static int collect_map(struct db_record *rec, void *private_data)
{
struct enum_map_state *state = (struct enum_map_state *)private_data;
GROUP_MAP map;
GROUP_MAP *tmp;
if (!dbrec2map(rec, &map)) {
return 0;
}
/* list only the type or everything if UNKNOWN */
if (state->sid_name_use != SID_NAME_UNKNOWN
&& state->sid_name_use != map.sid_name_use) {
DEBUG(11,("enum_group_mapping: group %s is not of the "
"requested type\n", map.nt_name));
return 0;
}
if ((state->unix_only == ENUM_ONLY_MAPPED) && (map.gid == -1)) {
DEBUG(11,("enum_group_mapping: group %s is non mapped\n",
map.nt_name));
return 0;
}
if ((state->domsid != NULL) &&
(dom_sid_compare_domain(state->domsid, &map.sid) != 0)) {
DEBUG(11,("enum_group_mapping: group %s is not in domain\n",
sid_string_dbg(&map.sid)));
return 0;
}
if (!(tmp = SMB_REALLOC_ARRAY(state->maps, GROUP_MAP,
state->num_maps+1))) {
DEBUG(0,("enum_group_mapping: Unable to enlarge group "
"map!\n"));
return 1;
}
state->maps = tmp;
state->maps[state->num_maps] = map;
state->num_maps++;
return 0;
}
static bool smbacl4_fill_ace4(
const struct smb_filename *filename,
smbacl4_vfs_params *params,
uid_t ownerUID,
gid_t ownerGID,
const struct security_ace *ace_nt, /* input */
SMB_ACE4PROP_T *ace_v4 /* output */
)
{
DEBUG(10, ("got ace for %s\n", sid_string_dbg(&ace_nt->trustee)));
ZERO_STRUCTP(ace_v4);
/* only ACCESS|DENY supported right now */
ace_v4->aceType = ace_nt->type;
ace_v4->aceFlags = map_windows_ace_flags_to_nfs4_ace_flags(
ace_nt->flags);
/* remove inheritance flags on files */
if (VALID_STAT(filename->st) &&
!S_ISDIR(filename->st.st_ex_mode)) {
DEBUG(10, ("Removing inheritance flags from a file\n"));
ace_v4->aceFlags &= ~(SMB_ACE4_FILE_INHERIT_ACE|
SMB_ACE4_DIRECTORY_INHERIT_ACE|
SMB_ACE4_NO_PROPAGATE_INHERIT_ACE|
SMB_ACE4_INHERIT_ONLY_ACE);
}
ace_v4->aceMask = ace_nt->access_mask &
(SEC_STD_ALL | SEC_FILE_ALL);
se_map_generic(&ace_v4->aceMask, &file_generic_mapping);
if (ace_v4->aceFlags!=ace_nt->flags)
DEBUG(9, ("ace_v4->aceFlags(0x%x)!=ace_nt->flags(0x%x)\n",
ace_v4->aceFlags, ace_nt->flags));
if (ace_v4->aceMask!=ace_nt->access_mask)
DEBUG(9, ("ace_v4->aceMask(0x%x)!=ace_nt->access_mask(0x%x)\n",
ace_v4->aceMask, ace_nt->access_mask));
if (dom_sid_equal(&ace_nt->trustee, &global_sid_World)) {
ace_v4->who.special_id = SMB_ACE4_WHO_EVERYONE;
ace_v4->flags |= SMB_ACE4_ID_SPECIAL;
} else if (params->mode!=e_special &&
dom_sid_equal(&ace_nt->trustee,
&global_sid_Creator_Owner)) {
DEBUG(10, ("Map creator owner\n"));
ace_v4->who.special_id = SMB_ACE4_WHO_OWNER;
ace_v4->flags |= SMB_ACE4_ID_SPECIAL;
/* A non inheriting creator owner entry has no effect. */
ace_v4->aceFlags |= SMB_ACE4_INHERIT_ONLY_ACE;
if (!(ace_v4->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE)
&& !(ace_v4->aceFlags & SMB_ACE4_FILE_INHERIT_ACE)) {
return false;
}
} else if (params->mode!=e_special &&
dom_sid_equal(&ace_nt->trustee,
&global_sid_Creator_Group)) {
DEBUG(10, ("Map creator owner group\n"));
ace_v4->who.special_id = SMB_ACE4_WHO_GROUP;
ace_v4->flags |= SMB_ACE4_ID_SPECIAL;
/* A non inheriting creator group entry has no effect. */
ace_v4->aceFlags |= SMB_ACE4_INHERIT_ONLY_ACE;
if (!(ace_v4->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE)
&& !(ace_v4->aceFlags & SMB_ACE4_FILE_INHERIT_ACE)) {
return false;
}
} else {
uid_t uid;
gid_t gid;
if (sid_to_gid(&ace_nt->trustee, &gid)) {
ace_v4->aceFlags |= SMB_ACE4_IDENTIFIER_GROUP;
ace_v4->who.gid = gid;
} else if (sid_to_uid(&ace_nt->trustee, &uid)) {
ace_v4->who.uid = uid;
} else if (dom_sid_compare_domain(&ace_nt->trustee,
&global_sid_Unix_NFS) == 0) {
return false;
} else {
DEBUG(1, ("nfs4_acls.c: file [%s]: could not "
"convert %s to uid or gid\n",
filename->base_name,
sid_string_dbg(&ace_nt->trustee)));
return false;
}
}
return true; /* OK */
}
