/* Leave at 22 - not yet released. Add file_id_create operation. --metze */
/* Leave at 22 - not yet released. Change all BOOL parameters (int) to bool. jra. */
/* Leave at 22 - not yet released. Added recvfile. */
+/* Leave at 22 - not yet released. Change get_nt_acl to return NTSTATUS - vl */
#define SMB_VFS_INTERFACE_VERSION 22
/* NT ACL operations. */
- size_t (*fget_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, struct security_descriptor **ppdesc);
- size_t (*get_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc);
+ NTSTATUS (*fget_nt_acl)(struct vfs_handle_struct *handle,
+ struct files_struct *fsp, int fd,
+ uint32 security_info,
+ struct security_descriptor **ppdesc);
+ NTSTATUS (*get_nt_acl)(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name,
+ uint32 security_info,
+ struct security_descriptor **ppdesc);
NTSTATUS (*fset_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor *psd);
NTSTATUS (*set_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor *psd);
return True;
}
-size_t smb_get_nt_acl_nfs4(files_struct *fsp,
+NTSTATUS smb_get_nt_acl_nfs4(files_struct *fsp,
uint32 security_info,
SEC_DESC **ppdesc, SMB4ACL_T *acl)
{
DEBUG(10, ("smb_get_nt_acl_nfs4 invoked for %s\n", fsp->fsp_name));
if (acl==NULL || smb_get_naces(acl)==0)
- return 0; /* special because we shouldn't alloc 0 for win */
+ return NT_STATUS_ACCESS_DENIED; /* special because we
+ * shouldn't alloc 0 for
+ * win */
if (smbacl4_GetFileOwner(fsp, &sbuf))
- return 0;
+ return map_nt_error_from_unix(errno);
uid_to_sid(&sid_owner, sbuf.st_uid);
gid_to_sid(&sid_group, sbuf.st_gid);
if (smbacl4_nfs42win(mem_ctx, acl, &sid_owner, &sid_group, &nt_ace_list, &good_aces)==False) {
DEBUG(8,("smbacl4_nfs42win failed\n"));
- return 0;
+ return map_nt_error_from_unix(errno);
}
psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, good_aces, nt_ace_list);
if (psa == NULL) {
DEBUG(2,("make_sec_acl failed\n"));
- return 0;
+ return NT_STATUS_NO_MEMORY;
}
DEBUG(10,("after make sec_acl\n"));
NULL, psa, &sd_size);
if (*ppdesc==NULL) {
DEBUG(2,("make_sec_desc failed\n"));
- return 0;
+ return NT_STATUS_NO_MEMORY;
}
- DEBUG(10, ("smb_get_nt_acl_nfs4 successfully exited with sd_size %d\n", sd_size));
- return sd_size;
+ DEBUG(10, ("smb_get_nt_acl_nfs4 successfully exited with sd_size %d\n",
+ sec_desc_size(*ppdesc)));
+
+ return NT_STATUS_OK;
}
enum smbacl4_mode_enum {e_simple=0, e_special=1};
return True;
}
-static size_t afs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
- struct security_descriptor **ppdesc)
+static NTSTATUS afs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
+ struct security_descriptor **ppdesc)
{
struct afs_acl acl;
size_t sd_size;
sidpts = lp_parm_bool(SNUM(fsp->conn), "afsacl", "sidpts", False);
if (!afs_get_afs_acl(fsp->fsp_name, &acl)) {
- return 0;
+ return NT_STATUS_ACCESS_DENIED;
}
sd_size = afs_to_nt_acl(&acl, fsp, security_info, ppdesc);
free_afs_acl(&acl);
- return sd_size;
+ return (sd_size != 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
}
/* For setting an AFS ACL we have to take care of the ACEs we could
return (ret == 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
}
-static size_t afsacl_fget_nt_acl(struct vfs_handle_struct *handle,
- struct files_struct *fsp,
- int fd, uint32 security_info,
- struct security_descriptor **ppdesc)
+static NTSTATUS afsacl_fget_nt_acl(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ int fd, uint32 security_info,
+ struct security_descriptor **ppdesc)
{
return afs_get_nt_acl(fsp, security_info, ppdesc);
}
-static size_t afsacl_get_nt_acl(struct vfs_handle_struct *handle,
- struct files_struct *fsp,
- const char *name, uint32 security_info,
- struct security_descriptor **ppdesc)
+static NTSTATUS afsacl_get_nt_acl(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name, uint32 security_info,
+ struct security_descriptor **ppdesc)
{
return afs_get_nt_acl(fsp, security_info, ppdesc);
}
return True;
}
-static size_t aixjfs2_get_nt_acl_common(files_struct *fsp,
+static NTSTATUS aixjfs2_get_nt_acl_common(files_struct *fsp,
uint32 security_info, SEC_DESC **ppdesc)
{
SMB4ACL_T *pacl = NULL;
return get_nt_acl(fsp, security_info, ppdesc);
}
if (result==False)
- return 0;
+ return NT_STATUS_ACCESS_DENIED;
return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
}
-size_t aixjfs2_fget_nt_acl(vfs_handle_struct *handle,
+NTSTATUS aixjfs2_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, int fd, uint32 security_info,
SEC_DESC **ppdesc)
{
return aixjfs2_get_nt_acl_common(fsp, security_info, ppdesc);
}
-size_t aixjfs2_get_nt_acl(vfs_handle_struct *handle,
+NTSTATUS aixjfs2_get_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, const char *name,
uint32 security_info, SEC_DESC **ppdesc)
{
return SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
}
-static size_t catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
const char *name, uint32 security_info,
struct security_descriptor **ppdesc)
{
return file_id_create_dev(dev, inode);
}
-static size_t vfswrap_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info, SEC_DESC **ppdesc)
+static NTSTATUS vfswrap_fget_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp, int fd,
+ uint32 security_info, SEC_DESC **ppdesc)
{
- size_t result;
+ NTSTATUS result;
START_PROFILE(fget_nt_acl);
result = get_nt_acl(fsp, security_info, ppdesc);
return result;
}
-static size_t vfswrap_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, SEC_DESC **ppdesc)
+static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp, const char *name,
+ uint32 security_info, SEC_DESC **ppdesc)
{
- size_t result;
+ NTSTATUS result;
START_PROFILE(get_nt_acl);
result = get_nt_acl(fsp, security_info, ppdesc);
const char *path, unsigned int flags);
static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
SMB_DEV_T dev, SMB_INO_T inode);
-static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
int fd, uint32 security_info,
SEC_DESC **ppdesc);
-static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
const char *name, uint32 security_info,
SEC_DESC **ppdesc);
static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
return result;
}
-static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
int fd, uint32 security_info,
SEC_DESC **ppdesc)
{
- size_t result;
+ NTSTATUS result;
result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info,
ppdesc);
- do_log(SMB_VFS_OP_FGET_NT_ACL, (result > 0), handle,
+ do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
"%s", fsp->fsp_name);
return result;
}
-static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
- const char *name, uint32 security_info,
- SEC_DESC **ppdesc)
+static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ const char *name,
+ uint32 security_info,
+ SEC_DESC **ppdesc)
{
- size_t result;
+ NTSTATUS result;
result = SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info,
ppdesc);
- do_log(SMB_VFS_OP_GET_NT_ACL, (result > 0), handle,
+ do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
"%s", fsp->fsp_name);
return result;
return 0;
}
-static size_t gpfsacl_get_nt_acl_common(files_struct *fsp,
+static NTSTATUS gpfsacl_get_nt_acl_common(files_struct *fsp,
uint32 security_info, SEC_DESC **ppdesc)
{
SMB4ACL_T *pacl = NULL;
}
/* GPFS ACL was not read, something wrong happened, error code is set in errno */
- return 0;
+ return map_nt_error_from_unix(errno);
}
-size_t gpfsacl_fget_nt_acl(vfs_handle_struct *handle,
+NTSTATUS gpfsacl_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, int fd, uint32 security_info,
SEC_DESC **ppdesc)
{
return gpfsacl_get_nt_acl_common(fsp, security_info, ppdesc);
}
-size_t gpfsacl_get_nt_acl(vfs_handle_struct *handle,
+NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, const char *name,
uint32 security_info, SEC_DESC **ppdesc)
{
* read the local file's acls and return it in NT form
* using the NFSv4 format conversion
*/
-static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
+static NTSTATUS zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
struct security_descriptor **ppdesc)
{
int naces, i;
DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", fsp->fsp_name,
strerror(errno)));
}
- return 0;
+ return map_nt_error_from_unix(errno);
}
/* allocate the field of ZFS aces */
mem_ctx = talloc_tos();
acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces);
if(acebuf == NULL) {
- errno = ENOMEM;
- return 0;
+ return NT_STATUS_NO_MEMORY;
}
/* read the aces into the field */
if(acl(fsp->fsp_name, ACE_GETACL, naces, acebuf) < 0) {
DEBUG(9, ("acl(ACE_GETACL, %s): %s ", fsp->fsp_name,
strerror(errno)));
- return 0;
+ return map_nt_error_from_unix(errno);
}
/* create SMB4ACL data */
if((pacl = smb_create_smb4acl()) == NULL) return 0;
} else {
aceprop.flags = 0;
}
- if(smb_add_ace4(pacl, &aceprop) == NULL) return 0;
+ if(smb_add_ace4(pacl, &aceprop) == NULL)
+ return NT_STATUS_NO_MEMORY;
}
return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
zfs_process_smbacl);
}
-static size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
+static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp,
int fd, uint32 security_info,
struct security_descriptor **ppdesc)
return zfs_get_nt_acl(fsp, security_info, ppdesc);
}
-static size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
+static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp,
const char *name, uint32 security_info,
struct security_descriptor **ppdesc)
goto error_exit;
}
- sd_size = SMB_VFS_GET_NT_ACL(fsp, fsp->fsp_name, (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
+ nt_status = SMB_VFS_GET_NT_ACL(fsp, fsp->fsp_name,
+ (OWNER_SECURITY_INFORMATION
+ |GROUP_SECURITY_INFORMATION
+ |DACL_SECURITY_INFORMATION), &psd);
- if (sd_size == 0) {
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(3,("_srv_net_file_query_secdesc: Unable to get NT ACL for file %s\n", filename));
- r_u->status = WERR_ACCESS_DENIED;
+ r_u->status = ntstatus_to_werror(nt_status);
goto error_exit;
}
+ sd_size = sec_desc_size(psd);
+
r_u->ptr_response = 1;
r_u->size_response = sd_size;
r_u->ptr_secdesc = 1;
static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst)
{
SEC_DESC *psd = NULL;
- size_t sd_size;
files_struct *fsp;
NTSTATUS status;
uint32 access_granted;
}
/* Get NT ACL -allocated in main loop talloc context. No free needed here. */
- sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
+ status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
close_file(fsp, NORMAL_CLOSE);
/* No access if SD get failed. */
- if (!sd_size) {
+ if (!NT_STATUS_IS_OK(status)) {
return False;
}
static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst)
{
SEC_DESC *psd = NULL;
- size_t sd_size;
files_struct *fsp;
int info;
NTSTATUS status;
}
/* Get NT ACL -allocated in main loop talloc context. No free needed here. */
- sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
+ status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
close_file(fsp, NORMAL_CLOSE);
/* No access if SD get failed. */
- if (!sd_size)
+ if (!NT_STATUS_IS_OK(status)) {
return False;
+ }
return se_access_check(psd, current_user.nt_user_token, FILE_WRITE_DATA,
&access_granted, &status);
NTSTATUS status;
struct files_struct *fsp = NULL;
struct security_descriptor *secdesc = NULL;
- size_t secdesc_size;
if (!VALID_STAT(*psbuf)) {
if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
return status;
}
- secdesc_size = SMB_VFS_GET_NT_ACL(fsp, fname,
- (OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION),
- &secdesc);
- if (secdesc_size == 0) {
+ status = SMB_VFS_GET_NT_ACL(fsp, fname,
+ (OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION),
+ &secdesc);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("Unable to get NT ACL for file %s\n", fname));
- return NT_STATUS_ACCESS_DENIED;
+ return status;
}
*psd = talloc_move(mem_ctx, &secdesc);
Fake up a completely empty SD.
*******************************************************************************/
-static size_t get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
+static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
{
size_t sd_size;
*ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size);
if(!*ppsd) {
DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
- sd_size = 0;
+ return NT_STATUS_NO_MEMORY;
}
- return sd_size;
+ return NT_STATUS_OK;
}
/****************************************************************************
uint32 security_info_wanted;
TALLOC_CTX *mem_ctx;
files_struct *fsp = NULL;
+ NTSTATUS status;
if(parameter_count < 8) {
reply_doserror(req, ERRDOS, ERRbadfunc);
*/
if (!lp_nt_acl_support(SNUM(conn))) {
- sd_size = get_null_nt_acl(mem_ctx, &psd);
+ status = get_null_nt_acl(mem_ctx, &psd);
} else {
- sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, security_info_wanted, &psd);
+ status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
+ security_info_wanted, &psd);
}
- if (sd_size == 0) {
+ if (!NT_STATUS_IS_OK(status)) {
talloc_destroy(mem_ctx);
- reply_unixerror(req, ERRDOS, ERRnoaccess);
+ reply_nterror(req, status);
return;
}
+ sd_size = sec_desc_size(psd);
+
DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size));
SIVAL(params,0,(uint32)sd_size);
the UNIX style get ACL.
****************************************************************************/
-size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
+NTSTATUS get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
{
connection_struct *conn = fsp->conn;
SMB_STRUCT_STAT sbuf;
/* Get the stat struct for the owner info. */
if(SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf) != 0) {
- return 0;
+ return map_nt_error_from_unix(errno);
}
/*
* Get the ACL from the path.
/* Get the stat struct for the owner info. */
if(SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) != 0) {
- return 0;
+ return map_nt_error_from_unix(errno);
}
/*
* Get the ACL from the fd.
free_inherited_info(pal);
SAFE_FREE(nt_ace_list);
- return sd_size;
+ return NT_STATUS_OK;
}
/****************************************************************************
SMB_STRUCT_STAT sbuf;
NTSTATUS status;
int info;
- size_t sd_size;
unsigned int i, j;
mode_t unx_mode;
return status;
}
- sd_size = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name,
- DACL_SECURITY_INFORMATION, &parent_sd );
+ status = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name,
+ DACL_SECURITY_INFORMATION, &parent_sd );
close_file(parent_fsp, NORMAL_CLOSE);
- if (!sd_size) {
- return NT_STATUS_ACCESS_DENIED;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
/*
finfo.fh->fd = -1;
finfo.fsp_name = CONST_DISCARD(char *,fname);
- if (get_nt_acl( &finfo, DACL_SECURITY_INFORMATION, &psd ) == 0) {
+ if (!NT_STATUS_IS_OK(get_nt_acl( &finfo, DACL_SECURITY_INFORMATION,
+ &psd ))) {
DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n"));
conn_free_internal( &conn );
return NULL;