static int collect_map(struct db_record *rec, void *private_data) { struct enum_map_state *state = (struct enum_map_state *)private_data; GROUP_MAP map; GROUP_MAP *tmp; if (!dbrec2map(rec, &map)) { return 0; } /* list only the type or everything if UNKNOWN */ if (state->sid_name_use != SID_NAME_UNKNOWN && state->sid_name_use != map.sid_name_use) { DEBUG(11,("enum_group_mapping: group %s is not of the " "requested type\n", map.nt_name)); return 0; } if ((state->unix_only == ENUM_ONLY_MAPPED) && (map.gid == -1)) { DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name)); return 0; } if ((state->domsid != NULL) && (dom_sid_compare_domain(state->domsid, &map.sid) != 0)) { DEBUG(11,("enum_group_mapping: group %s is not in domain\n", sid_string_dbg(&map.sid))); return 0; } if (!(tmp = SMB_REALLOC_ARRAY(state->maps, GROUP_MAP, state->num_maps+1))) { DEBUG(0,("enum_group_mapping: Unable to enlarge group " "map!\n")); return 1; } state->maps = tmp; state->maps[state->num_maps] = map; state->num_maps++; return 0; }
static bool smbacl4_fill_ace4( const struct smb_filename *filename, smbacl4_vfs_params *params, uid_t ownerUID, gid_t ownerGID, const struct security_ace *ace_nt, /* input */ SMB_ACE4PROP_T *ace_v4 /* output */ ) { DEBUG(10, ("got ace for %s\n", sid_string_dbg(&ace_nt->trustee))); ZERO_STRUCTP(ace_v4); /* only ACCESS|DENY supported right now */ ace_v4->aceType = ace_nt->type; ace_v4->aceFlags = map_windows_ace_flags_to_nfs4_ace_flags( ace_nt->flags); /* remove inheritance flags on files */ if (VALID_STAT(filename->st) && !S_ISDIR(filename->st.st_ex_mode)) { DEBUG(10, ("Removing inheritance flags from a file\n")); ace_v4->aceFlags &= ~(SMB_ACE4_FILE_INHERIT_ACE| SMB_ACE4_DIRECTORY_INHERIT_ACE| SMB_ACE4_NO_PROPAGATE_INHERIT_ACE| SMB_ACE4_INHERIT_ONLY_ACE); } ace_v4->aceMask = ace_nt->access_mask & (SEC_STD_ALL | SEC_FILE_ALL); se_map_generic(&ace_v4->aceMask, &file_generic_mapping); if (ace_v4->aceFlags!=ace_nt->flags) DEBUG(9, ("ace_v4->aceFlags(0x%x)!=ace_nt->flags(0x%x)\n", ace_v4->aceFlags, ace_nt->flags)); if (ace_v4->aceMask!=ace_nt->access_mask) DEBUG(9, ("ace_v4->aceMask(0x%x)!=ace_nt->access_mask(0x%x)\n", ace_v4->aceMask, ace_nt->access_mask)); if (dom_sid_equal(&ace_nt->trustee, &global_sid_World)) { ace_v4->who.special_id = SMB_ACE4_WHO_EVERYONE; ace_v4->flags |= SMB_ACE4_ID_SPECIAL; } else if (params->mode!=e_special && dom_sid_equal(&ace_nt->trustee, &global_sid_Creator_Owner)) { DEBUG(10, ("Map creator owner\n")); ace_v4->who.special_id = SMB_ACE4_WHO_OWNER; ace_v4->flags |= SMB_ACE4_ID_SPECIAL; /* A non inheriting creator owner entry has no effect. */ ace_v4->aceFlags |= SMB_ACE4_INHERIT_ONLY_ACE; if (!(ace_v4->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE) && !(ace_v4->aceFlags & SMB_ACE4_FILE_INHERIT_ACE)) { return false; } } else if (params->mode!=e_special && dom_sid_equal(&ace_nt->trustee, &global_sid_Creator_Group)) { DEBUG(10, ("Map creator owner group\n")); ace_v4->who.special_id = SMB_ACE4_WHO_GROUP; ace_v4->flags |= SMB_ACE4_ID_SPECIAL; /* A non inheriting creator group entry has no effect. */ ace_v4->aceFlags |= SMB_ACE4_INHERIT_ONLY_ACE; if (!(ace_v4->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE) && !(ace_v4->aceFlags & SMB_ACE4_FILE_INHERIT_ACE)) { return false; } } else { uid_t uid; gid_t gid; if (sid_to_gid(&ace_nt->trustee, &gid)) { ace_v4->aceFlags |= SMB_ACE4_IDENTIFIER_GROUP; ace_v4->who.gid = gid; } else if (sid_to_uid(&ace_nt->trustee, &uid)) { ace_v4->who.uid = uid; } else if (dom_sid_compare_domain(&ace_nt->trustee, &global_sid_Unix_NFS) == 0) { return false; } else { DEBUG(1, ("nfs4_acls.c: file [%s]: could not " "convert %s to uid or gid\n", filename->base_name, sid_string_dbg(&ace_nt->trustee))); return false; } } return true; /* OK */ }