#define ADEDLEN_VERSION 4
#define ADEDLEN_FILLER 16
#define AD_FILLER_TAG "Netatalk " /* should be 16 bytes */
+#define AD_FILLER_TAG_OSX "Mac OS X " /* should be 16 bytes */
#define ADEDLEN_NENTRIES 2
#define AD_HEADER_LEN (ADEDLEN_MAGIC + ADEDLEN_VERSION + \
ADEDLEN_FILLER + ADEDLEN_NENTRIES) /* 26 */
adouble_type_t ad_type;
uint32_t ad_magic;
uint32_t ad_version;
+ uint8_t ad_filler[ADEDLEN_FILLER];
struct ad_entry ad_eid[ADEID_MAX];
char *ad_data;
struct ad_xattr_header adx_header;
return false;
}
+ memcpy(ad->ad_filler, ad->ad_data + ADEDOFF_FILLER, ADEDLEN_FILLER);
+
adentries = RSVAL(ad->ad_data, ADEDOFF_NENTRIES);
if (adentries != nentries) {
DEBUG(1, ("invalid number of entries: %zu\n",
return true;
}
+static bool ad_convert_move_reso(struct adouble *ad,
+ const struct smb_filename *smb_fname)
+{
+ char *map = MAP_FAILED;
+ size_t maplen;
+ ssize_t len;
+ int rc;
+ bool ok;
+
+ if (ad_getentrylen(ad, ADEID_RFORK) == 0) {
+ return true;
+ }
+
+ maplen = ad_getentryoff(ad, ADEID_RFORK) +
+ ad_getentrylen(ad, ADEID_RFORK);
+
+ /* FIXME: direct use of mmap(), vfs_aio_fork does it too */
+ map = mmap(NULL, maplen, PROT_READ|PROT_WRITE, MAP_SHARED,
+ ad->ad_fd, 0);
+ if (map == MAP_FAILED) {
+ DBG_ERR("mmap AppleDouble: %s\n", strerror(errno));
+ return false;
+ }
+
+
+ memmove(map + ADEDOFF_RFORK_DOT_UND,
+ map + ad_getentryoff(ad, ADEID_RFORK),
+ ad_getentrylen(ad, ADEID_RFORK));
+
+ rc = munmap(map, maplen);
+ if (rc != 0) {
+ DBG_ERR("munmap failed: %s\n", strerror(errno));
+ return false;
+ }
+
+ ad_setentryoff(ad, ADEID_RFORK, ADEDOFF_RFORK_DOT_UND);
+
+ ok = ad_pack(ad);
+ if (!ok) {
+ DBG_WARNING("ad_pack [%s] failed\n", smb_fname->base_name);
+ return false;
+ }
+
+ len = sys_pwrite(ad->ad_fd, ad->ad_data, AD_DATASZ_DOT_UND, 0);
+ if (len != AD_DATASZ_DOT_UND) {
+ DBG_ERR("%s: bad size: %zd\n", smb_fname->base_name, len);
+ return false;
+ }
+
+ return true;
+}
+
static bool ad_convert_xattr(struct adouble *ad,
const struct smb_filename *smb_fname,
- char *map)
+ bool *converted_xattr)
{
static struct char_mappings **string_replace_cmaps = NULL;
+ char *map = MAP_FAILED;
+ size_t maplen;
uint16_t i;
+ ssize_t len;
int saved_errno = 0;
NTSTATUS status;
+ int rc;
+ bool ok;
+
+ *converted_xattr = false;
- if (ad->adx_header.adx_num_attrs == 0) {
+ if (ad_getentrylen(ad, ADEID_FINDERI) == ADEDLEN_FINDERI) {
return true;
}
TALLOC_FREE(mappings);
}
+ maplen = ad_getentryoff(ad, ADEID_RFORK) +
+ ad_getentrylen(ad, ADEID_RFORK);
+
+ /* FIXME: direct use of mmap(), vfs_aio_fork does it too */
+ map = mmap(NULL, maplen, PROT_READ|PROT_WRITE, MAP_SHARED,
+ ad->ad_fd, 0);
+ if (map == MAP_FAILED) {
+ DBG_ERR("mmap AppleDouble: %s\n", strerror(errno));
+ return false;
+ }
+
for (i = 0; i < ad->adx_header.adx_num_attrs; i++) {
struct ad_xattr_entry *e = &ad->adx_entries[i];
char *mapped_name = NULL;
!NT_STATUS_EQUAL(status, NT_STATUS_NONE_MAPPED))
{
DBG_ERR("string_replace_allocate failed\n");
- return -1;
+ ok = false;
+ goto fail;
}
tmp = mapped_name;
mapped_name = talloc_asprintf(talloc_tos(), ":%s", tmp);
TALLOC_FREE(tmp);
if (mapped_name == NULL) {
- return -1;
+ ok = false;
+ goto fail;
}
stream_name = synthetic_smb_fname(talloc_tos(),
TALLOC_FREE(mapped_name);
if (stream_name == NULL) {
DBG_ERR("synthetic_smb_fname failed\n");
- return -1;
+ ok = false;
+ goto fail;
}
DBG_DEBUG("stream_name: %s\n", smb_fname_str_dbg(stream_name));
TALLOC_FREE(stream_name);
if (!NT_STATUS_IS_OK(status)) {
DBG_ERR("SMB_VFS_CREATE_FILE failed\n");
- return -1;
+ ok = false;
+ goto fail;
}
nwritten = SMB_VFS_PWRITE(fsp,
saved_errno = errno;
close_file(NULL, fsp, ERROR_CLOSE);
errno = saved_errno;
- return -1;
+ ok = false;
+ goto fail;
}
status = close_file(NULL, fsp, NORMAL_CLOSE);
if (!NT_STATUS_IS_OK(status)) {
- return -1;
+ ok = false;
+ goto fail;
}
fsp = NULL;
}
+ ad_setentrylen(ad, ADEID_FINDERI, ADEDLEN_FINDERI);
+
+ ok = ad_pack(ad);
+ if (!ok) {
+ DBG_WARNING("ad_pack [%s] failed\n", smb_fname->base_name);
+ goto fail;
+ }
+
+ len = sys_pwrite(ad->ad_fd, ad->ad_data, AD_DATASZ_DOT_UND, 0);
+ if (len != AD_DATASZ_DOT_UND) {
+ DBG_ERR("%s: bad size: %zd\n", smb_fname->base_name, len);
+ ok = false;
+ goto fail;
+ }
+
+ ok = ad_convert_move_reso(ad, smb_fname);
+ if (!ok) {
+ goto fail;
+ }
+
+ *converted_xattr = true;
+ ok = true;
+
+fail:
+ rc = munmap(map, maplen);
+ if (rc != 0) {
+ DBG_ERR("munmap failed: %s\n", strerror(errno));
+ return false;
+ }
+
+ return ok;
+}
+
+static bool ad_convert_finderinfo(struct adouble *ad,
+ const struct smb_filename *smb_fname)
+{
+ char *p_ad = NULL;
+ AfpInfo *ai = NULL;
+ DATA_BLOB aiblob;
+ struct smb_filename *stream_name = NULL;
+ files_struct *fsp = NULL;
+ size_t size;
+ ssize_t nwritten;
+ NTSTATUS status;
+ int saved_errno = 0;
+ int cmp;
+
+ cmp = memcmp(ad->ad_filler, AD_FILLER_TAG_OSX, ADEDLEN_FILLER);
+ if (cmp != 0) {
+ return true;
+ }
+
+ p_ad = ad_get_entry(ad, ADEID_FINDERI);
+ if (p_ad == NULL) {
+ return false;
+ }
+
+ ai = afpinfo_new(talloc_tos());
+ if (ai == NULL) {
+ return false;
+ }
+
+ memcpy(ai->afpi_FinderInfo, p_ad, ADEDLEN_FINDERI);
+
+ aiblob = data_blob_talloc(talloc_tos(), NULL, AFP_INFO_SIZE);
+ if (aiblob.data == NULL) {
+ TALLOC_FREE(ai);
+ return false;
+ }
+
+ size = afpinfo_pack(ai, (char *)aiblob.data);
+ TALLOC_FREE(ai);
+ if (size != AFP_INFO_SIZE) {
+ return false;
+ }
+
+ stream_name = synthetic_smb_fname(talloc_tos(),
+ smb_fname->base_name,
+ AFPINFO_STREAM,
+ NULL,
+ smb_fname->flags);
+ if (stream_name == NULL) {
+ data_blob_free(&aiblob);
+ DBG_ERR("synthetic_smb_fname failed\n");
+ return false;
+ }
+
+ DBG_DEBUG("stream_name: %s\n", smb_fname_str_dbg(stream_name));
+
+ status = SMB_VFS_CREATE_FILE(
+ ad->ad_handle->conn, /* conn */
+ NULL, /* req */
+ 0, /* root_dir_fid */
+ stream_name, /* fname */
+ FILE_GENERIC_WRITE, /* access_mask */
+ FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
+ FILE_OPEN_IF, /* create_disposition */
+ 0, /* create_options */
+ 0, /* file_attributes */
+ INTERNAL_OPEN_ONLY, /* oplock_request */
+ NULL, /* lease */
+ 0, /* allocation_size */
+ 0, /* private_flags */
+ NULL, /* sd */
+ NULL, /* ea_list */
+ &fsp, /* result */
+ NULL, /* psbuf */
+ NULL, NULL); /* create context */
+ TALLOC_FREE(stream_name);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_ERR("SMB_VFS_CREATE_FILE failed\n");
+ return false;
+ }
+
+ nwritten = SMB_VFS_PWRITE(fsp,
+ aiblob.data,
+ aiblob.length,
+ 0);
+ if (nwritten == -1) {
+ DBG_ERR("SMB_VFS_PWRITE failed\n");
+ saved_errno = errno;
+ close_file(NULL, fsp, ERROR_CLOSE);
+ errno = saved_errno;
+ return false;
+ }
+
+ status = close_file(NULL, fsp, NORMAL_CLOSE);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
+ fsp = NULL;
+
+ return true;
+}
+
+static bool ad_convert_truncate(struct adouble *ad,
+ const struct smb_filename *smb_fname)
+{
+ int rc;
+
+ /*
+ * FIXME: direct ftruncate(), but we don't have a fsp for the
+ * VFS call
+ */
+ rc = ftruncate(ad->ad_fd, ADEDOFF_RFORK_DOT_UND +
+ ad_getentrylen(ad, ADEID_RFORK));
+ if (rc != 0) {
+ return false;
+ }
+
return true;
}
* Convert from Apple's ._ file to Netatalk
*
* Apple's AppleDouble may contain a FinderInfo entry longer then 32
- * bytes containing packed xattrs. Netatalk can't deal with that, so
- * we simply discard the packed xattrs.
+ * bytes containing packed xattrs.
*
* @return -1 in case an error occurred, 0 if no conversion was done, 1
* otherwise
**/
static int ad_convert(struct adouble *ad,
- const struct smb_filename *smb_fname,
- int fd)
+ const struct smb_filename *smb_fname)
{
- int rc = 0;
- char *map = MAP_FAILED;
- size_t origlen;
bool ok;
+ bool converted_xattr = false;
- origlen = ad_getentryoff(ad, ADEID_RFORK) +
- ad_getentrylen(ad, ADEID_RFORK);
-
- /* FIXME: direct use of mmap(), vfs_aio_fork does it too */
- map = mmap(NULL, origlen, PROT_READ|PROT_WRITE, MAP_SHARED, fd, 0);
- if (map == MAP_FAILED) {
- DEBUG(2, ("mmap AppleDouble: %s\n", strerror(errno)));
- rc = -1;
- goto exit;
- }
-
- ok = ad_convert_xattr(ad, smb_fname, map);
+ ok = ad_convert_xattr(ad, smb_fname, &converted_xattr);
if (!ok) {
- munmap(map, origlen);
return -1;
}
- if (ad_getentrylen(ad, ADEID_RFORK) > 0) {
- memmove(map + ad_getentryoff(ad, ADEID_FINDERI) + ADEDLEN_FINDERI,
- map + ad_getentryoff(ad, ADEID_RFORK),
- ad_getentrylen(ad, ADEID_RFORK));
+ if (converted_xattr) {
+ ok = ad_convert_truncate(ad, smb_fname);
+ if (!ok) {
+ return -1;
+ }
}
- ad_setentrylen(ad, ADEID_FINDERI, ADEDLEN_FINDERI);
- ad_setentryoff(ad, ADEID_RFORK,
- ad_getentryoff(ad, ADEID_FINDERI) + ADEDLEN_FINDERI);
-
- /*
- * FIXME: direct ftruncate(), but we don't have a fsp for the
- * VFS call
- */
- rc = ftruncate(fd, ad_getentryoff(ad, ADEID_RFORK)
- + ad_getentrylen(ad, ADEID_RFORK));
-
-exit:
- if (map != MAP_FAILED) {
- munmap(map, origlen);
+ ok = ad_convert_finderinfo(ad, smb_fname);
+ if (!ok) {
+ DBG_ERR("Failed to convert [%s]\n",
+ smb_fname_str_dbg(smb_fname));
+ return -1;
}
- return rc;
+
+ return 0;
}
/**
{
SMB_STRUCT_STAT sbuf;
char *p_ad = NULL;
- AfpInfo *ai = NULL;
- DATA_BLOB aiblob;
- struct smb_filename *stream_name = NULL;
- files_struct *fsp = NULL;
- ssize_t len;
size_t size;
- ssize_t nwritten;
- NTSTATUS status;
- int saved_errno = 0;
+ ssize_t len;
int ret;
bool ok;
return -1;
}
- if (ad_getentrylen(ad, ADEID_FINDERI) == ADEDLEN_FINDERI) {
- return len;
- }
-
/*
* Try to fixup AppleDouble files created by OS X with xattrs
- * appended to the ADEID_FINDERI entry. We simply remove the
- * xattrs blob, this means any fancy xattr that was stored
- * there is lost.
+ * appended to the ADEID_FINDERI entry.
*/
- ret = ad_convert(ad, smb_fname, ad->ad_fd);
+ ret = ad_convert(ad, smb_fname);
if (ret != 0) {
DBG_WARNING("Failed to convert [%s]\n", smb_fname->base_name);
return len;
}
- ok = ad_pack(ad);
- if (!ok) {
- DBG_WARNING("ad_pack [%s] failed\n", smb_fname->base_name);
- return -1;
- }
-
- len = sys_pwrite(ad->ad_fd, ad->ad_data, AD_DATASZ_DOT_UND, 0);
- if (len != AD_DATASZ_DOT_UND) {
- DBG_ERR("%s: bad size: %zd\n", smb_fname->base_name, len);
- return -1;
- }
-
- p_ad = ad_get_entry(ad, ADEID_FINDERI);
- if (p_ad == NULL) {
- return -1;
- }
-
- ai = afpinfo_new(talloc_tos());
- if (ai == NULL) {
- return -1;
- }
-
- memcpy(ai->afpi_FinderInfo, p_ad, ADEDLEN_FINDERI);
-
- aiblob = data_blob_talloc(talloc_tos(), NULL, AFP_INFO_SIZE);
- if (aiblob.data == NULL) {
- TALLOC_FREE(ai);
- return -1;
- }
-
- size = afpinfo_pack(ai, (char *)aiblob.data);
- TALLOC_FREE(ai);
- if (size != AFP_INFO_SIZE) {
- return -1;
- }
-
- stream_name = synthetic_smb_fname(talloc_tos(),
- smb_fname->base_name,
- AFPINFO_STREAM,
- NULL,
- smb_fname->flags);
- if (stream_name == NULL) {
- data_blob_free(&aiblob);
- DBG_ERR("synthetic_smb_fname failed\n");
- return -1;
- }
-
- DBG_DEBUG("stream_name: %s\n", smb_fname_str_dbg(stream_name));
-
- status = SMB_VFS_CREATE_FILE(
- ad->ad_handle->conn, /* conn */
- NULL, /* req */
- 0, /* root_dir_fid */
- stream_name, /* fname */
- FILE_GENERIC_WRITE, /* access_mask */
- FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
- FILE_OPEN_IF, /* create_disposition */
- 0, /* create_options */
- 0, /* file_attributes */
- INTERNAL_OPEN_ONLY, /* oplock_request */
- NULL, /* lease */
- 0, /* allocation_size */
- 0, /* private_flags */
- NULL, /* sd */
- NULL, /* ea_list */
- &fsp, /* result */
- NULL, /* psbuf */
- NULL, NULL); /* create context */
- TALLOC_FREE(stream_name);
- if (!NT_STATUS_IS_OK(status)) {
- DBG_ERR("SMB_VFS_CREATE_FILE failed\n");
- return -1;
- }
-
- nwritten = SMB_VFS_PWRITE(fsp,
- aiblob.data,
- aiblob.length,
- 0);
- if (nwritten == -1) {
- DBG_ERR("SMB_VFS_PWRITE failed\n");
- saved_errno = errno;
- close_file(NULL, fsp, ERROR_CLOSE);
- errno = saved_errno;
- return -1;
- }
-
- status = close_file(NULL, fsp, NORMAL_CLOSE);
- if (!NT_STATUS_IS_OK(status)) {
- return -1;
- }
- fsp = NULL;
-
return len;
}
static off_t denymode_to_netatalk_brl(enum apple_fork fork_type,
uint32_t deny_mode)
{
- off_t offset;
+ off_t offset = 0;
switch (deny_mode) {
case DENY_READ:
uint32_t deny_mode)
{
NTSTATUS status = NT_STATUS_OK;
- struct byte_range_lock *br_lck = NULL;
bool open_for_reading, open_for_writing, deny_read, deny_write;
off_t off;
bool have_read = false;
/* Set locks */
if ((access_mask & FILE_READ_DATA) && have_read) {
+ struct byte_range_lock *br_lck = NULL;
+
off = access_to_netatalk_brl(fork_type, FILE_READ_DATA);
br_lck = do_lock(
handle->conn->sconn->msg_ctx, fsp,
READ_LOCK, POSIX_LOCK, false,
&status, NULL);
+ TALLOC_FREE(br_lck);
+
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- TALLOC_FREE(br_lck);
}
if ((deny_mode & DENY_READ) && have_read) {
+ struct byte_range_lock *br_lck = NULL;
+
off = denymode_to_netatalk_brl(fork_type, DENY_READ);
br_lck = do_lock(
handle->conn->sconn->msg_ctx, fsp,
READ_LOCK, POSIX_LOCK, false,
&status, NULL);
+ TALLOC_FREE(br_lck);
+
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- TALLOC_FREE(br_lck);
}
}
/* Set locks */
if ((access_mask & FILE_WRITE_DATA) && have_read) {
+ struct byte_range_lock *br_lck = NULL;
+
off = access_to_netatalk_brl(fork_type, FILE_WRITE_DATA);
br_lck = do_lock(
handle->conn->sconn->msg_ctx, fsp,
READ_LOCK, POSIX_LOCK, false,
&status, NULL);
+ TALLOC_FREE(br_lck);
+
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- TALLOC_FREE(br_lck);
-
}
if ((deny_mode & DENY_WRITE) && have_read) {
+ struct byte_range_lock *br_lck = NULL;
+
off = denymode_to_netatalk_brl(fork_type, DENY_WRITE);
br_lck = do_lock(
handle->conn->sconn->msg_ctx, fsp,
READ_LOCK, POSIX_LOCK, false,
&status, NULL);
+ TALLOC_FREE(br_lck);
+
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- TALLOC_FREE(br_lck);
}
}
- TALLOC_FREE(br_lck);
-
return status;
}
return status;
}
+static NTSTATUS remove_virtual_nfs_aces(struct security_descriptor *psd)
+{
+ NTSTATUS status;
+ uint32_t i;
+
+ if (psd->dacl == NULL) {
+ return NT_STATUS_OK;
+ }
+
+ for (i = 0; i < psd->dacl->num_aces; i++) {
+ /* MS NFS style mode/uid/gid */
+ int cmp = dom_sid_compare_domain(
+ &global_sid_Unix_NFS,
+ &psd->dacl->aces[i].trustee);
+ if (cmp != 0) {
+ /* Normal ACE entry. */
+ continue;
+ }
+
+ /*
+ * security_descriptor_dacl_del()
+ * *must* return NT_STATUS_OK as we know
+ * we have something to remove.
+ */
+
+ status = security_descriptor_dacl_del(psd,
+ &psd->dacl->aces[i].trustee);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("failed to remove MS NFS style ACE: %s\n",
+ nt_errstr(status));
+ return status;
+ }
+
+ /*
+ * security_descriptor_dacl_del() may delete more
+ * then one entry subsequent to this one if the
+ * SID matches, but we only need to ensure that
+ * we stay looking at the same element in the array.
+ */
+ i--;
+ }
+ return NT_STATUS_OK;
+}
+
/* Search MS NFS style ACE with UNIX mode */
static NTSTATUS check_ms_nfs(vfs_handle_struct *handle,
files_struct *fsp,
- const struct security_descriptor *psd,
+ struct security_descriptor *psd,
mode_t *pmode,
bool *pdo_chmod)
{
}
}
- return NT_STATUS_OK;
+ /*
+ * Remove any incoming virtual ACE entries generated by
+ * fruit_fget_nt_acl().
+ */
+
+ return remove_virtual_nfs_aces(psd);
}
/****************************************************************************
return 0;
}
+ if (fio == NULL) {
+ DBG_ERR("Failed to fetch fsp extension");
+ return -1;
+ }
+
/* Yes, macOS always reads from offset 0 */
offset = 0;
to_return = MIN(n, AFP_INFO_SIZE);
struct fio *fio = (struct fio *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
ssize_t nread;
+ if (fio == NULL) {
+ errno = EINVAL;
+ return -1;
+ }
+
switch (fio->config->rsrc) {
case FRUIT_RSRC_STREAM:
nread = fruit_pread_rsrc_stream(handle, fsp, data, n, offset);
return -1;
}
+ if (fio == NULL) {
+ DBG_ERR("Failed to fetch fsp extension");
+ return -1;
+ }
+
switch (fio->config->meta) {
case FRUIT_META_STREAM:
nwritten = fruit_pwrite_meta_stream(handle, fsp, data,
struct fio *fio = (struct fio *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
ssize_t nwritten;
+ if (fio == NULL) {
+ DBG_ERR("Failed to fetch fsp extension");
+ return -1;
+ }
+
switch (fio->config->rsrc) {
case FRUIT_RSRC_STREAM:
nwritten = fruit_pwrite_rsrc_stream(handle, fsp, data, n, offset);
struct fio *fio = (struct fio *)VFS_FETCH_FSP_EXTENSION(handle, fsp);
int ret;
+ if (fio == NULL) {
+ DBG_ERR("Failed to fetch fsp extension");
+ return -1;
+ }
+
switch (fio->config->rsrc) {
case FRUIT_RSRC_XATTR:
ret = fruit_ftruncate_rsrc_xattr(handle, fsp, offset);
(intmax_t)offset);
if (fio == NULL) {
+ if (offset == 0 &&
+ global_fruit_config.nego_aapl &&
+ is_ntfs_stream_smb_fname(fsp->fsp_name) &&
+ !is_ntfs_default_stream_smb_fname(fsp->fsp_name))
+ {
+ return SMB_VFS_NEXT_UNLINK(handle, fsp->fsp_name);
+ }
return SMB_VFS_NEXT_FTRUNCATE(handle, fsp, offset);
}
struct security_ace ace;
struct dom_sid sid;
struct fruit_config_data *config;
- bool remove_ok = false;
SMB_VFS_HANDLE_GET_DATA(handle, config,
struct fruit_config_data,
return NT_STATUS_OK;
}
+ /* First remove any existing ACE's with NFS style mode/uid/gid SIDs. */
+ status = remove_virtual_nfs_aces(*ppdesc);
+ if (!NT_STATUS_IS_OK(status)) {
+ DBG_WARNING("failed to remove MS NFS style ACEs\n");
+ return status;
+ }
+
/* MS NFS style mode */
sid_compose(&sid, &global_sid_Unix_NFS_Mode, fsp->fsp_name->st.st_ex_mode);
init_sec_ace(&ace, &sid, SEC_ACE_TYPE_ACCESS_DENIED, 0, 0);
-
- /* First remove any existing ACE's with this SID. */
- status = security_descriptor_dacl_del(*ppdesc, &sid);
- remove_ok = (NT_STATUS_IS_OK(status) ||
- NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND));
- if (!remove_ok) {
- DBG_WARNING("failed to remove MS NFS_mode style ACE\n");
- return status;
- }
status = security_descriptor_dacl_add(*ppdesc, &ace);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1,("failed to add MS NFS style ACE\n"));
/* MS NFS style uid */
sid_compose(&sid, &global_sid_Unix_NFS_Users, fsp->fsp_name->st.st_ex_uid);
init_sec_ace(&ace, &sid, SEC_ACE_TYPE_ACCESS_DENIED, 0, 0);
-
- /* First remove any existing ACE's with this SID. */
- status = security_descriptor_dacl_del(*ppdesc, &sid);
- remove_ok = (NT_STATUS_IS_OK(status) ||
- NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND));
- if (!remove_ok) {
- DBG_WARNING("failed to remove MS NFS_users style ACE\n");
- return status;
- }
status = security_descriptor_dacl_add(*ppdesc, &ace);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1,("failed to add MS NFS style ACE\n"));
/* MS NFS style gid */
sid_compose(&sid, &global_sid_Unix_NFS_Groups, fsp->fsp_name->st.st_ex_gid);
init_sec_ace(&ace, &sid, SEC_ACE_TYPE_ACCESS_DENIED, 0, 0);
-
- /* First remove any existing ACE's with this SID. */
- status = security_descriptor_dacl_del(*ppdesc, &sid);
- remove_ok = (NT_STATUS_IS_OK(status) ||
- NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND));
- if (!remove_ok) {
- DBG_WARNING("failed to remove MS NFS_groups style ACE\n");
- return status;
- }
status = security_descriptor_dacl_add(*ppdesc, &ace);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1,("failed to add MS NFS style ACE\n"));
return true;
}
- tm_size = bandsize * nbands;
- if (tm_size > UINT64_MAX) {
+ if (bandsize > SIZE_MAX/nbands) {
DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n",
bandsize, nbands);
return false;
}
+ tm_size = bandsize * nbands;
if (state->total_size + tm_size < state->total_size) {
DBG_ERR("tmsize overflow: bandsize [%zu] nbands [%zu]\n",