[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Mon Jun 24 20:06:02 UTC 2019
The branch, master has been updated
via 05667d36de7 s3: torture: Add POSIX-ACL-OPLOCK test to check interaction of posix ACL operations with an oplocked Windows handle.
via 78bdbfbf54f s3: smbd: Posix ACLs. Now we know we have a handle, always use VFS_FCHMOD instead of VFS_CHMOD.
via 644ab10b04a s3: modules: Fruit. Now we know we have a handle, always use VFS_FCHMOD instead of VFS_CHMOD.
via bd203e98f84 s3: smbd: If smbd_do_qfilepathinfo() causes an oplock or lease break, we must check for deferred open here.
via 147ce70eeaf s3: smbd: Make set_unix_posix_default_acl() take an fsp argument, not smb_fname.
via 77454ecfbd8 s3: smbd: Add default ACLS can only be set on directory check to smb_set_posix_acl().
via 503e1243d2c s3: smbd: Only pass fsp to remove_posix_acl(). No longer uses smb_fname.
via caa4024a91a s3: smbd: Only pass fsp to set_unix_posix_acl(). No longer uses smb_fname.
via 681f0f23372 s3: smbd: Change set_unix_posix_default_acl() to return NTSTATUS.
via 763b52d2377 s3: smbd: Cleanup - make set_unix_posix_default_acl() use modern coding standards.
via 0b496fd9059 s3: smbd: Make set_unix_posix_acl() return NTSTATUS.
via e626cb70fd4 s3: smbd: Cleanup - make remove_posix_acl() return NTSTATUS.
via 5210ff66a67 s3: smbd: Cleanup - make set_unix_posix_acl() use modern coding standards.
via 59de452810c s3: smbd: Cleanup - make remove_posix_acl() use modern coding standards.
via 18c95f0470b s3: smbd: Fix smb_query_posix_acl() to always use fsp handle.
via 7c57544b069 s3: smbd: Plumb through struct smb_request *req parameter so it can be used by smb_query_posix_acl().
via c9f55b782db s3: smbd: Fix smb_query_posix_acl() to use modern coding standards.
via 4772377b075 s3: smbd: Factor out code into a separate function smb_query_posix_acl().
via 72605195010 s3: smbd: Now we always have a handle in smb_set_posix_acl(), use it instead of smb_fname.
via bf743b01d8d s3: smbd: Update smb_set_posix_acl() to always use an open file handle.
via df7cec42f01 s3: smbd: Add get_posix_fsp() utility function. Not yet used.
via d6b46c03537 s3: smbd: Clarify logic with helper variables in smb_set_posix_acl()
via 42712ccb876 s3: smbd: Make data offset use clearer in smb_set_posix_acl()
via 0adbbb8e547 s3: smbd: Add correct wrap checks to smb_set_posix_acl().
via 419debdf659 s3: smbd: Update smb_set_posix_acl() to have only one exit path.
via 21eaeafec0a s3: smbd: Update smb_set_posix_acl() argument list to prepare for handle open.
via 4afdc25e7f9 s3: smbd: Update smb_set_posix_acl() to modern coding standards.
via 2da9e1cecc6 s3: torture: Fix a debug typo.
via 56c9ad12ee3 s3: smbd: Ensure open for security descriptor access actually opens an fd.
from 4f32983ea8a py3: Remove duplicated PyUnicode_Check() after the py3 compat macros were removed
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 05667d36de78cbc73ed8e182525149b88c1a00c8
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jun 19 11:32:18 2019 -0700
s3: torture: Add POSIX-ACL-OPLOCK test to check interaction of posix ACL operations with an oplocked Windows handle.
(Spoiler alert, it breaks the oplock :-).
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Jun 24 20:05:34 UTC 2019 on sn-devel-184
commit 78bdbfbf54f8cecea37d8a109e8dcfc7761a196a
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jun 20 11:43:17 2019 -0700
s3: smbd: Posix ACLs. Now we know we have a handle, always use VFS_FCHMOD instead of VFS_CHMOD.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 644ab10b04ad83775de4622937877c55a5f6cfa9
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jun 20 11:42:42 2019 -0700
s3: modules: Fruit. Now we know we have a handle, always use VFS_FCHMOD instead of VFS_CHMOD.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit bd203e98f84109899704ac86ebcfe9a0fe394d32
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jun 19 11:23:41 2019 -0700
s3: smbd: If smbd_do_qfilepathinfo() causes an oplock or lease break, we must check for deferred open here.
Note this isn't an issue in SMB2, as no SMB2 info level requests
called by smbd_do_qfilepathinfo()/smbd_do_setfilepathinfo() from
SMB2 can cause a oplock or lease break.
The SMB1 trans2.c: calling of smbd_do_setfilepathinfo()
correctly copes with this, this was just missed in the
SMB1 call of smbd_do_qfilepathinfo().
Needed for the following POSIX ACL query interacting
with Windows oplock file test to follow.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 147ce70eeaf71d4aae0cb7af1f556e1404eaeb2c
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 18 15:36:58 2019 -0700
s3: smbd: Make set_unix_posix_default_acl() take an fsp argument, not smb_fname.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 77454ecfbd8f9ac662aaaf47579927073f494552
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 18 15:29:25 2019 -0700
s3: smbd: Add default ACLS can only be set on directory check to smb_set_posix_acl().
This was already being checked in the lower layer,
so no change in behavior, just an efficiency and
clarity change.
Just move an extra check here so we refuse the
set if a default ACL is sent on a file object
before we go into the lower layers.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 503e1243d2c06b16aedbd1068dbf1da37ddd176f
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 18 15:21:47 2019 -0700
s3: smbd: Only pass fsp to remove_posix_acl(). No longer uses smb_fname.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit caa4024a91a5f950aa57b76e05d06efb235c14c2
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 18 15:18:47 2019 -0700
s3: smbd: Only pass fsp to set_unix_posix_acl(). No longer uses smb_fname.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 681f0f233720b470ad80db80da480237fbc9a665
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 18 15:14:53 2019 -0700
s3: smbd: Change set_unix_posix_default_acl() to return NTSTATUS.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 763b52d237763e90e67f5061050f99a92ed7901c
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 18 15:09:34 2019 -0700
s3: smbd: Cleanup - make set_unix_posix_default_acl() use modern coding standards.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 0b496fd9059ac743dec9a64cb100320ea5b31399
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 18 15:03:28 2019 -0700
s3: smbd: Make set_unix_posix_acl() return NTSTATUS.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit e626cb70fd40ee5b5911d17a74dd8e6e7b0f183b
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 18 14:55:37 2019 -0700
s3: smbd: Cleanup - make remove_posix_acl() return NTSTATUS.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 5210ff66a67bfb5a7624a097cf09910a7ae38785
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 18 14:48:22 2019 -0700
s3: smbd: Cleanup - make set_unix_posix_acl() use modern coding standards.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 59de452810c2c0a88c7b382e1ac24902355d717b
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 18 14:44:03 2019 -0700
s3: smbd: Cleanup - make remove_posix_acl() use modern coding standards.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 18c95f0470b7b3d581f8a6454dc1473d9a911b5e
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 18 14:14:31 2019 -0700
s3: smbd: Fix smb_query_posix_acl() to always use fsp handle.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 7c57544b06948384015780b6cb35e61b0be6436f
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 18 13:11:51 2019 -0700
s3: smbd: Plumb through struct smb_request *req parameter so it can be used by smb_query_posix_acl().
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit c9f55b782dbde399fe6283e9d434c1dca770a5f5
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 18 11:24:12 2019 -0700
s3: smbd: Fix smb_query_posix_acl() to use modern coding standards.
Add wrap protection.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 4772377b075bd0ae27d03f237a3f6656fad0446e
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 18 10:49:34 2019 -0700
s3: smbd: Factor out code into a separate function smb_query_posix_acl().
Will clean up coding standards next.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 72605195010b8941c28d587079e994cb5c434b17
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jun 13 16:17:49 2019 -0700
s3: smbd: Now we always have a handle in smb_set_posix_acl(), use it instead of smb_fname.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit bf743b01d8d66d9e7622153a76f365babcf03006
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 17 15:34:13 2019 -0700
s3: smbd: Update smb_set_posix_acl() to always use an open file handle.
Uses get_posix_fsp() added in the previous commit.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit df7cec42f018d3e5431505d86e35133586c526d5
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 17 15:30:00 2019 -0700
s3: smbd: Add get_posix_fsp() utility function. Not yet used.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit d6b46c03537de8f1ca4700f97e9ac33b7a23e65f
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jun 13 16:07:59 2019 -0700
s3: smbd: Clarify logic with helper variables in smb_set_posix_acl()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 42712ccb8767f8c653a75201ff034cd95c949c54
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jun 13 16:06:10 2019 -0700
s3: smbd: Make data offset use clearer in smb_set_posix_acl()
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 0adbbb8e5476507e476e2d1357ef60c517ecf18e
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jun 21 09:25:42 2019 -0700
s3: smbd: Add correct wrap checks to smb_set_posix_acl().
Use unsigned for wrap checks.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 419debdf6598d62ae9ae0595657f91fd0e582662
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jun 13 15:45:51 2019 -0700
s3: smbd: Update smb_set_posix_acl() to have only one exit path.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 21eaeafec0a8f46c56f5be7d76bb5a7710820634
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jun 13 15:41:56 2019 -0700
s3: smbd: Update smb_set_posix_acl() argument list to prepare for handle open.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 4afdc25e7f901ad5d237f90e0efd0938c7482b14
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jun 13 15:40:22 2019 -0700
s3: smbd: Update smb_set_posix_acl() to modern coding standards.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 2da9e1cecc6b1a257e5d62304406750b917748f9
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jun 13 15:27:39 2019 -0700
s3: torture: Fix a debug typo.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 56c9ad12ee3e40569fd10c60526086ab2fbb3c10
Author: Jeremy Allison <jra at samba.org>
Date: Thu Jun 13 09:44:27 2019 -0700
s3: smbd: Ensure open for security descriptor access actually opens an fd.
Change test to check two things:
1) Open a symlink for SD read or write access should fail.
2) Request attribute open. Getsd/Setsd on this handle should
fail.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/skip | 1 +
source3/modules/vfs_fruit.c | 17 +-
source3/selftest/tests.py | 1 +
source3/smbd/globals.h | 1 +
source3/smbd/open.c | 5 +-
source3/smbd/posix_acls.c | 294 ++++++++++++++------------
source3/smbd/proto.h | 7 +-
source3/smbd/smb2_getinfo.c | 1 +
source3/smbd/trans2.c | 487 +++++++++++++++++++++++++++++++++-----------
source3/torture/torture.c | 233 ++++++++++++++++++++-
10 files changed, 776 insertions(+), 271 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/skip b/selftest/skip
index bdf3c71893d..9ff673e0c92 100644
--- a/selftest/skip
+++ b/selftest/skip
@@ -49,6 +49,7 @@
^samba3.smbtorture_s3.plain.POSIX-OFD-LOCK\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server
^samba3.smbtorture_s3.plain.POSIX-STREAM-DELETE\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server
^samba3.smbtorture_s3.plain.POSIX-MKDIR\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server
+^samba3.smbtorture_s3.plain.POSIX-ACL-OPLOCK\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server
^samba3.smbtorture_s3.plain.POSIX-BLOCKING-LOCK\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server
^samba3.smbtorture_s3.plain.WINDOWS-BAD-SYMLINK\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server
^samba3.smbtorture_s3.plain.RENAME-ACCESS\(ad_dc_ntvfs\) # Fails against the s4 ntvfs server
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index d8e0dbe63e6..9916bd12f5a 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -6379,18 +6379,13 @@ static NTSTATUS fruit_fset_nt_acl(vfs_handle_struct *handle,
}
if (do_chmod) {
- if (fsp->fh->fd != -1) {
- result = SMB_VFS_FCHMOD(fsp, ms_nfs_mode);
- } else {
- result = SMB_VFS_CHMOD(fsp->conn,
- fsp->fsp_name,
- ms_nfs_mode);
- }
-
+ result = SMB_VFS_FCHMOD(fsp, ms_nfs_mode);
if (result != 0) {
- DEBUG(1, ("chmod: %s, result: %d, %04o error %s\n", fsp_str_dbg(fsp),
- result, (unsigned)ms_nfs_mode,
- strerror(errno)));
+ DBG_WARNING("%s, result: %d, %04o error %s\n",
+ fsp_str_dbg(fsp),
+ result,
+ (unsigned)ms_nfs_mode,
+ strerror(errno));
status = map_nt_error_from_unix(errno);
TALLOC_FREE(psd);
return status;
diff --git a/source3/selftest/tests.py b/source3/selftest/tests.py
index 4bdfc0062c6..c7d24f68d6c 100755
--- a/source3/selftest/tests.py
+++ b/source3/selftest/tests.py
@@ -160,6 +160,7 @@ for s in shares:
posix_tests = ["POSIX", "POSIX-APPEND", "POSIX-SYMLINK-ACL", "POSIX-SYMLINK-EA", "POSIX-OFD-LOCK",
"POSIX-STREAM-DELETE", "WINDOWS-BAD-SYMLINK", "POSIX-MKDIR",
"POSIX-BLOCKING-LOCK",
+ "POSIX-ACL-OPLOCK",
]
for t in posix_tests:
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index fef1c3810ee..f0c1624babe 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -123,6 +123,7 @@ NTSTATUS smbd_do_unlocking(struct smb_request *req,
NTSTATUS smbd_do_qfilepathinfo(connection_struct *conn,
TALLOC_CTX *mem_ctx,
+ struct smb_request *req,
uint16_t info_level,
files_struct *fsp,
struct smb_filename *smb_fname,
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 0d9b2f17d9c..ba13255245c 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1206,7 +1206,10 @@ static NTSTATUS open_file(files_struct *fsp,
local_flags = (flags & ~O_ACCMODE)|O_RDWR;
}
- if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_EXECUTE)) ||
+ if ((open_access_mask & (FILE_READ_DATA|FILE_WRITE_DATA|
+ FILE_APPEND_DATA|FILE_EXECUTE|
+ WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS|
+ READ_CONTROL_ACCESS))||
(!file_existed && (local_flags & O_CREAT)) ||
((local_flags & O_TRUNC) == O_TRUNC) ) {
const char *wild;
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 59cd020dbed..e0df84bc3f0 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3952,8 +3952,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct
if (set_acl_as_root) {
become_root();
}
- sret = SMB_VFS_CHMOD(conn, fsp->fsp_name,
- posix_perms);
+ sret = SMB_VFS_FCHMOD(fsp, posix_perms);
if (set_acl_as_root) {
unbecome_root();
}
@@ -3966,9 +3965,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32_t security_info_sent, const struct
fsp_str_dbg(fsp)));
become_root();
- sret = SMB_VFS_CHMOD(conn,
- fsp->fsp_name,
- posix_perms);
+ sret = SMB_VFS_FCHMOD(fsp, posix_perms);
unbecome_root();
}
@@ -4350,53 +4347,58 @@ static SMB_ACL_T create_posix_acl_from_wire(connection_struct *conn,
on the directory.
****************************************************************************/
-bool set_unix_posix_default_acl(connection_struct *conn,
- const struct smb_filename *smb_fname,
+NTSTATUS set_unix_posix_default_acl(connection_struct *conn,
+ files_struct *fsp,
uint16_t num_def_acls,
const char *pdata)
{
SMB_ACL_T def_acl = NULL;
+ NTSTATUS status;
+ int ret;
- if (!S_ISDIR(smb_fname->st.st_ex_mode)) {
- if (num_def_acls) {
- DEBUG(5,("set_unix_posix_default_acl: Can't "
- "set default ACL on non-directory file %s\n",
- smb_fname->base_name ));
- errno = EISDIR;
- return False;
- } else {
- return True;
- }
+ if (!fsp->is_directory) {
+ return NT_STATUS_INVALID_HANDLE;
}
if (!num_def_acls) {
/* Remove the default ACL. */
- if (SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, smb_fname) == -1) {
- DEBUG(5,("set_unix_posix_default_acl: acl_delete_def_file failed on directory %s (%s)\n",
- smb_fname->base_name, strerror(errno) ));
- return False;
+ ret = SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fsp->fsp_name);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("acl_delete_def_file failed on "
+ "directory %s (%s)\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
+ return status;
}
- return True;
+ return NT_STATUS_OK;
}
- if ((def_acl = create_posix_acl_from_wire(conn, num_def_acls,
- pdata,
- talloc_tos())) == NULL) {
- return False;
+ def_acl = create_posix_acl_from_wire(conn,
+ num_def_acls,
+ pdata,
+ talloc_tos());
+ if (def_acl == NULL) {
+ return map_nt_error_from_unix(errno);
}
- if (SMB_VFS_SYS_ACL_SET_FILE(conn, smb_fname,
- SMB_ACL_TYPE_DEFAULT, def_acl) == -1) {
- DEBUG(5,("set_unix_posix_default_acl: acl_set_file failed on directory %s (%s)\n",
- smb_fname->base_name, strerror(errno) ));
+ ret = SMB_VFS_SYS_ACL_SET_FILE(conn,
+ fsp->fsp_name,
+ SMB_ACL_TYPE_DEFAULT,
+ def_acl);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("acl_set_file failed on directory %s (%s)\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
TALLOC_FREE(def_acl);
- return False;
+ return status;
}
- DEBUG(10,("set_unix_posix_default_acl: set default acl for file %s\n",
- smb_fname->base_name ));
+ DBG_DEBUG("set default acl for file %s\n",
+ fsp_str_dbg(fsp));
TALLOC_FREE(def_acl);
- return True;
+ return NT_STATUS_OK;
}
/****************************************************************************
@@ -4407,74 +4409,92 @@ bool set_unix_posix_default_acl(connection_struct *conn,
FIXME ! How does the share mask/mode fit into this.... ?
****************************************************************************/
-static bool remove_posix_acl(connection_struct *conn,
- files_struct *fsp,
- const struct smb_filename *smb_fname)
+static NTSTATUS remove_posix_acl(connection_struct *conn,
+ files_struct *fsp)
{
SMB_ACL_T file_acl = NULL;
int entry_id = SMB_ACL_FIRST_ENTRY;
SMB_ACL_ENTRY_T entry;
- bool ret = False;
- const char *fname = smb_fname->base_name;
/* Create a new ACL with only 3 entries, u/g/w. */
- SMB_ACL_T new_file_acl = sys_acl_init(talloc_tos());
+ SMB_ACL_T new_file_acl = NULL;
SMB_ACL_ENTRY_T user_ent = NULL;
SMB_ACL_ENTRY_T group_ent = NULL;
SMB_ACL_ENTRY_T other_ent = NULL;
+ NTSTATUS status;
+ int ret;
+ new_file_acl = sys_acl_init(talloc_tos());
if (new_file_acl == NULL) {
- DEBUG(5,("remove_posix_acl: failed to init new ACL with 3 entries for file %s.\n", fname));
- return False;
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("failed to init new ACL with 3 entries "
+ "for file %s %s.\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
+ goto done;
}
/* Now create the u/g/w entries. */
- if (sys_acl_create_entry(&new_file_acl, &user_ent) == -1) {
- DEBUG(5,("remove_posix_acl: Failed to create user entry for file %s. (%s)\n",
- fname, strerror(errno) ));
+ ret = sys_acl_create_entry(&new_file_acl, &user_ent);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("Failed to create user entry for file %s. (%s)\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
goto done;
}
- if (sys_acl_set_tag_type(user_ent, SMB_ACL_USER_OBJ) == -1) {
- DEBUG(5,("remove_posix_acl: Failed to set user entry for file %s. (%s)\n",
- fname, strerror(errno) ));
+ ret = sys_acl_set_tag_type(user_ent, SMB_ACL_USER_OBJ);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("Failed to set user entry for file %s. (%s)\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
goto done;
}
- if (sys_acl_create_entry(&new_file_acl, &group_ent) == -1) {
- DEBUG(5,("remove_posix_acl: Failed to create group entry for file %s. (%s)\n",
- fname, strerror(errno) ));
+ ret = sys_acl_create_entry(&new_file_acl, &group_ent);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("Failed to create group entry for file %s. (%s)\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
goto done;
}
- if (sys_acl_set_tag_type(group_ent, SMB_ACL_GROUP_OBJ) == -1) {
- DEBUG(5,("remove_posix_acl: Failed to set group entry for file %s. (%s)\n",
- fname, strerror(errno) ));
+ ret = sys_acl_set_tag_type(group_ent, SMB_ACL_GROUP_OBJ);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("Failed to set group entry for file %s. (%s)\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
goto done;
}
- if (sys_acl_create_entry(&new_file_acl, &other_ent) == -1) {
- DEBUG(5,("remove_posix_acl: Failed to create other entry for file %s. (%s)\n",
- fname, strerror(errno) ));
+ ret = sys_acl_create_entry(&new_file_acl, &other_ent);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("Failed to create other entry for file %s. (%s)\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
goto done;
}
- if (sys_acl_set_tag_type(other_ent, SMB_ACL_OTHER) == -1) {
- DEBUG(5,("remove_posix_acl: Failed to set other entry for file %s. (%s)\n",
- fname, strerror(errno) ));
+ ret = sys_acl_set_tag_type(other_ent, SMB_ACL_OTHER);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("Failed to set other entry for file %s. (%s)\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
goto done;
}
/* Get the current file ACL. */
- if (fsp && fsp->fh->fd != -1) {
- file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, talloc_tos());
- } else {
- file_acl = SMB_VFS_SYS_ACL_GET_FILE(conn, smb_fname,
- SMB_ACL_TYPE_ACCESS,
- talloc_tos());
- }
+ file_acl = SMB_VFS_SYS_ACL_GET_FD(fsp, talloc_tos());
if (file_acl == NULL) {
+ status = map_nt_error_from_unix(errno);
/* This is only returned if an error occurred. Even for a file with
no acl a u/g/w acl should be returned. */
- DEBUG(5,("remove_posix_acl: failed to get ACL from file %s (%s).\n",
- fname, strerror(errno) ));
+ DBG_INFO("failed to get ACL from file %s (%s).\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
goto done;
}
@@ -4484,65 +4504,76 @@ static bool remove_posix_acl(connection_struct *conn,
entry_id = SMB_ACL_NEXT_ENTRY;
- if (sys_acl_get_tag_type(entry, &tagtype) == -1) {
- DEBUG(5,("remove_posix_acl: failed to get tagtype from ACL on file %s (%s).\n",
- fname, strerror(errno) ));
+ ret = sys_acl_get_tag_type(entry, &tagtype);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("failed to get tagtype from ACL "
+ "on file %s (%s).\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
goto done;
}
- if (sys_acl_get_permset(entry, &permset) == -1) {
- DEBUG(5,("remove_posix_acl: failed to get permset from ACL on file %s (%s).\n",
- fname, strerror(errno) ));
+ ret = sys_acl_get_permset(entry, &permset);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("failed to get permset from ACL "
+ "on file %s (%s).\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
goto done;
}
if (tagtype == SMB_ACL_USER_OBJ) {
- if (sys_acl_set_permset(user_ent, permset) == -1) {
- DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
- fname, strerror(errno) ));
+ ret = sys_acl_set_permset(user_ent, permset);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("failed to set permset from ACL "
+ "on file %s (%s).\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
+ goto done;
}
} else if (tagtype == SMB_ACL_GROUP_OBJ) {
- if (sys_acl_set_permset(group_ent, permset) == -1) {
- DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
- fname, strerror(errno) ));
+ ret = sys_acl_set_permset(group_ent, permset);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("failed to set permset from ACL "
+ "on file %s (%s).\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
+ goto done;
}
} else if (tagtype == SMB_ACL_OTHER) {
- if (sys_acl_set_permset(other_ent, permset) == -1) {
- DEBUG(5,("remove_posix_acl: failed to set permset from ACL on file %s (%s).\n",
- fname, strerror(errno) ));
+ ret = sys_acl_set_permset(other_ent, permset);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("failed to set permset from ACL "
+ "on file %s (%s).\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
+ goto done;
}
}
}
/* Set the new empty file ACL. */
- if (fsp && fsp->fh->fd != -1) {
- if (SMB_VFS_SYS_ACL_SET_FD(fsp, new_file_acl) == -1) {
- DEBUG(5,("remove_posix_acl: acl_set_file failed on %s (%s)\n",
- fname, strerror(errno) ));
- goto done;
- }
- } else {
- if (SMB_VFS_SYS_ACL_SET_FILE(conn,
- smb_fname,
- SMB_ACL_TYPE_ACCESS,
- new_file_acl) == -1) {
- DEBUG(5,("remove_posix_acl: acl_set_file failed on %s (%s)\n",
- fname, strerror(errno) ));
- goto done;
- }
+ ret = SMB_VFS_SYS_ACL_SET_FD(fsp, new_file_acl);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("acl_set_file failed on %s (%s)\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
+ goto done;
}
- ret = True;
+ status = NT_STATUS_OK;
done:
- if (file_acl) {
- TALLOC_FREE(file_acl);
- }
- if (new_file_acl) {
- TALLOC_FREE(new_file_acl);
- }
- return ret;
+ TALLOC_FREE(file_acl);
+ TALLOC_FREE(new_file_acl);
+ return status;
}
/****************************************************************************
@@ -4551,46 +4582,43 @@ static bool remove_posix_acl(connection_struct *conn,
except SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER.
****************************************************************************/
-bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp,
- const struct smb_filename *smb_fname,
+NTSTATUS set_unix_posix_acl(connection_struct *conn,
+ files_struct *fsp,
uint16_t num_acls,
const char *pdata)
{
SMB_ACL_T file_acl = NULL;
- const char *fname = smb_fname->base_name;
+ int ret;
+ NTSTATUS status;
if (!num_acls) {
/* Remove the ACL from the file. */
- return remove_posix_acl(conn, fsp, smb_fname);
+ return remove_posix_acl(conn, fsp);
}
- if ((file_acl = create_posix_acl_from_wire(conn, num_acls,
- pdata,
- talloc_tos())) == NULL) {
- return False;
+ file_acl = create_posix_acl_from_wire(conn,
+ num_acls,
+ pdata,
+ talloc_tos());
+ if (file_acl == NULL) {
+ return map_nt_error_from_unix(errno);
}
- if (fsp && fsp->fh->fd != -1) {
- /* The preferred way - use an open fd. */
- if (SMB_VFS_SYS_ACL_SET_FD(fsp, file_acl) == -1) {
- DEBUG(5,("set_unix_posix_acl: acl_set_file failed on %s (%s)\n",
- fname, strerror(errno) ));
- TALLOC_FREE(file_acl);
- return False;
- }
- } else {
- if (SMB_VFS_SYS_ACL_SET_FILE(conn, smb_fname,
- SMB_ACL_TYPE_ACCESS, file_acl) == -1) {
- DEBUG(5,("set_unix_posix_acl: acl_set_file failed on %s (%s)\n",
- fname, strerror(errno) ));
- TALLOC_FREE(file_acl);
- return False;
- }
+ ret = SMB_VFS_SYS_ACL_SET_FD(fsp, file_acl);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(errno);
+ DBG_INFO("acl_set_file failed on %s (%s)\n",
+ fsp_str_dbg(fsp),
+ strerror(errno));
+ TALLOC_FREE(file_acl);
+ return status;
}
- DEBUG(10,("set_unix_posix_acl: set acl for file %s\n", fname ));
+ DBG_DEBUG("set acl for file %s\n",
+ fsp_str_dbg(fsp));
--
Samba Shared Repository
More information about the samba-cvs
mailing list