From 15953b82eb3b49d736b4b835b1d0d3cf0da0bff8 Mon Sep 17 00:00:00 2001 From: Volker Lendecke Date: Sat, 13 Oct 2007 21:06:49 +0200 Subject: [PATCH] Make [f]get_nt_acl return NTSTATUS (This used to be commit dcbe1bf942d017a3cd5084c6ef605a13912f795b) --- source3/include/vfs.h | 12 ++++++++++-- source3/modules/nfs4_acls.c | 20 ++++++++++++-------- source3/modules/vfs_afsacl.c | 24 ++++++++++++------------ source3/modules/vfs_aixacl2.c | 8 ++++---- source3/modules/vfs_catia.c | 2 +- source3/modules/vfs_default.c | 12 ++++++++---- source3/modules/vfs_full_audit.c | 22 ++++++++++++---------- source3/modules/vfs_gpfs.c | 8 ++++---- source3/modules/vfs_zfsacl.c | 16 ++++++++-------- source3/rpc_server/srv_srvsvc_nt.c | 11 ++++++++--- source3/smbd/dir.c | 11 +++++------ source3/smbd/file_access.c | 15 +++++++-------- source3/smbd/nttrans.c | 18 +++++++++++------- source3/smbd/posix_acls.c | 20 ++++++++++---------- 14 files changed, 112 insertions(+), 87 deletions(-) diff --git a/source3/include/vfs.h b/source3/include/vfs.h index 03af04d1e3e..b45320dd872 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -74,6 +74,7 @@ /* Leave at 22 - not yet released. Add file_id_create operation. --metze */ /* Leave at 22 - not yet released. Change all BOOL parameters (int) to bool. jra. */ /* Leave at 22 - not yet released. Added recvfile. */ +/* Leave at 22 - not yet released. Change get_nt_acl to return NTSTATUS - vl */ #define SMB_VFS_INTERFACE_VERSION 22 @@ -305,8 +306,15 @@ struct vfs_ops { /* NT ACL operations. */ - size_t (*fget_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, struct security_descriptor **ppdesc); - size_t (*get_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc); + NTSTATUS (*fget_nt_acl)(struct vfs_handle_struct *handle, + struct files_struct *fsp, int fd, + uint32 security_info, + struct security_descriptor **ppdesc); + NTSTATUS (*get_nt_acl)(struct vfs_handle_struct *handle, + struct files_struct *fsp, + const char *name, + uint32 security_info, + struct security_descriptor **ppdesc); NTSTATUS (*fset_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor *psd); NTSTATUS (*set_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor *psd); diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index 2d81739203d..207c2ab537c 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -257,7 +257,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */ return True; } -size_t smb_get_nt_acl_nfs4(files_struct *fsp, +NTSTATUS smb_get_nt_acl_nfs4(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc, SMB4ACL_T *acl) { @@ -272,23 +272,25 @@ size_t smb_get_nt_acl_nfs4(files_struct *fsp, DEBUG(10, ("smb_get_nt_acl_nfs4 invoked for %s\n", fsp->fsp_name)); if (acl==NULL || smb_get_naces(acl)==0) - return 0; /* special because we shouldn't alloc 0 for win */ + return NT_STATUS_ACCESS_DENIED; /* special because we + * shouldn't alloc 0 for + * win */ if (smbacl4_GetFileOwner(fsp, &sbuf)) - return 0; + return map_nt_error_from_unix(errno); uid_to_sid(&sid_owner, sbuf.st_uid); gid_to_sid(&sid_group, sbuf.st_gid); if (smbacl4_nfs42win(mem_ctx, acl, &sid_owner, &sid_group, &nt_ace_list, &good_aces)==False) { DEBUG(8,("smbacl4_nfs42win failed\n")); - return 0; + return map_nt_error_from_unix(errno); } psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, good_aces, nt_ace_list); if (psa == NULL) { DEBUG(2,("make_sec_acl failed\n")); - return 0; + return NT_STATUS_NO_MEMORY; } DEBUG(10,("after make sec_acl\n")); @@ -298,11 +300,13 @@ size_t smb_get_nt_acl_nfs4(files_struct *fsp, NULL, psa, &sd_size); if (*ppdesc==NULL) { DEBUG(2,("make_sec_desc failed\n")); - return 0; + return NT_STATUS_NO_MEMORY; } - DEBUG(10, ("smb_get_nt_acl_nfs4 successfully exited with sd_size %d\n", sd_size)); - return sd_size; + DEBUG(10, ("smb_get_nt_acl_nfs4 successfully exited with sd_size %d\n", + sec_desc_size(*ppdesc))); + + return NT_STATUS_OK; } enum smbacl4_mode_enum {e_simple=0, e_special=1}; diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index a1043d6f6ad..eac70f4f208 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -829,8 +829,8 @@ static bool afs_get_afs_acl(char *filename, struct afs_acl *acl) return True; } -static size_t afs_get_nt_acl(struct files_struct *fsp, uint32 security_info, - struct security_descriptor **ppdesc) +static NTSTATUS afs_get_nt_acl(struct files_struct *fsp, uint32 security_info, + struct security_descriptor **ppdesc) { struct afs_acl acl; size_t sd_size; @@ -840,14 +840,14 @@ static size_t afs_get_nt_acl(struct files_struct *fsp, uint32 security_info, sidpts = lp_parm_bool(SNUM(fsp->conn), "afsacl", "sidpts", False); if (!afs_get_afs_acl(fsp->fsp_name, &acl)) { - return 0; + return NT_STATUS_ACCESS_DENIED; } sd_size = afs_to_nt_acl(&acl, fsp, security_info, ppdesc); free_afs_acl(&acl); - return sd_size; + return (sd_size != 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; } /* For setting an AFS ACL we have to take care of the ACEs we could @@ -982,17 +982,17 @@ static NTSTATUS afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, return (ret == 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; } -static size_t afsacl_fget_nt_acl(struct vfs_handle_struct *handle, - struct files_struct *fsp, - int fd, uint32 security_info, - struct security_descriptor **ppdesc) +static NTSTATUS afsacl_fget_nt_acl(struct vfs_handle_struct *handle, + struct files_struct *fsp, + int fd, uint32 security_info, + struct security_descriptor **ppdesc) { return afs_get_nt_acl(fsp, security_info, ppdesc); } -static size_t afsacl_get_nt_acl(struct vfs_handle_struct *handle, - struct files_struct *fsp, - const char *name, uint32 security_info, - struct security_descriptor **ppdesc) +static NTSTATUS afsacl_get_nt_acl(struct vfs_handle_struct *handle, + struct files_struct *fsp, + const char *name, uint32 security_info, + struct security_descriptor **ppdesc) { return afs_get_nt_acl(fsp, security_info, ppdesc); } diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c index 058fef1d1b0..756977df4f3 100644 --- a/source3/modules/vfs_aixacl2.c +++ b/source3/modules/vfs_aixacl2.c @@ -158,7 +158,7 @@ static bool aixjfs2_get_nfs4_acl(files_struct *fsp, return True; } -static size_t aixjfs2_get_nt_acl_common(files_struct *fsp, +static NTSTATUS aixjfs2_get_nt_acl_common(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) { SMB4ACL_T *pacl = NULL; @@ -173,19 +173,19 @@ static size_t aixjfs2_get_nt_acl_common(files_struct *fsp, return get_nt_acl(fsp, security_info, ppdesc); } if (result==False) - return 0; + return NT_STATUS_ACCESS_DENIED; return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl); } -size_t aixjfs2_fget_nt_acl(vfs_handle_struct *handle, +NTSTATUS aixjfs2_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info, SEC_DESC **ppdesc) { return aixjfs2_get_nt_acl_common(fsp, security_info, ppdesc); } -size_t aixjfs2_get_nt_acl(vfs_handle_struct *handle, +NTSTATUS aixjfs2_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, SEC_DESC **ppdesc) { diff --git a/source3/modules/vfs_catia.c b/source3/modules/vfs_catia.c index 1f5a0163bcc..dbb9550dbfe 100644 --- a/source3/modules/vfs_catia.c +++ b/source3/modules/vfs_catia.c @@ -229,7 +229,7 @@ static char *catia_realpath(vfs_handle_struct *handle, return SMB_VFS_NEXT_REALPATH(handle, path, resolved_path); } -static size_t catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc) { diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 8c2bbfea96e..cce5430493e 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -943,9 +943,11 @@ static struct file_id vfswrap_file_id_create(struct vfs_handle_struct *handle, S return file_id_create_dev(dev, inode); } -static size_t vfswrap_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info, SEC_DESC **ppdesc) +static NTSTATUS vfswrap_fget_nt_acl(vfs_handle_struct *handle, + files_struct *fsp, int fd, + uint32 security_info, SEC_DESC **ppdesc) { - size_t result; + NTSTATUS result; START_PROFILE(fget_nt_acl); result = get_nt_acl(fsp, security_info, ppdesc); @@ -953,9 +955,11 @@ static size_t vfswrap_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, return result; } -static size_t vfswrap_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, SEC_DESC **ppdesc) +static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle, + files_struct *fsp, const char *name, + uint32 security_info, SEC_DESC **ppdesc) { - size_t result; + NTSTATUS result; START_PROFILE(get_nt_acl); result = get_nt_acl(fsp, security_info, ppdesc); diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index c8a82e3d9ac..0f84c4de173 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -190,10 +190,10 @@ static int smb_full_audit_chflags(vfs_handle_struct *handle, const char *path, unsigned int flags); static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle, SMB_DEV_T dev, SMB_INO_T inode); -static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info, SEC_DESC **ppdesc); -static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, SEC_DESC **ppdesc); static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, @@ -1510,31 +1510,33 @@ static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *ha return result; } -static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info, SEC_DESC **ppdesc) { - size_t result; + NTSTATUS result; result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info, ppdesc); - do_log(SMB_VFS_OP_FGET_NT_ACL, (result > 0), handle, + do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name); return result; } -static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, - const char *name, uint32 security_info, - SEC_DESC **ppdesc) +static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, + files_struct *fsp, + const char *name, + uint32 security_info, + SEC_DESC **ppdesc) { - size_t result; + NTSTATUS result; result = SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info, ppdesc); - do_log(SMB_VFS_OP_GET_NT_ACL, (result > 0), handle, + do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name); return result; diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c index 0188e380e93..c207bbfe2dd 100644 --- a/source3/modules/vfs_gpfs.c +++ b/source3/modules/vfs_gpfs.c @@ -226,7 +226,7 @@ static int gpfs_get_nfs4_acl(const char *fname, SMB4ACL_T **ppacl) return 0; } -static size_t gpfsacl_get_nt_acl_common(files_struct *fsp, +static NTSTATUS gpfsacl_get_nt_acl_common(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) { SMB4ACL_T *pacl = NULL; @@ -244,17 +244,17 @@ static size_t gpfsacl_get_nt_acl_common(files_struct *fsp, } /* GPFS ACL was not read, something wrong happened, error code is set in errno */ - return 0; + return map_nt_error_from_unix(errno); } -size_t gpfsacl_fget_nt_acl(vfs_handle_struct *handle, +NTSTATUS gpfsacl_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info, SEC_DESC **ppdesc) { return gpfsacl_get_nt_acl_common(fsp, security_info, ppdesc); } -size_t gpfsacl_get_nt_acl(vfs_handle_struct *handle, +NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, SEC_DESC **ppdesc) { diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index a8170220328..d265931cf2a 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -34,7 +34,7 @@ * read the local file's acls and return it in NT form * using the NFSv4 format conversion */ -static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, +static NTSTATUS zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, struct security_descriptor **ppdesc) { int naces, i; @@ -50,20 +50,19 @@ static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", fsp->fsp_name, strerror(errno))); } - return 0; + return map_nt_error_from_unix(errno); } /* allocate the field of ZFS aces */ mem_ctx = talloc_tos(); acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces); if(acebuf == NULL) { - errno = ENOMEM; - return 0; + return NT_STATUS_NO_MEMORY; } /* read the aces into the field */ if(acl(fsp->fsp_name, ACE_GETACL, naces, acebuf) < 0) { DEBUG(9, ("acl(ACE_GETACL, %s): %s ", fsp->fsp_name, strerror(errno))); - return 0; + return map_nt_error_from_unix(errno); } /* create SMB4ACL data */ if((pacl = smb_create_smb4acl()) == NULL) return 0; @@ -87,7 +86,8 @@ static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info, } else { aceprop.flags = 0; } - if(smb_add_ace4(pacl, &aceprop) == NULL) return 0; + if(smb_add_ace4(pacl, &aceprop) == NULL) + return NT_STATUS_NO_MEMORY; } return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl); @@ -164,7 +164,7 @@ static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, zfs_process_smbacl); } -static size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, +static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, struct security_descriptor **ppdesc) @@ -172,7 +172,7 @@ static size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, return zfs_get_nt_acl(fsp, security_info, ppdesc); } -static size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle, +static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc) diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 55c30c5315a..5a3c451cdea 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -2050,14 +2050,19 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC goto error_exit; } - sd_size = SMB_VFS_GET_NT_ACL(fsp, fsp->fsp_name, (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd); + nt_status = SMB_VFS_GET_NT_ACL(fsp, fsp->fsp_name, + (OWNER_SECURITY_INFORMATION + |GROUP_SECURITY_INFORMATION + |DACL_SECURITY_INFORMATION), &psd); - if (sd_size == 0) { + if (!NT_STATUS_IS_OK(nt_status)) { DEBUG(3,("_srv_net_file_query_secdesc: Unable to get NT ACL for file %s\n", filename)); - r_u->status = WERR_ACCESS_DENIED; + r_u->status = ntstatus_to_werror(nt_status); goto error_exit; } + sd_size = sec_desc_size(psd); + r_u->ptr_response = 1; r_u->size_response = sd_size; r_u->ptr_secdesc = 1; diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index f6a8b27ab41..05679ee0ee0 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -911,7 +911,6 @@ bool get_dir_entry(TALLOC_CTX *ctx, static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst) { SEC_DESC *psd = NULL; - size_t sd_size; files_struct *fsp; NTSTATUS status; uint32 access_granted; @@ -951,12 +950,12 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S } /* Get NT ACL -allocated in main loop talloc context. No free needed here. */ - sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, + status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd); close_file(fsp, NORMAL_CLOSE); /* No access if SD get failed. */ - if (!sd_size) { + if (!NT_STATUS_IS_OK(status)) { return False; } @@ -974,7 +973,6 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst) { SEC_DESC *psd = NULL; - size_t sd_size; files_struct *fsp; int info; NTSTATUS status; @@ -1014,13 +1012,14 @@ static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_ } /* Get NT ACL -allocated in main loop talloc context. No free needed here. */ - sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, + status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd); close_file(fsp, NORMAL_CLOSE); /* No access if SD get failed. */ - if (!sd_size) + if (!NT_STATUS_IS_OK(status)) { return False; + } return se_access_check(psd, current_user.nt_user_token, FILE_WRITE_DATA, &access_granted, &status); diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 121e7f79a9b..46472665e5f 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -41,7 +41,6 @@ static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx, NTSTATUS status; struct files_struct *fsp = NULL; struct security_descriptor *secdesc = NULL; - size_t secdesc_size; if (!VALID_STAT(*psbuf)) { if (SMB_VFS_STAT(conn, fname, psbuf) != 0) { @@ -70,14 +69,14 @@ static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx, return status; } - secdesc_size = SMB_VFS_GET_NT_ACL(fsp, fname, - (OWNER_SECURITY_INFORMATION | - GROUP_SECURITY_INFORMATION | - DACL_SECURITY_INFORMATION), - &secdesc); - if (secdesc_size == 0) { + status = SMB_VFS_GET_NT_ACL(fsp, fname, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION), + &secdesc); + if (!NT_STATUS_IS_OK(status)) { DEBUG(5, ("Unable to get NT ACL for file %s\n", fname)); - return NT_STATUS_ACCESS_DENIED; + return status; } *psd = talloc_move(mem_ctx, &secdesc); diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index f07d64eded0..d03abaeadbb 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -2302,17 +2302,17 @@ static void call_nt_transact_rename(connection_struct *conn, Fake up a completely empty SD. *******************************************************************************/ -static size_t get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd) +static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd) { size_t sd_size; *ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size); if(!*ppsd) { DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n")); - sd_size = 0; + return NT_STATUS_NO_MEMORY; } - return sd_size; + return NT_STATUS_OK; } /**************************************************************************** @@ -2337,6 +2337,7 @@ static void call_nt_transact_query_security_desc(connection_struct *conn, uint32 security_info_wanted; TALLOC_CTX *mem_ctx; files_struct *fsp = NULL; + NTSTATUS status; if(parameter_count < 8) { reply_doserror(req, ERRDOS, ERRbadfunc); @@ -2371,17 +2372,20 @@ static void call_nt_transact_query_security_desc(connection_struct *conn, */ if (!lp_nt_acl_support(SNUM(conn))) { - sd_size = get_null_nt_acl(mem_ctx, &psd); + status = get_null_nt_acl(mem_ctx, &psd); } else { - sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, security_info_wanted, &psd); + status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, + security_info_wanted, &psd); } - if (sd_size == 0) { + if (!NT_STATUS_IS_OK(status)) { talloc_destroy(mem_ctx); - reply_unixerror(req, ERRDOS, ERRnoaccess); + reply_nterror(req, status); return; } + sd_size = sec_desc_size(psd); + DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size)); SIVAL(params,0,(uint32)sd_size); diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 6e7dae48927..27953a20510 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -2728,7 +2728,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces) the UNIX style get ACL. ****************************************************************************/ -size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) +NTSTATUS get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) { connection_struct *conn = fsp->conn; SMB_STRUCT_STAT sbuf; @@ -2756,7 +2756,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) /* Get the stat struct for the owner info. */ if(SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf) != 0) { - return 0; + return map_nt_error_from_unix(errno); } /* * Get the ACL from the path. @@ -2777,7 +2777,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) /* Get the stat struct for the owner info. */ if(SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) != 0) { - return 0; + return map_nt_error_from_unix(errno); } /* * Get the ACL from the fd. @@ -3027,7 +3027,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) free_inherited_info(pal); SAFE_FREE(nt_ace_list); - return sd_size; + return NT_STATUS_OK; } /**************************************************************************** @@ -3174,7 +3174,6 @@ static NTSTATUS append_parent_acl(files_struct *fsp, SMB_STRUCT_STAT sbuf; NTSTATUS status; int info; - size_t sd_size; unsigned int i, j; mode_t unx_mode; @@ -3213,13 +3212,13 @@ static NTSTATUS append_parent_acl(files_struct *fsp, return status; } - sd_size = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name, - DACL_SECURITY_INFORMATION, &parent_sd ); + status = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name, + DACL_SECURITY_INFORMATION, &parent_sd ); close_file(parent_fsp, NORMAL_CLOSE); - if (!sd_size) { - return NT_STATUS_ACCESS_DENIED; + if (!NT_STATUS_IS_OK(status)) { + return status; } /* @@ -4174,7 +4173,8 @@ SEC_DESC *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname) finfo.fh->fd = -1; finfo.fsp_name = CONST_DISCARD(char *,fname); - if (get_nt_acl( &finfo, DACL_SECURITY_INFORMATION, &psd ) == 0) { + if (!NT_STATUS_IS_OK(get_nt_acl( &finfo, DACL_SECURITY_INFORMATION, + &psd ))) { DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n")); conn_free_internal( &conn ); return NULL; -- 2.34.1