if (error)
return false;
- if ((sbuf.st_flags & SF_HASNTFSACL) != 0) {
+ if ((sbuf.st_ex_flags & SF_HASNTFSACL) != 0) {
DEBUG(10, ("Did not canonicalize ACLs because a "
"Windows ACL set was found for file %s\n",
fsp->fsp_name));
}
/* Only continue if this is a synthetic ACL and a directory. */
- if (S_ISDIR(sbuf.st_mode) && (sbuf.st_flags & SF_HASNTFSACL) == 0) {
+ if (S_ISDIR(sbuf.st_ex_mode) &&
+ (sbuf.st_ex_flags & SF_HASNTFSACL) == 0) {
+ struct smb_filename *smb_fname = NULL;
struct ifs_ace new_aces[6];
struct ifs_ace *old_aces;
int i, num_aces_to_add = 0;
mode_t file_mode = 0, dir_mode = 0;
+ NTSTATUS status;
+
+ status = create_synthetic_smb_fname_split(talloc_tos(),
+ fsp->fsp_name, NULL,
+ &smb_fname);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
/* Use existing samba logic to derive the mode bits. */
- file_mode = unix_mode(fsp->conn, 0, fsp->fsp_name, false);
- dir_mode = unix_mode(fsp->conn, aDIR, fsp->fsp_name, false);
+ file_mode = unix_mode(fsp->conn, 0, smb_fname, NULL);
+ dir_mode = unix_mode(fsp->conn, aDIR, smb_fname, NULL);
+
+ TALLOC_FREE(smb_fname);
/* Initialize ACEs. */
new_aces[0] = onefs_init_ace(fsp->conn, file_mode, false, USR);
*
* @return NTSTATUS_OK if successful
*/
-NTSTATUS onefs_samba_sd_to_sd(uint32 security_info_sent, SEC_DESC *psd,
- struct ifs_security_descriptor *sd, int snum)
+NTSTATUS onefs_samba_sd_to_sd(uint32_t security_info_sent, SEC_DESC *psd,
+ struct ifs_security_descriptor *sd, int snum,
+ uint32_t *security_info_effective)
{
struct ifs_security_acl *daclp, *saclp;
struct ifs_identity owner, group, *ownerp, *groupp;
daclp = NULL;
saclp = NULL;
+ *security_info_effective = security_info_sent;
+
/* Setup owner */
if (security_info_sent & OWNER_SECURITY_INFORMATION) {
if (!onefs_og_to_identity(psd->owner_sid, &owner, false, snum))
return NT_STATUS_ACCESS_DENIED;
if (ignore_aces == true)
- security_info_sent &= ~DACL_SECURITY_INFORMATION;
+ *security_info_effective &= ~DACL_SECURITY_INFORMATION;
}
/* Setup SACL */
if (lp_parm_bool(snum, PARM_ONEFS_TYPE,
PARM_IGNORE_SACLS, PARM_IGNORE_SACLS_DEFAULT)) {
- DEBUG(5, ("Ignoring SACLs.\n"));
- security_info_sent &= ~SACL_SECURITY_INFORMATION;
+ DEBUG(5, ("Ignoring SACL.\n"));
+ *security_info_effective &= ~SACL_SECURITY_INFORMATION;
} else {
if (psd->sacl) {
if (!onefs_samba_acl_to_acl(psd->sacl,
return NT_STATUS_ACCESS_DENIED;
if (ignore_aces == true) {
- security_info_sent &=
+ *security_info_effective &=
~SACL_SECURITY_INFORMATION;
}
}
(daclp ? &daclp : NULL), (saclp ? &saclp : NULL), false))
return NT_STATUS_ACCESS_DENIED;
+ DEBUG(10, ("sec_info_sent: 0x%x, sec_info_effective: 0x%x.\n",
+ security_info_sent, *security_info_effective));
+
return NT_STATUS_OK;
}
*/
NTSTATUS
onefs_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
- uint32 security_info_sent, SEC_DESC *psd)
+ uint32_t sec_info_sent, SEC_DESC *psd)
{
struct ifs_security_descriptor sd = {};
int fd = -1;
bool fopened = false;
NTSTATUS status;
+ uint32_t sec_info_effective = 0;
START_PROFILE(syscall_set_sd);
DEBUG(5,("Setting SD on file %s.\n", fsp->fsp_name ));
- status = onefs_samba_sd_to_sd(security_info_sent, psd, &sd,
- SNUM(handle->conn));
+ status = onefs_samba_sd_to_sd(sec_info_sent, psd, &sd,
+ SNUM(handle->conn), &sec_info_effective);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3, ("SD initialization failure: %s\n", nt_errstr(status)));
fd = fsp->fh->fd;
if (fd == -1) {
+ DEBUG(10,("Reopening file %s.\n", fsp->fsp_name));
if ((fd = onefs_sys_create_file(handle->conn,
-1,
fsp->fsp_name,
}
errno = 0;
- if (ifs_set_security_descriptor(fd, security_info_sent, &sd)) {
- DEBUG(0, ("Error setting security descriptor = %d\n", errno));
+ if (ifs_set_security_descriptor(fd, sec_info_effective, &sd)) {
+ DEBUG(0, ("Error setting security descriptor = %s\n",
+ strerror(errno)));
status = map_nt_error_from_unix(errno);
goto out;
}