[PATCH] Extend cifs acl utilities to handle SACLs
Boris Protopopov
pboris at amazon.com
Fri Nov 20 21:49:18 UTC 2020
Fixed error cases for insufficient privileges, added
attribute not supported error case for getcifsacl.
Signed-off-by: Boris Protopopov <pboris at amazon.com>
---
getcifsacl.c | 17 ++++++++++++++---
1 file changed, 14 insertions(+), 3 deletions(-)
diff --git a/getcifsacl.c b/getcifsacl.c
index 1c72e7c..c1974d3 100644
--- a/getcifsacl.c
+++ b/getcifsacl.c
@@ -445,15 +445,26 @@ getxattr:
free(attrval);
bufsize += BUFSIZE;
goto cifsacl;
- } else if ((errno == EPERM || errno == EACCES) &&
- !(strcmp(attrname, ATTRNAME_NTSD_FULL))) {
+ } else if (errno == EIO && !(strcmp(attrname, ATTRNAME_NTSD_FULL))) {
/*
* attempt to fetch SACL in addition to owner and DACL via
* ATTRNAME_NTSD_FULL, fall back to owner/DACL via
* ATTRNAME_ACL if not allowed
+ * CIFS client maps STATUS_PRIVILEGE_NOT_HELD to EIO
*/
- fprintf(stderr, "Insufficient permissions to fetch full descriptor for %s\n",
+ fprintf(stderr, "WARGNING: Insufficient priviledges to fetch SACL for %s\n",
filename);
+ fprintf(stderr, " Fetching owner info and DACL only\n");
+ attrname = ATTRNAME_ACL;
+ goto getxattr;
+ } else if (errno == EOPNOTSUPP && !(strcmp(attrname, ATTRNAME_NTSD_FULL))) {
+ /*
+ * no support for fetching SACL, fall back to owner/DACL via
+ * ATTRNAME_ACL
+ */
+ fprintf(stderr, "WARNING: CIFS client does not support fetching SACL for %s\n",
+ filename);
+ fprintf(stderr, " Fetching owner info and DACL only\n");
attrname = ATTRNAME_ACL;
goto getxattr;
} else {
--
2.23.3
More information about the samba-technical
mailing list