.c | 52 | ||||
-rw-r--r-- | source3/modules/wscript_build | 7 | ||||
-rw-r--r-- | source3/wscript_build | 1 |
6 files changed, 209 insertions, 86 deletions
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 3f5f0c8ac0f..c4849b6061f 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -20,11 +20,15 @@ * along with this program; if not, see <http://www.gnu.org/licenses/>. */ +#include "includes.h" +#include "vfs_acl_common.h" #include "smbd/smbd.h" #include "system/filesys.h" +#include "librpc/gen_ndr/ndr_xattr.h" #include "../libcli/security/security.h" #include "../librpc/gen_ndr/ndr_security.h" #include "../lib/util/bitmap.h" +#include "lib/crypto/sha256.h" #include "passdb/lookup_sid.h" static NTSTATUS create_acl_blob(const struct security_descriptor *psd, @@ -32,34 +36,18 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd, uint16_t hash_type, uint8_t hash[XATTR_SD_HASH_SIZE]); -static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, - vfs_handle_struct *handle, - files_struct *fsp, - const struct smb_filename *smb_fname, - DATA_BLOB *pblob); - -static NTSTATUS store_acl_blob_fsp(vfs_handle_struct *handle, - files_struct *fsp, - DATA_BLOB *pblob); - #define HASH_SECURITY_INFO (SECINFO_OWNER | \ SECINFO_GROUP | \ SECINFO_DACL | \ SECINFO_SACL) -enum default_acl_style {DEFAULT_ACL_POSIX, DEFAULT_ACL_WINDOWS}; - static const struct enum_list default_acl_style[] = { {DEFAULT_ACL_POSIX, "posix"}, {DEFAULT_ACL_WINDOWS, "windows"} }; -struct acl_common_config { - bool ignore_system_acls; - enum default_acl_style default_acl_style; -}; - -static bool init_acl_common_config(vfs_handle_struct *handle) +bool init_acl_common_config(vfs_handle_struct *handle, + const char *module_name) { struct acl_common_config *config = NULL; @@ -71,11 +59,11 @@ static bool init_acl_common_config(vfs_handle_struct *handle) } config->ignore_system_acls = lp_parm_bool(SNUM(handle->conn), - ACL_MODULE_NAME, + module_name, "ignore system acls", false); config->default_acl_style = lp_parm_enum(SNUM(handle->conn), - ACL_MODULE_NAME, + module_name, "default acl style", default_acl_style, DEFAULT_ACL_POSIX); @@ -854,7 +842,7 @@ static NTSTATUS stat_fsp_or_smb_fname(vfs_handle_struct *handle, filesystem sd. *******************************************************************/ -static NTSTATUS get_nt_acl_internal( +NTSTATUS get_nt_acl_common( NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx, vfs_handle_struct *handle, files_struct *fsp, @@ -1023,34 +1011,6 @@ fail: } /********************************************************************* - Fetch a security descriptor given an fsp. -*********************************************************************/ - -static NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle, - files_struct *fsp, - uint32_t security_info, - TALLOC_CTX *mem_ctx, - struct security_descriptor **ppdesc) -{ - return get_nt_acl_internal(get_acl_blob, handle, fsp, NULL, - security_info, mem_ctx, ppdesc); -} - -/********************************************************************* - Fetch a security descriptor given a pathname. -*********************************************************************/ - -static NTSTATUS get_nt_acl_common(vfs_handle_struct *handle, - const struct smb_filename *smb_fname, - uint32_t security_info, - TALLOC_CTX *mem_ctx, - struct security_descriptor **ppdesc) -{ - return get_nt_acl_internal(get_acl_blob, handle, NULL, smb_fname, - security_info, mem_ctx, ppdesc); -} - -/********************************************************************* Set the underlying ACL (e.g. POSIX ACLS, POSIX owner, etc) *********************************************************************/ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp, @@ -1130,8 +1090,19 @@ static NTSTATUS store_v3_blob( Store a security descriptor given an fsp. *********************************************************************/ -static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, - uint32_t security_info_sent, const struct security_descriptor *orig_psd) +NTSTATUS fset_nt_acl_common( + NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx, + vfs_handle_struct *handle, + files_struct *fsp, + const struct smb_filename *smb_fname, + DATA_BLOB *pblob), + NTSTATUS (*store_acl_blob_fsp_fn)(vfs_handle_struct *handle, + files_struct *fsp, + DATA_BLOB *pblob), + const char *module_name, + vfs_handle_struct *handle, files_struct *fsp, + uint32_t security_info_sent, + const struct security_descriptor *orig_psd) { NTSTATUS status; int ret; @@ -1144,7 +1115,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, char *sys_acl_description; TALLOC_CTX *frame = talloc_stackframe(); bool ignore_file_system_acl = lp_parm_bool( - SNUM(handle->conn), ACL_MODULE_NAME, "ignore system acls", false); + SNUM(handle->conn), module_name, "ignore system acls", false); if (DEBUGLEVEL >= 10) { DBG_DEBUG("incoming sd for file %s\n", fsp_str_dbg(fsp)); @@ -1152,7 +1123,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, discard_const_p(struct security_descriptor, orig_psd)); } - status = get_nt_acl_internal(get_acl_blob, handle, fsp, + status = get_nt_acl_common(get_acl_blob_fn, handle, fsp, NULL, SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL, frame, @@ -1211,7 +1182,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, } } ZERO_ARRAY(hash); - status = store_v3_blob(store_acl_blob_fsp, handle, fsp, psd, + status = store_v3_blob(store_acl_blob_fsp_fn, handle, fsp, psd, NULL, hash); TALLOC_FREE(frame); @@ -1253,7 +1224,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, /* If we fail to get the ACL blob (for some reason) then this * is not fatal, we just work based on the NT ACL only */ if (ret != 0) { - status = store_v3_blob(store_acl_blob_fsp, handle, fsp, psd, + status = store_v3_blob(store_acl_blob_fsp_fn, handle, fsp, psd, pdesc_next, hash); TALLOC_FREE(frame); @@ -1289,7 +1260,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, return status; } - status = store_acl_blob_fsp(handle, fsp, &blob); + status = store_acl_blob_fsp_fn(handle, fsp, &blob); TALLOC_FREE(frame); return status; @@ -1390,8 +1361,8 @@ static int acl_common_remove_object(vfs_handle_struct *handle, return ret; } -static int rmdir_acl_common(struct vfs_handle_struct *handle, - const struct smb_filename *smb_fname) +int rmdir_acl_common(struct vfs_handle_struct *handle, + const struct smb_filename *smb_fname) { int ret; @@ -1414,7 +1385,7 @@ static int rmdir_acl_common(struct vfs_handle_struct *handle, return -1; } -static int unlink_acl_common(struct vfs_handle_struct *handle, +int unlink_acl_common(struct vfs_handle_struct *handle, const struct smb_filename *smb_fname) { int ret; @@ -1443,9 +1414,9 @@ static int unlink_acl_common(struct vfs_handle_struct *handle, return -1; } -static int chmod_acl_module_common(struct vfs_handle_struct *handle, - const struct smb_filename *smb_fname, - mode_t mode) +int chmod_acl_module_common(struct vfs_handle_struct *handle, + const struct smb_filename *smb_fname, + mode_t mode) { if (smb_fname->flags & SMB_FILENAME_POSIX_PATH) { /* Only allow this on POSIX pathnames. */ @@ -1454,8 +1425,8 @@ static int chmod_acl_module_common(struct vfs_handle_struct *handle, return 0; } -static int fchmod_acl_module_common(struct vfs_handle_struct *handle, - struct files_struct *fsp, mode_t mode) +int fchmod_acl_module_common(struct vfs_handle_struct *handle, + struct files_struct *fsp, mode_t mode) { if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) { /* Only allow this on POSIX opens. */ @@ -1464,9 +1435,9 @@ static int fchmod_acl_module_common(struct vfs_handle_struct *handle, return 0; } -static int chmod_acl_acl_module_common(struct vfs_handle_struct *handle, - const struct smb_filename *smb_fname, - mode_t mode) +int chmod_acl_acl_module_common(struct vfs_handle_struct *handle, + const struct smb_filename *smb_fname, + mode_t mode) { if (smb_fname->flags & SMB_FILENAME_POSIX_PATH) { /* Only allow this on POSIX pathnames. */ @@ -1475,8 +1446,8 @@ static int chmod_acl_acl_module_common(struct vfs_handle_struct *handle, return 0; } -static int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle, - struct files_struct *fsp, mode_t mode) +int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle, + struct files_struct *fsp, mode_t mode) { if (fsp->posix_flags & FSP_POSIX_FLAGS_OPEN) { /* Only allow this on POSIX opens. */ diff --git a/source3/modules/vfs_acl_common.h b/source3/modules/vfs_acl_common.h new file mode 100644 index 00000000000..c52fc5094c5 --- /dev/null +++ b/source3/modules/vfs_acl_common.h @@ -0,0 +1,79 @@ +/* + * Store Windows ACLs in data store - common functions. + * + * Copyright (C) Volker Lendecke, 2008 + * Copyright (C) Jeremy Allison, 2009 + * Copyright (C) Ralph Böhme, 2016 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, see <http://www.gnu.org/licenses/>. + */ + +#ifndef __VFS_ACL_COMMON_H__ +#define __VFS_ACL_COMMON_H__ + +enum default_acl_style {DEFAULT_ACL_POSIX, DEFAULT_ACL_WINDOWS}; + +struct acl_common_config { + bool ignore_system_acls; + enum default_acl_style default_acl_style; +}; + +bool init_acl_common_config(vfs_handle_struct *handle, + const char *module_name); + +int rmdir_acl_common(struct vfs_handle_struct *handle, + const struct smb_filename *smb_fname); +int unlink_acl_common(struct vfs_handle_struct *handle, + const struct smb_filename *smb_fname); +int chmod_acl_module_common(struct vfs_handle_struct *handle, + const struct smb_filename *smb_fname, + mode_t mode); +int fchmod_acl_module_common(struct vfs_handle_struct *handle, + struct files_struct *fsp, mode_t mode); +int chmod_acl_acl_module_common(struct vfs_handle_struct *handle, + const struct smb_filename *smb_fname, + mode_t mode); +int fchmod_acl_acl_module_common(struct vfs_handle_struct *handle, + struct files_struct *fsp, mode_t mode); + +NTSTATUS get_nt_acl_common( + NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx, + vfs_handle_struct *handle, + files_struct *fsp, + const struct smb_filename *smb_fname, + DATA_BLOB *pblob), + vfs_handle_struct *handle, + files_struct *fsp, + const struct smb_filename *smb_fname_in, + uint32_t security_info, + TALLOC_CTX *mem_ctx, + struct security_descriptor **ppdesc); + +NTSTATUS fset_nt_acl_common( + NTSTATUS (*get_acl_blob_fn)(TALLOC_CTX *ctx, + vfs_handle_struct *handle, + files_struct *fsp, + const struct smb_filename *smb_fname, + DATA_BLOB *pblob), + NTSTATUS (*store_acl_blob_fsp_fn)(vfs_handle_struct *handle, + files_struct *fsp, + DATA_BLOB *pblob), + const char *module_name, + vfs_handle_struct *handle, files_struct *fsp, + uint32_t security_info_sent, + const struct security_descriptor *orig_psd); + + + +#endif diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c index 817add71fb9..c5ffa5e305b 100644 --- a/source3/modules/vfs_acl_tdb.c +++ b/source3/modules/vfs_acl_tdb.c @@ -22,18 +22,17 @@ #include "smbd/smbd.h" #include "system/filesys.h" #include "librpc/gen_ndr/xattr.h" -#include "librpc/gen_ndr/ndr_xattr.h" #include "../lib/crypto/sha256.h" #include "dbwrap/dbwrap.h" #include "dbwrap/dbwrap_open.h" #include "auth.h" #include "util_tdb.h" +#include "vfs_acl_common.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_VFS #define ACL_MODULE_NAME "acl_tdb" -#include "modules/vfs_acl_common.c" static unsigned int ref_count; static struct db_context *acl_db; @@ -320,7 +319,7 @@ static int connect_acl_tdb(struct vfs_handle_struct *handle, return -1; } - ok = init_acl_common_config(handle); + ok = init_acl_common_config(handle, ACL_MODULE_NAME); if (!ok) { DBG_ERR("init_acl_common_config failed\n"); return -1; @@ -451,6 +450,42 @@ static int sys_acl_set_fd_tdb(vfs_handle_struct *handle, return 0; } +static NTSTATUS acl_tdb_fget_nt_acl(vfs_handle_struct *handle, + files_struct *fsp, + uint32_t security_info, + TALLOC_CTX *mem_ctx, + struct security_descriptor **ppdesc) +{ + NTSTATUS status; + status = get_nt_acl_common(get_acl_blob, handle, fsp, NULL, + security_info, mem_ctx, ppdesc); + return status; +} + +static NTSTATUS acl_tdb_get_nt_acl(vfs_handle_struct *handle, + const struct smb_filename *smb_fname, + uint32_t security_info, + TALLOC_CTX *mem_ctx, + struct security_descriptor **ppdesc) +{ + NTSTATUS status; + status = get_nt_acl_common(get_acl_blob, handle, NULL, smb_fname, + security_info, mem_ctx, ppdesc); + return status; +} + +static NTSTATUS acl_tdb_fset_nt_acl(vfs_handle_struct *handle, + files_struct *fsp, + uint32_t security_info_sent, + const struct security_descriptor *psd) +{ + NTSTATUS status; + status = fset_nt_acl_common(get_acl_blob, store_acl_blob_fsp, + ACL_MODULE_NAME, + handle, fsp, security_info_sent, psd); + return status; +} + static struct vfs_fn_pointers vfs_acl_tdb_fns = { .connect_fn = connect_acl_tdb, .disconnect_fn = disconnect_acl_tdb, @@ -458,9 +493,9 @@ static struct vfs_fn_pointers vfs_acl_tdb_fns = { .unlink_fn = unlink_acl_tdb, .chmod_fn = chmod_acl_module_common, .fchmod_fn = fchmod_acl_module_common, - .fget_nt_acl_fn = fget_nt_acl_common, - .get_nt_acl_fn = get_nt_acl_common, - .fset_nt_acl_fn = fset_nt_acl_common, + .fget_nt_acl_fn = acl_tdb_fget_nt_acl, + .get_nt_acl_fn = acl_tdb_get_nt_acl, + .fset_nt_acl_fn = acl_tdb_fset_nt_acl, .chmod_acl_fn = chmod_acl_acl_module_common, .fchmod_acl_fn = fchmod_acl_acl_module_common, .sys_acl_set_file_fn = sys_acl_set_file_tdb, diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 367be65f7a4..38ad81cc244 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -21,17 +21,15 @@ #include "includes.h" #include "smbd/smbd.h" #include "librpc/gen_ndr/xattr.h" -#include "librpc/gen_ndr/ndr_xattr.h" #include "../lib/crypto/sha256.h" #include "auth.h" - -#undef DBGC_CLASS -#define DBGC_CLASS DBGC_VFS +#include "vfs_acl_common.h" /* Pull in the common functions. */ #define ACL_MODULE_NAME "acl_xattr" -#include "modules/vfs_acl_common.c" +#undef DBGC_CLASS +#define DBGC_CLASS DBGC_VFS /******************************************************************* Pull a security descriptor into a DATA_BLOB from a xattr. @@ -222,7 +220,7 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle, return ret; } - ok = init_acl_common_config(handle); + ok = init_acl_common_config(handle, ACL_MODULE_NAME); if (!ok) { DBG_ERR("init_acl_common_config failed\n"); return -1; @@ -280,15 +278,51 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle, return 0; } +static NTSTATUS acl_xattr_fget_nt_acl(vfs_handle_struct *handle, + files_struct *fsp, + uint32_t security_info, + TALLOC_CTX *mem_ctx, + struct security_descriptor **ppdesc) +{ + NTSTATUS status; + status = get_nt_acl_common(get_acl_blob, handle, fsp, NULL, + security_info, mem_ctx, ppdesc); + return status; +} + +static NTSTATUS acl_xattr_get_nt_acl(vfs_handle_struct *handle, + const struct smb_filename *smb_fname, + uint32_t security_info, + TALLOC_CTX *mem_ctx, + struct security_descriptor **ppdesc) +{ + NTSTATUS status; + status = get_nt_acl_common(get_acl_blob, handle, NULL, smb_fname, + security_info, mem_ctx, ppdesc); + return status; +} + +static NTSTATUS acl_xattr_fset_nt_acl(vfs_handle_struct *handle, + files_struct *fsp, + uint32_t security_info_sent, + const struct security_descriptor *psd) +{ + NTSTATUS status; + status = fset_nt_acl_common(get_acl_blob, store_acl_blob_fsp, + ACL_MODULE_NAME, + handle, fsp, security_info_sent, psd); + return status; +} + static struct vfs_fn_pointers vfs_acl_xattr_fns = { .connect_fn = connect_acl_xattr, .rmdir_fn = rmdir_acl_common, .unlink_fn = unlink_acl_common, .chmod_fn = chmod_acl_module_common, .fchmod_fn = fchmod_acl_module_common, - .fget_nt_acl_fn = fget_nt_acl_common, - .get_nt_acl_fn = get_nt_acl_common, - .fset_nt_acl_fn = fset_nt_acl_common, + .fget_nt_acl_fn = acl_xattr_fget_nt_acl, + .get_nt_acl_fn = acl_xattr_get_nt_acl, + .fset_nt_acl_fn = acl_xattr_fset_nt_acl, .chmod_acl_fn = chmod_acl_acl_module_common, .fchmod_acl_fn = fchmod_acl_acl_module_common, .sys_acl_set_file_fn = sys_acl_set_file_xattr, diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build index 840fdef7757..58aaf2e99d9 100644 --- a/source3/modules/wscript_build +++ b/source3/modules/wscript_build @@ -4,6 +4,9 @@ bld.SAMBA3_SUBSYSTEM('NFS4_ACLS', source='nfs4_acls.c', deps='samba-util tdb') +bld.SAMBA3_SUBSYSTEM('vfs_acl_common', + source='vfs_acl_common.c') + bld.SAMBA3_SUBSYSTEM('POSIXACL_XATTR', source='posixacl_xattr.c', enabled=(bld.SAMBA3_IS_ENABLED_MODULE('vfs_ceph') or bld.SAMBA3_IS_ENABLED_MODULE('vfs_glusterfs')), @@ -357,7 +360,7 @@ bld.SAMBA3_MODULE('vfs_syncops', bld.SAMBA3_MODULE('vfs_acl_xattr', subsystem='vfs', source='vfs_acl_xattr.c', - deps='samba-util', + deps='samba-util vfs_acl_common', init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_acl_xattr'), enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_acl_xattr')) @@ -365,7 +368,7 @@ bld.SAMBA3_MODULE('vfs_acl_xattr', bld.SAMBA3_MODULE('vfs_acl_tdb', subsystem='vfs', source='vfs_acl_tdb.c', - deps='NDR_XATTR tdb', + deps='samba-util vfs_acl_common', init_function='', internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_acl_tdb'), enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_acl_tdb')) diff --git a/source3/wscript_build b/source3/wscript_build index 4230b6a3778..7cf757b93d6 100644 --- a/source3/wscript_build +++ b/source3/wscript_build @@ -748,6 +748,7 @@ bld.SAMBA3_LIBRARY('smbd_base', netapi NDR_IOCTL notifyd + vfs_acl_common ''' + bld.env['dmapi_lib'] + bld.env['legacy_quota_libs'] + |