ReactOS 0.4.16-dev-321-g63bb46a
acl.c File Reference
#include <windows.h>
#include <strsafe.h>
#include <sddl.h>
#include "nfs41_ops.h"
#include "delegation.h"
#include "daemon_debug.h"
#include "util.h"
#include "upcall.h"
#include "nfs41_xdr.h"
Include dependency graph for acl.c:

Go to the source code of this file.

Macros

#define ACLLVL   2 /* dprintf level for acl logging */
 

Functions

static int parse_getacl (unsigned char *buffer, uint32_t length, nfs41_upcall *upcall)
 
static int create_unknownsid (WELL_KNOWN_SID_TYPE type, PSID *sid, DWORD *sid_len)
 
static void convert_nfs4name_2_user_domain (LPSTR nfs4name, LPSTR *domain)
 
static int map_name_2_sid (DWORD *sid_len, PSID *sid, LPCSTR name)
 
static void free_sids (PSID *sids, int count)
 
static int check_4_special_identifiers (char *who, PSID *sid, DWORD *sid_len, BOOLEAN *flag)
 
static int convert_nfs4acl_2_dacl (nfsacl41 *acl, int file_type, PACL *dacl_out, PSID **sids_out)
 
static int handle_getacl (nfs41_upcall *upcall)
 
static int marshall_getacl (unsigned char *buffer, uint32_t *length, nfs41_upcall *upcall)
 
static int parse_setacl (unsigned char *buffer, uint32_t length, nfs41_upcall *upcall)
 
static int is_well_known_sid (PSID sid, char *who)
 
static void map_aceflags (BYTE win_aceflags, uint32_t *nfs4_aceflags)
 
static void map_acemask (ACCESS_MASK mask, int file_type, uint32_t *nfs4_mask)
 
static int map_nfs4ace_who (PSID sid, PSID owner_sid, PSID group_sid, char *who_out, char *domain)
 
static int map_dacl_2_nfs4acl (PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, int file_type, char *domain)
 
static int handle_setacl (nfs41_upcall *upcall)
 
static int marshall_setacl (unsigned char *buffer, uint32_t *length, nfs41_upcall *upcall)
 

Variables

char localdomain_name [NFS41_HOSTNAME_LEN]
 
const nfs41_upcall_op nfs41_op_getacl
 
const nfs41_upcall_op nfs41_op_setacl
 

Macro Definition Documentation

◆ ACLLVL

#define ACLLVL   2 /* dprintf level for acl logging */

Definition at line 34 of file acl.c.

Function Documentation

◆ check_4_special_identifiers()

static int check_4_special_identifiers ( char who,
PSID sid,
DWORD sid_len,
BOOLEAN flag 
)
static

Definition at line 163 of file acl.c.

165{
166 int status = ERROR_SUCCESS;
168 *flag = TRUE;
169 if (!strncmp(who, ACE4_OWNER, strlen(ACE4_OWNER)-1))
170 type = WinCreatorOwnerSid;
171 else if (!strncmp(who, ACE4_GROUP, strlen(ACE4_GROUP)-1))
172 type = WinCreatorGroupSid;
173 else if (!strncmp(who, ACE4_EVERYONE, strlen(ACE4_EVERYONE)-1))
174 type = WinWorldSid;
175 else if (!strncmp(who, ACE4_NOBODY, strlen(ACE4_NOBODY)))
176 type = WinNullSid;
177 else
178 *flag = FALSE;
179 if (*flag)
180 status = create_unknownsid(type, sid, sid_len);
181 return status;
182}
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269
int strncmp(const char *String1, const char *String2, ACPI_SIZE Count)
Definition: utclib.c:534
static int create_unknownsid(WELL_KNOWN_SID_TYPE type, PSID *sid, DWORD *sid_len)
Definition: acl.c:52
FT_UInt sid
Definition: cffcmap.c:139
#define ERROR_SUCCESS
Definition: deptool.c:10
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean flag
Definition: glfuncs.h:52
#define ACE4_EVERYONE
Definition: nfs41_const.h:383
#define ACE4_GROUP
Definition: nfs41_const.h:382
#define ACE4_OWNER
Definition: nfs41_const.h:381
#define ACE4_NOBODY
Definition: nfs41_const.h:391
Definition: ps.c:97
WELL_KNOWN_SID_TYPE
Definition: setypes.h:455

Referenced by convert_nfs4acl_2_dacl().

◆ convert_nfs4acl_2_dacl()

static int convert_nfs4acl_2_dacl ( nfsacl41 acl,
int  file_type,
PACL dacl_out,
PSID **  sids_out 
)
static

Definition at line 184 of file acl.c.

186{
188 uint32_t i;
189 DWORD sid_len;
190 PSID *sids;
191 PACL dacl;
192 LPSTR domain = NULL;
194
195 sids = malloc(acl->count * sizeof(PSID));
196 if (sids == NULL) {
198 goto out;
199 }
200 for (i = 0; i < acl->count; i++) {
202 dprintf(ACLLVL, "handle_getacl: for user=%s domain=%s\n",
203 acl->aces[i].who, domain?domain:"<null>");
204 status = check_4_special_identifiers(acl->aces[i].who, &sids[i],
205 &sid_len, &flag);
206 if (status) {
207 free_sids(sids, i);
208 goto out;
209 }
210 if (!flag) {
211 status = map_name_2_sid(&sid_len, &sids[i], acl->aces[i].who);
212 if (status) {
213 free_sids(sids, i);
214 goto out;
215 }
216 }
217 size += sid_len - sizeof(DWORD);
218 }
219 size += sizeof(ACL) + (sizeof(ACCESS_ALLOWED_ACE)*acl->count);
220 size = (size + sizeof(DWORD) - 1) & 0xfffffffc; //align size on word boundry
221 dacl = malloc(size);
222 if (dacl == NULL)
223 goto out_free_sids;
224
227 for (i = 0; i < acl->count; i++) {
228 // nfs4 acemask should be exactly the same as file access mask
229 mask = acl->aces[i].acemask;
230 dprintf(ACLLVL, "access mask %x ace type %s\n", mask,
231 acl->aces[i].acetype?"DENIED ACE":"ALLOWED ACE");
234 if (!status) {
235 eprintf("convert_nfs4acl_2_dacl: AddAccessAllowedAce failed "
236 "with %d\n", status);
237 goto out_free_dacl;
238 }
239 else status = ERROR_SUCCESS;
240 } else if (acl->aces[i].acetype == ACE4_ACCESS_DENIED_ACE_TYPE) {
242 if (!status) {
243 eprintf("convert_nfs4acl_2_dacl: AddAccessDeniedAce failed "
244 "with %d\n", status);
245 goto out_free_dacl;
246 }
247 else status = ERROR_SUCCESS;
248 } else {
249 eprintf("convert_nfs4acl_2_dacl: unknown acetype %d\n",
250 acl->aces[i].acetype);
252 free(dacl);
253 free_sids(sids, acl->count);
254 goto out;
255 }
256 }
257 } else {
258 eprintf("convert_nfs4acl_2_dacl: InitializeAcl failed with %d\n", status);
259 goto out_free_dacl;
260 }
262 *sids_out = sids;
263 *dacl_out = dacl;
264out:
265 return status;
266out_free_dacl:
267 free(dacl);
268out_free_sids:
269 free_sids(sids, acl->count);
271 goto out;
272}
unsigned char BOOLEAN
#define ACLLVL
Definition: acl.c:34
static void free_sids(PSID *sids, int count)
Definition: acl.c:155
static int check_4_special_identifiers(char *who, PSID *sid, DWORD *sid_len, BOOLEAN *flag)
Definition: acl.c:163
static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name)
Definition: acl.c:93
static void convert_nfs4name_2_user_domain(LPSTR nfs4name, LPSTR *domain)
Definition: acl.c:80
void eprintf(LPCSTR format,...)
Definition: daemon_debug.c:86
#define free
Definition: debug_ros.c:5
#define malloc
Definition: debug_ros.c:4
#define NULL
Definition: types.h:112
UINT32 uint32_t
Definition: types.h:75
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
Definition: security.c:1006
BOOL WINAPI AddAccessAllowedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:1039
BOOL WINAPI AddAccessDeniedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:1090
#define ERROR_NOT_SUPPORTED
Definition: compat.h:100
unsigned long DWORD
Definition: ntddk_ex.h:95
GLsizeiptr size
Definition: glext.h:5919
GLenum GLint GLuint mask
Definition: glext.h:6028
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
struct _ACL ACL
#define ACE4_ACCESS_ALLOWED_ACE_TYPE
Definition: nfs41_const.h:318
#define ACE4_ACCESS_DENIED_ACE_TYPE
Definition: nfs41_const.h:319
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define DWORD
Definition: nt_native.h:44
#define dprintf
Definition: regdump.c:33
static FILE * out
Definition: regtests2xml.c:44
uint32_t acemask
Definition: nfs41_types.h:133
char who[NFS4_OPAQUE_LIMIT]
Definition: nfs41_types.h:134
uint32_t acetype
Definition: nfs41_types.h:131
nfsace4 * aces
Definition: nfs41_types.h:139
uint32_t count
Definition: nfs41_types.h:140
Definition: security.c:35
Definition: cookie.c:42
DWORD WINAPI GetLastError(void)
Definition: except.c:1042
#define ERROR_INTERNAL_ERROR
Definition: winerror.h:840
#define ACL_REVISION
Definition: setypes.h:39
char * LPSTR
Definition: xmlstorage.h:182

Referenced by handle_getacl().

◆ convert_nfs4name_2_user_domain()

static void convert_nfs4name_2_user_domain ( LPSTR  nfs4name,
LPSTR domain 
)
static

Definition at line 80 of file acl.c.

82{
83 LPSTR p = nfs4name;
84 for(; p[0] != '\0'; p++) {
85 if (p[0] == '@') {
86 p[0] = '\0';
87 *domain = &p[1];
88 break;
89 }
90 }
91}
GLfloat GLfloat p
Definition: glext.h:8902

Referenced by convert_nfs4acl_2_dacl(), and handle_getacl().

◆ create_unknownsid()

static int create_unknownsid ( WELL_KNOWN_SID_TYPE  type,
PSID sid,
DWORD sid_len 
)
static

Definition at line 52 of file acl.c.

54{
55 int status;
56 *sid_len = 0;
57 *sid = NULL;
58
59 status = CreateWellKnownSid(type, NULL, *sid, sid_len);
60 dprintf(ACLLVL, "create_unknownsid: CreateWellKnownSid type %d returned %d "
61 "GetLastError %d sid len %d needed\n", type, status,
62 GetLastError(), *sid_len);
63 if (status)
67 return status;
68 *sid = malloc(*sid_len);
69 if (*sid == NULL)
71 status = CreateWellKnownSid(type, NULL, *sid, sid_len);
72 if (status)
73 return ERROR_SUCCESS;
74 free(*sid);
76 eprintf("create_unknownsid: CreateWellKnownSid failed with %d\n", status);
77 return status;
78}
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10
BOOL WINAPI CreateWellKnownSid(IN WELL_KNOWN_SID_TYPE WellKnownSidType, IN PSID DomainSid OPTIONAL, OUT PSID pSid, IN OUT DWORD *cbSid)
Definition: security.c:722

Referenced by check_4_special_identifiers(), and map_name_2_sid().

◆ free_sids()

static void free_sids ( PSID sids,
int  count 
)
static

Definition at line 155 of file acl.c.

156{
157 int i;
158 for(i = 0; i < count; i++)
159 free(sids[i]);
160 free(sids);
161}
GLuint GLuint GLsizei count
Definition: gl.h:1545

Referenced by convert_nfs4acl_2_dacl(), GetShellSecurityDescriptor(), and handle_getacl().

◆ handle_getacl()

static int handle_getacl ( nfs41_upcall upcall)
static

Definition at line 274 of file acl.c.

275{
277 getacl_upcall_args *args = &upcall->args.getacl;
278 nfs41_open_state *state = upcall->state_ref;
279 nfs41_file_info info = { 0 };
280 bitmap4 attr_request = { 0 };
281 LPSTR domain = NULL;
282 SECURITY_DESCRIPTOR sec_desc;
283 PACL dacl = NULL;
284 PSID *sids = NULL;
285 PSID osid = NULL, gsid = NULL;
286 DWORD sid_len;
288 nfsacl41 acl = { 0 };
289
290 // need to cache owner/group information XX
291 attr_request.count = 2;
293 if (args->query & DACL_SECURITY_INFORMATION) {
294 info.acl = &acl;
295 attr_request.arr[0] |= FATTR4_WORD0_ACL;
296 }
297 info.owner = owner;
298 info.owner_group = group;
299 status = nfs41_getattr(state->session, &state->file, &attr_request, &info);
300 if (status) {
301 eprintf("handle_getacl: nfs41_cached_getattr() failed with %d\n",
302 status);
303 goto out;
304 }
305
308 if (!status) {
310 eprintf("handle_getacl: InitializeSecurityDescriptor failed with %d\n",
311 status);
312 goto out;
313 }
314 /* can't (re)use the same sid variable for both owner and group sids
315 * because security descriptor is created in absolute-form and it just
316 * stores pointers to the sids. thus each owner and group needs its own
317 * memory. free them after creating self-relative security descriptor.
318 */
319 if (args->query & OWNER_SECURITY_INFORMATION) {
320 // parse user@domain. currently ignoring domain part XX
322 dprintf(ACLLVL, "handle_getacl: OWNER_SECURITY_INFORMATION: for user=%s "
323 "domain=%s\n", info.owner, domain?domain:"<null>");
324 sid_len = 0;
325 status = map_name_2_sid(&sid_len, &osid, info.owner);
326 if (status)
327 goto out;
328 status = SetSecurityDescriptorOwner(&sec_desc, osid, TRUE);
329 if (!status) {
331 eprintf("handle_getacl: SetSecurityDescriptorOwner failed with "
332 "%d\n", status);
333 goto out;
334 }
335 }
336 if (args->query & GROUP_SECURITY_INFORMATION) {
338 dprintf(ACLLVL, "handle_getacl: GROUP_SECURITY_INFORMATION: for %s "
339 "domain=%s\n", info.owner_group, domain?domain:"<null>");
340 sid_len = 0;
341 status = map_name_2_sid(&sid_len, &gsid, info.owner_group);
342 if (status)
343 goto out;
344 status = SetSecurityDescriptorGroup(&sec_desc, gsid, TRUE);
345 if (!status) {
347 eprintf("handle_getacl: SetSecurityDescriptorGroup failed with "
348 "%d\n", status);
349 goto out;
350 }
351 }
352 if (args->query & DACL_SECURITY_INFORMATION) {
353 dprintf(ACLLVL, "handle_getacl: DACL_SECURITY_INFORMATION\n");
354 status = convert_nfs4acl_2_dacl(info.acl, state->type, &dacl, &sids);
355 if (status)
356 goto out;
358 if (!status) {
360 eprintf("handle_getacl: SetSecurityDescriptorDacl failed with "
361 "%d\n", status);
362 goto out;
363 }
364 }
365
366 args->sec_desc_len = 0;
367 status = MakeSelfRelativeSD(&sec_desc, args->sec_desc, &args->sec_desc_len);
368 if (status) {
370 goto out;
371 }
374 eprintf("handle_getacl: MakeSelfRelativeSD failes with %d\n", status);
375 goto out;
376 }
377 args->sec_desc = malloc(args->sec_desc_len);
378 if (args->sec_desc == NULL) {
380 goto out;
381 }
382 status = MakeSelfRelativeSD(&sec_desc, args->sec_desc, &args->sec_desc_len);
383 if (!status) {
385 eprintf("handle_getacl: MakeSelfRelativeSD failes with %d\n", status);
386 free(args->sec_desc);
387 goto out;
388 } else status = ERROR_SUCCESS;
389
390out:
391 if (args->query & OWNER_SECURITY_INFORMATION) {
392 if (osid) free(osid);
393 }
394 if (args->query & GROUP_SECURITY_INFORMATION) {
395 if (gsid) free(gsid);
396 }
397 if (args->query & DACL_SECURITY_INFORMATION) {
398 if (sids) free_sids(sids, info.acl->count);
399 free(dacl);
400 nfsacl41_free(info.acl);
401 }
402 return status;
403}
static int state
Definition: maze.c:121
static int convert_nfs4acl_2_dacl(nfsacl41 *acl, int file_type, PACL *dacl_out, PSID **sids_out)
Definition: acl.c:184
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:929
GLboolean GLuint group
Definition: glext.h:11120
@ FATTR4_WORD1_OWNER_GROUP
Definition: nfs41_const.h:249
@ FATTR4_WORD1_OWNER
Definition: nfs41_const.h:248
@ FATTR4_WORD0_ACL
Definition: nfs41_const.h:225
#define NFS4_OPAQUE_LIMIT
Definition: nfs41_const.h:31
nfs41_updowncall_list upcall
Definition: nfs41_driver.c:273
int nfs41_getattr(IN nfs41_session *session, IN OPTIONAL nfs41_path_fh *file, IN bitmap4 *attr_request, OUT nfs41_file_info *info)
Definition: nfs41_ops.c:1063
void nfsacl41_free(nfsacl41 *acl)
Definition: nfs41_xdr.c:335
BOOL WINAPI SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bDaclPresent, PACL pDacl, BOOL bDaclDefaulted)
Definition: sec.c:262
BOOL WINAPI SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pOwner, BOOL bOwnerDefaulted)
Definition: sec.c:312
BOOL WINAPI MakeSelfRelativeSD(PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, LPDWORD lpdwBufferLength)
Definition: sec.c:214
BOOL WINAPI SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pGroup, BOOL bGroupDefaulted)
Definition: sec.c:288
uint32_t count
Definition: nfs41_types.h:96
uint32_t arr[3]
Definition: nfs41_types.h:97
Definition: match.c:390
unsigned int count
Definition: notification.c:64
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124

◆ handle_setacl()

static int handle_setacl ( nfs41_upcall upcall)
static

Definition at line 690 of file acl.c.

691{
693 setacl_upcall_args *args = &upcall->args.setacl;
694 nfs41_open_state *state = upcall->state_ref;
695 nfs41_file_info info = { 0 };
696 stateid_arg stateid;
697 nfsacl41 nfs4_acl = { 0 };
698 PSID sid = NULL, gsid = NULL;
699 BOOL sid_default, gsid_default;
700
701 if (args->query & OWNER_SECURITY_INFORMATION) {
702 char owner[NFS4_OPAQUE_LIMIT];
703 dprintf(ACLLVL, "handle_setacl: OWNER_SECURITY_INFORMATION\n");
704 status = GetSecurityDescriptorOwner(args->sec_desc, &sid, &sid_default);
705 if (!status) {
707 eprintf("GetSecurityDescriptorOwner failed with %d\n", status);
708 goto out;
709 }
710 info.owner = owner;
712 if (status)
713 goto out;
714 else {
715 info.attrmask.arr[1] |= FATTR4_WORD1_OWNER;
716 info.attrmask.count = 2;
717 }
718 }
719 if (args->query & GROUP_SECURITY_INFORMATION) {
721 dprintf(ACLLVL, "handle_setacl: GROUP_SECURITY_INFORMATION\n");
722 status = GetSecurityDescriptorGroup(args->sec_desc, &sid, &sid_default);
723 if (!status) {
725 eprintf("GetSecurityDescriptorOwner failed with %d\n", status);
726 goto out;
727 }
728 info.owner_group = group;
729 status = map_nfs4ace_who(sid, NULL, NULL, info.owner_group,
731 if (status)
732 goto out;
733 else {
734 info.attrmask.arr[1] |= FATTR4_WORD1_OWNER_GROUP;
735 info.attrmask.count = 2;
736 }
737 }
738 if (args->query & DACL_SECURITY_INFORMATION) {
739 BOOL dacl_present, dacl_default;
740 PACL acl;
741 dprintf(ACLLVL, "handle_setacl: DACL_SECURITY_INFORMATION\n");
742 status = GetSecurityDescriptorDacl(args->sec_desc, &dacl_present,
743 &acl, &dacl_default);
744 if (!status) {
746 eprintf("GetSecurityDescriptorDacl failed with %d\n", status);
747 goto out;
748 }
749 status = GetSecurityDescriptorOwner(args->sec_desc, &sid, &sid_default);
750 if (!status) {
752 eprintf("GetSecurityDescriptorOwner failed with %d\n", status);
753 goto out;
754 }
755 status = GetSecurityDescriptorGroup(args->sec_desc, &gsid, &gsid_default);
756 if (!status) {
758 eprintf("GetSecurityDescriptorOwner failed with %d\n", status);
759 goto out;
760 }
761 status = map_dacl_2_nfs4acl(acl, sid, gsid, &nfs4_acl, state->type,
763 if (status)
764 goto out;
765 else {
766 info.acl = &nfs4_acl;
767 info.attrmask.arr[0] |= FATTR4_WORD0_ACL;
768 if (!info.attrmask.count)
769 info.attrmask.count = 1;
770 }
771 }
772
773 /* break read delegations before SETATTR */
774 nfs41_delegation_return(state->session, &state->file,
776
777 nfs41_open_stateid_arg(state, &stateid);
778 status = nfs41_setattr(state->session, &state->file, &stateid, &info);
779 if (status) {
780 dprintf(ACLLVL, "handle_setacl: nfs41_setattr() failed with error %s.\n",
783 }
784 args->ctime = info.change;
785 if (args->query & DACL_SECURITY_INFORMATION)
786 free(nfs4_acl.aces);
787out:
788 return status;
789}
static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, int file_type, char *domain)
Definition: acl.c:614
char localdomain_name[NFS41_HOSTNAME_LEN]
Definition: nfs41_daemon.c:49
static int map_nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, char *who_out, char *domain)
Definition: acl.c:538
int nfs_to_windows_error(int status, int default_error)
Definition: util.c:235
const char * nfs_error_string(int status)
Definition: daemon_debug.c:370
int nfs41_delegation_return(IN nfs41_session *session, IN nfs41_path_fh *file, IN enum open_delegation_type4 access, IN bool_t truncate)
Definition: delegation.c:629
unsigned int BOOL
Definition: ntddk_ex.h:94
void nfs41_open_stateid_arg(IN nfs41_open_state *state, OUT struct __stateid_arg *arg)
int nfs41_setattr(IN nfs41_session *session, IN nfs41_path_fh *file, IN stateid_arg *stateid, IN nfs41_file_info *info)
Definition: nfs41_ops.c:1351
@ OPEN_DELEGATE_WRITE
Definition: nfs41_ops.h:588
BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pGroup, LPBOOL lpbGroupDefaulted)
Definition: sec.c:76
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45
BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted)
Definition: sec.c:103

◆ is_well_known_sid()

static int is_well_known_sid ( PSID  sid,
char who 
)
static

Definition at line 445 of file acl.c.

446{
447 int status, i;
448 for (i = 0; i < 78; i++) {
450 if (!status) continue;
451 else {
452 dprintf(ACLLVL, "WELL_KNOWN_SID_TYPE %d\n", i);
453 switch((WELL_KNOWN_SID_TYPE)i) {
454 case WinCreatorOwnerSid:
456 return TRUE;
457 case WinNullSid:
459 return TRUE;
460 case WinAnonymousSid:
462 return TRUE;
463 case WinWorldSid:
465 return TRUE;
466 case WinCreatorGroupSid:
467 case WinBuiltinUsersSid:
469 return TRUE;
470 case WinAuthenticatedUserSid:
472 return TRUE;
473 case WinDialupSid:
475 return TRUE;
476 case WinNetworkSid:
478 return TRUE;
479 case WinBatchSid:
481 return TRUE;
482 case WinInteractiveSid:
484 return TRUE;
485 case WinNetworkServiceSid:
486 case WinLocalServiceSid:
487 case WinServiceSid:
489 return TRUE;
490 default: return FALSE;
491 }
492 }
493 }
494 return FALSE;
495}
BOOL WINAPI IsWellKnownSid(IN PSID pSid, IN WELL_KNOWN_SID_TYPE WellKnownSidType)
Definition: security.c:796
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
#define ACE4_ANONYMOUS
Definition: nfs41_const.h:388
#define ACE4_DIALUP
Definition: nfs41_const.h:386
#define ACE4_INTERACTIVE
Definition: nfs41_const.h:384
#define ACE4_BATCH
Definition: nfs41_const.h:387
#define ACE4_SERVICE
Definition: nfs41_const.h:390
#define ACE4_AUTHENTICATED
Definition: nfs41_const.h:389
#define ACE4_NETWORK
Definition: nfs41_const.h:385

Referenced by map_nfs4ace_who().

◆ map_aceflags()

static void map_aceflags ( BYTE  win_aceflags,
uint32_t nfs4_aceflags 
)
static

Definition at line 497 of file acl.c.

498{
499 if (win_aceflags & OBJECT_INHERIT_ACE)
500 *nfs4_aceflags |= ACE4_FILE_INHERIT_ACE;
501 if (win_aceflags & CONTAINER_INHERIT_ACE)
502 *nfs4_aceflags |= ACE4_DIRECTORY_INHERIT_ACE;
503 if (win_aceflags & NO_PROPAGATE_INHERIT_ACE)
504 *nfs4_aceflags |= ACE4_NO_PROPAGATE_INHERIT_ACE;
505 if (win_aceflags & INHERIT_ONLY_ACE)
506 *nfs4_aceflags |= ACE4_INHERIT_ONLY_ACE;
507 if (win_aceflags & INHERITED_ACE)
508 *nfs4_aceflags |= ACE4_INHERITED_ACE;
509 dprintf(ACLLVL, "ACE FLAGS: %x nfs4 aceflags %x\n",
510 win_aceflags, *nfs4_aceflags);
511}
#define ACE4_INHERIT_ONLY_ACE
Definition: nfs41_const.h:374
#define ACE4_FILE_INHERIT_ACE
Definition: nfs41_const.h:371
#define ACE4_NO_PROPAGATE_INHERIT_ACE
Definition: nfs41_const.h:373
#define ACE4_DIRECTORY_INHERIT_ACE
Definition: nfs41_const.h:372
#define ACE4_INHERITED_ACE
Definition: nfs41_const.h:378
#define INHERITED_ACE
Definition: ph.h:47
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:747
#define INHERIT_ONLY_ACE
Definition: setypes.h:749
#define OBJECT_INHERIT_ACE
Definition: setypes.h:746
#define NO_PROPAGATE_INHERIT_ACE
Definition: setypes.h:748

Referenced by map_dacl_2_nfs4acl().

◆ map_acemask()

static void map_acemask ( ACCESS_MASK  mask,
int  file_type,
uint32_t nfs4_mask 
)
static

Definition at line 513 of file acl.c.

514{
515 dprintf(ACLLVL, "ACE MASK: %x\n", mask);
517 /* check if any GENERIC bits set */
518 if (mask & 0xf000000) {
519 if (mask & GENERIC_ALL) {
520 if (file_type == NF4DIR)
521 *nfs4_mask |= ACE4_ALL_DIR;
522 else
523 *nfs4_mask |= ACE4_ALL_FILE;
524 } else {
525 if (mask & GENERIC_READ)
526 *nfs4_mask |= ACE4_GENERIC_READ;
527 if (mask & GENERIC_WRITE)
528 *nfs4_mask |= ACE4_GENERIC_WRITE;
529 if (mask & GENERIC_EXECUTE)
530 *nfs4_mask |= ACE4_GENERIC_EXECUTE;
531 }
532 }
533 else /* ignoring generic and reserved bits */
534 *nfs4_mask = mask & 0x00ffffff;
535 print_nfs_access_mask(0, *nfs4_mask);
536}
void print_nfs_access_mask(int on, int m)
Definition: daemon_debug.c:640
void print_windows_access_mask(int on, ACCESS_MASK m)
Definition: daemon_debug.c:570
#define GENERIC_READ
Definition: compat.h:135
#define ACE4_ALL_DIR
Definition: nfs41_const.h:350
#define ACE4_GENERIC_WRITE
Definition: nfs41_const.h:358
#define ACE4_GENERIC_READ
Definition: nfs41_const.h:356
@ NF4DIR
Definition: nfs41_const.h:295
#define ACE4_ALL_FILE
Definition: nfs41_const.h:345
#define ACE4_GENERIC_EXECUTE
Definition: nfs41_const.h:360
#define GENERIC_ALL
Definition: nt_native.h:92
#define GENERIC_WRITE
Definition: nt_native.h:90
#define GENERIC_EXECUTE
Definition: nt_native.h:91
FD_TYPE file_type(FDSC **curr, char *fixed)
Definition: file.c:221

Referenced by map_dacl_2_nfs4acl().

◆ map_dacl_2_nfs4acl()

static int map_dacl_2_nfs4acl ( PACL  acl,
PSID  sid,
PSID  gsid,
nfsacl41 nfs4_acl,
int  file_type,
char domain 
)
static

Definition at line 614 of file acl.c.

616{
617 int status;
618 if (acl == NULL) {
619 dprintf(ACLLVL, "this is a NULL dacl: all access to an object\n");
620 nfs4_acl->count = 1;
621 nfs4_acl->aces = calloc(1, sizeof(nfsace4));
622 if (nfs4_acl->aces == NULL) {
624 goto out;
625 }
626 nfs4_acl->flag = 0;
629 if (file_type == NF4DIR)
630 nfs4_acl->aces->acemask = ACE4_ALL_DIR;
631 else
632 nfs4_acl->aces->acemask = ACE4_ALL_FILE;
633 nfs4_acl->aces->aceflag = 0;
634 } else {
635 int i;
636 PACE_HEADER ace;
637 PBYTE tmp_pointer;
638
639 dprintf(ACLLVL, "NON-NULL dacl with %d ACEs\n", acl->AceCount);
640 print_hexbuf_no_asci(3, (unsigned char *)"ACL\n",
641 (unsigned char *)acl, acl->AclSize);
642 nfs4_acl->count = acl->AceCount;
643 nfs4_acl->aces = calloc(nfs4_acl->count, sizeof(nfsace4));
644 if (nfs4_acl->aces == NULL) {
646 goto out;
647 }
648 nfs4_acl->flag = 0;
649 for (i = 0; i < acl->AceCount; i++) {
650 status = GetAce(acl, i, &ace);
651 if (!status) {
653 eprintf("map_dacl_2_nfs4acl: GetAce failed with %d\n", status);
654 goto out_free;
655 }
656 tmp_pointer = (PBYTE)ace;
657 print_hexbuf_no_asci(3, (unsigned char *)"ACE\n",
658 (unsigned char *)ace, ace->AceSize);
659 dprintf(ACLLVL, "ACE TYPE: %x\n", ace->AceType);
662 else if (ace->AceType == ACCESS_DENIED_ACE_TYPE)
664 else {
665 eprintf("map_dacl_2_nfs4acl: unsupported ACE type %d\n",
666 ace->AceType);
668 goto out_free;
669 }
670
671 map_aceflags(ace->AceFlags, &nfs4_acl->aces[i].aceflag);
672 map_acemask(*(PACCESS_MASK)(ace + 1), file_type,
673 &nfs4_acl->aces[i].acemask);
674
675 tmp_pointer += sizeof(ACCESS_MASK) + sizeof(ACE_HEADER);
676 status = map_nfs4ace_who(tmp_pointer, sid, gsid, nfs4_acl->aces[i].who,
677 domain);
678 if (status)
679 goto out_free;
680 }
681 }
683out:
684 return status;
685out_free:
686 free(nfs4_acl->aces);
687 goto out;
688}
static void map_aceflags(BYTE win_aceflags, uint32_t *nfs4_aceflags)
Definition: acl.c:497
static void map_acemask(ACCESS_MASK mask, int file_type, uint32_t *nfs4_mask)
Definition: acl.c:513
void print_hexbuf_no_asci(int level, unsigned char *title, unsigned char *buf, int len)
Definition: daemon_debug.c:112
BOOL WINAPI GetAce(PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
Definition: security.c:1186
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41
BYTE * PBYTE
Definition: pedump.c:66
#define calloc
Definition: rosglue.h:14
UCHAR AceFlags
Definition: ms-dtyp.idl:211
UCHAR AceType
Definition: ms-dtyp.idl:210
USHORT AceCount
Definition: ms-dtyp.idl:297
uint32_t aceflag
Definition: nfs41_types.h:132
uint32_t flag
Definition: nfs41_types.h:138
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718

Referenced by handle_setacl().

◆ map_name_2_sid()

static int map_name_2_sid ( DWORD sid_len,
PSID sid,
LPCSTR  name 
)
static

Definition at line 93 of file acl.c.

94{
96 SID_NAME_USE sid_type;
97 LPSTR tmp_buf = NULL;
98 DWORD tmp = 0;
99
100 status = LookupAccountName(NULL, name, NULL, sid_len, NULL, &tmp, &sid_type);
101 dprintf(ACLLVL, "map_name_2_sid: LookupAccountName for %s returned %d "
102 "GetLastError %d name len %d domain len %d\n", name, status,
103 GetLastError(), *sid_len, tmp);
104 if (status)
106
108 switch(status) {
110 *sid = malloc(*sid_len);
111 if (*sid == NULL) {
113 goto out;
114 }
115 tmp_buf = (LPSTR) malloc(tmp);
116 if (tmp_buf == NULL)
117 goto out_free_sid;
118 status = LookupAccountName(NULL, name, *sid, sid_len, tmp_buf,
119 &tmp, &sid_type);
120 free(tmp_buf);
121 if (!status) {
122 eprintf("map_name_2_sid: LookupAccountName for %s failed "
123 "with %d\n", name, GetLastError());
124 goto out_free_sid;
125 } else {
126#ifdef DEBUG_ACLS
127 LPSTR ssid = NULL;
128 if (IsValidSid(*sid))
129 if (ConvertSidToStringSidA(*sid, &ssid))
130 dprintf(1, "map_name_2_sid: sid_type = %d SID %s\n",
131 sid_type, ssid);
132 else
133 dprintf(1, "map_name_2_sid: ConvertSidToStringSidA failed "
134 "with %d\n", GetLastError());
135 else
136 dprintf(1, "map_name_2_sid: Invalid Sid ?\n");
137 if (ssid) LocalFree(ssid);
138#endif
139 }
141 break;
143 status = create_unknownsid(WinNullSid, sid, sid_len);
144 if (status)
145 goto out_free_sid;
146 }
147out:
148 return status;
149out_free_sid:
151 free(*sid);
152 goto out;
153}
BOOL WINAPI IsValidSid(PSID pSid)
Definition: security.c:819
BOOL WINAPI ConvertSidToStringSidA(PSID Sid, LPSTR *StringSid)
Definition: security.c:3637
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
enum _SID_NAME_USE SID_NAME_USE
Definition: name.c:39
#define LookupAccountName
Definition: winbase.h:3891
#define ERROR_NONE_MAPPED
Definition: winerror.h:814

Referenced by convert_nfs4acl_2_dacl(), and handle_getacl().

◆ map_nfs4ace_who()

static int map_nfs4ace_who ( PSID  sid,
PSID  owner_sid,
PSID  group_sid,
char who_out,
char domain 
)
static

Definition at line 538 of file acl.c.

539{
541 DWORD size = 0, tmp_size = 0;
542 SID_NAME_USE sid_type;
543 LPSTR tmp_buf = NULL, who = NULL;
544
545 /* for ace mapping, we want to map owner's sid into "owner@"
546 * but for set_owner attribute we want to map owner into a user name
547 * same applies to group
548 */
549 status = 0;
550 if (owner_sid) {
551 if (EqualSid(sid, owner_sid)) {
552 dprintf(ACLLVL, "map_nfs4ace_who: this is owner's sid\n");
553 memcpy(who_out, ACE4_OWNER, strlen(ACE4_OWNER)+1);
554 return ERROR_SUCCESS;
555 }
556 }
557 if (group_sid) {
558 if (EqualSid(sid, group_sid)) {
559 dprintf(ACLLVL, "map_nfs4ace_who: this is group's sid\n");
560 memcpy(who_out, ACE4_GROUP, strlen(ACE4_GROUP)+1);
561 return ERROR_SUCCESS;
562 }
563 }
564 status = is_well_known_sid(sid, who_out);
565 if (status) {
566 if (!strncmp(who_out, ACE4_NOBODY, strlen(ACE4_NOBODY))) {
568 goto add_domain;
569 }
570 else
571 return ERROR_SUCCESS;
572 }
573
574 status = LookupAccountSid(NULL, sid, who, &size, tmp_buf,
575 &tmp_size, &sid_type);
576 dprintf(ACLLVL, "map_nfs4ace_who: LookupAccountSid returned %d GetLastError "
577 "%d name len %d domain len %d\n", status, GetLastError(),
578 size, tmp_size);
579 if (status)
584 who = malloc(size);
585 if (who == NULL) {
587 goto out;
588 }
589 tmp_buf = malloc(tmp_size);
590 if (tmp_buf == NULL)
591 goto out_free_who;
592 status = LookupAccountSid(NULL, sid, who, &size, tmp_buf,
593 &tmp_size, &sid_type);
594 free(tmp_buf);
595 if (!status) {
596 eprintf("map_nfs4ace_who: LookupAccountSid failed with %d\n",
597 GetLastError());
598 goto out_free_who;
599 }
600 memcpy(who_out, who, size);
602 memcpy(who_out+size, "@", sizeof(char));
603 memcpy(who_out+size+1, domain, strlen(domain)+1);
604 dprintf(ACLLVL, "map_nfs4ace_who: who=%s\n", who_out);
605 if (who) free(who);
607out:
608 return status;
609out_free_who:
610 free(who);
612 goto out;
613}
static int is_well_known_sid(PSID sid, char *who)
Definition: acl.c:445
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:829
#define LookupAccountSid
Definition: winbase.h:3892
static struct domain * add_domain(struct session *session, WCHAR *name)
Definition: cookie.c:48

Referenced by handle_setacl(), and map_dacl_2_nfs4acl().

◆ marshall_getacl()

static int marshall_getacl ( unsigned char buffer,
uint32_t length,
nfs41_upcall upcall 
)
static

Definition at line 405 of file acl.c.

407{
409 getacl_upcall_args *args = &upcall->args.getacl;
410
411 status = safe_write(&buffer, length, &args->sec_desc_len, sizeof(DWORD));
412 if (status) goto out;
413 status = safe_write(&buffer, length, args->sec_desc, args->sec_desc_len);
414 free(args->sec_desc);
415 if (status) goto out;
416out:
417 return status;
418}
int safe_write(unsigned char **pos, uint32_t *remaining, void *src, uint32_t src_len)
Definition: util.c:44
GLuint buffer
Definition: glext.h:5915
GLuint GLsizei GLsizei * length
Definition: glext.h:6040

◆ marshall_setacl()

static int marshall_setacl ( unsigned char buffer,
uint32_t length,
nfs41_upcall upcall 
)
static

Definition at line 791 of file acl.c.

792{
793 setacl_upcall_args *args = &upcall->args.setacl;
794 return safe_write(&buffer, length, &args->ctime, sizeof(args->ctime));
795}

◆ parse_getacl()

static int parse_getacl ( unsigned char buffer,
uint32_t  length,
nfs41_upcall upcall 
)
static

Definition at line 38 of file acl.c.

40{
41 int status;
42 getacl_upcall_args *args = &upcall->args.getacl;
43
44 status = safe_read(&buffer, &length, &args->query, sizeof(args->query));
45 if (status) goto out;
46
47 dprintf(1, "parsing NFS41_ACL_QUERY: info_class=%d\n", args->query);
48out:
49 return status;
50}
int safe_read(unsigned char **pos, uint32_t *remaining, void *dest, uint32_t dest_len)
Definition: util.c:33

◆ parse_setacl()

static int parse_setacl ( unsigned char buffer,
uint32_t  length,
nfs41_upcall upcall 
)
static

Definition at line 426 of file acl.c.

428{
429 int status;
430 setacl_upcall_args *args = &upcall->args.setacl;
431 ULONG sec_desc_len;
432
433 status = safe_read(&buffer, &length, &args->query, sizeof(args->query));
434 if (status) goto out;
435 status = safe_read(&buffer, &length, &sec_desc_len, sizeof(ULONG));
436 if (status) goto out;
437 args->sec_desc = (PSECURITY_DESCRIPTOR)buffer;
438
439 dprintf(1, "parsing NFS41_ACL_SET: info_class=%d sec_desc_len=%d\n",
440 args->query, sec_desc_len);
441out:
442 return status;
443}
struct _SECURITY_DESCRIPTOR * PSECURITY_DESCRIPTOR
Definition: security.c:98
uint32_t ULONG
Definition: typedefs.h:59

Variable Documentation

◆ localdomain_name

char localdomain_name[NFS41_HOSTNAME_LEN]
extern

Definition at line 49 of file nfs41_daemon.c.

Referenced by getdomainname(), and handle_setacl().

◆ nfs41_op_getacl

const nfs41_upcall_op nfs41_op_getacl
Initial value:
= {
}
static int parse_getacl(unsigned char *buffer, uint32_t length, nfs41_upcall *upcall)
Definition: acl.c:38
static int handle_getacl(nfs41_upcall *upcall)
Definition: acl.c:274
static int marshall_getacl(unsigned char *buffer, uint32_t *length, nfs41_upcall *upcall)
Definition: acl.c:405

Definition at line 420 of file acl.c.

◆ nfs41_op_setacl

const nfs41_upcall_op nfs41_op_setacl
Initial value:
= {
}
static int handle_setacl(nfs41_upcall *upcall)
Definition: acl.c:690
static int parse_setacl(unsigned char *buffer, uint32_t length, nfs41_upcall *upcall)
Definition: acl.c:426
static int marshall_setacl(unsigned char *buffer, uint32_t *length, nfs41_upcall *upcall)
Definition: acl.c:791

Definition at line 797 of file acl.c.