static BOOL afs_get_afs_acl(char *filename, struct afs_acl *acl)
{
struct afs_iob iob;
int ret;
char space[MAXSIZE];
DEBUG(5, ("afs_get_afs_acl: %s\n", filename));
iob.in_size = 0;
iob.out_size = MAXSIZE;
iob.in = iob.out = space;
ret = afs_syscall(AFSCALL_PIOCTL, filename, VIOCGETAL,
(char *)&iob, 0);
if (ret) {
DEBUG(1, ("got error from PIOCTL: %d\n", ret));
return False;
}
if (!init_afs_acl(acl))
return False;
if (!parse_afs_acl(acl, space)) {
DEBUG(1, ("Could not parse AFS acl\n"));
free_afs_acl(acl);
return False;
}
return True;
}
static void split_afs_acl(struct afs_acl *acl,
struct afs_acl *dir_acl,
struct afs_acl *file_acl)
{
struct afs_ace *ace;
init_afs_acl(dir_acl);
init_afs_acl(file_acl);
for (ace = acl->acelist; ace != NULL; ace = ace->next) {
if (ace->rights & AFS_FILE_RIGHTS) {
add_afs_ace(file_acl, ace->positive, ace->name,
ace->rights & AFS_FILE_RIGHTS);
}
if (ace->rights & AFS_DIR_RIGHTS) {
add_afs_ace(dir_acl, ace->positive, ace->name,
ace->rights & AFS_DIR_RIGHTS);
}
}
}
static void merge_afs_acls(struct afs_acl *dir_acl,
struct afs_acl *file_acl,
struct afs_acl *target)
{
struct afs_ace *ace;
init_afs_acl(target);
for (ace = dir_acl->acelist; ace != NULL; ace = ace->next) {
struct afs_ace *file_ace;
BOOL found = False;
for (file_ace = file_acl->acelist;
file_ace != NULL;
file_ace = file_ace->next) {
if (!same_principal(ace, file_ace))
continue;
add_afs_ace(target, ace->positive, ace->name,
ace->rights | file_ace->rights);
found = True;
break;
}
if (!found)
add_afs_ace(target, ace->positive, ace->name,
ace->rights);
}
for (ace = file_acl->acelist; ace != NULL; ace = ace->next) {
struct afs_ace *dir_ace;
BOOL already_seen = False;
for (dir_ace = dir_acl->acelist;
dir_ace != NULL;
dir_ace = dir_ace->next) {
if (!same_principal(ace, dir_ace))
continue;
already_seen = True;
break;
}
if (!already_seen)
add_afs_ace(target, ace->positive, ace->name,
ace->rights);
}
}
static BOOL nt_to_afs_acl(const char *filename,
uint32 security_info_sent,
struct security_descriptor *psd,
uint32 (*nt_to_afs_rights)(const char *filename,
const SEC_ACE *ace),
struct afs_acl *afs_acl)
{
SEC_ACL *dacl;
int i;
/* Currently we *only* look at the dacl */
if (((security_info_sent & DACL_SECURITY_INFORMATION) == 0) ||
(psd->dacl == NULL))
return True;
if (!init_afs_acl(afs_acl))
return False;
dacl = psd->dacl;
for (i = 0; i < dacl->num_aces; i++) {
SEC_ACE *ace = &(dacl->ace[i]);
const char *dom_name, *name;
enum lsa_SidType name_type;
char *p;
if (ace->type != SEC_ACE_TYPE_ACCESS_ALLOWED) {
/* First cut: Only positive ACEs */
return False;
}
if (!mappable_sid(&ace->trustee)) {
DEBUG(10, ("Ignoring unmappable SID %s\n",
sid_string_static(&ace->trustee)));
continue;
}
if (sid_compare(&ace->trustee,
&global_sid_Builtin_Administrators) == 0) {
name = "system:administrators";
} else if (sid_compare(&ace->trustee,
&global_sid_World) == 0) {
name = "system:anyuser";
} else if (sid_compare(&ace->trustee,
&global_sid_Authenticated_Users) == 0) {
name = "system:authuser";
} else if (sid_compare(&ace->trustee,
&global_sid_Builtin_Backup_Operators)
== 0) {
name = "system:backup";
} else {
if (!lookup_sid(tmp_talloc_ctx(), &ace->trustee,
&dom_name, &name, &name_type)) {
DEBUG(1, ("AFSACL: Could not lookup SID %s on file %s\n",
sid_string_static(&ace->trustee), filename));
continue;
}
if ( (name_type == SID_NAME_USER) ||
(name_type == SID_NAME_DOM_GRP) ||
(name_type == SID_NAME_ALIAS) ) {
char *tmp;
tmp = talloc_asprintf(tmp_talloc_ctx(), "%s%s%s",
dom_name, lp_winbind_separator(),
name);
if (tmp == NULL) {
return False;
}
strlower_m(tmp);
name = tmp;
}
if (sidpts) {
/* Expect all users/groups in pts as SIDs */
name = talloc_strdup(
tmp_talloc_ctx(),
sid_string_static(&ace->trustee));
if (name == NULL) {
return False;
}
}
}
while ((p = strchr_m(name, ' ')) != NULL)
*p = space_replacement;
add_afs_ace(afs_acl, True, name,
nt_to_afs_rights(filename, ace));
}
return True;
}
