source4/ntvfs/posix/pvfs_acl_xattr.c

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    POSIX NTVFS backend - NT ACLs in xattrs
   5
   6    Copyright (C) Andrew Tridgell 2006
   7
   8    This program is free software; you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #include "includes.h"
  23 #include "vfs_posix.h"
  24 #include "../lib/util/unix_privs.h"
  25 #include "librpc/gen_ndr/ndr_xattr.h"
  26
  27 NTSTATUS pvfs_acl_xattr_init(TALLOC_CTX *);
  28
  29 /*
  30   load the current ACL from extended attributes
  31 */
  32 static NTSTATUS pvfs_acl_load_xattr(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd,
  33                                     TALLOC_CTX *mem_ctx,
  34                                     struct security_descriptor **sd)
  35 {
  36         NTSTATUS status;
  37         struct xattr_NTACL *acl;
  38
  39         if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE)) {
  40                 return NT_STATUS_NOT_FOUND;
  41         }
  42
  43         acl = talloc_zero(mem_ctx, struct xattr_NTACL);
  44         NT_STATUS_HAVE_NO_MEMORY(acl);
  45
  46         status = pvfs_xattr_ndr_load(pvfs, mem_ctx, name->full_name, fd,
  47                                      XATTR_NTACL_NAME,
  48                                      acl, (void *) ndr_pull_xattr_NTACL);
  49
  50         if (!NT_STATUS_IS_OK(status)) {
  51                 talloc_free(acl);
  52                 return status;
  53         }
  54
  55         if (acl->version != 1) {
  56                 talloc_free(acl);
  57                 return NT_STATUS_INVALID_ACL;
  58         }
  59
  60         *sd = talloc_steal(mem_ctx, acl->info.sd);
  61
  62         return NT_STATUS_OK;
  63 }
  64
  65 /*
  66   save the acl for a file into filesystem xattr
  67 */
  68 static NTSTATUS pvfs_acl_save_xattr(struct pvfs_state *pvfs, struct pvfs_filename *name, int fd,
  69                                     struct security_descriptor *sd)
  70 {
  71         NTSTATUS status;
  72         void *privs;
  73         struct xattr_NTACL acl;
  74
  75         if (!(pvfs->flags & PVFS_FLAG_XATTR_ENABLE)) {
  76                 return NT_STATUS_OK;
  77         }
  78
  79         acl.version = 1;
  80         acl.info.sd = sd;
  81
  82         /* this xattr is in the "system" namespace, so we need
  83            admin privileges to set it */
  84         privs = root_privileges();
  85         status = pvfs_xattr_ndr_save(pvfs, name->full_name, fd,
  86                                      XATTR_NTACL_NAME,
  87                                      &acl, (void *) ndr_push_xattr_NTACL);
  88         talloc_free(privs);
  89         return status;
  90 }
  91
  92
  93 /*
  94   initialise pvfs acl xattr backend
  95 */
  96 NTSTATUS pvfs_acl_xattr_init(TALLOC_CTX *ctx)
  97 {
  98         struct pvfs_acl_ops ops = {
  99                 .name = "xattr",
 100                 .acl_load = pvfs_acl_load_xattr,
 101                 .acl_save = pvfs_acl_save_xattr
 102         };
 103         return pvfs_acl_register(ctx, &ops);
 104 }