sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00
Code

Make [f]get_nt_acl return NTSTATUS

Browse Source
This commit is contained in:
Volker Lendecke 2007-10-13 21:06:49 +02:00 committed by Michael Adam
parent 01663c2312
commit dcbe1bf942
14 changed files with 112 additions and 87 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
source/include/vfs.h
View File

@ -74,6 +74,7 @@
/* Leave at 22 - not yet released. Add file_id_create operation. --metze */ /* Leave at 22 - not yet released. Add file_id_create operation. --metze */
/* Leave at 22 - not yet released. Change all BOOL parameters (int) to bool. jra. */ /* Leave at 22 - not yet released. Change all BOOL parameters (int) to bool. jra. */
/* Leave at 22 - not yet released. Added recvfile. */ /* Leave at 22 - not yet released. Added recvfile. */
/* Leave at 22 - not yet released. Change get_nt_acl to return NTSTATUS - vl */
#define SMB_VFS_INTERFACE_VERSION 22 #define SMB_VFS_INTERFACE_VERSION 22
@ -305,8 +306,15 @@ struct vfs_ops {
/* NT ACL operations. */ /* NT ACL operations. */
size_t (*fget_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, struct security_descriptor **ppdesc); NTSTATUS (*fget_nt_acl)(struct vfs_handle_struct *handle,
size_t (*get_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc); struct files_struct *fsp, int fd,
uint32 security_info,
struct security_descriptor **ppdesc);
NTSTATUS (*get_nt_acl)(struct vfs_handle_struct *handle,
struct files_struct *fsp,
const char *name,
uint32 security_info,
struct security_descriptor **ppdesc);
NTSTATUS (*fset_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor *psd); NTSTATUS (*fset_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor *psd);
NTSTATUS (*set_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor *psd); NTSTATUS (*set_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor *psd);

20
source/modules/nfs4_acls.c
View File

@ -257,7 +257,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */
return True; return True;
} }
size_t smb_get_nt_acl_nfs4(files_struct *fsp, NTSTATUS smb_get_nt_acl_nfs4(files_struct *fsp,
uint32 security_info, uint32 security_info,
SEC_DESC **ppdesc, SMB4ACL_T *acl) SEC_DESC **ppdesc, SMB4ACL_T *acl)
{ {
@ -272,23 +272,25 @@ size_t smb_get_nt_acl_nfs4(files_struct *fsp,
DEBUG(10, ("smb_get_nt_acl_nfs4 invoked for %s\n", fsp->fsp_name)); DEBUG(10, ("smb_get_nt_acl_nfs4 invoked for %s\n", fsp->fsp_name));
if (acl==NULL || smb_get_naces(acl)==0) if (acl==NULL || smb_get_naces(acl)==0)
return 0; /* special because we shouldn't alloc 0 for win */ return NT_STATUS_ACCESS_DENIED; /* special because we
* shouldn't alloc 0 for
* win */
if (smbacl4_GetFileOwner(fsp, &sbuf)) if (smbacl4_GetFileOwner(fsp, &sbuf))
return 0; return map_nt_error_from_unix(errno);
uid_to_sid(&sid_owner, sbuf.st_uid); uid_to_sid(&sid_owner, sbuf.st_uid);
gid_to_sid(&sid_group, sbuf.st_gid); gid_to_sid(&sid_group, sbuf.st_gid);
if (smbacl4_nfs42win(mem_ctx, acl, &sid_owner, &sid_group, &nt_ace_list, &good_aces)==False) { if (smbacl4_nfs42win(mem_ctx, acl, &sid_owner, &sid_group, &nt_ace_list, &good_aces)==False) {
DEBUG(8,("smbacl4_nfs42win failed\n")); DEBUG(8,("smbacl4_nfs42win failed\n"));
return 0; return map_nt_error_from_unix(errno);
} }
psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, good_aces, nt_ace_list); psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, good_aces, nt_ace_list);
if (psa == NULL) { if (psa == NULL) {
DEBUG(2,("make_sec_acl failed\n")); DEBUG(2,("make_sec_acl failed\n"));
return 0; return NT_STATUS_NO_MEMORY;
} }
DEBUG(10,("after make sec_acl\n")); DEBUG(10,("after make sec_acl\n"));
@ -298,11 +300,13 @@ size_t smb_get_nt_acl_nfs4(files_struct *fsp,
NULL, psa, &sd_size); NULL, psa, &sd_size);
if (*ppdesc==NULL) { if (*ppdesc==NULL) {
DEBUG(2,("make_sec_desc failed\n")); DEBUG(2,("make_sec_desc failed\n"));
return 0; return NT_STATUS_NO_MEMORY;
} }
DEBUG(10, ("smb_get_nt_acl_nfs4 successfully exited with sd_size %d\n", sd_size)); DEBUG(10, ("smb_get_nt_acl_nfs4 successfully exited with sd_size %d\n",
return sd_size; sec_desc_size(*ppdesc)));
return NT_STATUS_OK;
} }
enum smbacl4_mode_enum {e_simple=0, e_special=1}; enum smbacl4_mode_enum {e_simple=0, e_special=1};

24
source/modules/vfs_afsacl.c
View File

@ -829,8 +829,8 @@ static bool afs_get_afs_acl(char *filename, struct afs_acl *acl)
return True; return True;
} }
static size_t afs_get_nt_acl(struct files_struct *fsp, uint32 security_info, static NTSTATUS afs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
struct security_descriptor **ppdesc) struct security_descriptor **ppdesc)
{ {
struct afs_acl acl; struct afs_acl acl;
size_t sd_size; size_t sd_size;
@ -840,14 +840,14 @@ static size_t afs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
sidpts = lp_parm_bool(SNUM(fsp->conn), "afsacl", "sidpts", False); sidpts = lp_parm_bool(SNUM(fsp->conn), "afsacl", "sidpts", False);
if (!afs_get_afs_acl(fsp->fsp_name, &acl)) { if (!afs_get_afs_acl(fsp->fsp_name, &acl)) {
return 0; return NT_STATUS_ACCESS_DENIED;
} }
sd_size = afs_to_nt_acl(&acl, fsp, security_info, ppdesc); sd_size = afs_to_nt_acl(&acl, fsp, security_info, ppdesc);
free_afs_acl(&acl); free_afs_acl(&acl);
return sd_size; return (sd_size != 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
} }
/* For setting an AFS ACL we have to take care of the ACEs we could /* For setting an AFS ACL we have to take care of the ACEs we could
@ -982,17 +982,17 @@ static NTSTATUS afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
return (ret == 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; return (ret == 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
} }
static size_t afsacl_fget_nt_acl(struct vfs_handle_struct *handle, static NTSTATUS afsacl_fget_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp, struct files_struct *fsp,
int fd, uint32 security_info, int fd, uint32 security_info,
struct security_descriptor **ppdesc) struct security_descriptor **ppdesc)
{ {
return afs_get_nt_acl(fsp, security_info, ppdesc); return afs_get_nt_acl(fsp, security_info, ppdesc);
} }
static size_t afsacl_get_nt_acl(struct vfs_handle_struct *handle, static NTSTATUS afsacl_get_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp, struct files_struct *fsp,
const char *name, uint32 security_info, const char *name, uint32 security_info,
struct security_descriptor **ppdesc) struct security_descriptor **ppdesc)
{ {
return afs_get_nt_acl(fsp, security_info, ppdesc); return afs_get_nt_acl(fsp, security_info, ppdesc);
} }

8
source/modules/vfs_aixacl2.c
View File

@ -158,7 +158,7 @@ static bool aixjfs2_get_nfs4_acl(files_struct *fsp,
return True; return True;
} }
static size_t aixjfs2_get_nt_acl_common(files_struct *fsp, static NTSTATUS aixjfs2_get_nt_acl_common(files_struct *fsp,
uint32 security_info, SEC_DESC **ppdesc) uint32 security_info, SEC_DESC **ppdesc)
{ {
SMB4ACL_T *pacl = NULL; SMB4ACL_T *pacl = NULL;
@ -173,19 +173,19 @@ static size_t aixjfs2_get_nt_acl_common(files_struct *fsp,
return get_nt_acl(fsp, security_info, ppdesc); return get_nt_acl(fsp, security_info, ppdesc);
} }
if (result==False) if (result==False)
return 0; return NT_STATUS_ACCESS_DENIED;
return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl); return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
} }
size_t aixjfs2_fget_nt_acl(vfs_handle_struct *handle, NTSTATUS aixjfs2_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, int fd, uint32 security_info, files_struct *fsp, int fd, uint32 security_info,
SEC_DESC **ppdesc) SEC_DESC **ppdesc)
{ {
return aixjfs2_get_nt_acl_common(fsp, security_info, ppdesc); return aixjfs2_get_nt_acl_common(fsp, security_info, ppdesc);
} }
size_t aixjfs2_get_nt_acl(vfs_handle_struct *handle, NTSTATUS aixjfs2_get_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, const char *name, files_struct *fsp, const char *name,
uint32 security_info, SEC_DESC **ppdesc) uint32 security_info, SEC_DESC **ppdesc)
{ {

2
source/modules/vfs_catia.c
View File

@ -229,7 +229,7 @@ static char *catia_realpath(vfs_handle_struct *handle,
return SMB_VFS_NEXT_REALPATH(handle, path, resolved_path); return SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
} }
static size_t catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, static NTSTATUS catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
const char *name, uint32 security_info, const char *name, uint32 security_info,
struct security_descriptor **ppdesc) struct security_descriptor **ppdesc)
{ {

12
source/modules/vfs_default.c
View File

@ -943,9 +943,11 @@ static struct file_id vfswrap_file_id_create(struct vfs_handle_struct *handle, S
return file_id_create_dev(dev, inode); return file_id_create_dev(dev, inode);
} }
static size_t vfswrap_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info, SEC_DESC **ppdesc) static NTSTATUS vfswrap_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, int fd,
uint32 security_info, SEC_DESC **ppdesc)
{ {
size_t result; NTSTATUS result;
START_PROFILE(fget_nt_acl); START_PROFILE(fget_nt_acl);
result = get_nt_acl(fsp, security_info, ppdesc); result = get_nt_acl(fsp, security_info, ppdesc);
@ -953,9 +955,11 @@ static size_t vfswrap_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
return result; return result;
} }
static size_t vfswrap_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, SEC_DESC **ppdesc) static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, const char *name,
uint32 security_info, SEC_DESC **ppdesc)
{ {
size_t result; NTSTATUS result;
START_PROFILE(get_nt_acl); START_PROFILE(get_nt_acl);
result = get_nt_acl(fsp, security_info, ppdesc); result = get_nt_acl(fsp, security_info, ppdesc);

22
source/modules/vfs_full_audit.c
View File

@ -190,10 +190,10 @@ static int smb_full_audit_chflags(vfs_handle_struct *handle,
const char *path, unsigned int flags); const char *path, unsigned int flags);
static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle, static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
SMB_DEV_T dev, SMB_INO_T inode); SMB_DEV_T dev, SMB_INO_T inode);
static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
int fd, uint32 security_info, int fd, uint32 security_info,
SEC_DESC **ppdesc); SEC_DESC **ppdesc);
static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
const char *name, uint32 security_info, const char *name, uint32 security_info,
SEC_DESC **ppdesc); SEC_DESC **ppdesc);
static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
@ -1510,31 +1510,33 @@ static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *ha
return result; return result;
} }
static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
int fd, uint32 security_info, int fd, uint32 security_info,
SEC_DESC **ppdesc) SEC_DESC **ppdesc)
{ {
size_t result; NTSTATUS result;
result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info, result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info,
ppdesc); ppdesc);
do_log(SMB_VFS_OP_FGET_NT_ACL, (result > 0), handle, do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
"%s", fsp->fsp_name); "%s", fsp->fsp_name);
return result; return result;
} }
static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
const char *name, uint32 security_info, files_struct *fsp,
SEC_DESC **ppdesc) const char *name,
uint32 security_info,
SEC_DESC **ppdesc)
{ {
size_t result; NTSTATUS result;
result = SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info, result = SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info,
ppdesc); ppdesc);
do_log(SMB_VFS_OP_GET_NT_ACL, (result > 0), handle, do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
"%s", fsp->fsp_name); "%s", fsp->fsp_name);
return result; return result;

8
source/modules/vfs_gpfs.c
View File

@ -226,7 +226,7 @@ static int gpfs_get_nfs4_acl(const char *fname, SMB4ACL_T **ppacl)
return 0; return 0;
} }
static size_t gpfsacl_get_nt_acl_common(files_struct *fsp, static NTSTATUS gpfsacl_get_nt_acl_common(files_struct *fsp,
uint32 security_info, SEC_DESC **ppdesc) uint32 security_info, SEC_DESC **ppdesc)
{ {
SMB4ACL_T *pacl = NULL; SMB4ACL_T *pacl = NULL;
@ -244,17 +244,17 @@ static size_t gpfsacl_get_nt_acl_common(files_struct *fsp,
} }
/* GPFS ACL was not read, something wrong happened, error code is set in errno */ /* GPFS ACL was not read, something wrong happened, error code is set in errno */
return 0; return map_nt_error_from_unix(errno);
} }
size_t gpfsacl_fget_nt_acl(vfs_handle_struct *handle, NTSTATUS gpfsacl_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, int fd, uint32 security_info, files_struct *fsp, int fd, uint32 security_info,
SEC_DESC **ppdesc) SEC_DESC **ppdesc)
{ {
return gpfsacl_get_nt_acl_common(fsp, security_info, ppdesc); return gpfsacl_get_nt_acl_common(fsp, security_info, ppdesc);
} }
size_t gpfsacl_get_nt_acl(vfs_handle_struct *handle, NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, const char *name, files_struct *fsp, const char *name,
uint32 security_info, SEC_DESC **ppdesc) uint32 security_info, SEC_DESC **ppdesc)
{ {

16
source/modules/vfs_zfsacl.c
View File

@ -34,7 +34,7 @@
* read the local file's acls and return it in NT form * read the local file's acls and return it in NT form
* using the NFSv4 format conversion * using the NFSv4 format conversion
*/ */
static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, static NTSTATUS zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
struct security_descriptor **ppdesc) struct security_descriptor **ppdesc)
{ {
int naces, i; int naces, i;
@ -50,20 +50,19 @@ static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", fsp->fsp_name, DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", fsp->fsp_name,
strerror(errno))); strerror(errno)));
} }
return 0; return map_nt_error_from_unix(errno);
} }
/* allocate the field of ZFS aces */ /* allocate the field of ZFS aces */
mem_ctx = talloc_tos(); mem_ctx = talloc_tos();
acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces); acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces);
if(acebuf == NULL) { if(acebuf == NULL) {
errno = ENOMEM; return NT_STATUS_NO_MEMORY;
return 0;
} }
/* read the aces into the field */ /* read the aces into the field */
if(acl(fsp->fsp_name, ACE_GETACL, naces, acebuf) < 0) { if(acl(fsp->fsp_name, ACE_GETACL, naces, acebuf) < 0) {
DEBUG(9, ("acl(ACE_GETACL, %s): %s ", fsp->fsp_name, DEBUG(9, ("acl(ACE_GETACL, %s): %s ", fsp->fsp_name,
strerror(errno))); strerror(errno)));
return 0; return map_nt_error_from_unix(errno);
} }
/* create SMB4ACL data */ /* create SMB4ACL data */
if((pacl = smb_create_smb4acl()) == NULL) return 0; if((pacl = smb_create_smb4acl()) == NULL) return 0;
@ -87,7 +86,8 @@ static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
} else { } else {
aceprop.flags = 0; aceprop.flags = 0;
} }
if(smb_add_ace4(pacl, &aceprop) == NULL) return 0; if(smb_add_ace4(pacl, &aceprop) == NULL)
return NT_STATUS_NO_MEMORY;
} }
return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl); return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
@ -164,7 +164,7 @@ static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
zfs_process_smbacl); zfs_process_smbacl);
} }
static size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp, struct files_struct *fsp,
int fd, uint32 security_info, int fd, uint32 security_info,
struct security_descriptor **ppdesc) struct security_descriptor **ppdesc)
@ -172,7 +172,7 @@ static size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
return zfs_get_nt_acl(fsp, security_info, ppdesc); return zfs_get_nt_acl(fsp, security_info, ppdesc);
} }
static size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle, static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp, struct files_struct *fsp,
const char *name, uint32 security_info, const char *name, uint32 security_info,
struct security_descriptor **ppdesc) struct security_descriptor **ppdesc)

11
source/rpc_server/srv_srvsvc_nt.c
View File

@ -2050,14 +2050,19 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC
goto error_exit; goto error_exit;
} }
sd_size = SMB_VFS_GET_NT_ACL(fsp, fsp->fsp_name, (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd); nt_status = SMB_VFS_GET_NT_ACL(fsp, fsp->fsp_name,
(OWNER_SECURITY_INFORMATION
|GROUP_SECURITY_INFORMATION
|DACL_SECURITY_INFORMATION), &psd);
if (sd_size == 0) { if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(3,("_srv_net_file_query_secdesc: Unable to get NT ACL for file %s\n", filename)); DEBUG(3,("_srv_net_file_query_secdesc: Unable to get NT ACL for file %s\n", filename));
r_u->status = WERR_ACCESS_DENIED; r_u->status = ntstatus_to_werror(nt_status);
goto error_exit; goto error_exit;
} }
sd_size = sec_desc_size(psd);
r_u->ptr_response = 1; r_u->ptr_response = 1;
r_u->size_response = sd_size; r_u->size_response = sd_size;
r_u->ptr_secdesc = 1; r_u->ptr_secdesc = 1;

11
source/smbd/dir.c
View File

@ -911,7 +911,6 @@ bool get_dir_entry(TALLOC_CTX *ctx,
static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst) static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst)
{ {
SEC_DESC *psd = NULL; SEC_DESC *psd = NULL;
size_t sd_size;
files_struct *fsp; files_struct *fsp;
NTSTATUS status; NTSTATUS status;
uint32 access_granted; uint32 access_granted;
@ -951,12 +950,12 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S
} }
/* Get NT ACL -allocated in main loop talloc context. No free needed here. */ /* Get NT ACL -allocated in main loop talloc context. No free needed here. */
sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd); (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
close_file(fsp, NORMAL_CLOSE); close_file(fsp, NORMAL_CLOSE);
/* No access if SD get failed. */ /* No access if SD get failed. */
if (!sd_size) { if (!NT_STATUS_IS_OK(status)) {
return False; return False;
} }
@ -974,7 +973,6 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S
static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst) static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst)
{ {
SEC_DESC *psd = NULL; SEC_DESC *psd = NULL;
size_t sd_size;
files_struct *fsp; files_struct *fsp;
int info; int info;
NTSTATUS status; NTSTATUS status;
@ -1014,13 +1012,14 @@ static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_
} }
/* Get NT ACL -allocated in main loop talloc context. No free needed here. */ /* Get NT ACL -allocated in main loop talloc context. No free needed here. */
sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd); (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
close_file(fsp, NORMAL_CLOSE); close_file(fsp, NORMAL_CLOSE);
/* No access if SD get failed. */ /* No access if SD get failed. */
if (!sd_size) if (!NT_STATUS_IS_OK(status)) {
return False; return False;
}
return se_access_check(psd, current_user.nt_user_token, FILE_WRITE_DATA, return se_access_check(psd, current_user.nt_user_token, FILE_WRITE_DATA,
&access_granted, &status); &access_granted, &status);

15
source/smbd/file_access.c
View File

@ -41,7 +41,6 @@ static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx,
NTSTATUS status; NTSTATUS status;
struct files_struct *fsp = NULL; struct files_struct *fsp = NULL;
struct security_descriptor *secdesc = NULL; struct security_descriptor *secdesc = NULL;
size_t secdesc_size;
if (!VALID_STAT(*psbuf)) { if (!VALID_STAT(*psbuf)) {
if (SMB_VFS_STAT(conn, fname, psbuf) != 0) { if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
@ -70,14 +69,14 @@ static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx,
return status; return status;
} }
secdesc_size = SMB_VFS_GET_NT_ACL(fsp, fname, status = SMB_VFS_GET_NT_ACL(fsp, fname,
(OWNER_SECURITY_INFORMATION | (OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION), DACL_SECURITY_INFORMATION),
&secdesc); &secdesc);
if (secdesc_size == 0) { if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("Unable to get NT ACL for file %s\n", fname)); DEBUG(5, ("Unable to get NT ACL for file %s\n", fname));
return NT_STATUS_ACCESS_DENIED; return status;
} }
*psd = talloc_move(mem_ctx, &secdesc); *psd = talloc_move(mem_ctx, &secdesc);

18
source/smbd/nttrans.c
View File

@ -2302,17 +2302,17 @@ static void call_nt_transact_rename(connection_struct *conn,
Fake up a completely empty SD. Fake up a completely empty SD.
*******************************************************************************/ *******************************************************************************/
static size_t get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd) static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
{ {
size_t sd_size; size_t sd_size;
*ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size); *ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size);
if(!*ppsd) { if(!*ppsd) {
DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n")); DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
sd_size = 0; return NT_STATUS_NO_MEMORY;
} }
return sd_size; return NT_STATUS_OK;
} }
/**************************************************************************** /****************************************************************************
@ -2337,6 +2337,7 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
uint32 security_info_wanted; uint32 security_info_wanted;
TALLOC_CTX *mem_ctx; TALLOC_CTX *mem_ctx;
files_struct *fsp = NULL; files_struct *fsp = NULL;
NTSTATUS status;
if(parameter_count < 8) { if(parameter_count < 8) {
reply_doserror(req, ERRDOS, ERRbadfunc); reply_doserror(req, ERRDOS, ERRbadfunc);
@ -2371,17 +2372,20 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
*/ */
if (!lp_nt_acl_support(SNUM(conn))) { if (!lp_nt_acl_support(SNUM(conn))) {
sd_size = get_null_nt_acl(mem_ctx, &psd); status = get_null_nt_acl(mem_ctx, &psd);
} else { } else {
sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, security_info_wanted, &psd); status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
security_info_wanted, &psd);
} }
if (sd_size == 0) { if (!NT_STATUS_IS_OK(status)) {
talloc_destroy(mem_ctx); talloc_destroy(mem_ctx);
reply_unixerror(req, ERRDOS, ERRnoaccess); reply_nterror(req, status);
return; return;
} }
sd_size = sec_desc_size(psd);
DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size)); DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size));
SIVAL(params,0,(uint32)sd_size); SIVAL(params,0,(uint32)sd_size);

20
source/smbd/posix_acls.c
View File

@ -2728,7 +2728,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces)
the UNIX style get ACL. the UNIX style get ACL.
****************************************************************************/ ****************************************************************************/
size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) NTSTATUS get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
{ {
connection_struct *conn = fsp->conn; connection_struct *conn = fsp->conn;
SMB_STRUCT_STAT sbuf; SMB_STRUCT_STAT sbuf;
@ -2756,7 +2756,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
/* Get the stat struct for the owner info. */ /* Get the stat struct for the owner info. */
if(SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf) != 0) { if(SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf) != 0) {
return 0; return map_nt_error_from_unix(errno);
} }
/* /*
* Get the ACL from the path. * Get the ACL from the path.
@ -2777,7 +2777,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
/* Get the stat struct for the owner info. */ /* Get the stat struct for the owner info. */
if(SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) != 0) { if(SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) != 0) {
return 0; return map_nt_error_from_unix(errno);
} }
/* /*
* Get the ACL from the fd. * Get the ACL from the fd.
@ -3027,7 +3027,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
free_inherited_info(pal); free_inherited_info(pal);
SAFE_FREE(nt_ace_list); SAFE_FREE(nt_ace_list);
return sd_size; return NT_STATUS_OK;
} }
/**************************************************************************** /****************************************************************************
@ -3174,7 +3174,6 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
SMB_STRUCT_STAT sbuf; SMB_STRUCT_STAT sbuf;
NTSTATUS status; NTSTATUS status;
int info; int info;
size_t sd_size;
unsigned int i, j; unsigned int i, j;
mode_t unx_mode; mode_t unx_mode;
@ -3213,13 +3212,13 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
return status; return status;
} }
sd_size = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name, status = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name,
DACL_SECURITY_INFORMATION, &parent_sd ); DACL_SECURITY_INFORMATION, &parent_sd );
close_file(parent_fsp, NORMAL_CLOSE); close_file(parent_fsp, NORMAL_CLOSE);
if (!sd_size) { if (!NT_STATUS_IS_OK(status)) {
return NT_STATUS_ACCESS_DENIED; return status;
} }
/* /*
@ -4174,7 +4173,8 @@ SEC_DESC *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname)
finfo.fh->fd = -1; finfo.fh->fd = -1;
finfo.fsp_name = CONST_DISCARD(char *,fname); finfo.fsp_name = CONST_DISCARD(char *,fname);
if (get_nt_acl( &finfo, DACL_SECURITY_INFORMATION, &psd ) == 0) { if (!NT_STATUS_IS_OK(get_nt_acl( &finfo, DACL_SECURITY_INFORMATION,
&psd ))) {
DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n")); DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n"));
conn_free_internal( &conn ); conn_free_internal( &conn );
return NULL; return NULL;