From a17be88d67bf3fd90b3ac144a00de434bc8957f6 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 10 Oct 2012 16:44:41 +1100 Subject: [PATCH 1/8] vfs: Remove type parameter from sys_acl_blob_get_{fd,file} This interface actually needs to match the get_nt_acl interface in that the system ACL implmenetation may not be posix ACLs, and the blob is not meant to be enforced to be of a particular system ACL structure. Andrew Bartlett (cherry picked from commit 1f36ec129300e4f69efe26d4950fe3a7cfbfb233) --- examples/VFS/skel_opaque.c | 2 +- examples/VFS/skel_transparent.c | 4 ++-- source3/include/vfs.h | 10 ++++++---- source3/include/vfs_macros.h | 8 ++++---- source3/modules/vfs_full_audit.c | 3 +-- source3/modules/vfs_time_audit.c | 3 +-- source3/smbd/vfs.c | 3 +-- 7 files changed, 16 insertions(+), 17 deletions(-) diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c index 6dd83bb..e66d7aa 100644 --- a/examples/VFS/skel_opaque.c +++ b/examples/VFS/skel_opaque.c @@ -595,7 +595,7 @@ static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle, return (SMB_ACL_T)NULL; } -static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob) +static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob) { errno = ENOSYS; return -1; diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c index f8a743e..0c84e19 100644 --- a/examples/VFS/skel_transparent.c +++ b/examples/VFS/skel_transparent.c @@ -708,12 +708,12 @@ static SMB_ACL_T skel_sys_acl_get_fd(vfs_handle_struct *handle, return SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx); } -static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type, +static int skel_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob) { - return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob); + return SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, mem_ctx, blob_description, blob); } static int skel_sys_acl_blob_get_fd(vfs_handle_struct *handle, files_struct *fsp, diff --git a/source3/include/vfs.h b/source3/include/vfs.h index 2d18265..2992c1d 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -146,6 +146,7 @@ /* Leave at 29 - not yet released. Added sys_acl_blob_get_file and sys_acl_blob_get_fd */ /* Bump to version 30 - Samba 4.0.0 will ship with interface version 30 */ /* Leave at 30 - not yet released. Added conn->cwd to save vfs_GetWd() calls. */ +/* Leave at 30 - not yet released. Changed sys_acl_blob_get_file interface to remove type */ #define SMB_VFS_INTERFACE_VERSION 30 /* @@ -701,10 +702,12 @@ struct vfs_fn_pointers { SMB_ACL_T (*sys_acl_get_fd_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, TALLOC_CTX *mem_ctx); - int (*sys_acl_blob_get_file_fn)(struct vfs_handle_struct *handle, const char *path_p, SMB_ACL_TYPE_T type, - TALLOC_CTX *mem_ctx, char **blob_description, + int (*sys_acl_blob_get_file_fn)(struct vfs_handle_struct *handle, + const char *path_p, + TALLOC_CTX *mem_ctx, + char **blob_description, DATA_BLOB *blob); - int (*sys_acl_blob_get_fd_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, + int (*sys_acl_blob_get_fd_fn)(struct vfs_handle_struct *handle, struct files_struct *fsp, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob); int (*sys_acl_set_file_fn)(struct vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl); @@ -1110,7 +1113,6 @@ SMB_ACL_T smb_vfs_call_sys_acl_get_fd(struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx); int smb_vfs_call_sys_acl_blob_get_file(struct vfs_handle_struct *handle, const char *path_p, - SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob); diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h index a5ff90b..331fe001b 100644 --- a/source3/include/vfs_macros.h +++ b/source3/include/vfs_macros.h @@ -439,10 +439,10 @@ #define SMB_VFS_NEXT_SYS_ACL_GET_FD(handle, fsp, mem_ctx) \ smb_vfs_call_sys_acl_get_fd((handle)->next, (fsp), (mem_ctx)) -#define SMB_VFS_SYS_ACL_BLOB_GET_FILE(conn, path_p, type, mem_ctx, blob_description, blob) \ - smb_vfs_call_sys_acl_blob_get_file((conn)->vfs_handles, (path_p), (type), (mem_ctx), (blob_description), (blob)) -#define SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob) \ - smb_vfs_call_sys_acl_blob_get_file((handle)->next, (path_p), (type), (mem_ctx), (blob_description), (blob)) +#define SMB_VFS_SYS_ACL_BLOB_GET_FILE(conn, path_p, mem_ctx, blob_description, blob) \ + smb_vfs_call_sys_acl_blob_get_file((conn)->vfs_handles, (path_p), (mem_ctx), (blob_description), (blob)) +#define SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, mem_ctx, blob_description, blob) \ + smb_vfs_call_sys_acl_blob_get_file((handle)->next, (path_p), (mem_ctx), (blob_description), (blob)) #define SMB_VFS_SYS_ACL_BLOB_GET_FD(fsp, mem_ctx, blob_description, blob) \ smb_vfs_call_sys_acl_blob_get_fd((fsp)->conn->vfs_handles, (fsp), (mem_ctx), (blob_description), (blob)) diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index be8989c..b1fb090 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -1835,14 +1835,13 @@ static SMB_ACL_T smb_full_audit_sys_acl_get_fd(vfs_handle_struct *handle, static int smb_full_audit_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, - SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob) { int result; - result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob); + result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, mem_ctx, blob_description, blob); do_log(SMB_VFS_OP_SYS_ACL_BLOB_GET_FILE, (result >= 0), handle, "%s", path_p); diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c index 6ff1a55..95b4148 100644 --- a/source3/modules/vfs_time_audit.c +++ b/source3/modules/vfs_time_audit.c @@ -1818,7 +1818,6 @@ static SMB_ACL_T smb_time_audit_sys_acl_get_fd(vfs_handle_struct *handle, static int smb_time_audit_sys_acl_blob_get_file(vfs_handle_struct *handle, const char *path_p, - SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob) @@ -1828,7 +1827,7 @@ static int smb_time_audit_sys_acl_blob_get_file(vfs_handle_struct *handle, double timediff; clock_gettime_mono(&ts1); - result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, type, mem_ctx, blob_description, blob); + result = SMB_VFS_NEXT_SYS_ACL_BLOB_GET_FILE(handle, path_p, mem_ctx, blob_description, blob); clock_gettime_mono(&ts2); timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9; diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index 3a95c58..581a025 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -2240,13 +2240,12 @@ SMB_ACL_T smb_vfs_call_sys_acl_get_fd(struct vfs_handle_struct *handle, int smb_vfs_call_sys_acl_blob_get_file(struct vfs_handle_struct *handle, const char *path_p, - SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob) { VFS_FIND(sys_acl_blob_get_file); - return handle->fns->sys_acl_blob_get_file_fn(handle, path_p, type, mem_ctx, blob_description, blob); + return handle->fns->sys_acl_blob_get_file_fn(handle, path_p, mem_ctx, blob_description, blob); } int smb_vfs_call_sys_acl_blob_get_fd(struct vfs_handle_struct *handle, -- 1.7.9.5 From c0df7c0f2b8e8fb46ddb91545d37a5fb890cb6fa Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Tue, 20 Nov 2012 13:50:46 +0100 Subject: [PATCH 2/8] s3:param: set "map archive = no" in ROLE_ACTIVE_DIRECTORY_DC Signed-off-by: Stefan Metzmacher Reviewed-by: Michael Adam (cherry picked from commit 4fb0b61ad8fd45a7eff7756d43ce646ed051ee1a) --- source3/param/loadparm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c index 8ad0fc9..0e1b019 100644 --- a/source3/param/loadparm.c +++ b/source3/param/loadparm.c @@ -3500,6 +3500,7 @@ static void init_locals(void) lp_do_parameter(-1, "map hidden", "no"); lp_do_parameter(-1, "map system", "no"); lp_do_parameter(-1, "map readonly", "no"); + lp_do_parameter(-1, "map archive", "no"); lp_do_parameter(-1, "store dos attributes", "yes"); lp_do_parameter(-1, "create mask", "0777"); lp_do_parameter(-1, "directory mask", "0777"); -- 1.7.9.5 From 791c66349993baad479d68e40385fc7ac4c805d8 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 28 Nov 2012 09:05:23 +0100 Subject: [PATCH 3/8] s3:vfs_modules: fix *sys_acl_blob_get_{file,fd} and only return ENOSYS We should not segfault if some callers starts to call this. This is a 4.0 patch only, if you try to backport the real implementation just revert this patch... Signed-off-by: Stefan Metzmacher --- source3/modules/vfs_default.c | 22 ++++++++++++++ source3/modules/vfs_fake_acls.c | 61 ++++----------------------------------- 2 files changed, 27 insertions(+), 56 deletions(-) diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 84d12e3..75dd5ac 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -2147,6 +2147,26 @@ static SMB_ACL_T vfswrap_sys_acl_get_fd(vfs_handle_struct *handle, return sys_acl_get_fd(handle, fsp, mem_ctx); } +static int vfswrap_sys_acl_blob_get_file(vfs_handle_struct *handle, + const char *path_p, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + errno = ENOSYS; + return -1; +} + +static int vfswrap_sys_acl_blob_get_fd(vfs_handle_struct *handle, + files_struct *fsp, + TALLOC_CTX *mem_ctx, + char **blob_description, + DATA_BLOB *blob) +{ + errno = ENOSYS; + return -1; +} + static int vfswrap_sys_acl_set_file(vfs_handle_struct *handle, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) { return sys_acl_set_file(handle, name, acltype, theacl); @@ -2382,6 +2402,8 @@ static struct vfs_fn_pointers vfs_default_fns = { .sys_acl_get_file_fn = vfswrap_sys_acl_get_file, .sys_acl_get_fd_fn = vfswrap_sys_acl_get_fd, + .sys_acl_blob_get_file_fn = vfswrap_sys_acl_blob_get_file, + .sys_acl_blob_get_fd_fn = vfswrap_sys_acl_blob_get_fd, .sys_acl_set_file_fn = vfswrap_sys_acl_set_file, .sys_acl_set_fd_fn = vfswrap_sys_acl_set_fd, .sys_acl_delete_def_file_fn = vfswrap_sys_acl_delete_def_file, diff --git a/source3/modules/vfs_fake_acls.c b/source3/modules/vfs_fake_acls.c index ea3db23..4ca82ea 100644 --- a/source3/modules/vfs_fake_acls.c +++ b/source3/modules/vfs_fake_acls.c @@ -299,69 +299,18 @@ static SMB_ACL_T fake_acls_sys_acl_get_fd(struct vfs_handle_struct *handle, } -static int fake_acls_sys_acl_blob_get_file(struct vfs_handle_struct *handle, const char *path, SMB_ACL_TYPE_T type, TALLOC_CTX *mem_ctx, +static int fake_acls_sys_acl_blob_get_file(struct vfs_handle_struct *handle, const char *path, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob) { - ssize_t length; - const char *name = NULL; - switch (type) { - case SMB_ACL_TYPE_ACCESS: - name = FAKE_ACL_ACCESS_XATTR; - break; - case SMB_ACL_TYPE_DEFAULT: - name = FAKE_ACL_DEFAULT_XATTR; - break; - } - - *blob_description = talloc_strdup(mem_ctx, "fake_acls"); - if (!*blob_description) { - errno = ENOMEM; - return -1; - } - - *blob = data_blob_null; - do { - blob->length += 1000; - blob->data = talloc_realloc(mem_ctx, blob->data, uint8_t, blob->length); - if (!blob->data) { - errno = ENOMEM; - return -1; - } - length = SMB_VFS_NEXT_GETXATTR(handle, path, name, blob->data, blob->length); - blob->length = length; - } while (length == -1 && errno == ERANGE); - if (length == -1) { - return -1; - } - return 0; + errno = ENOSYS; + return -1; } static int fake_acls_sys_acl_blob_get_fd(struct vfs_handle_struct *handle, files_struct *fsp, TALLOC_CTX *mem_ctx, char **blob_description, DATA_BLOB *blob) { - ssize_t length; - const char *name = FAKE_ACL_ACCESS_XATTR; - - *blob_description = talloc_strdup(mem_ctx, "fake_acls"); - if (!*blob_description) { - errno = ENOMEM; - return -1; - } - *blob = data_blob_null; - do { - blob->length += 1000; - blob->data = talloc_realloc(mem_ctx, blob->data, uint8_t, blob->length); - if (!blob->data) { - errno = ENOMEM; - return -1; - } - length = SMB_VFS_NEXT_FGETXATTR(handle, fsp, name, blob->data, blob->length); - blob->length = length; - } while (length == -1 && errno == ERANGE); - if (length == -1) { - return -1; - } - return 0; + errno = ENOSYS; + return -1; } static int fake_acls_sys_acl_set_file(vfs_handle_struct *handle, const char *path, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) -- 1.7.9.5 From b62078a8f7a3592a7004958021a6c0f2c08f988c Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 28 Nov 2012 11:21:51 +0100 Subject: [PATCH 4/8] s3:vfs_aixacl2: make use of vfs_aixacl_util.h This should fix the build. Signed-off-by: Stefan Metzmacher Reviewed-by: Michael Adam (cherry picked from commit d5987048347beefa720f902d97b621e6cb719fdf) --- source3/modules/vfs_aixacl2.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c index 0f89eb6..4541e0e 100644 --- a/source3/modules/vfs_aixacl2.c +++ b/source3/modules/vfs_aixacl2.c @@ -21,15 +21,13 @@ #include "system/filesys.h" #include "smbd/smbd.h" #include "nfs4_acls.h" +#include "vfs_aixacl_util.h" #undef DBGC_CLASS #define DBGC_CLASS DBGC_VFS #define AIXACL2_MODULE_NAME "aixacl2" -extern SMB_ACL_T aixacl_to_smbacl( struct acl *file_acl); -extern struct acl *aixacl_smb_to_aixacl(SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl); - typedef union aixjfs2_acl_t { nfs4_acl_int_t jfs2_acl[1]; aixc_acl_t aixc_acl[1]; -- 1.7.9.5 From 746024ca470feaee27b3cb5e95ecdbc3328001c5 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 28 Nov 2012 11:38:13 +0100 Subject: [PATCH 5/8] s4:smbd/open: add missing TALLOC_FREE(frame) to inherit_new_acl() Signed-off-by: Stefan Metzmacher Reviewed-by: Michael Adam (cherry picked from commit b3eb78c4f7123ccad6af50379c29d0939590d1ff) --- source3/smbd/open.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source3/smbd/open.c b/source3/smbd/open.c index e8365bd..794ca3b 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -3440,6 +3440,7 @@ static NTSTATUS inherit_new_acl(files_struct *fsp) size_t size = 0; if (!parent_dirname(frame, fsp->fsp_name->base_name, &parent_name, NULL)) { + TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } @@ -3449,6 +3450,7 @@ static NTSTATUS inherit_new_acl(files_struct *fsp) frame, &parent_desc); if (!NT_STATUS_IS_OK(status)) { + TALLOC_FREE(frame); return status; } -- 1.7.9.5 From 7cd1fac7239112990c987876be59b1a34de6af84 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 28 Nov 2012 11:44:15 +0100 Subject: [PATCH 6/8] s3:vfs_gpfs: make sure we return the correct errno in gpfs2smb_acl() TALLOC_FREE() could overwrite errno. Signed-off-by: Stefan Metzmacher Reviewed-by: Michael Adam (cherry picked from commit 0f630abb3f197a8b672c6aa96362d83fdad1f92f) --- source3/modules/vfs_gpfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index c1dc52a..941407c 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -603,8 +603,8 @@ static SMB_ACL_T gpfs2smb_acl(const struct gpfs_acl *pacl, TALLOC_CTX *mem_ctx) default: DEBUG(10, ("Got invalid ace_type: %d\n", g_ace->ace_type)); - errno = EINVAL; TALLOC_FREE(result); + errno = EINVAL; return NULL; } -- 1.7.9.5 From 49f1c9ee756fc4b963a0a53be9b7cb762be303ce Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 28 Nov 2012 11:44:58 +0100 Subject: [PATCH 7/8] s3:vfs_gpfs: add no memory check in gpfs2smb_acl() Signed-off-by: Stefan Metzmacher Reviewed-by: Michael Adam Autobuild-User(master): Michael Adam Autobuild-Date(master): Wed Nov 28 14:06:27 CET 2012 on sn-devel-104 (cherry picked from commit bc6bceec655f241f23d713edc0d7a2633b5d6592) --- source3/modules/vfs_gpfs.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 941407c..a28d4a2 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -570,6 +570,11 @@ static SMB_ACL_T gpfs2smb_acl(const struct gpfs_acl *pacl, TALLOC_CTX *mem_ctx) result->count = pacl->acl_nace; result->acl = talloc_realloc(result, result->acl, struct smb_acl_entry, result->count); + if (result->acl == NULL) { + TALLOC_FREE(result); + errno = ENOMEM; + return NULL; + } for (i=0; iacl_nace; i++) { struct smb_acl_entry *ace = &result->acl[i]; -- 1.7.9.5 From cf648f52ab84c74b24979900d3484f31fda73fd0 Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 28 Nov 2012 11:59:31 +0100 Subject: [PATCH 8/8] WHATSNEW.txt: "acl compatibility" was removed Signed-off-by: Stefan Metzmacher --- WHATSNEW.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/WHATSNEW.txt b/WHATSNEW.txt index a08909a..e872759 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -105,6 +105,7 @@ smb.conf changes Parameter Name Description -------------- ----------- + acl compatibility Removed allow dns updates New announce as Removed announce version Removed -- 1.7.9.5