static void merge_afs_acls(struct afs_acl *dir_acl, struct afs_acl *file_acl, struct afs_acl *target) { struct afs_ace *ace; init_afs_acl(target); for (ace = dir_acl->acelist; ace != NULL; ace = ace->next) { struct afs_ace *file_ace; BOOL found = False; for (file_ace = file_acl->acelist; file_ace != NULL; file_ace = file_ace->next) { if (!same_principal(ace, file_ace)) continue; add_afs_ace(target, ace->positive, ace->name, ace->rights | file_ace->rights); found = True; break; } if (!found) add_afs_ace(target, ace->positive, ace->name, ace->rights); } for (ace = file_acl->acelist; ace != NULL; ace = ace->next) { struct afs_ace *dir_ace; BOOL already_seen = False; for (dir_ace = dir_acl->acelist; dir_ace != NULL; dir_ace = dir_ace->next) { if (!same_principal(ace, dir_ace)) continue; already_seen = True; break; } if (!already_seen) add_afs_ace(target, ace->positive, ace->name, ace->rights); } }
static void split_afs_acl(struct afs_acl *acl, struct afs_acl *dir_acl, struct afs_acl *file_acl) { struct afs_ace *ace; init_afs_acl(dir_acl); init_afs_acl(file_acl); for (ace = acl->acelist; ace != NULL; ace = ace->next) { if (ace->rights & AFS_FILE_RIGHTS) { add_afs_ace(file_acl, ace->positive, ace->name, ace->rights & AFS_FILE_RIGHTS); } if (ace->rights & AFS_DIR_RIGHTS) { add_afs_ace(dir_acl, ace->positive, ace->name, ace->rights & AFS_DIR_RIGHTS); } } }
static BOOL nt_to_afs_acl(const char *filename, uint32 security_info_sent, struct security_descriptor *psd, uint32 (*nt_to_afs_rights)(const char *filename, const SEC_ACE *ace), struct afs_acl *afs_acl) { SEC_ACL *dacl; int i; /* Currently we *only* look at the dacl */ if (((security_info_sent & DACL_SECURITY_INFORMATION) == 0) || (psd->dacl == NULL)) return True; if (!init_afs_acl(afs_acl)) return False; dacl = psd->dacl; for (i = 0; i < dacl->num_aces; i++) { SEC_ACE *ace = &(dacl->ace[i]); const char *dom_name, *name; enum lsa_SidType name_type; char *p; if (ace->type != SEC_ACE_TYPE_ACCESS_ALLOWED) { /* First cut: Only positive ACEs */ return False; } if (!mappable_sid(&ace->trustee)) { DEBUG(10, ("Ignoring unmappable SID %s\n", sid_string_static(&ace->trustee))); continue; } if (sid_compare(&ace->trustee, &global_sid_Builtin_Administrators) == 0) { name = "system:administrators"; } else if (sid_compare(&ace->trustee, &global_sid_World) == 0) { name = "system:anyuser"; } else if (sid_compare(&ace->trustee, &global_sid_Authenticated_Users) == 0) { name = "system:authuser"; } else if (sid_compare(&ace->trustee, &global_sid_Builtin_Backup_Operators) == 0) { name = "system:backup"; } else { if (!lookup_sid(tmp_talloc_ctx(), &ace->trustee, &dom_name, &name, &name_type)) { DEBUG(1, ("AFSACL: Could not lookup SID %s on file %s\n", sid_string_static(&ace->trustee), filename)); continue; } if ( (name_type == SID_NAME_USER) || (name_type == SID_NAME_DOM_GRP) || (name_type == SID_NAME_ALIAS) ) { char *tmp; tmp = talloc_asprintf(tmp_talloc_ctx(), "%s%s%s", dom_name, lp_winbind_separator(), name); if (tmp == NULL) { return False; } strlower_m(tmp); name = tmp; } if (sidpts) { /* Expect all users/groups in pts as SIDs */ name = talloc_strdup( tmp_talloc_ctx(), sid_string_static(&ace->trustee)); if (name == NULL) { return False; } } } while ((p = strchr_m(name, ' ')) != NULL) *p = space_replacement; add_afs_ace(afs_acl, True, name, nt_to_afs_rights(filename, ace)); } return True; }
static BOOL parse_afs_acl(struct afs_acl *acl, const char *acl_str) { int nplus, nminus; int aces; char str[MAXSIZE+1]; char *p = str; strncpy(str, acl_str, MAXSIZE); if (sscanf(p, "%d", &nplus) != 1) return False; DEBUG(10, ("Found %d positive entries\n", nplus)); if ((p = strchr(p, '\n')) == NULL) return False; p += 1; if (sscanf(p, "%d", &nminus) != 1) return False; DEBUG(10, ("Found %d negative entries\n", nminus)); if ((p = strchr(p, '\n')) == NULL) return False; p += 1; for (aces = nplus+nminus; aces > 0; aces--) { const char *namep; fstring name; uint32 rights; char *space; namep = p; if ((p = strchr(p, '\t')) == NULL) return False; *p = '\0'; p += 1; if (sscanf(p, "%d", &rights) != 1) return False; if ((p = strchr(p, '\n')) == NULL) return False; p += 1; fstrcpy(name, namep); while ((space = strchr_m(name, space_replacement)) != NULL) *space = ' '; add_afs_ace(acl, nplus>0, name, rights); nplus -= 1; } return True; }