sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-09 08:58:35 +03:00
Code

Merge branch 'master' of ssh://git.samba.org/data/git/samba

Browse Source
This commit is contained in:
Jelmer Vernooij 2008-10-08 03:39:17 +02:00
commit 717ef3867a
13 changed files with 53 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/VFS/skel_opaque.c
View File

@ -315,7 +315,7 @@ static size_t skel_get_nt_acl(vfs_handle_struct *handle,
} }
static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent, SEC_DESC *psd) uint32 security_info_sent, const SEC_DESC *psd)
{ {
errno = ENOSYS; errno = ENOSYS;
return NT_STATUS_NOT_IMPLEMENTED; return NT_STATUS_NOT_IMPLEMENTED;

2
examples/VFS/skel_transparent.c
View File

@ -302,7 +302,7 @@ static NTSTATUS skel_get_nt_acl(vfs_handle_struct *handle,
} }
static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent, SEC_DESC *psd) uint32 security_info_sent, const SEC_DESC *psd)
{ {
return SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd); return SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
} }

4
source3/include/proto.h
View File

@ -9923,14 +9923,14 @@ void reply_pipe_close(connection_struct *conn, struct smb_request *req);
/* The following definitions come from smbd/posix_acls.c */ /* The following definitions come from smbd/posix_acls.c */
NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, SEC_DESC *psd); NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd);
SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl); SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl);
NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info, NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info,
SEC_DESC **ppdesc); SEC_DESC **ppdesc);
NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name, NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name,
uint32_t security_info, SEC_DESC **ppdesc); uint32_t security_info, SEC_DESC **ppdesc);
int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid); int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid);
NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd); NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd);
int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode ); int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode );
int chmod_acl(connection_struct *conn, const char *name, mode_t mode); int chmod_acl(connection_struct *conn, const char *name, mode_t mode);
int inherit_access_posix_acl(connection_struct *conn, const char *inherit_from_dir, int inherit_access_posix_acl(connection_struct *conn, const char *inherit_from_dir,

5
source3/include/vfs.h
View File

@ -108,8 +108,9 @@
/* Leave at 22 - not yet released. Remove parameter fd from close_fn. - obnox */ /* Leave at 22 - not yet released. Remove parameter fd from close_fn. - obnox */
/* Changed to version 23 - remove set_nt_acl call. This can only be done via an /* Changed to version 23 - remove set_nt_acl call. This can only be done via an
open handle. JRA. */ open handle. JRA. */
/* Changed to version 24 - make security descriptor const in fset_nt_acl. JRA. */
#define SMB_VFS_INTERFACE_VERSION 23 #define SMB_VFS_INTERFACE_VERSION 24
/* to bug old modules which are trying to compile with the old functions */ /* to bug old modules which are trying to compile with the old functions */
@ -365,7 +366,7 @@ struct vfs_ops {
NTSTATUS (*fset_nt_acl)(struct vfs_handle_struct *handle, NTSTATUS (*fset_nt_acl)(struct vfs_handle_struct *handle,
struct files_struct *fsp, struct files_struct *fsp,
uint32 security_info_sent, uint32 security_info_sent,
struct security_descriptor *psd); const struct security_descriptor *psd);
/* POSIX ACL operations. */ /* POSIX ACL operations. */

10
source3/modules/nfs4_acls.c
View File

@ -44,10 +44,6 @@ typedef struct _SMB_ACL4_INT_T
SMB_ACE4_INT_T *last; SMB_ACE4_INT_T *last;
} SMB_ACL4_INT_T; } SMB_ACL4_INT_T;
extern int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid);
extern NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp,
uint32 security_info_sent, SEC_DESC *psd);
static SMB_ACL4_INT_T *get_validated_aclint(SMB4ACL_T *acl) static SMB_ACL4_INT_T *get_validated_aclint(SMB4ACL_T *acl)
{ {
SMB_ACL4_INT_T *aclint = (SMB_ACL4_INT_T *)acl; SMB_ACL4_INT_T *aclint = (SMB_ACL4_INT_T *)acl;
@ -518,7 +514,7 @@ static bool smbacl4_fill_ace4(
smbacl4_vfs_params *params, smbacl4_vfs_params *params,
uid_t ownerUID, uid_t ownerUID,
gid_t ownerGID, gid_t ownerGID,
SEC_ACE *ace_nt, /* input */ const SEC_ACE *ace_nt, /* input */
SMB_ACE4PROP_T *ace_v4 /* output */ SMB_ACE4PROP_T *ace_v4 /* output */
) )
{ {
@ -650,7 +646,7 @@ static int smbacl4_MergeIgnoreReject(
static SMB4ACL_T *smbacl4_win2nfs4( static SMB4ACL_T *smbacl4_win2nfs4(
const char *filename, const char *filename,
SEC_ACL *dacl, const SEC_ACL *dacl,
smbacl4_vfs_params *pparams, smbacl4_vfs_params *pparams,
uid_t ownerUID, uid_t ownerUID,
gid_t ownerGID gid_t ownerGID
@ -694,7 +690,7 @@ static SMB4ACL_T *smbacl4_win2nfs4(
NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp, NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
uint32 security_info_sent, uint32 security_info_sent,
SEC_DESC *psd, const SEC_DESC *psd,
set_nfs4acl_native_fn_t set_nfs4_native) set_nfs4acl_native_fn_t set_nfs4_native)
{ {
smbacl4_vfs_params params; smbacl4_vfs_params params;

6
source3/modules/vfs_acl_xattr.c
View File

@ -238,7 +238,7 @@ static NTSTATUS get_nt_acl_xattr(vfs_handle_struct *handle,
security_info, ppdesc); security_info, ppdesc);
} }
static NTSTATUS create_acl_blob(SEC_DESC *psd, DATA_BLOB *pblob) static NTSTATUS create_acl_blob(const SEC_DESC *psd, DATA_BLOB *pblob)
{ {
struct xattr_NTACL xacl; struct xattr_NTACL xacl;
struct security_descriptor_timestamp sd_ts; struct security_descriptor_timestamp sd_ts;
@ -257,7 +257,7 @@ static NTSTATUS create_acl_blob(SEC_DESC *psd, DATA_BLOB *pblob)
xacl.version = 2; xacl.version = 2;
xacl.info.sd_ts = &sd_ts; xacl.info.sd_ts = &sd_ts;
xacl.info.sd_ts->sd = psd; xacl.info.sd_ts->sd = CONST_DISCARD(SEC_DESC *, psd);
unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr); unix_timespec_to_nt_time(&xacl.info.sd_ts->last_changed, curr);
ndr_err = ndr_push_struct_blob( ndr_err = ndr_push_struct_blob(
@ -307,7 +307,7 @@ static NTSTATUS store_acl_blob(files_struct *fsp,
} }
static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent, SEC_DESC *psd) uint32 security_info_sent, const SEC_DESC *psd)
{ {
NTSTATUS status; NTSTATUS status;
DATA_BLOB blob; DATA_BLOB blob;

10
source3/modules/vfs_afsacl.c
View File

@ -717,12 +717,12 @@ static bool mappable_sid(const DOM_SID *sid)
static bool nt_to_afs_acl(const char *filename, static bool nt_to_afs_acl(const char *filename,
uint32 security_info_sent, uint32 security_info_sent,
struct security_descriptor *psd, const struct security_descriptor *psd,
uint32 (*nt_to_afs_rights)(const char *filename, uint32 (*nt_to_afs_rights)(const char *filename,
const SEC_ACE *ace), const SEC_ACE *ace),
struct afs_acl *afs_acl) struct afs_acl *afs_acl)
{ {
SEC_ACL *dacl; const SEC_ACL *dacl;
int i; int i;
/* Currently we *only* look at the dacl */ /* Currently we *only* look at the dacl */
@ -737,7 +737,7 @@ static bool nt_to_afs_acl(const char *filename,
dacl = psd->dacl; dacl = psd->dacl;
for (i = 0; i < dacl->num_aces; i++) { for (i = 0; i < dacl->num_aces; i++) {
SEC_ACE *ace = &(dacl->aces[i]); const SEC_ACE *ace = &(dacl->aces[i]);
const char *dom_name, *name; const char *dom_name, *name;
enum lsa_SidType name_type; enum lsa_SidType name_type;
char *p; char *p;
@ -887,7 +887,7 @@ static void merge_unknown_aces(struct afs_acl *src, struct afs_acl *dst)
static NTSTATUS afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, static NTSTATUS afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent, uint32 security_info_sent,
struct security_descriptor *psd) const struct security_descriptor *psd)
{ {
struct afs_acl old_afs_acl, new_afs_acl; struct afs_acl old_afs_acl, new_afs_acl;
struct afs_acl dir_acl, file_acl; struct afs_acl dir_acl, file_acl;
@ -1040,7 +1040,7 @@ static NTSTATUS afsacl_get_nt_acl(struct vfs_handle_struct *handle,
NTSTATUS afsacl_fset_nt_acl(vfs_handle_struct *handle, NTSTATUS afsacl_fset_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, files_struct *fsp,
uint32 security_info_sent, uint32 security_info_sent,
SEC_DESC *psd) const SEC_DESC *psd)
{ {
return afs_set_nt_acl(handle, fsp, security_info_sent, psd); return afs_set_nt_acl(handle, fsp, security_info_sent, psd);
} }

4
source3/modules/vfs_aixacl2.c
View File

@ -371,7 +371,7 @@ static bool aixjfs2_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
return True; return True;
} }
static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
{ {
acl_type_t acl_type_info; acl_type_t acl_type_info;
NTSTATUS result = NT_STATUS_ACCESS_DENIED; NTSTATUS result = NT_STATUS_ACCESS_DENIED;
@ -395,7 +395,7 @@ static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_inf
return result; return result;
} }
NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
{ {
return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd); return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd);
} }

2
source3/modules/vfs_default.c
View File

@ -1036,7 +1036,7 @@ static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle,
return result; return result;
} }
static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
{ {
NTSTATUS result; NTSTATUS result;

4
source3/modules/vfs_full_audit.c
View File

@ -202,7 +202,7 @@ static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
SEC_DESC **ppdesc); SEC_DESC **ppdesc);
static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent, uint32 security_info_sent,
SEC_DESC *psd); const SEC_DESC *psd);
static int smb_full_audit_chmod_acl(vfs_handle_struct *handle, static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
const char *path, mode_t mode); const char *path, mode_t mode);
static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp, static int smb_full_audit_fchmod_acl(vfs_handle_struct *handle, files_struct *fsp,
@ -1582,7 +1582,7 @@ static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent, uint32 security_info_sent,
SEC_DESC *psd) const SEC_DESC *psd)
{ {
NTSTATUS result; NTSTATUS result;

4
source3/modules/vfs_gpfs.c
View File

@ -365,7 +365,7 @@ static bool gpfsacl_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
return True; return True;
} }
static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
{ {
struct gpfs_acl *acl; struct gpfs_acl *acl;
NTSTATUS result = NT_STATUS_ACCESS_DENIED; NTSTATUS result = NT_STATUS_ACCESS_DENIED;
@ -386,7 +386,7 @@ static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_i
return result; return result;
} }
static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
{ {
return gpfsacl_set_nt_acl_internal(fsp, security_info_sent, psd); return gpfsacl_set_nt_acl_internal(fsp, security_info_sent, psd);
} }

4
source3/modules/vfs_zfsacl.c
View File

@ -166,7 +166,7 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
*/ */
static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info_sent, uint32 security_info_sent,
struct security_descriptor *psd) const struct security_descriptor *psd)
{ {
return smb_set_nt_acl_nfs4(fsp, security_info_sent, psd, return smb_set_nt_acl_nfs4(fsp, security_info_sent, psd,
zfs_process_smbacl); zfs_process_smbacl);
@ -207,7 +207,7 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle, static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, files_struct *fsp,
uint32 security_info_sent, uint32 security_info_sent,
SEC_DESC *psd) const SEC_DESC *psd)
{ {
return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); return zfs_set_nt_acl(handle, fsp, security_info_sent, psd);
} }

51
source3/smbd/posix_acls.c
View File

@ -988,7 +988,7 @@ static mode_t map_nt_perms( uint32 *mask, int type)
Unpack a SEC_DESC into a UNIX owner and group. Unpack a SEC_DESC into a UNIX owner and group.
****************************************************************************/ ****************************************************************************/
NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, SEC_DESC *psd) NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd)
{ {
DOM_SID owner_sid; DOM_SID owner_sid;
DOM_SID grp_sid; DOM_SID grp_sid;
@ -1329,11 +1329,13 @@ static void check_owning_objs(canon_ace *ace, DOM_SID *pfile_owner_sid, DOM_SID
Unpack a SEC_DESC into two canonical ace lists. Unpack a SEC_DESC into two canonical ace lists.
****************************************************************************/ ****************************************************************************/
static bool create_canon_ace_lists(files_struct *fsp, SMB_STRUCT_STAT *pst, static bool create_canon_ace_lists(files_struct *fsp,
DOM_SID *pfile_owner_sid, SMB_STRUCT_STAT *pst,
DOM_SID *pfile_grp_sid, DOM_SID *pfile_owner_sid,
canon_ace **ppfile_ace, canon_ace **ppdir_ace, DOM_SID *pfile_grp_sid,
SEC_ACL *dacl) canon_ace **ppfile_ace,
canon_ace **ppdir_ace,
const SEC_ACL *dacl)
{ {
bool all_aces_are_inherit_only = (fsp->is_directory ? True : False); bool all_aces_are_inherit_only = (fsp->is_directory ? True : False);
canon_ace *file_ace = NULL; canon_ace *file_ace = NULL;
@ -2016,12 +2018,14 @@ static mode_t create_default_mode(files_struct *fsp, bool interitable_mode)
succeeding. succeeding.
****************************************************************************/ ****************************************************************************/
static bool unpack_canon_ace(files_struct *fsp, static bool unpack_canon_ace(files_struct *fsp,
SMB_STRUCT_STAT *pst, SMB_STRUCT_STAT *pst,
DOM_SID *pfile_owner_sid, DOM_SID *pfile_owner_sid,
DOM_SID *pfile_grp_sid, DOM_SID *pfile_grp_sid,
canon_ace **ppfile_ace, canon_ace **ppdir_ace, canon_ace **ppfile_ace,
uint32 security_info_sent, SEC_DESC *psd) canon_ace **ppdir_ace,
uint32 security_info_sent,
const SEC_DESC *psd)
{ {
canon_ace *file_ace = NULL; canon_ace *file_ace = NULL;
canon_ace *dir_ace = NULL; canon_ace *dir_ace = NULL;
@ -3224,25 +3228,25 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid)
****************************************************************************/ ****************************************************************************/
static NTSTATUS append_parent_acl(files_struct *fsp, static NTSTATUS append_parent_acl(files_struct *fsp,
SMB_STRUCT_STAT *psbuf, const SEC_DESC *pcsd,
SEC_DESC *psd,
SEC_DESC **pp_new_sd) SEC_DESC **pp_new_sd)
{ {
SEC_DESC *parent_sd = NULL; SEC_DESC *parent_sd = NULL;
files_struct *parent_fsp = NULL; files_struct *parent_fsp = NULL;
TALLOC_CTX *mem_ctx = talloc_parent(psd); TALLOC_CTX *mem_ctx = talloc_tos();
char *parent_name = NULL; char *parent_name = NULL;
SEC_ACE *new_ace = NULL; SEC_ACE *new_ace = NULL;
unsigned int num_aces = psd->dacl->num_aces; unsigned int num_aces = pcsd->dacl->num_aces;
SMB_STRUCT_STAT sbuf; SMB_STRUCT_STAT sbuf;
NTSTATUS status; NTSTATUS status;
int info; int info;
unsigned int i, j; unsigned int i, j;
bool is_dacl_protected = (psd->type & SE_DESC_DACL_PROTECTED); SEC_DESC *psd = dup_sec_desc(talloc_tos(), pcsd);
bool is_dacl_protected = (pcsd->type & SE_DESC_DACL_PROTECTED);
ZERO_STRUCT(sbuf); ZERO_STRUCT(sbuf);
if (mem_ctx == NULL) { if (psd == NULL) {
return NT_STATUS_NO_MEMORY; return NT_STATUS_NO_MEMORY;
} }
@ -3398,11 +3402,6 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
parent_name)); parent_name));
} }
/* This sucks. psd should be const and we should
* be doing a deep-copy here. We're getting away
* with is as we know parent_sd is talloced off
* talloc_tos() as well as psd. JRA. */
psd->dacl->aces = new_ace; psd->dacl->aces = new_ace;
psd->dacl->num_aces = i; psd->dacl->num_aces = i;
psd->type &= ~(SE_DESC_DACL_AUTO_INHERITED| psd->type &= ~(SE_DESC_DACL_AUTO_INHERITED|
@ -3418,7 +3417,7 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
This should be the only external function needed for the UNIX style set ACL. This should be the only external function needed for the UNIX style set ACL.
****************************************************************************/ ****************************************************************************/
NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd)
{ {
connection_struct *conn = fsp->conn; connection_struct *conn = fsp->conn;
uid_t user = (uid_t)-1; uid_t user = (uid_t)-1;
@ -3529,10 +3528,12 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
SE_DESC_DACL_AUTO_INHERIT_REQ))== SE_DESC_DACL_AUTO_INHERIT_REQ))==
(SE_DESC_DACL_AUTO_INHERITED| (SE_DESC_DACL_AUTO_INHERITED|
SE_DESC_DACL_AUTO_INHERIT_REQ) ) { SE_DESC_DACL_AUTO_INHERIT_REQ) ) {
status = append_parent_acl(fsp, &sbuf, psd, &psd); SEC_DESC *new_sd = NULL;
status = append_parent_acl(fsp, psd, &new_sd);
if (!NT_STATUS_IS_OK(status)) { if (!NT_STATUS_IS_OK(status)) {
return status; return status;
} }
psd = new_sd;
} }
acl_perms = unpack_canon_ace( fsp, &sbuf, &file_owner_sid, &file_grp_sid, acl_perms = unpack_canon_ace( fsp, &sbuf, &file_owner_sid, &file_grp_sid,