d3/de8/base_2services_2nfsd_2acl_8c_source.html

 /* NFSv4.1 client for Windows
  * Copyright � 2012 The Regents of the University of Michigan
  *
  * Olga Kornievskaia <aglo@umich.edu>
  * Casey Bodley <cbodley@umich.edu>
  *
  * This library is free software; you can redistribute it and/or modify it
  * under the terms of the GNU Lesser General Public License as published by
  * the Free Software Foundation; either version 2.1 of the License, or (at
  * your option) any later version.
  *
  * This library is distributed in the hope that it will be useful, but
  * without any warranty; without even the implied warranty of merchantability
  * or fitness for a particular purpose.  See the GNU Lesser General Public
  * License for more details.
  *
  * You should have received a copy of the GNU Lesser General Public License
  * along with this library; if not, write to the Free Software Foundation,
  * Inc., 51 Franklin Street, Fifth Floor, Boston, MA
  */

 #include <windows.h>
 #include <strsafe.h>
 #include <sddl.h>

 #include "nfs41_ops.h"
 #include "delegation.h"
 #include "daemon_debug.h"
 #include "util.h"
 #include "upcall.h"
 #include "nfs41_xdr.h"

 //#define DEBUG_ACLS
 #define ACLLVL 2 /* dprintf level for acl logging */

 extern char localdomain_name[NFS41_HOSTNAME_LEN];

 static int parse_getacl(unsigned char *buffer, uint32_t length,
                         nfs41_upcall *upcall)
 {
     int status;
     getacl_upcall_args *args = &upcall->args.getacl;

     status = safe_read(&buffer, &length, &args->query, sizeof(args->query));
     if (status) goto out;

     dprintf(1, "parsing NFS41_ACL_QUERY: info_class=%d\n", args->query);
 out:
     return status;
 }

 static int create_unknownsid(WELL_KNOWN_SID_TYPE type, PSID *sid,
                              DWORD *sid_len)
 {
     int status;
     *sid_len = 0;
     *sid = NULL;

     status = CreateWellKnownSid(type, NULL, *sid, sid_len);
     dprintf(ACLLVL, "create_unknownsid: CreateWellKnownSid type %d returned %d "
             "GetLastError %d sid len %d needed\n", type, status,
             GetLastError(), *sid_len);
     if (status)
         return ERROR_INTERNAL_ERROR;
     status = GetLastError();
     if (status != ERROR_INSUFFICIENT_BUFFER)
         return status;
     *sid = malloc(*sid_len);
     if (*sid == NULL)
         return ERROR_INSUFFICIENT_BUFFER;
     status = CreateWellKnownSid(type, NULL, *sid, sid_len);
     if (status)
         return ERROR_SUCCESS;
     free(*sid);
     status = GetLastError();
     eprintf("create_unknownsid: CreateWellKnownSid failed with %d\n", status);
     return status;
 }

 static void convert_nfs4name_2_user_domain(LPSTR nfs4name,
                                            LPSTR *domain)
 {
     LPSTR p = nfs4name;
     for(; p[0] != '\0'; p++) {
         if (p[0] == '@') {
             p[0] = '\0';
             *domain = &p[1];
             break;
         }
     }
 }

 static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name)
 {
     int status = ERROR_INTERNAL_ERROR;
     SID_NAME_USE sid_type;
     LPSTR tmp_buf = NULL;
     DWORD tmp = 0;

     status = LookupAccountName(NULL, name, NULL, sid_len, NULL, &tmp, &sid_type);
     dprintf(ACLLVL, "map_name_2_sid: LookupAccountName for %s returned %d "
             "GetLastError %d name len %d domain len %d\n", name, status,
             GetLastError(), *sid_len, tmp);
     if (status)
         return ERROR_INTERNAL_ERROR;

     status = GetLastError();
     switch(status) {
     case ERROR_INSUFFICIENT_BUFFER:
         *sid = malloc(*sid_len);
         if (*sid == NULL) {
             status = GetLastError();
             goto out;
         }
         tmp_buf = (LPSTR) malloc(tmp);
         if (tmp_buf == NULL)
             goto out_free_sid;
         status = LookupAccountName(NULL, name, *sid, sid_len, tmp_buf,
                                     &tmp, &sid_type);
         free(tmp_buf);
         if (!status) {
             eprintf("map_name_2_sid: LookupAccountName for %s failed "
                     "with %d\n", name, GetLastError());
             goto out_free_sid;
         } else {
 #ifdef DEBUG_ACLS
             LPSTR ssid = NULL;
             if (IsValidSid(*sid))
                 if (ConvertSidToStringSidA(*sid, &ssid))
                     dprintf(1, "map_name_2_sid: sid_type = %d SID %s\n",
                             sid_type, ssid);
                 else
                     dprintf(1, "map_name_2_sid: ConvertSidToStringSidA failed "
                             "with %d\n", GetLastError());
             else
                 dprintf(1, "map_name_2_sid: Invalid Sid ?\n");
             if (ssid) LocalFree(ssid);
 #endif
         }
         status = ERROR_SUCCESS;
         break;
     case ERROR_NONE_MAPPED:
         status = create_unknownsid(WinNullSid, sid, sid_len);
         if (status)
             goto out_free_sid;
     }
 out:
     return status;
 out_free_sid:
     status = GetLastError();
     free(*sid);
     goto out;
 }

 static void free_sids(PSID *sids, int count)
 {
     int i;
     for(i = 0; i < count; i++)
         free(sids[i]);
     free(sids);
 }

 static int check_4_special_identifiers(char *who, PSID *sid, DWORD *sid_len,
                                        BOOLEAN *flag)
 {
     int status = ERROR_SUCCESS;
     WELL_KNOWN_SID_TYPE type = 0;
     *flag = TRUE;
     if (!strncmp(who, ACE4_OWNER, strlen(ACE4_OWNER)-1))
         type = WinCreatorOwnerSid;
     else if (!strncmp(who, ACE4_GROUP, strlen(ACE4_GROUP)-1))
         type = WinCreatorGroupSid;
     else if (!strncmp(who, ACE4_EVERYONE, strlen(ACE4_EVERYONE)-1))
         type = WinWorldSid;
     else if (!strncmp(who, ACE4_NOBODY, strlen(ACE4_NOBODY)))
         type = WinNullSid;
     else
         *flag = FALSE;
     if (*flag)
         status = create_unknownsid(type, sid, sid_len);
     return status;
 }

 static int convert_nfs4acl_2_dacl(nfsacl41 *acl, int file_type,
                                   PACL *dacl_out, PSID **sids_out)
 {
     int status = ERROR_NOT_SUPPORTED, size = 0;
     uint32_t i;
     DWORD sid_len;
     PSID *sids;
     PACL dacl;
     LPSTR domain = NULL;
     BOOLEAN flag;

     sids = malloc(acl->count * sizeof(PSID));
     if (sids == NULL) {
         status = GetLastError();
         goto out;
     }
     for (i = 0; i < acl->count; i++) {
         convert_nfs4name_2_user_domain(acl->aces[i].who, &domain);
         dprintf(ACLLVL, "handle_getacl: for user=%s domain=%s\n",
                 acl->aces[i].who, domain?domain:"<null>");
         status = check_4_special_identifiers(acl->aces[i].who, &sids[i],
                                              &sid_len, &flag);
         if (status) {
             free_sids(sids, i);
             goto out;
         }
         if (!flag) {
             status = map_name_2_sid(&sid_len, &sids[i], acl->aces[i].who);
             if (status) {
                 free_sids(sids, i);
                 goto out;
             }
         }
         size += sid_len - sizeof(DWORD);
     }
     size += sizeof(ACL) + (sizeof(ACCESS_ALLOWED_ACE)*acl->count);
     size = (size + sizeof(DWORD) - 1) & 0xfffffffc; //align size on word boundry
     dacl = malloc(size);
     if (dacl == NULL)
         goto out_free_sids;

     if (InitializeAcl(dacl, size, ACL_REVISION)) {
         ACCESS_MASK mask;
         for (i = 0; i < acl->count; i++) {
             // nfs4 acemask should be exactly the same as file access mask
             mask = acl->aces[i].acemask;
             dprintf(ACLLVL, "access mask %x ace type %s\n", mask,
                 acl->aces[i].acetype?"DENIED ACE":"ALLOWED ACE");
             if (acl->aces[i].acetype == ACE4_ACCESS_ALLOWED_ACE_TYPE) {
                 status = AddAccessAllowedAce(dacl, ACL_REVISION, mask, sids[i]);
                 if (!status) {
                     eprintf("convert_nfs4acl_2_dacl: AddAccessAllowedAce failed "
                             "with %d\n", status);
                     goto out_free_dacl;
                 }
                 else status = ERROR_SUCCESS;
             } else if (acl->aces[i].acetype == ACE4_ACCESS_DENIED_ACE_TYPE) {
                 status = AddAccessDeniedAce(dacl, ACL_REVISION, mask, sids[i]);
                 if (!status) {
                     eprintf("convert_nfs4acl_2_dacl: AddAccessDeniedAce failed "
                             "with %d\n", status);
                     goto out_free_dacl;
                 }
                 else status = ERROR_SUCCESS;
             } else {
                 eprintf("convert_nfs4acl_2_dacl: unknown acetype %d\n",
                         acl->aces[i].acetype);
                 status = ERROR_INTERNAL_ERROR;
                 free(dacl);
                 free_sids(sids, acl->count);
                 goto out;
             }
         }
     } else {
         eprintf("convert_nfs4acl_2_dacl: InitializeAcl failed with %d\n", status);
         goto out_free_dacl;
     }
     status = ERROR_SUCCESS;
     *sids_out = sids;
     *dacl_out = dacl;
 out:
     return status;
 out_free_dacl:
     free(dacl);
 out_free_sids:
     free_sids(sids, acl->count);
     status = GetLastError();
     goto out;
 }

 static int handle_getacl(nfs41_upcall *upcall)
 {
     int status = ERROR_NOT_SUPPORTED;
     getacl_upcall_args *args = &upcall->args.getacl;
     nfs41_open_state *state = upcall->state_ref;
     nfs41_file_info info = { 0 };
     bitmap4 attr_request = { 0 };
     LPSTR domain = NULL;
     SECURITY_DESCRIPTOR sec_desc;
     PACL dacl = NULL;
     PSID *sids = NULL;
     PSID osid = NULL, gsid = NULL;
     DWORD sid_len;
     char owner[NFS4_OPAQUE_LIMIT], group[NFS4_OPAQUE_LIMIT];
     nfsacl41 acl = { 0 };

     // need to cache owner/group information XX
     attr_request.count = 2;
     attr_request.arr[1] = FATTR4_WORD1_OWNER | FATTR4_WORD1_OWNER_GROUP;
     if (args->query & DACL_SECURITY_INFORMATION) {
         info.acl = &acl;
         attr_request.arr[0] |= FATTR4_WORD0_ACL;
     }
     info.owner = owner;
     info.owner_group = group;
     status = nfs41_getattr(state->session, &state->file, &attr_request, &info);
     if (status) {
         eprintf("handle_getacl: nfs41_cached_getattr() failed with %d\n",
                 status);
         goto out;
     }

     status = InitializeSecurityDescriptor(&sec_desc,
                                           SECURITY_DESCRIPTOR_REVISION);
     if (!status) {
         status = GetLastError();
         eprintf("handle_getacl: InitializeSecurityDescriptor failed with %d\n",
                 status);
         goto out;
     }
      /* can't (re)use the same sid variable for both owner and group sids
       * because security descriptor is created in absolute-form and it just
       * stores pointers to the sids. thus each owner and group needs its own
       * memory. free them after creating self-relative security descriptor.
       */
     if (args->query & OWNER_SECURITY_INFORMATION) {
         // parse user@domain. currently ignoring domain part XX
         convert_nfs4name_2_user_domain(info.owner, &domain);
         dprintf(ACLLVL, "handle_getacl: OWNER_SECURITY_INFORMATION: for user=%s "
                 "domain=%s\n", info.owner, domain?domain:"<null>");
         sid_len = 0;
         status = map_name_2_sid(&sid_len, &osid, info.owner);
         if (status)
             goto out;
         status = SetSecurityDescriptorOwner(&sec_desc, osid, TRUE);
         if (!status) {
             status = GetLastError();
             eprintf("handle_getacl: SetSecurityDescriptorOwner failed with "
                     "%d\n", status);
             goto out;
         }
     }
     if (args->query & GROUP_SECURITY_INFORMATION) {
         convert_nfs4name_2_user_domain(info.owner_group, &domain);
         dprintf(ACLLVL, "handle_getacl: GROUP_SECURITY_INFORMATION: for %s "
                 "domain=%s\n", info.owner_group, domain?domain:"<null>");
         sid_len = 0;
         status = map_name_2_sid(&sid_len, &gsid, info.owner_group);
         if (status)
             goto out;
         status = SetSecurityDescriptorGroup(&sec_desc, gsid, TRUE);
         if (!status) {
             status = GetLastError();
             eprintf("handle_getacl: SetSecurityDescriptorGroup failed with "
                     "%d\n", status);
             goto out;
         }
     }
     if (args->query & DACL_SECURITY_INFORMATION) {
         dprintf(ACLLVL, "handle_getacl: DACL_SECURITY_INFORMATION\n");
         status = convert_nfs4acl_2_dacl(info.acl, state->type, &dacl, &sids);
         if (status)
             goto out;
         status = SetSecurityDescriptorDacl(&sec_desc, TRUE, dacl, TRUE);
         if (!status) {
             status = GetLastError();
             eprintf("handle_getacl: SetSecurityDescriptorDacl failed with "
                     "%d\n", status);
             goto out;
         }
     }

     args->sec_desc_len = 0;
     status = MakeSelfRelativeSD(&sec_desc, args->sec_desc, &args->sec_desc_len);
     if (status) {
         status = ERROR_INTERNAL_ERROR;
         goto out;
     }
     status = GetLastError();
     if (status != ERROR_INSUFFICIENT_BUFFER) {
         eprintf("handle_getacl: MakeSelfRelativeSD failes with %d\n", status);
         goto out;
     }
     args->sec_desc = malloc(args->sec_desc_len);
     if (args->sec_desc == NULL) {
         status = GetLastError();
         goto out;
     }
     status = MakeSelfRelativeSD(&sec_desc, args->sec_desc, &args->sec_desc_len);
     if (!status) {
         status = GetLastError();
         eprintf("handle_getacl: MakeSelfRelativeSD failes with %d\n", status);
         free(args->sec_desc);
         goto out;
     } else status = ERROR_SUCCESS;

 out:
     if (args->query & OWNER_SECURITY_INFORMATION) {
         if (osid) free(osid);
     }
     if (args->query & GROUP_SECURITY_INFORMATION) {
         if (gsid) free(gsid);
     }
     if (args->query & DACL_SECURITY_INFORMATION) {
         if (sids) free_sids(sids, info.acl->count);
         free(dacl);
         nfsacl41_free(info.acl);
     }
     return status;
 }

 static int marshall_getacl(unsigned char *buffer, uint32_t *length,
                            nfs41_upcall *upcall)
 {
     int status = ERROR_NOT_SUPPORTED;
     getacl_upcall_args *args = &upcall->args.getacl;

     status = safe_write(&buffer, length, &args->sec_desc_len, sizeof(DWORD));
     if (status) goto out;
     status = safe_write(&buffer, length, args->sec_desc, args->sec_desc_len);
     free(args->sec_desc);
     if (status) goto out;
 out:
     return status;
 }

 const nfs41_upcall_op nfs41_op_getacl = {
     parse_getacl,
     handle_getacl,
     marshall_getacl
 };

 static int parse_setacl(unsigned char *buffer, uint32_t length,
                         nfs41_upcall *upcall)
 {
     int status;
     setacl_upcall_args *args = &upcall->args.setacl;
     ULONG sec_desc_len;

     status = safe_read(&buffer, &length, &args->query, sizeof(args->query));
     if (status) goto out;
     status = safe_read(&buffer, &length, &sec_desc_len, sizeof(ULONG));
     if (status) goto out;
     args->sec_desc = (PSECURITY_DESCRIPTOR)buffer;

     dprintf(1, "parsing NFS41_ACL_SET: info_class=%d sec_desc_len=%d\n",
             args->query, sec_desc_len);
 out:
     return status;
 }

 static int is_well_known_sid(PSID sid, char *who)
 {
     int status, i;
     for (i = 0; i < 78; i++) {
         status = IsWellKnownSid(sid, (WELL_KNOWN_SID_TYPE)i);
         if (!status) continue;
         else {
             dprintf(ACLLVL, "WELL_KNOWN_SID_TYPE %d\n", i);
             switch((WELL_KNOWN_SID_TYPE)i) {
             case WinCreatorOwnerSid:
                 memcpy(who, ACE4_OWNER, strlen(ACE4_OWNER)+1);
                 return TRUE;
             case WinNullSid:
                 memcpy(who, ACE4_NOBODY, strlen(ACE4_NOBODY)+1);
                 return TRUE;
             case WinAnonymousSid:
                 memcpy(who, ACE4_ANONYMOUS, strlen(ACE4_ANONYMOUS)+1);
                 return TRUE;
             case WinWorldSid:
                 memcpy(who, ACE4_EVERYONE, strlen(ACE4_EVERYONE)+1);
                 return TRUE;
             case WinCreatorGroupSid:
             case WinBuiltinUsersSid:
                 memcpy(who, ACE4_GROUP, strlen(ACE4_GROUP)+1);
                 return TRUE;
             case WinAuthenticatedUserSid:
                 memcpy(who, ACE4_AUTHENTICATED, strlen(ACE4_AUTHENTICATED)+1);
                 return TRUE;
             case WinDialupSid:
                 memcpy(who, ACE4_DIALUP, strlen(ACE4_DIALUP)+1);
                 return TRUE;
             case WinNetworkSid:
                 memcpy(who, ACE4_NETWORK, strlen(ACE4_NETWORK)+1);
                 return TRUE;
             case WinBatchSid:
                 memcpy(who, ACE4_BATCH, strlen(ACE4_BATCH)+1);
                 return TRUE;
             case WinInteractiveSid:
                 memcpy(who, ACE4_INTERACTIVE, strlen(ACE4_INTERACTIVE)+1);
                 return TRUE;
             case WinNetworkServiceSid:
             case WinLocalServiceSid:
             case WinServiceSid:
                 memcpy(who, ACE4_SERVICE, strlen(ACE4_SERVICE)+1);
                 return TRUE;
             default: return FALSE;
             }
         }
     }
     return FALSE;
 }

 static void map_aceflags(BYTE win_aceflags, uint32_t *nfs4_aceflags)
 {
     if (win_aceflags & OBJECT_INHERIT_ACE)
         *nfs4_aceflags |= ACE4_FILE_INHERIT_ACE;
     if (win_aceflags & CONTAINER_INHERIT_ACE)
         *nfs4_aceflags |= ACE4_DIRECTORY_INHERIT_ACE;
     if (win_aceflags & NO_PROPAGATE_INHERIT_ACE)
         *nfs4_aceflags |= ACE4_NO_PROPAGATE_INHERIT_ACE;
     if (win_aceflags & INHERIT_ONLY_ACE)
         *nfs4_aceflags |= ACE4_INHERIT_ONLY_ACE;
     if (win_aceflags & INHERITED_ACE)
         *nfs4_aceflags |= ACE4_INHERITED_ACE;
     dprintf(ACLLVL, "ACE FLAGS: %x nfs4 aceflags %x\n",
             win_aceflags, *nfs4_aceflags);
 }

 static void map_acemask(ACCESS_MASK mask, int file_type, uint32_t *nfs4_mask)
 {
     dprintf(ACLLVL, "ACE MASK: %x\n", mask);
     print_windows_access_mask(0, mask);
     /* check if any GENERIC bits set */
     if (mask & 0xf000000) {
         if (mask & GENERIC_ALL) {
             if (file_type == NF4DIR)
                 *nfs4_mask |= ACE4_ALL_DIR;
             else
                 *nfs4_mask |= ACE4_ALL_FILE;
         } else {
             if (mask & GENERIC_READ)
                 *nfs4_mask |= ACE4_GENERIC_READ;
             if (mask & GENERIC_WRITE)
                 *nfs4_mask |= ACE4_GENERIC_WRITE;
             if (mask & GENERIC_EXECUTE)
                 *nfs4_mask |= ACE4_GENERIC_EXECUTE;
         }
     }
     else /* ignoring generic and reserved bits */
         *nfs4_mask = mask & 0x00ffffff;
     print_nfs_access_mask(0, *nfs4_mask);
 }

 static int map_nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, char *who_out, char *domain)
 {
     int status = ERROR_INTERNAL_ERROR;
     DWORD size = 0, tmp_size = 0;
     SID_NAME_USE sid_type;
     LPSTR tmp_buf = NULL, who = NULL;

     /* for ace mapping, we want to map owner's sid into "owner@"
      * but for set_owner attribute we want to map owner into a user name
      * same applies to group
      */
     status = 0;
     if (owner_sid) {
         if (EqualSid(sid, owner_sid)) {
             dprintf(ACLLVL, "map_nfs4ace_who: this is owner's sid\n");
             memcpy(who_out, ACE4_OWNER, strlen(ACE4_OWNER)+1);
             return ERROR_SUCCESS;
         }
     }
     if (group_sid) {
         if (EqualSid(sid, group_sid)) {
             dprintf(ACLLVL, "map_nfs4ace_who: this is group's sid\n");
             memcpy(who_out, ACE4_GROUP, strlen(ACE4_GROUP)+1);
             return ERROR_SUCCESS;
         }
     }
     status = is_well_known_sid(sid, who_out);
     if (status) {
         if (!strncmp(who_out, ACE4_NOBODY, strlen(ACE4_NOBODY))) {
             size = (DWORD)strlen(ACE4_NOBODY);
             goto add_domain;
         }
         else
             return ERROR_SUCCESS;
     }

     status = LookupAccountSid(NULL, sid, who, &size, tmp_buf,
         &tmp_size, &sid_type);
     dprintf(ACLLVL, "map_nfs4ace_who: LookupAccountSid returned %d GetLastError "
             "%d name len %d domain len %d\n", status, GetLastError(),
             size, tmp_size);
     if (status)
         return ERROR_INTERNAL_ERROR;
     status = GetLastError();
     if (status != ERROR_INSUFFICIENT_BUFFER)
         return ERROR_INTERNAL_ERROR;
     who = malloc(size);
     if (who == NULL) {
         status = GetLastError();
         goto out;
     }
     tmp_buf = malloc(tmp_size);
     if (tmp_buf == NULL)
         goto out_free_who;
     status = LookupAccountSid(NULL, sid, who, &size, tmp_buf,
                                 &tmp_size, &sid_type);
     free(tmp_buf);
     if (!status) {
         eprintf("map_nfs4ace_who: LookupAccountSid failed with %d\n",
                 GetLastError());
         goto out_free_who;
     }
     memcpy(who_out, who, size);
 add_domain:
     memcpy(who_out+size, "@", sizeof(char));
     memcpy(who_out+size+1, domain, strlen(domain)+1);
     dprintf(ACLLVL, "map_nfs4ace_who: who=%s\n", who_out);
     if (who) free(who);
     status = ERROR_SUCCESS;
 out:
     return status;
 out_free_who:
     free(who);
     status = GetLastError();
     goto out;
 }
 static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl,
                                 int file_type, char *domain)
 {
     int status;
     if (acl == NULL) {
         dprintf(ACLLVL, "this is a NULL dacl: all access to an object\n");
         nfs4_acl->count = 1;
         nfs4_acl->aces = calloc(1, sizeof(nfsace4));
         if (nfs4_acl->aces == NULL) {
             status = GetLastError();
             goto out;
         }
         nfs4_acl->flag = 0;
         memcpy(nfs4_acl->aces->who, ACE4_EVERYONE, strlen(ACE4_EVERYONE)+1);
         nfs4_acl->aces->acetype = ACE4_ACCESS_ALLOWED_ACE_TYPE;
         if (file_type == NF4DIR)
             nfs4_acl->aces->acemask = ACE4_ALL_DIR;
         else
             nfs4_acl->aces->acemask = ACE4_ALL_FILE;
         nfs4_acl->aces->aceflag = 0;
     } else {
         int i;
         PACE_HEADER ace;
         PBYTE tmp_pointer;

         dprintf(ACLLVL, "NON-NULL dacl with %d ACEs\n", acl->AceCount);
         print_hexbuf_no_asci(3, (unsigned char *)"ACL\n",
                             (unsigned char *)acl, acl->AclSize);
         nfs4_acl->count = acl->AceCount;
         nfs4_acl->aces = calloc(nfs4_acl->count, sizeof(nfsace4));
         if (nfs4_acl->aces == NULL) {
             status = GetLastError();
             goto out;
         }
         nfs4_acl->flag = 0;
         for (i = 0; i < acl->AceCount; i++) {
             status = GetAce(acl, i, &ace);
             if (!status) {
                 status = GetLastError();
                 eprintf("map_dacl_2_nfs4acl: GetAce failed with %d\n", status);
                 goto out_free;
             }
             tmp_pointer = (PBYTE)ace;
             print_hexbuf_no_asci(3, (unsigned char *)"ACE\n",
                                     (unsigned char *)ace, ace->AceSize);
             dprintf(ACLLVL, "ACE TYPE: %x\n", ace->AceType);
             if (ace->AceType == ACCESS_ALLOWED_ACE_TYPE)
                 nfs4_acl->aces[i].acetype = ACE4_ACCESS_ALLOWED_ACE_TYPE;
             else if (ace->AceType == ACCESS_DENIED_ACE_TYPE)
                 nfs4_acl->aces[i].acetype = ACE4_ACCESS_DENIED_ACE_TYPE;
             else {
                 eprintf("map_dacl_2_nfs4acl: unsupported ACE type %d\n",
                     ace->AceType);
                 status = ERROR_NOT_SUPPORTED;
                 goto out_free;
             }

             map_aceflags(ace->AceFlags, &nfs4_acl->aces[i].aceflag);
             map_acemask(*(PACCESS_MASK)(ace + 1), file_type,
                         &nfs4_acl->aces[i].acemask);

             tmp_pointer += sizeof(ACCESS_MASK) + sizeof(ACE_HEADER);
             status = map_nfs4ace_who(tmp_pointer, sid, gsid, nfs4_acl->aces[i].who,
                                      domain);
             if (status)
                 goto out_free;
         }
     }
     status = ERROR_SUCCESS;
 out:
     return status;
 out_free:
     free(nfs4_acl->aces);
     goto out;
 }

 static int handle_setacl(nfs41_upcall *upcall)
 {
     int status = ERROR_NOT_SUPPORTED;
     setacl_upcall_args *args = &upcall->args.setacl;
     nfs41_open_state *state = upcall->state_ref;
     nfs41_file_info info = { 0 };
     stateid_arg stateid;
     nfsacl41 nfs4_acl = { 0 };
     PSID sid = NULL, gsid = NULL;
     BOOL sid_default, gsid_default;

     if (args->query & OWNER_SECURITY_INFORMATION) {
         char owner[NFS4_OPAQUE_LIMIT];
         dprintf(ACLLVL, "handle_setacl: OWNER_SECURITY_INFORMATION\n");
         status = GetSecurityDescriptorOwner(args->sec_desc, &sid, &sid_default);
         if (!status) {
             status = GetLastError();
             eprintf("GetSecurityDescriptorOwner failed with %d\n", status);
             goto out;
         }
         info.owner = owner;
         status = map_nfs4ace_who(sid, NULL, NULL, info.owner, localdomain_name);
         if (status)
             goto out;
         else {
             info.attrmask.arr[1] |= FATTR4_WORD1_OWNER;
             info.attrmask.count = 2;
         }
     }
     if (args->query & GROUP_SECURITY_INFORMATION) {
         char group[NFS4_OPAQUE_LIMIT];
         dprintf(ACLLVL, "handle_setacl: GROUP_SECURITY_INFORMATION\n");
         status = GetSecurityDescriptorGroup(args->sec_desc, &sid, &sid_default);
         if (!status) {
             status = GetLastError();
             eprintf("GetSecurityDescriptorOwner failed with %d\n", status);
             goto out;
         }
         info.owner_group = group;
         status = map_nfs4ace_who(sid, NULL, NULL, info.owner_group,
                                  localdomain_name);
         if (status)
             goto out;
         else {
             info.attrmask.arr[1] |= FATTR4_WORD1_OWNER_GROUP;
             info.attrmask.count = 2;
         }
     }
     if (args->query & DACL_SECURITY_INFORMATION) {
         BOOL dacl_present, dacl_default;
         PACL acl;
         dprintf(ACLLVL, "handle_setacl: DACL_SECURITY_INFORMATION\n");
         status = GetSecurityDescriptorDacl(args->sec_desc, &dacl_present,
                                             &acl, &dacl_default);
         if (!status) {
             status = GetLastError();
             eprintf("GetSecurityDescriptorDacl failed with %d\n", status);
             goto out;
         }
         status = GetSecurityDescriptorOwner(args->sec_desc, &sid, &sid_default);
         if (!status) {
             status = GetLastError();
             eprintf("GetSecurityDescriptorOwner failed with %d\n", status);
             goto out;
         }
         status = GetSecurityDescriptorGroup(args->sec_desc, &gsid, &gsid_default);
         if (!status) {
             status = GetLastError();
             eprintf("GetSecurityDescriptorOwner failed with %d\n", status);
             goto out;
         }
         status = map_dacl_2_nfs4acl(acl, sid, gsid, &nfs4_acl, state->type,
                                     localdomain_name);
         if (status)
             goto out;
         else {
             info.acl = &nfs4_acl;
             info.attrmask.arr[0] |= FATTR4_WORD0_ACL;
             if (!info.attrmask.count)
                 info.attrmask.count = 1;
         }
     }

     /* break read delegations before SETATTR */
     nfs41_delegation_return(state->session, &state->file,
         OPEN_DELEGATE_WRITE, FALSE);

     nfs41_open_stateid_arg(state, &stateid);
     status = nfs41_setattr(state->session, &state->file, &stateid, &info);
     if (status) {
         dprintf(ACLLVL, "handle_setacl: nfs41_setattr() failed with error %s.\n",
                 nfs_error_string(status));
         status = nfs_to_windows_error(status, ERROR_NOT_SUPPORTED);
     }
     args->ctime = info.change;
     if (args->query & DACL_SECURITY_INFORMATION)
         free(nfs4_acl.aces);
 out:
     return status;
 }

 static int marshall_setacl(unsigned char *buffer, uint32_t *length, nfs41_upcall *upcall)
 {
     setacl_upcall_args *args = &upcall->args.setacl;
     return safe_write(&buffer, length, &args->ctime, sizeof(args->ctime));
 }

 const nfs41_upcall_op nfs41_op_setacl = {
     parse_setacl,
     handle_setacl,
     marshall_setacl
 };
_SECURITY_DESCRIPTOR
Definition: ms-dtyp.idl:301

PSECURITY_DESCRIPTOR
struct _SECURITY_DESCRIPTOR * PSECURITY_DESCRIPTOR
Definition: security.c:97

__nfsacl41
Definition: nfs41_types.h:137

__nfs41_file_info
Definition: nfs41_types.h:208

nfs_to_windows_error
int nfs_to_windows_error(int status, int default_error)
Definition: util.c:235

map_name_2_sid
static int map_name_2_sid(DWORD *sid_len, PSID *sid, LPCSTR name)
Definition: acl.c:93

GENERIC_ALL
#define GENERIC_ALL
Definition: nt_native.h:92

MakeSelfRelativeSD
BOOL WINAPI MakeSelfRelativeSD(PSECURITY_DESCRIPTOR pAbsoluteSecurityDescriptor, PSECURITY_DESCRIPTOR pSelfRelativeSecurityDescriptor, LPDWORD lpdwBufferLength)
Definition: sec.c:214

nfs41_setattr
int nfs41_setattr(IN nfs41_session *session, IN nfs41_path_fh *file, IN stateid_arg *stateid, IN nfs41_file_info *info)
Definition: nfs41_ops.c:1351

SetSecurityDescriptorDacl
BOOL WINAPI SetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, BOOL bDaclPresent, PACL pDacl, BOOL bDaclDefaulted)
Definition: sec.c:262

__nfsace4::acemask
uint32_t acemask
Definition: nfs41_types.h:133

SID_NAME_USE
enum _SID_NAME_USE SID_NAME_USE

ERROR_SUCCESS
#define ERROR_SUCCESS
Definition: deptool.c:10

_SID
Definition: ms-dtyp.idl:198

ERROR_INTERNAL_ERROR
#define ERROR_INTERNAL_ERROR
Definition: winerror.h:840

InitializeAcl
BOOL WINAPI InitializeAcl(PACL pAcl, DWORD nAclLength, DWORD dwAclRevision)
Definition: security.c:1008

nfsacl41_free
void nfsacl41_free(nfsacl41 *acl)
Definition: nfs41_xdr.c:335

_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215

map_dacl_2_nfs4acl
static int map_dacl_2_nfs4acl(PACL acl, PSID sid, PSID gsid, nfsacl41 *nfs4_acl, int file_type, char *domain)
Definition: acl.c:614

strlen
ACPI_SIZE strlen(const char *String)
Definition: utclib.c:269

TRUE
#define TRUE
Definition: types.h:120

ACE4_GROUP
#define ACE4_GROUP
Definition: nfs41_const.h:382

_ACL::AclSize
USHORT AclSize
Definition: ms-dtyp.idl:296

_ACL
Definition: ms-dtyp.idl:293

ACE4_BATCH
#define ACE4_BATCH
Definition: nfs41_const.h:387

map_nfs4ace_who
static int map_nfs4ace_who(PSID sid, PSID owner_sid, PSID group_sid, char *who_out, char *domain)
Definition: acl.c:538

InitializeSecurityDescriptor
BOOL WINAPI InitializeSecurityDescriptor(PSECURITY_DESCRIPTOR pSecurityDescriptor, DWORD dwRevision)
Definition: security.c:931

EqualSid
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:831

__nfsace4::who
char who[NFS4_OPAQUE_LIMIT]
Definition: nfs41_types.h:134

count
GLuint GLuint GLsizei count
Definition: gl.h:1545

free_sids
static void free_sids(PSID *sids, int count)
Definition: acl.c:155

free
#define free
Definition: debug_ros.c:5

ERROR_NONE_MAPPED
#define ERROR_NONE_MAPPED
Definition: winerror.h:814

ACE4_NOBODY
#define ACE4_NOBODY
Definition: nfs41_const.h:391

AddAccessAllowedAce
BOOL WINAPI AddAccessAllowedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:1041

print_hexbuf_no_asci
void print_hexbuf_no_asci(int level, unsigned char *title, unsigned char *buf, int len)
Definition: daemon_debug.c:112

ACE4_ALL_DIR
#define ACE4_ALL_DIR
Definition: nfs41_const.h:350

ACE4_GENERIC_EXECUTE
#define ACE4_GENERIC_EXECUTE
Definition: nfs41_const.h:360

marshall_setacl
static int marshall_setacl(unsigned char *buffer, uint32_t *length, nfs41_upcall *upcall)
Definition: acl.c:791

check_4_special_identifiers
static int check_4_special_identifiers(char *who, PSID *sid, DWORD *sid_len, BOOLEAN *flag)
Definition: acl.c:163

sid
FT_UInt sid
Definition: cffcmap.c:139

GetLastError
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1040

eprintf
void eprintf(LPCSTR format,...)
Definition: daemon_debug.c:86

buffer
GLuint buffer
Definition: glext.h:5915

__setacl_upcall_args
Definition: upcall.h:169

GROUP_SECURITY_INFORMATION
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124

NO_PROPAGATE_INHERIT_ACE
#define NO_PROPAGATE_INHERIT_ACE
Definition: setypes.h:748

info
Definition: notification.c:60

LPSTR
char * LPSTR
Definition: xmlstorage.h:182

OPEN_DELEGATE_WRITE
Definition: nfs41_ops.h:588

__bitmap4::arr
uint32_t arr[3]
Definition: nfs41_types.h:97

print_nfs_access_mask
void print_nfs_access_mask(int on, int m)
Definition: daemon_debug.c:640

args
Definition: match.c:390

_ACL::AceCount
USHORT AceCount
Definition: ms-dtyp.idl:297

DWORD
#define DWORD
Definition: nt_native.h:44

ACE4_OWNER
#define ACE4_OWNER
Definition: nfs41_const.h:381

info::count
unsigned int count
Definition: notification.c:64

GetSecurityDescriptorGroup
BOOL WINAPI GetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pGroup, LPBOOL lpbGroupDefaulted)
Definition: sec.c:76

FATTR4_WORD0_ACL
Definition: nfs41_const.h:225

SetSecurityDescriptorOwner
BOOL WINAPI SetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pOwner, BOOL bOwnerDefaulted)
Definition: sec.c:312

handle_setacl
static int handle_setacl(nfs41_upcall *upcall)
Definition: acl.c:690

__nfs41_upcall_op
Definition: upcall.h:218

domain
Definition: cookie.c:41

SECURITY_DESCRIPTOR_REVISION
#define SECURITY_DESCRIPTOR_REVISION
Definition: setypes.h:58

LookupAccountSid
#define LookupAccountSid
Definition: winbase.h:3738

convert_nfs4acl_2_dacl
static int convert_nfs4acl_2_dacl(nfsacl41 *acl, int file_type, PACL *dacl_out, PSID **sids_out)
Definition: acl.c:184

_ACE_HEADER::AceSize
USHORT AceSize
Definition: ms-dtyp.idl:212

nfs41_ops.h

ACE4_INHERIT_ONLY_ACE
#define ACE4_INHERIT_ONLY_ACE
Definition: nfs41_const.h:374

mask
GLenum GLint GLuint mask
Definition: glext.h:6028

NF4DIR
Definition: nfs41_const.h:295

FALSE
#define FALSE
Definition: types.h:117

print_windows_access_mask
void print_windows_access_mask(int on, ACCESS_MASK m)
Definition: daemon_debug.c:570

BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94

NFS41_HOSTNAME_LEN
#define NFS41_HOSTNAME_LEN
Definition: nfs41_const.h:48

dprintf
#define dprintf
Definition: regdump.c:33

GENERIC_WRITE
#define GENERIC_WRITE
Definition: nt_native.h:90

FATTR4_WORD1_OWNER
Definition: nfs41_const.h:248

__getacl_upcall_args
Definition: upcall.h:163

length
GLenum GLuint GLenum GLsizei length
Definition: glext.h:5579

__bitmap4::count
uint32_t count
Definition: nfs41_types.h:96

handle_getacl
static int handle_getacl(nfs41_upcall *upcall)
Definition: acl.c:274

NFS4_OPAQUE_LIMIT
#define NFS4_OPAQUE_LIMIT
Definition: nfs41_const.h:31

BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185

SetSecurityDescriptorGroup
BOOL WINAPI SetSecurityDescriptorGroup(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID pGroup, BOOL bGroupDefaulted)
Definition: sec.c:288

ACL
struct _ACL ACL

ACE4_GENERIC_READ
#define ACE4_GENERIC_READ
Definition: nfs41_const.h:356

nfs41_open_stateid_arg
void nfs41_open_stateid_arg(IN nfs41_open_state *state, OUT struct __stateid_arg *arg)

add_domain
static struct domain * add_domain(struct session *session, WCHAR *name)
Definition: cookie.c:48

daemon_debug.h

FATTR4_WORD1_OWNER_GROUP
Definition: nfs41_const.h:249

LPCSTR
const char * LPCSTR
Definition: xmlstorage.h:183

nfs41_getattr
int nfs41_getattr(IN nfs41_session *session, IN OPTIONAL nfs41_path_fh *file, IN bitmap4 *attr_request, OUT nfs41_file_info *info)
Definition: nfs41_ops.c:1063

GetSecurityDescriptorDacl
BOOL WINAPI GetSecurityDescriptorDacl(PSECURITY_DESCRIPTOR pSecurityDescriptor, LPBOOL lpbDaclPresent, PACL *pDacl, LPBOOL lpbDaclDefaulted)
Definition: sec.c:45

nfs41_xdr.h

_ACE_HEADER
Definition: ms-dtyp.idl:209

parse_setacl
static int parse_setacl(unsigned char *buffer, uint32_t length, nfs41_upcall *upcall)
Definition: acl.c:426

group
GLboolean GLuint group
Definition: glext.h:11120

CONTAINER_INHERIT_ACE
#define CONTAINER_INHERIT_ACE
Definition: setypes.h:747

ACE4_DIALUP
#define ACE4_DIALUP
Definition: nfs41_const.h:386

size
GLsizeiptr size
Definition: glext.h:5919

AddAccessDeniedAce
BOOL WINAPI AddAccessDeniedAce(PACL pAcl, DWORD dwAceRevision, DWORD AccessMask, PSID pSid)
Definition: security.c:1092

__nfsace4::acetype
uint32_t acetype
Definition: nfs41_types.h:131

delegation.h

ACE4_FILE_INHERIT_ACE
#define ACE4_FILE_INHERIT_ACE
Definition: nfs41_const.h:371

ACE4_NETWORK
#define ACE4_NETWORK
Definition: nfs41_const.h:385

__nfsacl41::aces
nfsace4 * aces
Definition: nfs41_types.h:139

marshall_getacl
static int marshall_getacl(unsigned char *buffer, uint32_t *length, nfs41_upcall *upcall)
Definition: acl.c:405

dacl
Definition: security.c:35

__nfsace4
Definition: nfs41_types.h:130

nfs41_delegation_return
int nfs41_delegation_return(IN nfs41_session *session, IN nfs41_path_fh *file, IN enum open_delegation_type4 access, IN bool_t truncate)
Definition: delegation.c:629

strncmp
int strncmp(const char *String1, const char *String2, ACPI_SIZE Count)
Definition: utclib.c:534

out
static FILE * out
Definition: regtests2xml.c:44

convert_nfs4name_2_user_domain
static void convert_nfs4name_2_user_domain(LPSTR nfs4name, LPSTR *domain)
Definition: acl.c:80

DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95

ACCESS_ALLOWED_ACE_TYPE
#define ACCESS_ALLOWED_ACE_TYPE
Definition: setypes.h:717

safe_write
int safe_write(unsigned char **pos, uint32_t *remaining, void *src, uint32_t src_len)
Definition: util.c:44

nfs_error_string
const char * nfs_error_string(int status)
Definition: daemon_debug.c:370

file_type
FD_TYPE file_type(FDSC **curr, char *fixed)
Definition: file.c:221

ACCESS_DENIED_ACE_TYPE
#define ACCESS_DENIED_ACE_TYPE
Definition: setypes.h:718

ConvertSidToStringSidA
BOOL WINAPI ConvertSidToStringSidA(PSID Sid, LPSTR *StringSid)
Definition: security.c:3436

flag
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean flag
Definition: glfuncs.h:52

parse_getacl
static int parse_getacl(unsigned char *buffer, uint32_t length, nfs41_upcall *upcall)
Definition: acl.c:38

ACE4_GENERIC_WRITE
#define ACE4_GENERIC_WRITE
Definition: nfs41_const.h:358

state
static int state
Definition: maze.c:121

__nfsacl41::count
uint32_t count
Definition: nfs41_types.h:140

nfs41_op_getacl
const nfs41_upcall_op nfs41_op_getacl
Definition: acl.c:420

memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878

nfs41_op_setacl
const nfs41_upcall_op nfs41_op_setacl
Definition: acl.c:797

GENERIC_READ
#define GENERIC_READ
Definition: compat.h:135

__stateid_arg
Definition: nfs41_ops.h:283

ACLLVL
#define ACLLVL
Definition: acl.c:34

BYTE
unsigned char BYTE
Definition: xxhash.c:193

ACE4_DIRECTORY_INHERIT_ACE
#define ACE4_DIRECTORY_INHERIT_ACE
Definition: nfs41_const.h:372

ACE4_ACCESS_DENIED_ACE_TYPE
#define ACE4_ACCESS_DENIED_ACE_TYPE
Definition: nfs41_const.h:319

util.h

upcall.h

i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248

ACE4_SERVICE
#define ACE4_SERVICE
Definition: nfs41_const.h:390

__bitmap4
Definition: nfs41_types.h:95

WELL_KNOWN_SID_TYPE
WELL_KNOWN_SID_TYPE
Definition: setypes.h:455

GetSecurityDescriptorOwner
BOOL WINAPI GetSecurityDescriptorOwner(PSECURITY_DESCRIPTOR pSecurityDescriptor, PSID *pOwner, LPBOOL lpbOwnerDefaulted)
Definition: sec.c:103

GetAce
BOOL WINAPI GetAce(PACL pAcl, DWORD dwAceIndex, LPVOID *pAce)
Definition: security.c:1188

ACE4_EVERYONE
#define ACE4_EVERYONE
Definition: nfs41_const.h:383

__nfs41_upcall
Definition: upcall.h:193

LocalFree
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577

ACE4_ACCESS_ALLOWED_ACE_TYPE
#define ACE4_ACCESS_ALLOWED_ACE_TYPE
Definition: nfs41_const.h:318

is_well_known_sid
static int is_well_known_sid(PSID sid, char *who)
Definition: acl.c:445

INHERITED_ACE
#define INHERITED_ACE
Definition: ph.h:47

OWNER_SECURITY_INFORMATION
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123

NULL
#define NULL
Definition: types.h:112

uint32_t
UINT32 uint32_t
Definition: types.h:75

strsafe.h

ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39

upcall
nfs41_updowncall_list upcall
Definition: nfs41_driver.c:273

ERROR_NOT_SUPPORTED
#define ERROR_NOT_SUPPORTED
Definition: compat.h:100

__nfs41_open_state
Definition: nfs41.h:127

name
Definition: name.c:38

calloc
#define calloc
Definition: rosglue.h:14

ACE4_ANONYMOUS
#define ACE4_ANONYMOUS
Definition: nfs41_const.h:388

ULONG
unsigned int ULONG
Definition: retypes.h:1

PACCESS_MASK
ACCESS_MASK * PACCESS_MASK
Definition: nt_native.h:41

ACE4_AUTHENTICATED
#define ACE4_AUTHENTICATED
Definition: nfs41_const.h:389

safe_read
int safe_read(unsigned char **pos, uint32_t *remaining, void *dest, uint32_t dest_len)
Definition: util.c:33

malloc
#define malloc
Definition: debug_ros.c:4

IsValidSid
BOOL WINAPI IsValidSid(PSID pSid)
Definition: security.c:821

map_aceflags
static void map_aceflags(BYTE win_aceflags, uint32_t *nfs4_aceflags)
Definition: acl.c:497

INHERIT_ONLY_ACE
#define INHERIT_ONLY_ACE
Definition: setypes.h:749

IsWellKnownSid
BOOL WINAPI IsWellKnownSid(IN PSID pSid, IN WELL_KNOWN_SID_TYPE WellKnownSidType)
Definition: security.c:798

type
GLuint GLuint GLsizei GLenum type
Definition: gl.h:1545

p
GLfloat GLfloat p
Definition: glext.h:8902

__nfsace4::aceflag
uint32_t aceflag
Definition: nfs41_types.h:132

ACE4_NO_PROPAGATE_INHERIT_ACE
#define ACE4_NO_PROPAGATE_INHERIT_ACE
Definition: nfs41_const.h:373

GENERIC_EXECUTE
#define GENERIC_EXECUTE
Definition: nt_native.h:91

CreateWellKnownSid
BOOL WINAPI CreateWellKnownSid(IN WELL_KNOWN_SID_TYPE WellKnownSidType, IN PSID DomainSid OPTIONAL, OUT PSID pSid, IN OUT DWORD *cbSid)
Definition: security.c:724

ACE4_INTERACTIVE
#define ACE4_INTERACTIVE
Definition: nfs41_const.h:384

status
static SERVICE_STATUS status
Definition: service.c:31

PBYTE
BYTE * PBYTE
Definition: pedump.c:66

create_unknownsid
static int create_unknownsid(WELL_KNOWN_SID_TYPE type, PSID *sid, DWORD *sid_len)
Definition: acl.c:52

OBJECT_INHERIT_ACE
#define OBJECT_INHERIT_ACE
Definition: setypes.h:746

ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40

sddl.h

DACL_SECURITY_INFORMATION
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125

LookupAccountName
#define LookupAccountName
Definition: winbase.h:3737

ACE4_INHERITED_ACE
#define ACE4_INHERITED_ACE
Definition: nfs41_const.h:378

localdomain_name
char localdomain_name[NFS41_HOSTNAME_LEN]
Definition: nfs41_daemon.c:49

__nfsacl41::flag
uint32_t flag
Definition: nfs41_types.h:138

map_acemask
static void map_acemask(ACCESS_MASK mask, int file_type, uint32_t *nfs4_mask)
Definition: acl.c:513

ERROR_INSUFFICIENT_BUFFER
#define ERROR_INSUFFICIENT_BUFFER
Definition: dderror.h:10

ACE4_ALL_FILE
#define ACE4_ALL_FILE
Definition: nfs41_const.h:345

status
Definition: ps.c:97