static BOOL afs_get_afs_acl(char *filename, struct afs_acl *acl) { struct afs_iob iob; int ret; char space[MAXSIZE]; DEBUG(5, ("afs_get_afs_acl: %s\n", filename)); iob.in_size = 0; iob.out_size = MAXSIZE; iob.in = iob.out = space; ret = afs_syscall(AFSCALL_PIOCTL, filename, VIOCGETAL, (char *)&iob, 0); if (ret) { DEBUG(1, ("got error from PIOCTL: %d\n", ret)); return False; } if (!init_afs_acl(acl)) return False; if (!parse_afs_acl(acl, space)) { DEBUG(1, ("Could not parse AFS acl\n")); free_afs_acl(acl); return False; } return True; }
static void split_afs_acl(struct afs_acl *acl, struct afs_acl *dir_acl, struct afs_acl *file_acl) { struct afs_ace *ace; init_afs_acl(dir_acl); init_afs_acl(file_acl); for (ace = acl->acelist; ace != NULL; ace = ace->next) { if (ace->rights & AFS_FILE_RIGHTS) { add_afs_ace(file_acl, ace->positive, ace->name, ace->rights & AFS_FILE_RIGHTS); } if (ace->rights & AFS_DIR_RIGHTS) { add_afs_ace(dir_acl, ace->positive, ace->name, ace->rights & AFS_DIR_RIGHTS); } } }
static void merge_afs_acls(struct afs_acl *dir_acl, struct afs_acl *file_acl, struct afs_acl *target) { struct afs_ace *ace; init_afs_acl(target); for (ace = dir_acl->acelist; ace != NULL; ace = ace->next) { struct afs_ace *file_ace; BOOL found = False; for (file_ace = file_acl->acelist; file_ace != NULL; file_ace = file_ace->next) { if (!same_principal(ace, file_ace)) continue; add_afs_ace(target, ace->positive, ace->name, ace->rights | file_ace->rights); found = True; break; } if (!found) add_afs_ace(target, ace->positive, ace->name, ace->rights); } for (ace = file_acl->acelist; ace != NULL; ace = ace->next) { struct afs_ace *dir_ace; BOOL already_seen = False; for (dir_ace = dir_acl->acelist; dir_ace != NULL; dir_ace = dir_ace->next) { if (!same_principal(ace, dir_ace)) continue; already_seen = True; break; } if (!already_seen) add_afs_ace(target, ace->positive, ace->name, ace->rights); } }
static BOOL nt_to_afs_acl(const char *filename, uint32 security_info_sent, struct security_descriptor *psd, uint32 (*nt_to_afs_rights)(const char *filename, const SEC_ACE *ace), struct afs_acl *afs_acl) { SEC_ACL *dacl; int i; /* Currently we *only* look at the dacl */ if (((security_info_sent & DACL_SECURITY_INFORMATION) == 0) || (psd->dacl == NULL)) return True; if (!init_afs_acl(afs_acl)) return False; dacl = psd->dacl; for (i = 0; i < dacl->num_aces; i++) { SEC_ACE *ace = &(dacl->ace[i]); const char *dom_name, *name; enum lsa_SidType name_type; char *p; if (ace->type != SEC_ACE_TYPE_ACCESS_ALLOWED) { /* First cut: Only positive ACEs */ return False; } if (!mappable_sid(&ace->trustee)) { DEBUG(10, ("Ignoring unmappable SID %s\n", sid_string_static(&ace->trustee))); continue; } if (sid_compare(&ace->trustee, &global_sid_Builtin_Administrators) == 0) { name = "system:administrators"; } else if (sid_compare(&ace->trustee, &global_sid_World) == 0) { name = "system:anyuser"; } else if (sid_compare(&ace->trustee, &global_sid_Authenticated_Users) == 0) { name = "system:authuser"; } else if (sid_compare(&ace->trustee, &global_sid_Builtin_Backup_Operators) == 0) { name = "system:backup"; } else { if (!lookup_sid(tmp_talloc_ctx(), &ace->trustee, &dom_name, &name, &name_type)) { DEBUG(1, ("AFSACL: Could not lookup SID %s on file %s\n", sid_string_static(&ace->trustee), filename)); continue; } if ( (name_type == SID_NAME_USER) || (name_type == SID_NAME_DOM_GRP) || (name_type == SID_NAME_ALIAS) ) { char *tmp; tmp = talloc_asprintf(tmp_talloc_ctx(), "%s%s%s", dom_name, lp_winbind_separator(), name); if (tmp == NULL) { return False; } strlower_m(tmp); name = tmp; } if (sidpts) { /* Expect all users/groups in pts as SIDs */ name = talloc_strdup( tmp_talloc_ctx(), sid_string_static(&ace->trustee)); if (name == NULL) { return False; } } } while ((p = strchr_m(name, ' ')) != NULL) *p = space_replacement; add_afs_ace(afs_acl, True, name, nt_to_afs_rights(filename, ace)); } return True; }