Avoid duplicate aces
[ira/wip.git] / source3 / smbd / posix_acls.c
1 /*
2    Unix SMB/CIFS implementation.
3    SMB NT Security Descriptor / Unix permission conversion.
4    Copyright (C) Jeremy Allison 1994-2009.
5    Copyright (C) Andreas Gruenbacher 2002.
6    Copyright (C) Simo Sorce <idra@samba.org> 2009.
7
8    This program is free software; you can redistribute it and/or modify
9    it under the terms of the GNU General Public License as published by
10    the Free Software Foundation; either version 3 of the License, or
11    (at your option) any later version.
12
13    This program is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
16    GNU General Public License for more details.
17
18    You should have received a copy of the GNU General Public License
19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #include "includes.h"
23
24 extern struct current_user current_user;
25 extern const struct generic_mapping file_generic_mapping;
26
27 #undef  DBGC_CLASS
28 #define DBGC_CLASS DBGC_ACLS
29
30 /****************************************************************************
31  Data structures representing the internal ACE format.
32 ****************************************************************************/
33
34 enum ace_owner {UID_ACE, GID_ACE, WORLD_ACE};
35 enum ace_attribute {ALLOW_ACE, DENY_ACE}; /* Used for incoming NT ACLS. */
36
37 typedef union posix_id {
38                 uid_t uid;
39                 gid_t gid;
40                 int world;
41 } posix_id;
42
43 typedef struct canon_ace {
44         struct canon_ace *next, *prev;
45         SMB_ACL_TAG_T type;
46         mode_t perms; /* Only use S_I(R|W|X)USR mode bits here. */
47         DOM_SID trustee;
48         enum ace_owner owner_type;
49         enum ace_attribute attr;
50         posix_id unix_ug;
51         uint8_t ace_flags; /* From windows ACE entry. */
52 } canon_ace;
53
54 #define ALL_ACE_PERMS (S_IRUSR|S_IWUSR|S_IXUSR)
55
56 /*
57  * EA format of user.SAMBA_PAI (Samba_Posix_Acl_Interitance)
58  * attribute on disk - version 1.
59  * All values are little endian.
60  *
61  * |  1   |  1   |   2         |         2           |  ....
62  * +------+------+-------------+---------------------+-------------+--------------------+
63  * | vers | flag | num_entries | num_default_entries | ..entries.. | default_entries... |
64  * +------+------+-------------+---------------------+-------------+--------------------+
65  *
66  * Entry format is :
67  *
68  * |  1   |       4           |
69  * +------+-------------------+
70  * | value|  uid/gid or world |
71  * | type |  value            |
72  * +------+-------------------+
73  *
74  * Version 2 format. Stores extra Windows metadata about an ACL.
75  *
76  * |  1   |  2       |   2         |         2           |  ....
77  * +------+----------+-------------+---------------------+-------------+--------------------+
78  * | vers | ace      | num_entries | num_default_entries | ..entries.. | default_entries... |
79  * |   2  |  type    |             |                     |             |                    |
80  * +------+----------+-------------+---------------------+-------------+--------------------+
81  *
82  * Entry format is :
83  *
84  * |  1   |  1   |       4           |
85  * +------+------+-------------------+
86  * | ace  | value|  uid/gid or world |
87  * | flag | type |  value            |
88  * +------+-------------------+------+
89  *
90  */
91
92 #define PAI_VERSION_OFFSET                      0
93
94 #define PAI_V1_FLAG_OFFSET                      1
95 #define PAI_V1_NUM_ENTRIES_OFFSET               2
96 #define PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET       4
97 #define PAI_V1_ENTRIES_BASE                     6
98 #define PAI_V1_ACL_FLAG_PROTECTED               0x1
99 #define PAI_V1_ENTRY_LENGTH                     5
100
101 #define PAI_V1_VERSION                          1
102
103 #define PAI_V2_TYPE_OFFSET                      1
104 #define PAI_V2_NUM_ENTRIES_OFFSET               3
105 #define PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET       5
106 #define PAI_V2_ENTRIES_BASE                     7
107 #define PAI_V2_ENTRY_LENGTH                     6
108
109 #define PAI_V2_VERSION                          2
110
111 /*
112  * In memory format of user.SAMBA_PAI attribute.
113  */
114
115 struct pai_entry {
116         struct pai_entry *next, *prev;
117         uint8_t ace_flags;
118         enum ace_owner owner_type;
119         posix_id unix_ug;
120 };
121
122 struct pai_val {
123         uint16_t sd_type;
124         unsigned int num_entries;
125         struct pai_entry *entry_list;
126         unsigned int num_def_entries;
127         struct pai_entry *def_entry_list;
128 };
129
130 /************************************************************************
131  Return a uint32 of the pai_entry principal.
132 ************************************************************************/
133
134 static uint32_t get_pai_entry_val(struct pai_entry *paie)
135 {
136         switch (paie->owner_type) {
137                 case UID_ACE:
138                         DEBUG(10,("get_pai_entry_val: uid = %u\n", (unsigned int)paie->unix_ug.uid ));
139                         return (uint32_t)paie->unix_ug.uid;
140                 case GID_ACE:
141                         DEBUG(10,("get_pai_entry_val: gid = %u\n", (unsigned int)paie->unix_ug.gid ));
142                         return (uint32_t)paie->unix_ug.gid;
143                 case WORLD_ACE:
144                 default:
145                         DEBUG(10,("get_pai_entry_val: world ace\n"));
146                         return (uint32_t)-1;
147         }
148 }
149
150 /************************************************************************
151  Return a uint32 of the entry principal.
152 ************************************************************************/
153
154 static uint32_t get_entry_val(canon_ace *ace_entry)
155 {
156         switch (ace_entry->owner_type) {
157                 case UID_ACE:
158                         DEBUG(10,("get_entry_val: uid = %u\n", (unsigned int)ace_entry->unix_ug.uid ));
159                         return (uint32_t)ace_entry->unix_ug.uid;
160                 case GID_ACE:
161                         DEBUG(10,("get_entry_val: gid = %u\n", (unsigned int)ace_entry->unix_ug.gid ));
162                         return (uint32_t)ace_entry->unix_ug.gid;
163                 case WORLD_ACE:
164                 default:
165                         DEBUG(10,("get_entry_val: world ace\n"));
166                         return (uint32_t)-1;
167         }
168 }
169
170 /************************************************************************
171  Create the on-disk format (always v2 now). Caller must free.
172 ************************************************************************/
173
174 static char *create_pai_buf_v2(canon_ace *file_ace_list,
175                                 canon_ace *dir_ace_list,
176                                 uint16_t sd_type,
177                                 size_t *store_size)
178 {
179         char *pai_buf = NULL;
180         canon_ace *ace_list = NULL;
181         char *entry_offset = NULL;
182         unsigned int num_entries = 0;
183         unsigned int num_def_entries = 0;
184
185         for (ace_list = file_ace_list; ace_list; ace_list = ace_list->next) {
186                 num_entries++;
187         }
188
189         for (ace_list = dir_ace_list; ace_list; ace_list = ace_list->next) {
190                 num_def_entries++;
191         }
192
193         DEBUG(10,("create_pai_buf_v2: num_entries = %u, num_def_entries = %u\n", num_entries, num_def_entries ));
194
195         *store_size = PAI_V2_ENTRIES_BASE +
196                 ((num_entries + num_def_entries)*PAI_V2_ENTRY_LENGTH);
197
198         pai_buf = (char *)SMB_MALLOC(*store_size);
199         if (!pai_buf) {
200                 return NULL;
201         }
202
203         /* Set up the header. */
204         memset(pai_buf, '\0', PAI_V2_ENTRIES_BASE);
205         SCVAL(pai_buf,PAI_VERSION_OFFSET,PAI_V2_VERSION);
206         SSVAL(pai_buf,PAI_V2_TYPE_OFFSET, sd_type);
207         SSVAL(pai_buf,PAI_V2_NUM_ENTRIES_OFFSET,num_entries);
208         SSVAL(pai_buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET,num_def_entries);
209
210         entry_offset = pai_buf + PAI_V2_ENTRIES_BASE;
211
212         for (ace_list = file_ace_list; ace_list; ace_list = ace_list->next) {
213                 uint8_t type_val = (uint8_t)ace_list->owner_type;
214                 uint32_t entry_val = get_entry_val(ace_list);
215
216                 SCVAL(entry_offset,0,ace_list->ace_flags);
217                 SCVAL(entry_offset,1,type_val);
218                 SIVAL(entry_offset,2,entry_val);
219                 entry_offset += PAI_V2_ENTRY_LENGTH;
220         }
221
222         for (ace_list = dir_ace_list; ace_list; ace_list = ace_list->next) {
223                 uint8_t type_val = (uint8_t)ace_list->owner_type;
224                 uint32_t entry_val = get_entry_val(ace_list);
225
226                 SCVAL(entry_offset,0,ace_list->ace_flags);
227                 SCVAL(entry_offset,1,type_val);
228                 SIVAL(entry_offset,2,entry_val);
229                 entry_offset += PAI_V2_ENTRY_LENGTH;
230         }
231
232         return pai_buf;
233 }
234
235 /************************************************************************
236  Store the user.SAMBA_PAI attribute on disk.
237 ************************************************************************/
238
239 static void store_inheritance_attributes(files_struct *fsp,
240                                         canon_ace *file_ace_list,
241                                         canon_ace *dir_ace_list,
242                                         uint16_t sd_type)
243 {
244         int ret;
245         size_t store_size;
246         char *pai_buf;
247
248         if (!lp_map_acl_inherit(SNUM(fsp->conn))) {
249                 return;
250         }
251
252         pai_buf = create_pai_buf_v2(file_ace_list, dir_ace_list,
253                                 sd_type, &store_size);
254
255         if (fsp->fh->fd != -1) {
256                 ret = SMB_VFS_FSETXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME,
257                                 pai_buf, store_size, 0);
258         } else {
259                 ret = SMB_VFS_SETXATTR(fsp->conn,fsp->fsp_name, SAMBA_POSIX_INHERITANCE_EA_NAME,
260                                 pai_buf, store_size, 0);
261         }
262
263         SAFE_FREE(pai_buf);
264
265         DEBUG(10,("store_inheritance_attribute: type 0x%x for file %s\n",
266                 (unsigned int)sd_type,
267                 fsp->fsp_name));
268
269         if (ret == -1 && !no_acl_syscall_error(errno)) {
270                 DEBUG(1,("store_inheritance_attribute: Error %s\n", strerror(errno) ));
271         }
272 }
273
274 /************************************************************************
275  Delete the in memory inheritance info.
276 ************************************************************************/
277
278 static void free_inherited_info(struct pai_val *pal)
279 {
280         if (pal) {
281                 struct pai_entry *paie, *paie_next;
282                 for (paie = pal->entry_list; paie; paie = paie_next) {
283                         paie_next = paie->next;
284                         SAFE_FREE(paie);
285                 }
286                 for (paie = pal->def_entry_list; paie; paie = paie_next) {
287                         paie_next = paie->next;
288                         SAFE_FREE(paie);
289                 }
290                 SAFE_FREE(pal);
291         }
292 }
293
294 /************************************************************************
295  Get any stored ACE flags.
296 ************************************************************************/
297
298 static uint16_t get_pai_flags(struct pai_val *pal, canon_ace *ace_entry, bool default_ace)
299 {
300         struct pai_entry *paie;
301
302         if (!pal) {
303                 return 0;
304         }
305
306         /* If the entry exists it is inherited. */
307         for (paie = (default_ace ? pal->def_entry_list : pal->entry_list); paie; paie = paie->next) {
308                 if (ace_entry->owner_type == paie->owner_type &&
309                                 get_entry_val(ace_entry) == get_pai_entry_val(paie))
310                         return paie->ace_flags;
311         }
312         return 0;
313 }
314
315 /************************************************************************
316  Ensure an attribute just read is valid - v1.
317 ************************************************************************/
318
319 static bool check_pai_ok_v1(const char *pai_buf, size_t pai_buf_data_size)
320 {
321         uint16 num_entries;
322         uint16 num_def_entries;
323
324         if (pai_buf_data_size < PAI_V1_ENTRIES_BASE) {
325                 /* Corrupted - too small. */
326                 return false;
327         }
328
329         if (CVAL(pai_buf,PAI_VERSION_OFFSET) != PAI_V1_VERSION) {
330                 return false;
331         }
332
333         num_entries = SVAL(pai_buf,PAI_V1_NUM_ENTRIES_OFFSET);
334         num_def_entries = SVAL(pai_buf,PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET);
335
336         /* Check the entry lists match. */
337         /* Each entry is 5 bytes (type plus 4 bytes of uid or gid). */
338
339         if (((num_entries + num_def_entries)*PAI_V1_ENTRY_LENGTH) +
340                         PAI_V1_ENTRIES_BASE != pai_buf_data_size) {
341                 return false;
342         }
343
344         return true;
345 }
346
347 /************************************************************************
348  Ensure an attribute just read is valid - v2.
349 ************************************************************************/
350
351 static bool check_pai_ok_v2(const char *pai_buf, size_t pai_buf_data_size)
352 {
353         uint16 num_entries;
354         uint16 num_def_entries;
355
356         if (pai_buf_data_size < PAI_V2_ENTRIES_BASE) {
357                 /* Corrupted - too small. */
358                 return false;
359         }
360
361         if (CVAL(pai_buf,PAI_VERSION_OFFSET) != PAI_V2_VERSION) {
362                 return false;
363         }
364
365         num_entries = SVAL(pai_buf,PAI_V2_NUM_ENTRIES_OFFSET);
366         num_def_entries = SVAL(pai_buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET);
367
368         /* Check the entry lists match. */
369         /* Each entry is 6 bytes (flags + type + 4 bytes of uid or gid). */
370
371         if (((num_entries + num_def_entries)*PAI_V2_ENTRY_LENGTH) +
372                         PAI_V2_ENTRIES_BASE != pai_buf_data_size) {
373                 return false;
374         }
375
376         return true;
377 }
378
379 /************************************************************************
380  Decode the owner.
381 ************************************************************************/
382
383 static bool get_pai_owner_type(struct pai_entry *paie, const char *entry_offset)
384 {
385         paie->owner_type = (enum ace_owner)CVAL(entry_offset,0);
386         switch( paie->owner_type) {
387                 case UID_ACE:
388                         paie->unix_ug.uid = (uid_t)IVAL(entry_offset,1);
389                         DEBUG(10,("get_pai_owner_type: uid = %u\n",
390                                 (unsigned int)paie->unix_ug.uid ));
391                         break;
392                 case GID_ACE:
393                         paie->unix_ug.gid = (gid_t)IVAL(entry_offset,1);
394                         DEBUG(10,("get_pai_owner_type: gid = %u\n",
395                                 (unsigned int)paie->unix_ug.gid ));
396                         break;
397                 case WORLD_ACE:
398                         paie->unix_ug.world = -1;
399                         DEBUG(10,("get_pai_owner_type: world ace\n"));
400                         break;
401                 default:
402                         return false;
403         }
404         return true;
405 }
406
407 /************************************************************************
408  Process v2 entries.
409 ************************************************************************/
410
411 static const char *create_pai_v1_entries(struct pai_val *paiv,
412                                 const char *entry_offset,
413                                 bool def_entry)
414 {
415         int i;
416
417         for (i = 0; i < paiv->num_entries; i++) {
418                 struct pai_entry *paie = SMB_MALLOC_P(struct pai_entry);
419                 if (!paie) {
420                         return NULL;
421                 }
422
423                 paie->ace_flags = SEC_ACE_FLAG_INHERITED_ACE;
424                 if (!get_pai_owner_type(paie, entry_offset)) {
425                         return NULL;
426                 }
427
428                 if (!def_entry) {
429                         DLIST_ADD(paiv->entry_list, paie);
430                 } else {
431                         DLIST_ADD(paiv->def_entry_list, paie);
432                 }
433                 entry_offset += PAI_V1_ENTRY_LENGTH;
434         }
435         return entry_offset;
436 }
437
438 /************************************************************************
439  Convert to in-memory format from version 1.
440 ************************************************************************/
441
442 static struct pai_val *create_pai_val_v1(const char *buf, size_t size)
443 {
444         const char *entry_offset;
445         struct pai_val *paiv = NULL;
446
447         if (!check_pai_ok_v1(buf, size)) {
448                 return NULL;
449         }
450
451         paiv = SMB_MALLOC_P(struct pai_val);
452         if (!paiv) {
453                 return NULL;
454         }
455
456         memset(paiv, '\0', sizeof(struct pai_val));
457
458         paiv->sd_type = (CVAL(buf,PAI_V1_FLAG_OFFSET) == PAI_V1_ACL_FLAG_PROTECTED) ?
459                         SE_DESC_DACL_PROTECTED : 0;
460
461         paiv->num_entries = SVAL(buf,PAI_V1_NUM_ENTRIES_OFFSET);
462         paiv->num_def_entries = SVAL(buf,PAI_V1_NUM_DEFAULT_ENTRIES_OFFSET);
463
464         entry_offset = buf + PAI_V1_ENTRIES_BASE;
465
466         DEBUG(10,("create_pai_val: num_entries = %u, num_def_entries = %u\n",
467                         paiv->num_entries, paiv->num_def_entries ));
468
469         entry_offset = create_pai_v1_entries(paiv, entry_offset, false);
470         if (entry_offset == NULL) {
471                 free_inherited_info(paiv);
472                 return NULL;
473         }
474         entry_offset = create_pai_v1_entries(paiv, entry_offset, true);
475         if (entry_offset == NULL) {
476                 free_inherited_info(paiv);
477                 return NULL;
478         }
479
480         return paiv;
481 }
482
483 /************************************************************************
484  Process v2 entries.
485 ************************************************************************/
486
487 static const char *create_pai_v2_entries(struct pai_val *paiv,
488                                 const char *entry_offset,
489                                 bool def_entry)
490 {
491         int i;
492
493         for (i = 0; i < paiv->num_entries; i++) {
494                 struct pai_entry *paie = SMB_MALLOC_P(struct pai_entry);
495                 if (!paie) {
496                         return NULL;
497                 }
498
499                 paie->ace_flags = CVAL(entry_offset,0);
500
501                 entry_offset++;
502
503                 if (!get_pai_owner_type(paie, entry_offset)) {
504                         return NULL;
505                 }
506                 if (!def_entry) {
507                         DLIST_ADD(paiv->entry_list, paie);
508                 } else {
509                         DLIST_ADD(paiv->def_entry_list, paie);
510                 }
511                 entry_offset += PAI_V2_ENTRY_LENGTH;
512         }
513         return entry_offset;
514 }
515
516 /************************************************************************
517  Convert to in-memory format from version 2.
518 ************************************************************************/
519
520 static struct pai_val *create_pai_val_v2(const char *buf, size_t size)
521 {
522         const char *entry_offset;
523         struct pai_val *paiv = NULL;
524
525         if (!check_pai_ok_v2(buf, size)) {
526                 return NULL;
527         }
528
529         paiv = SMB_MALLOC_P(struct pai_val);
530         if (!paiv) {
531                 return NULL;
532         }
533
534         memset(paiv, '\0', sizeof(struct pai_val));
535
536         paiv->sd_type = SVAL(buf,PAI_V2_TYPE_OFFSET);
537
538         paiv->num_entries = SVAL(buf,PAI_V2_NUM_ENTRIES_OFFSET);
539         paiv->num_def_entries = SVAL(buf,PAI_V2_NUM_DEFAULT_ENTRIES_OFFSET);
540
541         entry_offset = buf + PAI_V2_ENTRIES_BASE;
542
543         DEBUG(10,("create_pai_val_v2: num_entries = %u, num_def_entries = %u\n",
544                         paiv->num_entries, paiv->num_def_entries ));
545
546         entry_offset = create_pai_v2_entries(paiv, entry_offset, false);
547         if (entry_offset == NULL) {
548                 free_inherited_info(paiv);
549                 return NULL;
550         }
551         entry_offset = create_pai_v2_entries(paiv, entry_offset, true);
552         if (entry_offset == NULL) {
553                 free_inherited_info(paiv);
554                 return NULL;
555         }
556
557         return paiv;
558 }
559
560 /************************************************************************
561  Convert to in-memory format - from either version 1 or 2.
562 ************************************************************************/
563
564 static struct pai_val *create_pai_val(const char *buf, size_t size)
565 {
566         if (size < 1) {
567                 return NULL;
568         }
569         if (CVAL(buf,PAI_VERSION_OFFSET) == PAI_V1_VERSION) {
570                 return create_pai_val_v1(buf, size);
571         } else if (CVAL(buf,PAI_VERSION_OFFSET) == PAI_V2_VERSION) {
572                 return create_pai_val_v2(buf, size);
573         } else {
574                 return NULL;
575         }
576 }
577
578 /************************************************************************
579  Load the user.SAMBA_PAI attribute.
580 ************************************************************************/
581
582 static struct pai_val *fload_inherited_info(files_struct *fsp)
583 {
584         char *pai_buf;
585         size_t pai_buf_size = 1024;
586         struct pai_val *paiv = NULL;
587         ssize_t ret;
588
589         if (!lp_map_acl_inherit(SNUM(fsp->conn))) {
590                 return NULL;
591         }
592
593         if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL) {
594                 return NULL;
595         }
596
597         do {
598                 if (fsp->fh->fd != -1) {
599                         ret = SMB_VFS_FGETXATTR(fsp, SAMBA_POSIX_INHERITANCE_EA_NAME,
600                                         pai_buf, pai_buf_size);
601                 } else {
602                         ret = SMB_VFS_GETXATTR(fsp->conn,fsp->fsp_name,SAMBA_POSIX_INHERITANCE_EA_NAME,
603                                         pai_buf, pai_buf_size);
604                 }
605
606                 if (ret == -1) {
607                         if (errno != ERANGE) {
608                                 break;
609                         }
610                         /* Buffer too small - enlarge it. */
611                         pai_buf_size *= 2;
612                         SAFE_FREE(pai_buf);
613                         if (pai_buf_size > 1024*1024) {
614                                 return NULL; /* Limit malloc to 1mb. */
615                         }
616                         if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL)
617                                 return NULL;
618                 }
619         } while (ret == -1);
620
621         DEBUG(10,("load_inherited_info: ret = %lu for file %s\n", (unsigned long)ret, fsp->fsp_name));
622
623         if (ret == -1) {
624                 /* No attribute or not supported. */
625 #if defined(ENOATTR)
626                 if (errno != ENOATTR)
627                         DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
628 #else
629                 if (errno != ENOSYS)
630                         DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
631 #endif
632                 SAFE_FREE(pai_buf);
633                 return NULL;
634         }
635
636         paiv = create_pai_val(pai_buf, ret);
637
638         if (paiv) {
639                 DEBUG(10,("load_inherited_info: ACL type is 0x%x for file %s\n",
640                         (unsigned int)paiv->sd_type,
641                         fsp->fsp_name));
642         }
643
644         SAFE_FREE(pai_buf);
645         return paiv;
646 }
647
648 /************************************************************************
649  Load the user.SAMBA_PAI attribute.
650 ************************************************************************/
651
652 static struct pai_val *load_inherited_info(const struct connection_struct *conn,
653                                            const char *fname)
654 {
655         char *pai_buf;
656         size_t pai_buf_size = 1024;
657         struct pai_val *paiv = NULL;
658         ssize_t ret;
659
660         if (!lp_map_acl_inherit(SNUM(conn))) {
661                 return NULL;
662         }
663
664         if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL) {
665                 return NULL;
666         }
667
668         do {
669                 ret = SMB_VFS_GETXATTR(conn, fname,
670                                        SAMBA_POSIX_INHERITANCE_EA_NAME,
671                                        pai_buf, pai_buf_size);
672
673                 if (ret == -1) {
674                         if (errno != ERANGE) {
675                                 break;
676                         }
677                         /* Buffer too small - enlarge it. */
678                         pai_buf_size *= 2;
679                         SAFE_FREE(pai_buf);
680                         if (pai_buf_size > 1024*1024) {
681                                 return NULL; /* Limit malloc to 1mb. */
682                         }
683                         if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL)
684                                 return NULL;
685                 }
686         } while (ret == -1);
687
688         DEBUG(10,("load_inherited_info: ret = %lu for file %s\n", (unsigned long)ret, fname));
689
690         if (ret == -1) {
691                 /* No attribute or not supported. */
692 #if defined(ENOATTR)
693                 if (errno != ENOATTR)
694                         DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
695 #else
696                 if (errno != ENOSYS)
697                         DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
698 #endif
699                 SAFE_FREE(pai_buf);
700                 return NULL;
701         }
702
703         paiv = create_pai_val(pai_buf, ret);
704
705         if (paiv) {
706                 DEBUG(10,("load_inherited_info: ACL type 0x%x for file %s\n",
707                         (unsigned int)paiv->sd_type,
708                         fname));
709         }
710
711         SAFE_FREE(pai_buf);
712         return paiv;
713 }
714
715 /****************************************************************************
716  Functions to manipulate the internal ACE format.
717 ****************************************************************************/
718
719 /****************************************************************************
720  Count a linked list of canonical ACE entries.
721 ****************************************************************************/
722
723 static size_t count_canon_ace_list( canon_ace *l_head )
724 {
725         size_t count = 0;
726         canon_ace *ace;
727
728         for (ace = l_head; ace; ace = ace->next)
729                 count++;
730
731         return count;
732 }
733
734 /****************************************************************************
735  Free a linked list of canonical ACE entries.
736 ****************************************************************************/
737
738 static void free_canon_ace_list( canon_ace *l_head )
739 {
740         canon_ace *list, *next;
741
742         for (list = l_head; list; list = next) {
743                 next = list->next;
744                 DLIST_REMOVE(l_head, list);
745                 SAFE_FREE(list);
746         }
747 }
748
749 /****************************************************************************
750  Function to duplicate a canon_ace entry.
751 ****************************************************************************/
752
753 static canon_ace *dup_canon_ace( canon_ace *src_ace)
754 {
755         canon_ace *dst_ace = SMB_MALLOC_P(canon_ace);
756
757         if (dst_ace == NULL)
758                 return NULL;
759
760         *dst_ace = *src_ace;
761         dst_ace->prev = dst_ace->next = NULL;
762         return dst_ace;
763 }
764
765 /****************************************************************************
766  Print out a canon ace.
767 ****************************************************************************/
768
769 static void print_canon_ace(canon_ace *pace, int num)
770 {
771         dbgtext( "canon_ace index %d. Type = %s ", num, pace->attr == ALLOW_ACE ? "allow" : "deny" );
772         dbgtext( "SID = %s ", sid_string_dbg(&pace->trustee));
773         if (pace->owner_type == UID_ACE) {
774                 const char *u_name = uidtoname(pace->unix_ug.uid);
775                 dbgtext( "uid %u (%s) ", (unsigned int)pace->unix_ug.uid, u_name );
776         } else if (pace->owner_type == GID_ACE) {
777                 char *g_name = gidtoname(pace->unix_ug.gid);
778                 dbgtext( "gid %u (%s) ", (unsigned int)pace->unix_ug.gid, g_name );
779         } else
780                 dbgtext( "other ");
781         switch (pace->type) {
782                 case SMB_ACL_USER:
783                         dbgtext( "SMB_ACL_USER ");
784                         break;
785                 case SMB_ACL_USER_OBJ:
786                         dbgtext( "SMB_ACL_USER_OBJ ");
787                         break;
788                 case SMB_ACL_GROUP:
789                         dbgtext( "SMB_ACL_GROUP ");
790                         break;
791                 case SMB_ACL_GROUP_OBJ:
792                         dbgtext( "SMB_ACL_GROUP_OBJ ");
793                         break;
794                 case SMB_ACL_OTHER:
795                         dbgtext( "SMB_ACL_OTHER ");
796                         break;
797                 default:
798                         dbgtext( "MASK " );
799                         break;
800         }
801
802         dbgtext( "ace_flags = 0x%x ", (unsigned int)pace->ace_flags);
803         dbgtext( "perms ");
804         dbgtext( "%c", pace->perms & S_IRUSR ? 'r' : '-');
805         dbgtext( "%c", pace->perms & S_IWUSR ? 'w' : '-');
806         dbgtext( "%c\n", pace->perms & S_IXUSR ? 'x' : '-');
807 }
808
809 /****************************************************************************
810  Print out a canon ace list.
811 ****************************************************************************/
812
813 static void print_canon_ace_list(const char *name, canon_ace *ace_list)
814 {
815         int count = 0;
816
817         if( DEBUGLVL( 10 )) {
818                 dbgtext( "print_canon_ace_list: %s\n", name );
819                 for (;ace_list; ace_list = ace_list->next, count++)
820                         print_canon_ace(ace_list, count );
821         }
822 }
823
824 /****************************************************************************
825  Map POSIX ACL perms to canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits).
826 ****************************************************************************/
827
828 static mode_t convert_permset_to_mode_t(connection_struct *conn, SMB_ACL_PERMSET_T permset)
829 {
830         mode_t ret = 0;
831
832         ret |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_READ) ? S_IRUSR : 0);
833         ret |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_WRITE) ? S_IWUSR : 0);
834         ret |= (SMB_VFS_SYS_ACL_GET_PERM(conn, permset, SMB_ACL_EXECUTE) ? S_IXUSR : 0);
835
836         return ret;
837 }
838
839 /****************************************************************************
840  Map generic UNIX permissions to canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits).
841 ****************************************************************************/
842
843 static mode_t unix_perms_to_acl_perms(mode_t mode, int r_mask, int w_mask, int x_mask)
844 {
845         mode_t ret = 0;
846
847         if (mode & r_mask)
848                 ret |= S_IRUSR;
849         if (mode & w_mask)
850                 ret |= S_IWUSR;
851         if (mode & x_mask)
852                 ret |= S_IXUSR;
853
854         return ret;
855 }
856
857 /****************************************************************************
858  Map canon_ace permissions (a mode_t containing only S_(R|W|X)USR bits) to
859  an SMB_ACL_PERMSET_T.
860 ****************************************************************************/
861
862 static int map_acl_perms_to_permset(connection_struct *conn, mode_t mode, SMB_ACL_PERMSET_T *p_permset)
863 {
864         if (SMB_VFS_SYS_ACL_CLEAR_PERMS(conn, *p_permset) ==  -1)
865                 return -1;
866         if (mode & S_IRUSR) {
867                 if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_READ) == -1)
868                         return -1;
869         }
870         if (mode & S_IWUSR) {
871                 if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_WRITE) == -1)
872                         return -1;
873         }
874         if (mode & S_IXUSR) {
875                 if (SMB_VFS_SYS_ACL_ADD_PERM(conn, *p_permset, SMB_ACL_EXECUTE) == -1)
876                         return -1;
877         }
878         return 0;
879 }
880
881 /****************************************************************************
882  Function to create owner and group SIDs from a SMB_STRUCT_STAT.
883 ****************************************************************************/
884
885 void create_file_sids(const SMB_STRUCT_STAT *psbuf, DOM_SID *powner_sid, DOM_SID *pgroup_sid)
886 {
887         uid_to_sid( powner_sid, psbuf->st_uid );
888         gid_to_sid( pgroup_sid, psbuf->st_gid );
889 }
890
891 /****************************************************************************
892  Is the identity in two ACEs equal ? Check both SID and uid/gid.
893 ****************************************************************************/
894
895 static bool identity_in_ace_equal(canon_ace *ace1, canon_ace *ace2)
896 {
897         if (sid_equal(&ace1->trustee, &ace2->trustee)) {
898                 return True;
899         }
900         if (ace1->owner_type == ace2->owner_type) {
901                 if (ace1->owner_type == UID_ACE &&
902                                 ace1->unix_ug.uid == ace2->unix_ug.uid) {
903                         return True;
904                 } else if (ace1->owner_type == GID_ACE &&
905                                 ace1->unix_ug.gid == ace2->unix_ug.gid) {
906                         return True;
907                 }
908         }
909         return False;
910 }
911
912 /****************************************************************************
913  Merge aces with a common sid - if both are allow or deny, OR the permissions together and
914  delete the second one. If the first is deny, mask the permissions off and delete the allow
915  if the permissions become zero, delete the deny if the permissions are non zero.
916 ****************************************************************************/
917
918 static void merge_aces( canon_ace **pp_list_head )
919 {
920         canon_ace *l_head = *pp_list_head;
921         canon_ace *curr_ace_outer;
922         canon_ace *curr_ace_outer_next;
923
924         /*
925          * First, merge allow entries with identical SIDs, and deny entries
926          * with identical SIDs.
927          */
928
929         for (curr_ace_outer = l_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) {
930                 canon_ace *curr_ace;
931                 canon_ace *curr_ace_next;
932
933                 curr_ace_outer_next = curr_ace_outer->next; /* Save the link in case we delete. */
934
935                 for (curr_ace = curr_ace_outer->next; curr_ace; curr_ace = curr_ace_next) {
936
937                         curr_ace_next = curr_ace->next; /* Save the link in case of delete. */
938
939                         if (identity_in_ace_equal(curr_ace, curr_ace_outer) &&
940                                 (curr_ace->attr == curr_ace_outer->attr)) {
941
942                                 if( DEBUGLVL( 10 )) {
943                                         dbgtext("merge_aces: Merging ACE's\n");
944                                         print_canon_ace( curr_ace_outer, 0);
945                                         print_canon_ace( curr_ace, 0);
946                                 }
947
948                                 /* Merge two allow or two deny ACE's. */
949
950                                 curr_ace_outer->perms |= curr_ace->perms;
951                                 DLIST_REMOVE(l_head, curr_ace);
952                                 SAFE_FREE(curr_ace);
953                                 curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */
954                         }
955                 }
956         }
957
958         /*
959          * Now go through and mask off allow permissions with deny permissions.
960          * We can delete either the allow or deny here as we know that each SID
961          * appears only once in the list.
962          */
963
964         for (curr_ace_outer = l_head; curr_ace_outer; curr_ace_outer = curr_ace_outer_next) {
965                 canon_ace *curr_ace;
966                 canon_ace *curr_ace_next;
967
968                 curr_ace_outer_next = curr_ace_outer->next; /* Save the link in case we delete. */
969
970                 for (curr_ace = curr_ace_outer->next; curr_ace; curr_ace = curr_ace_next) {
971
972                         curr_ace_next = curr_ace->next; /* Save the link in case of delete. */
973
974                         /*
975                          * Subtract ACE's with different entries. Due to the ordering constraints
976                          * we've put on the ACL, we know the deny must be the first one.
977                          */
978
979                         if (identity_in_ace_equal(curr_ace, curr_ace_outer) &&
980                                 (curr_ace_outer->attr == DENY_ACE) && (curr_ace->attr == ALLOW_ACE)) {
981
982                                 if( DEBUGLVL( 10 )) {
983                                         dbgtext("merge_aces: Masking ACE's\n");
984                                         print_canon_ace( curr_ace_outer, 0);
985                                         print_canon_ace( curr_ace, 0);
986                                 }
987
988                                 curr_ace->perms &= ~curr_ace_outer->perms;
989
990                                 if (curr_ace->perms == 0) {
991
992                                         /*
993                                          * The deny overrides the allow. Remove the allow.
994                                          */
995
996                                         DLIST_REMOVE(l_head, curr_ace);
997                                         SAFE_FREE(curr_ace);
998                                         curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */
999
1000                                 } else {
1001
1002                                         /*
1003                                          * Even after removing permissions, there
1004                                          * are still allow permissions - delete the deny.
1005                                          * It is safe to delete the deny here,
1006                                          * as we are guarenteed by the deny first
1007                                          * ordering that all the deny entries for
1008                                          * this SID have already been merged into one
1009                                          * before we can get to an allow ace.
1010                                          */
1011
1012                                         DLIST_REMOVE(l_head, curr_ace_outer);
1013                                         SAFE_FREE(curr_ace_outer);
1014                                         break;
1015                                 }
1016                         }
1017
1018                 } /* end for curr_ace */
1019         } /* end for curr_ace_outer */
1020
1021         /* We may have modified the list. */
1022
1023         *pp_list_head = l_head;
1024 }
1025
1026 /****************************************************************************
1027  Check if we need to return NT4.x compatible ACL entries.
1028 ****************************************************************************/
1029
1030 bool nt4_compatible_acls(void)
1031 {
1032         int compat = lp_acl_compatibility();
1033
1034         if (compat == ACL_COMPAT_AUTO) {
1035                 enum remote_arch_types ra_type = get_remote_arch();
1036
1037                 /* Automatically adapt to client */
1038                 return (ra_type <= RA_WINNT);
1039         } else
1040                 return (compat == ACL_COMPAT_WINNT);
1041 }
1042
1043
1044 /****************************************************************************
1045  Map canon_ace perms to permission bits NT.
1046  The attr element is not used here - we only process deny entries on set,
1047  not get. Deny entries are implicit on get with ace->perms = 0.
1048 ****************************************************************************/
1049
1050 static uint32_t map_canon_ace_perms(int snum,
1051                                 enum security_ace_type *pacl_type,
1052                                 mode_t perms,
1053                                 bool directory_ace)
1054 {
1055         uint32_t nt_mask = 0;
1056
1057         *pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED;
1058
1059         if (lp_acl_map_full_control(snum) && ((perms & ALL_ACE_PERMS) == ALL_ACE_PERMS)) {
1060                 if (directory_ace) {
1061                         nt_mask = UNIX_DIRECTORY_ACCESS_RWX;
1062                 } else {
1063                         nt_mask = (UNIX_ACCESS_RWX & ~DELETE_ACCESS);
1064                 }
1065         } else if ((perms & ALL_ACE_PERMS) == (mode_t)0) {
1066                 /*
1067                  * Windows NT refuses to display ACEs with no permissions in them (but
1068                  * they are perfectly legal with Windows 2000). If the ACE has empty
1069                  * permissions we cannot use 0, so we use the otherwise unused
1070                  * WRITE_OWNER permission, which we ignore when we set an ACL.
1071                  * We abstract this into a #define of UNIX_ACCESS_NONE to allow this
1072                  * to be changed in the future.
1073                  */
1074
1075                 if (nt4_compatible_acls())
1076                         nt_mask = UNIX_ACCESS_NONE;
1077                 else
1078                         nt_mask = 0;
1079         } else {
1080                 if (directory_ace) {
1081                         nt_mask |= ((perms & S_IRUSR) ? UNIX_DIRECTORY_ACCESS_R : 0 );
1082                         nt_mask |= ((perms & S_IWUSR) ? UNIX_DIRECTORY_ACCESS_W : 0 );
1083                         nt_mask |= ((perms & S_IXUSR) ? UNIX_DIRECTORY_ACCESS_X : 0 );
1084                 } else {
1085                         nt_mask |= ((perms & S_IRUSR) ? UNIX_ACCESS_R : 0 );
1086                         nt_mask |= ((perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
1087                         nt_mask |= ((perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
1088                 }
1089         }
1090
1091         DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",
1092                         (unsigned int)perms, (unsigned int)nt_mask ));
1093
1094         return nt_mask;
1095 }
1096
1097 /****************************************************************************
1098  Map NT perms to a UNIX mode_t.
1099 ****************************************************************************/
1100
1101 #define FILE_SPECIFIC_READ_BITS (FILE_READ_DATA|FILE_READ_EA|FILE_READ_ATTRIBUTES)
1102 #define FILE_SPECIFIC_WRITE_BITS (FILE_WRITE_DATA|FILE_APPEND_DATA|FILE_WRITE_EA|FILE_WRITE_ATTRIBUTES)
1103 #define FILE_SPECIFIC_EXECUTE_BITS (FILE_EXECUTE)
1104
1105 static mode_t map_nt_perms( uint32 *mask, int type)
1106 {
1107         mode_t mode = 0;
1108
1109         switch(type) {
1110         case S_IRUSR:
1111                 if((*mask) & GENERIC_ALL_ACCESS)
1112                         mode = S_IRUSR|S_IWUSR|S_IXUSR;
1113                 else {
1114                         mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRUSR : 0;
1115                         mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWUSR : 0;
1116                         mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXUSR : 0;
1117                 }
1118                 break;
1119         case S_IRGRP:
1120                 if((*mask) & GENERIC_ALL_ACCESS)
1121                         mode = S_IRGRP|S_IWGRP|S_IXGRP;
1122                 else {
1123                         mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IRGRP : 0;
1124                         mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWGRP : 0;
1125                         mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXGRP : 0;
1126                 }
1127                 break;
1128         case S_IROTH:
1129                 if((*mask) & GENERIC_ALL_ACCESS)
1130                         mode = S_IROTH|S_IWOTH|S_IXOTH;
1131                 else {
1132                         mode |= ((*mask) & (GENERIC_READ_ACCESS|FILE_SPECIFIC_READ_BITS)) ? S_IROTH : 0;
1133                         mode |= ((*mask) & (GENERIC_WRITE_ACCESS|FILE_SPECIFIC_WRITE_BITS)) ? S_IWOTH : 0;
1134                         mode |= ((*mask) & (GENERIC_EXECUTE_ACCESS|FILE_SPECIFIC_EXECUTE_BITS)) ? S_IXOTH : 0;
1135                 }
1136                 break;
1137         }
1138
1139         return mode;
1140 }
1141
1142 /****************************************************************************
1143  Unpack a SEC_DESC into a UNIX owner and group.
1144 ****************************************************************************/
1145
1146 NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, const SEC_DESC *psd)
1147 {
1148         DOM_SID owner_sid;
1149         DOM_SID grp_sid;
1150
1151         *puser = (uid_t)-1;
1152         *pgrp = (gid_t)-1;
1153
1154         if(security_info_sent == 0) {
1155                 DEBUG(0,("unpack_nt_owners: no security info sent !\n"));
1156                 return NT_STATUS_OK;
1157         }
1158
1159         /*
1160          * Validate the owner and group SID's.
1161          */
1162
1163         memset(&owner_sid, '\0', sizeof(owner_sid));
1164         memset(&grp_sid, '\0', sizeof(grp_sid));
1165
1166         DEBUG(5,("unpack_nt_owners: validating owner_sids.\n"));
1167
1168         /*
1169          * Don't immediately fail if the owner sid cannot be validated.
1170          * This may be a group chown only set.
1171          */
1172
1173         if (security_info_sent & OWNER_SECURITY_INFORMATION) {
1174                 sid_copy(&owner_sid, psd->owner_sid);
1175                 if (!sid_to_uid(&owner_sid, puser)) {
1176                         if (lp_force_unknown_acl_user(snum)) {
1177                                 /* this allows take ownership to work
1178                                  * reasonably */
1179                                 *puser = current_user.ut.uid;
1180                         } else {
1181                                 DEBUG(3,("unpack_nt_owners: unable to validate"
1182                                          " owner sid for %s\n",
1183                                          sid_string_dbg(&owner_sid)));
1184                                 return NT_STATUS_INVALID_OWNER;
1185                         }
1186                 }
1187                 DEBUG(3,("unpack_nt_owners: owner sid mapped to uid %u\n",
1188                          (unsigned int)*puser ));
1189         }
1190
1191         /*
1192          * Don't immediately fail if the group sid cannot be validated.
1193          * This may be an owner chown only set.
1194          */
1195
1196         if (security_info_sent & GROUP_SECURITY_INFORMATION) {
1197                 sid_copy(&grp_sid, psd->group_sid);
1198                 if (!sid_to_gid( &grp_sid, pgrp)) {
1199                         if (lp_force_unknown_acl_user(snum)) {
1200                                 /* this allows take group ownership to work
1201                                  * reasonably */
1202                                 *pgrp = current_user.ut.gid;
1203                         } else {
1204                                 DEBUG(3,("unpack_nt_owners: unable to validate"
1205                                          " group sid.\n"));
1206                                 return NT_STATUS_INVALID_OWNER;
1207                         }
1208                 }
1209                 DEBUG(3,("unpack_nt_owners: group sid mapped to gid %u\n",
1210                          (unsigned int)*pgrp));
1211         }
1212
1213         DEBUG(5,("unpack_nt_owners: owner_sids validated.\n"));
1214
1215         return NT_STATUS_OK;
1216 }
1217
1218 /****************************************************************************
1219  Ensure the enforced permissions for this share apply.
1220 ****************************************************************************/
1221
1222 static void apply_default_perms(const struct share_params *params,
1223                                 const bool is_directory, canon_ace *pace,
1224                                 mode_t type)
1225 {
1226         mode_t and_bits = (mode_t)0;
1227         mode_t or_bits = (mode_t)0;
1228
1229         /* Get the initial bits to apply. */
1230
1231         if (is_directory) {
1232                 and_bits = lp_dir_security_mask(params->service);
1233                 or_bits = lp_force_dir_security_mode(params->service);
1234         } else {
1235                 and_bits = lp_security_mask(params->service);
1236                 or_bits = lp_force_security_mode(params->service);
1237         }
1238
1239         /* Now bounce them into the S_USR space. */     
1240         switch(type) {
1241         case S_IRUSR:
1242                 /* Ensure owner has read access. */
1243                 pace->perms |= S_IRUSR;
1244                 if (is_directory)
1245                         pace->perms |= (S_IWUSR|S_IXUSR);
1246                 and_bits = unix_perms_to_acl_perms(and_bits, S_IRUSR, S_IWUSR, S_IXUSR);
1247                 or_bits = unix_perms_to_acl_perms(or_bits, S_IRUSR, S_IWUSR, S_IXUSR);
1248                 break;
1249         case S_IRGRP:
1250                 and_bits = unix_perms_to_acl_perms(and_bits, S_IRGRP, S_IWGRP, S_IXGRP);
1251                 or_bits = unix_perms_to_acl_perms(or_bits, S_IRGRP, S_IWGRP, S_IXGRP);
1252                 break;
1253         case S_IROTH:
1254                 and_bits = unix_perms_to_acl_perms(and_bits, S_IROTH, S_IWOTH, S_IXOTH);
1255                 or_bits = unix_perms_to_acl_perms(or_bits, S_IROTH, S_IWOTH, S_IXOTH);
1256                 break;
1257         }
1258
1259         pace->perms = ((pace->perms & and_bits)|or_bits);
1260 }
1261
1262 /****************************************************************************
1263  Check if a given uid/SID is in a group gid/SID. This is probably very
1264  expensive and will need optimisation. A *lot* of optimisation :-). JRA.
1265 ****************************************************************************/
1266
1267 static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
1268 {
1269         const char *u_name = NULL;
1270
1271         /* "Everyone" always matches every uid. */
1272
1273         if (sid_equal(&group_ace->trustee, &global_sid_World))
1274                 return True;
1275
1276         /* Assume that the current user is in the current group (force group) */
1277
1278         if (uid_ace->unix_ug.uid == current_user.ut.uid && group_ace->unix_ug.gid == current_user.ut.gid)
1279                 return True;
1280
1281         /* u_name talloc'ed off tos. */
1282         u_name = uidtoname(uid_ace->unix_ug.uid);
1283         if (!u_name) {
1284                 return False;
1285         }
1286         return user_in_group_sid(u_name, &group_ace->trustee);
1287 }
1288
1289 /****************************************************************************
1290  A well formed POSIX file or default ACL has at least 3 entries, a 
1291  SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER_OBJ.
1292  In addition, the owner must always have at least read access.
1293  When using this call on get_acl, the pst struct is valid and contains
1294  the mode of the file. When using this call on set_acl, the pst struct has
1295  been modified to have a mode containing the default for this file or directory
1296  type.
1297 ****************************************************************************/
1298
1299 static bool ensure_canon_entry_valid(canon_ace **pp_ace,
1300                                      const struct share_params *params,
1301                                      const bool is_directory,
1302                                                         const DOM_SID *pfile_owner_sid,
1303                                                         const DOM_SID *pfile_grp_sid,
1304                                                         const SMB_STRUCT_STAT *pst,
1305                                                         bool setting_acl)
1306 {
1307         canon_ace *pace;
1308         bool got_user = False;
1309         bool got_grp = False;
1310         bool got_other = False;
1311         canon_ace *pace_other = NULL;
1312
1313         for (pace = *pp_ace; pace; pace = pace->next) {
1314                 if (pace->type == SMB_ACL_USER_OBJ) {
1315
1316                         if (setting_acl)
1317                                 apply_default_perms(params, is_directory, pace, S_IRUSR);
1318                         got_user = True;
1319
1320                 } else if (pace->type == SMB_ACL_GROUP_OBJ) {
1321
1322                         /*
1323                          * Ensure create mask/force create mode is respected on set.
1324                          */
1325
1326                         if (setting_acl)
1327                                 apply_default_perms(params, is_directory, pace, S_IRGRP);
1328                         got_grp = True;
1329
1330                 } else if (pace->type == SMB_ACL_OTHER) {
1331
1332                         /*
1333                          * Ensure create mask/force create mode is respected on set.
1334                          */
1335
1336                         if (setting_acl)
1337                                 apply_default_perms(params, is_directory, pace, S_IROTH);
1338                         got_other = True;
1339                         pace_other = pace;
1340                 }
1341         }
1342
1343         if (!got_user) {
1344                 if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
1345                         DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1346                         return False;
1347                 }
1348
1349                 ZERO_STRUCTP(pace);
1350                 pace->type = SMB_ACL_USER_OBJ;
1351                 pace->owner_type = UID_ACE;
1352                 pace->unix_ug.uid = pst->st_uid;
1353                 pace->trustee = *pfile_owner_sid;
1354                 pace->attr = ALLOW_ACE;
1355
1356                 if (setting_acl) {
1357                         /* See if the owning user is in any of the other groups in
1358                            the ACE. If so, OR in the permissions from that group. */
1359
1360                         bool group_matched = False;
1361                         canon_ace *pace_iter;
1362
1363                         for (pace_iter = *pp_ace; pace_iter; pace_iter = pace_iter->next) {
1364                                 if (pace_iter->type == SMB_ACL_GROUP_OBJ || pace_iter->type == SMB_ACL_GROUP) {
1365                                         if (uid_entry_in_group(pace, pace_iter)) {
1366                                                 pace->perms |= pace_iter->perms;
1367                                                 group_matched = True;
1368                                         }
1369                                 }
1370                         }
1371
1372                         /* If we only got an "everyone" perm, just use that. */
1373                         if (!group_matched) {
1374                                 if (got_other)
1375                                         pace->perms = pace_other->perms;
1376                                 else
1377                                         pace->perms = 0;
1378                         }
1379
1380                         apply_default_perms(params, is_directory, pace, S_IRUSR);
1381                 } else {
1382                         pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRUSR, S_IWUSR, S_IXUSR);
1383                 }
1384
1385                 DLIST_ADD(*pp_ace, pace);
1386         }
1387
1388         if (!got_grp) {
1389                 if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
1390                         DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1391                         return False;
1392                 }
1393
1394                 ZERO_STRUCTP(pace);
1395                 pace->type = SMB_ACL_GROUP_OBJ;
1396                 pace->owner_type = GID_ACE;
1397                 pace->unix_ug.uid = pst->st_gid;
1398                 pace->trustee = *pfile_grp_sid;
1399                 pace->attr = ALLOW_ACE;
1400                 if (setting_acl) {
1401                         /* If we only got an "everyone" perm, just use that. */
1402                         if (got_other)
1403                                 pace->perms = pace_other->perms;
1404                         else
1405                                 pace->perms = 0;
1406                         apply_default_perms(params, is_directory, pace, S_IRGRP);
1407                 } else {
1408                         pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IRGRP, S_IWGRP, S_IXGRP);
1409                 }
1410
1411                 DLIST_ADD(*pp_ace, pace);
1412         }
1413
1414         if (!got_other) {
1415                 if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
1416                         DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
1417                         return False;
1418                 }
1419
1420                 ZERO_STRUCTP(pace);
1421                 pace->type = SMB_ACL_OTHER;
1422                 pace->owner_type = WORLD_ACE;
1423                 pace->unix_ug.world = -1;
1424                 pace->trustee = global_sid_World;
1425                 pace->attr = ALLOW_ACE;
1426                 if (setting_acl) {
1427                         pace->perms = 0;
1428                         apply_default_perms(params, is_directory, pace, S_IROTH);
1429                 } else
1430                         pace->perms = unix_perms_to_acl_perms(pst->st_mode, S_IROTH, S_IWOTH, S_IXOTH);
1431
1432                 DLIST_ADD(*pp_ace, pace);
1433         }
1434
1435         return True;
1436 }
1437
1438 /****************************************************************************
1439  Check if a POSIX ACL has the required SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries.
1440  If it does not have them, check if there are any entries where the trustee is the
1441  file owner or the owning group, and map these to SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ.
1442 ****************************************************************************/
1443
1444 static void check_owning_objs(canon_ace *ace, DOM_SID *pfile_owner_sid, DOM_SID *pfile_grp_sid)
1445 {
1446         bool got_user_obj, got_group_obj;
1447         canon_ace *current_ace;
1448         int i, entries;
1449
1450         entries = count_canon_ace_list(ace);
1451         got_user_obj = False;
1452         got_group_obj = False;
1453
1454         for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) {
1455                 if (current_ace->type == SMB_ACL_USER_OBJ)
1456                         got_user_obj = True;
1457                 else if (current_ace->type == SMB_ACL_GROUP_OBJ)
1458                         got_group_obj = True;
1459         }
1460         if (got_user_obj && got_group_obj) {
1461                 DEBUG(10,("check_owning_objs: ACL had owning user/group entries.\n"));
1462                 return;
1463         }
1464
1465         for (i=0, current_ace = ace; i < entries; i++, current_ace = current_ace->next) {
1466                 if (!got_user_obj && current_ace->owner_type == UID_ACE &&
1467                                 sid_equal(&current_ace->trustee, pfile_owner_sid)) {
1468                         current_ace->type = SMB_ACL_USER_OBJ;
1469                         got_user_obj = True;
1470                 }
1471                 if (!got_group_obj && current_ace->owner_type == GID_ACE &&
1472                                 sid_equal(&current_ace->trustee, pfile_grp_sid)) {
1473                         current_ace->type = SMB_ACL_GROUP_OBJ;
1474                         got_group_obj = True;
1475                 }
1476         }
1477         if (!got_user_obj)
1478                 DEBUG(10,("check_owning_objs: ACL is missing an owner entry.\n"));
1479         if (!got_group_obj)
1480                 DEBUG(10,("check_owning_objs: ACL is missing an owning group entry.\n"));
1481 }
1482
1483 /****************************************************************************
1484  Unpack a SEC_DESC into two canonical ace lists.
1485 ****************************************************************************/
1486
1487 static bool create_canon_ace_lists(files_struct *fsp,
1488                                         SMB_STRUCT_STAT *pst,
1489                                         DOM_SID *pfile_owner_sid,
1490                                         DOM_SID *pfile_grp_sid,
1491                                         canon_ace **ppfile_ace,
1492                                         canon_ace **ppdir_ace,
1493                                         const SEC_ACL *dacl)
1494 {
1495         bool all_aces_are_inherit_only = (fsp->is_directory ? True : False);
1496         canon_ace *file_ace = NULL;
1497         canon_ace *dir_ace = NULL;
1498         canon_ace *current_ace = NULL;
1499         bool got_dir_allow = False;
1500         bool got_file_allow = False;
1501         int i, j;
1502
1503         *ppfile_ace = NULL;
1504         *ppdir_ace = NULL;
1505
1506         /*
1507          * Convert the incoming ACL into a more regular form.
1508          */
1509
1510         for(i = 0; i < dacl->num_aces; i++) {
1511                 SEC_ACE *psa = &dacl->aces[i];
1512
1513                 if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) {
1514                         DEBUG(3,("create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n"));
1515                         return False;
1516                 }
1517
1518                 if (nt4_compatible_acls()) {
1519                         /*
1520                          * The security mask may be UNIX_ACCESS_NONE which should map into
1521                          * no permissions (we overload the WRITE_OWNER bit for this) or it
1522                          * should be one of the ALL/EXECUTE/READ/WRITE bits. Arrange for this
1523                          * to be so. Any other bits override the UNIX_ACCESS_NONE bit.
1524                          */
1525
1526                         /*
1527                          * Convert GENERIC bits to specific bits.
1528                          */
1529  
1530                         se_map_generic(&psa->access_mask, &file_generic_mapping);
1531
1532                         psa->access_mask &= (UNIX_ACCESS_NONE|FILE_ALL_ACCESS);
1533
1534                         if(psa->access_mask != UNIX_ACCESS_NONE)
1535                                 psa->access_mask &= ~UNIX_ACCESS_NONE;
1536                 }
1537         }
1538
1539         /*
1540          * Deal with the fact that NT 4.x re-writes the canonical format
1541          * that we return for default ACLs. If a directory ACE is identical
1542          * to a inherited directory ACE then NT changes the bits so that the
1543          * first ACE is set to OI|IO and the second ACE for this SID is set
1544          * to CI. We need to repair this. JRA.
1545          */
1546
1547         for(i = 0; i < dacl->num_aces; i++) {
1548                 SEC_ACE *psa1 = &dacl->aces[i];
1549
1550                 for (j = i + 1; j < dacl->num_aces; j++) {
1551                         SEC_ACE *psa2 = &dacl->aces[j];
1552
1553                         if (psa1->access_mask != psa2->access_mask)
1554                                 continue;
1555
1556                         if (!sid_equal(&psa1->trustee, &psa2->trustee))
1557                                 continue;
1558
1559                         /*
1560                          * Ok - permission bits and SIDs are equal.
1561                          * Check if flags were re-written.
1562                          */
1563
1564                         if (psa1->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
1565
1566                                 psa1->flags |= (psa2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
1567                                 psa2->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
1568
1569                         } else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) {
1570
1571                                 psa2->flags |= (psa1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT));
1572                                 psa1->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT);
1573
1574                         }
1575                 }
1576         }
1577
1578         for(i = 0; i < dacl->num_aces; i++) {
1579                 SEC_ACE *psa = &dacl->aces[i];
1580
1581                 /*
1582                  * Create a cannon_ace entry representing this NT DACL ACE.
1583                  */
1584
1585                 if ((current_ace = SMB_MALLOC_P(canon_ace)) == NULL) {
1586                         free_canon_ace_list(file_ace);
1587                         free_canon_ace_list(dir_ace);
1588                         DEBUG(0,("create_canon_ace_lists: malloc fail.\n"));
1589                         return False;
1590                 }
1591
1592                 ZERO_STRUCTP(current_ace);
1593
1594                 sid_copy(&current_ace->trustee, &psa->trustee);
1595
1596                 /*
1597                  * Try and work out if the SID is a user or group
1598                  * as we need to flag these differently for POSIX.
1599                  * Note what kind of a POSIX ACL this should map to.
1600                  */
1601
1602                 if( sid_equal(&current_ace->trustee, &global_sid_World)) {
1603                         current_ace->owner_type = WORLD_ACE;
1604                         current_ace->unix_ug.world = -1;
1605                         current_ace->type = SMB_ACL_OTHER;
1606                 } else if (sid_equal(&current_ace->trustee, &global_sid_Creator_Owner)) {
1607                         current_ace->owner_type = UID_ACE;
1608                         current_ace->unix_ug.uid = pst->st_uid;
1609                         current_ace->type = SMB_ACL_USER_OBJ;
1610
1611                         /*
1612                          * The Creator Owner entry only specifies inheritable permissions,
1613                          * never access permissions. WinNT doesn't always set the ACE to
1614                          *INHERIT_ONLY, though.
1615                          */
1616
1617                         if (nt4_compatible_acls())
1618                                 psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
1619                 } else if (sid_equal(&current_ace->trustee, &global_sid_Creator_Group)) {
1620                         current_ace->owner_type = GID_ACE;
1621                         current_ace->unix_ug.gid = pst->st_gid;
1622                         current_ace->type = SMB_ACL_GROUP_OBJ;
1623
1624                         /*
1625                          * The Creator Group entry only specifies inheritable permissions,
1626                          * never access permissions. WinNT doesn't always set the ACE to
1627                          *INHERIT_ONLY, though.
1628                          */
1629                         if (nt4_compatible_acls())
1630                                 psa->flags |= SEC_ACE_FLAG_INHERIT_ONLY;
1631
1632                 } else if (sid_to_uid( &current_ace->trustee, &current_ace->unix_ug.uid)) {
1633                         current_ace->owner_type = UID_ACE;
1634                         /* If it's the owning user, this is a user_obj, not
1635                          * a user. */
1636                         if (current_ace->unix_ug.uid == pst->st_uid) {
1637                                 current_ace->type = SMB_ACL_USER_OBJ;
1638                         } else {
1639                                 current_ace->type = SMB_ACL_USER;
1640                         }
1641                 } else if (sid_to_gid( &current_ace->trustee, &current_ace->unix_ug.gid)) {
1642                         current_ace->owner_type = GID_ACE;
1643                         /* If it's the primary group, this is a group_obj, not
1644                          * a group. */
1645                         if (current_ace->unix_ug.gid == pst->st_gid) {
1646                                 current_ace->type = SMB_ACL_GROUP_OBJ;
1647                         } else {
1648                                 current_ace->type = SMB_ACL_GROUP;
1649                         }
1650                 } else {
1651                         /*
1652                          * Silently ignore map failures in non-mappable SIDs (NT Authority, BUILTIN etc).
1653                          */
1654
1655                         if (non_mappable_sid(&psa->trustee)) {
1656                                 DEBUG(10, ("create_canon_ace_lists: ignoring "
1657                                            "non-mappable SID %s\n",
1658                                            sid_string_dbg(&psa->trustee)));
1659                                 SAFE_FREE(current_ace);
1660                                 continue;
1661                         }
1662
1663                         free_canon_ace_list(file_ace);
1664                         free_canon_ace_list(dir_ace);
1665                         DEBUG(0, ("create_canon_ace_lists: unable to map SID "
1666                                   "%s to uid or gid.\n",
1667                                   sid_string_dbg(&current_ace->trustee)));
1668                         SAFE_FREE(current_ace);
1669                         return False;
1670                 }
1671
1672                 /*
1673                  * Map the given NT permissions into a UNIX mode_t containing only
1674                  * S_I(R|W|X)USR bits.
1675                  */
1676
1677                 current_ace->perms |= map_nt_perms( &psa->access_mask, S_IRUSR);
1678                 current_ace->attr = (psa->type == SEC_ACE_TYPE_ACCESS_ALLOWED) ? ALLOW_ACE : DENY_ACE;
1679
1680                 /* Store the ace_flag. */
1681                 current_ace->ace_flags = psa->flags;
1682
1683                 /*
1684                  * Now add the created ace to either the file list, the directory
1685                  * list, or both. We *MUST* preserve the order here (hence we use
1686                  * DLIST_ADD_END) as NT ACLs are order dependent.
1687                  */
1688
1689                 if (fsp->is_directory) {
1690
1691                         /*
1692                          * We can only add to the default POSIX ACE list if the ACE is
1693                          * designed to be inherited by both files and directories.
1694                          */
1695
1696                         if ((psa->flags & (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) ==
1697                                 (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) {
1698
1699                                 DLIST_ADD_END(dir_ace, current_ace, canon_ace *);
1700
1701                                 /*
1702                                  * Note if this was an allow ace. We can't process
1703                                  * any further deny ace's after this.
1704                                  */
1705
1706                                 if (current_ace->attr == ALLOW_ACE)
1707                                         got_dir_allow = True;
1708
1709                                 if ((current_ace->attr == DENY_ACE) && got_dir_allow) {
1710                                         DEBUG(0,("create_canon_ace_lists: malformed ACL in inheritable ACL ! \
1711 Deny entry after Allow entry. Failing to set on file %s.\n", fsp->fsp_name ));
1712                                         free_canon_ace_list(file_ace);
1713                                         free_canon_ace_list(dir_ace);
1714                                         return False;
1715                                 }       
1716
1717                                 if( DEBUGLVL( 10 )) {
1718                                         dbgtext("create_canon_ace_lists: adding dir ACL:\n");
1719                                         print_canon_ace( current_ace, 0);
1720                                 }
1721
1722                                 /*
1723                                  * If this is not an inherit only ACE we need to add a duplicate
1724                                  * to the file acl.
1725                                  */
1726
1727                                 if (!(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)) {
1728                                         canon_ace *dup_ace = dup_canon_ace(current_ace);
1729
1730                                         if (!dup_ace) {
1731                                                 DEBUG(0,("create_canon_ace_lists: malloc fail !\n"));
1732                                                 free_canon_ace_list(file_ace);
1733                                                 free_canon_ace_list(dir_ace);
1734                                                 return False;
1735                                         }
1736
1737                                         /*
1738                                          * We must not free current_ace here as its
1739                                          * pointer is now owned by the dir_ace list.
1740                                          */
1741                                         current_ace = dup_ace;
1742                                 } else {
1743                                         /*
1744                                          * We must not free current_ace here as its
1745                                          * pointer is now owned by the dir_ace list.
1746                                          */
1747                                         current_ace = NULL;
1748                                 }
1749                         }
1750                 }
1751
1752                 /*
1753                  * Only add to the file ACL if not inherit only.
1754                  */
1755
1756                 if (current_ace && !(psa->flags & SEC_ACE_FLAG_INHERIT_ONLY)) {
1757                         DLIST_ADD_END(file_ace, current_ace, canon_ace *);
1758
1759                         /*
1760                          * Note if this was an allow ace. We can't process
1761                          * any further deny ace's after this.
1762                          */
1763
1764                         if (current_ace->attr == ALLOW_ACE)
1765                                 got_file_allow = True;
1766
1767                         if ((current_ace->attr == DENY_ACE) && got_file_allow) {
1768                                 DEBUG(0,("create_canon_ace_lists: malformed ACL in file ACL ! \
1769 Deny entry after Allow entry. Failing to set on file %s.\n", fsp->fsp_name ));
1770                                 free_canon_ace_list(file_ace);
1771                                 free_canon_ace_list(dir_ace);
1772                                 return False;
1773                         }       
1774
1775                         if( DEBUGLVL( 10 )) {
1776                                 dbgtext("create_canon_ace_lists: adding file ACL:\n");
1777                                 print_canon_ace( current_ace, 0);
1778                         }
1779                         all_aces_are_inherit_only = False;
1780                         /*
1781                          * We must not free current_ace here as its
1782                          * pointer is now owned by the file_ace list.
1783                          */
1784                         current_ace = NULL;
1785                 }
1786
1787                 /*
1788                  * Free if ACE was not added.
1789                  */
1790
1791                 SAFE_FREE(current_ace);
1792         }
1793
1794         if (fsp->is_directory && all_aces_are_inherit_only) {
1795                 /*
1796                  * Windows 2000 is doing one of these weird 'inherit acl'
1797                  * traverses to conserve NTFS ACL resources. Just pretend
1798                  * there was no DACL sent. JRA.
1799                  */
1800
1801                 DEBUG(10,("create_canon_ace_lists: Win2k inherit acl traverse. Ignoring DACL.\n"));
1802                 free_canon_ace_list(file_ace);
1803                 free_canon_ace_list(dir_ace);
1804                 file_ace = NULL;
1805                 dir_ace = NULL;
1806         } else {
1807                 /*
1808                  * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in each
1809                  * ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP
1810                  * entries can be converted to *_OBJ. Usually we will already have these
1811                  * entries in the Default ACL, and the Access ACL will not have them.
1812                  */
1813                 if (file_ace) {
1814                         check_owning_objs(file_ace, pfile_owner_sid, pfile_grp_sid);
1815                 }
1816                 if (dir_ace) {
1817                         check_owning_objs(dir_ace, pfile_owner_sid, pfile_grp_sid);
1818                 }
1819         }
1820
1821         *ppfile_ace = file_ace;
1822         *ppdir_ace = dir_ace;
1823
1824         return True;
1825 }
1826
1827 /****************************************************************************
1828  ASCII art time again... JRA :-).
1829
1830  We have 4 cases to process when moving from an NT ACL to a POSIX ACL. Firstly,
1831  we insist the ACL is in canonical form (ie. all DENY entries preceede ALLOW
1832  entries). Secondly, the merge code has ensured that all duplicate SID entries for
1833  allow or deny have been merged, so the same SID can only appear once in the deny
1834  list or once in the allow list.
1835
1836  We then process as follows :
1837
1838  ---------------------------------------------------------------------------
1839  First pass - look for a Everyone DENY entry.
1840
1841  If it is deny all (rwx) trunate the list at this point.
1842  Else, walk the list from this point and use the deny permissions of this
1843  entry as a mask on all following allow entries. Finally, delete
1844  the Everyone DENY entry (we have applied it to everything possible).
1845
1846  In addition, in this pass we remove any DENY entries that have 
1847  no permissions (ie. they are a DENY nothing).
1848  ---------------------------------------------------------------------------
1849  Second pass - only deal with deny user entries.
1850
1851  DENY user1 (perms XXX)
1852
1853  new_perms = 0
1854  for all following allow group entries where user1 is in group
1855         new_perms |= group_perms;
1856
1857  user1 entry perms = new_perms & ~ XXX;
1858
1859  Convert the deny entry to an allow entry with the new perms and
1860  push to the end of the list. Note if the user was in no groups
1861  this maps to a specific allow nothing entry for this user.
1862
1863  The common case from the NT ACL choser (userX deny all) is
1864  optimised so we don't do the group lookup - we just map to
1865  an allow nothing entry.
1866
1867  What we're doing here is inferring the allow permissions the
1868  person setting the ACE on user1 wanted by looking at the allow
1869  permissions on the groups the user is currently in. This will
1870  be a snapshot, depending on group membership but is the best
1871  we can do and has the advantage of failing closed rather than
1872  open.
1873  ---------------------------------------------------------------------------
1874  Third pass - only deal with deny group entries.
1875
1876  DENY group1 (perms XXX)
1877
1878  for all following allow user entries where user is in group1
1879    user entry perms = user entry perms & ~ XXX;
1880
1881  If there is a group Everyone allow entry with permissions YYY,
1882  convert the group1 entry to an allow entry and modify its
1883  permissions to be :
1884
1885  new_perms = YYY & ~ XXX
1886
1887  and push to the end of the list.
1888
1889  If there is no group Everyone allow entry then convert the
1890  group1 entry to a allow nothing entry and push to the end of the list.
1891
1892  Note that the common case from the NT ACL choser (groupX deny all)
1893  cannot be optimised here as we need to modify user entries who are
1894  in the group to change them to a deny all also.
1895
1896  What we're doing here is modifying the allow permissions of
1897  user entries (which are more specific in POSIX ACLs) to mask
1898  out the explicit deny set on the group they are in. This will
1899  be a snapshot depending on current group membership but is the
1900  best we can do and has the advantage of failing closed rather
1901  than open.
1902  ---------------------------------------------------------------------------
1903  Fourth pass - cope with cumulative permissions.
1904
1905  for all allow user entries, if there exists an allow group entry with
1906  more permissive permissions, and the user is in that group, rewrite the
1907  allow user permissions to contain both sets of permissions.
1908
1909  Currently the code for this is #ifdef'ed out as these semantics make
1910  no sense to me. JRA.
1911  ---------------------------------------------------------------------------
1912
1913  Note we *MUST* do the deny user pass first as this will convert deny user
1914  entries into allow user entries which can then be processed by the deny
1915  group pass.
1916
1917  The above algorithm took a *lot* of thinking about - hence this
1918  explaination :-). JRA.
1919 ****************************************************************************/
1920
1921 /****************************************************************************
1922  Process a canon_ace list entries. This is very complex code. We need
1923  to go through and remove the "deny" permissions from any allow entry that matches
1924  the id of this entry. We have already refused any NT ACL that wasn't in correct
1925  order (DENY followed by ALLOW). If any allow entry ends up with zero permissions,
1926  we just remove it (to fail safe). We have already removed any duplicate ace
1927  entries. Treat an "Everyone" DENY_ACE as a special case - use it to mask all
1928  allow entries.
1929 ****************************************************************************/
1930
1931 static void process_deny_list( canon_ace **pp_ace_list )
1932 {
1933         canon_ace *ace_list = *pp_ace_list;
1934         canon_ace *curr_ace = NULL;
1935         canon_ace *curr_ace_next = NULL;
1936
1937         /* Pass 1 above - look for an Everyone, deny entry. */
1938
1939         for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
1940                 canon_ace *allow_ace_p;
1941
1942                 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
1943
1944                 if (curr_ace->attr != DENY_ACE)
1945                         continue;
1946
1947                 if (curr_ace->perms == (mode_t)0) {
1948
1949                         /* Deny nothing entry - delete. */
1950
1951                         DLIST_REMOVE(ace_list, curr_ace);
1952                         continue;
1953                 }
1954
1955                 if (!sid_equal(&curr_ace->trustee, &global_sid_World))
1956                         continue;
1957
1958                 /* JRATEST - assert. */
1959                 SMB_ASSERT(curr_ace->owner_type == WORLD_ACE);
1960
1961                 if (curr_ace->perms == ALL_ACE_PERMS) {
1962
1963                         /*
1964                          * Optimisation. This is a DENY_ALL to Everyone. Truncate the
1965                          * list at this point including this entry.
1966                          */
1967
1968                         canon_ace *prev_entry = curr_ace->prev;
1969
1970                         free_canon_ace_list( curr_ace );
1971                         if (prev_entry)
1972                                 prev_entry->next = NULL;
1973                         else {
1974                                 /* We deleted the entire list. */
1975                                 ace_list = NULL;
1976                         }
1977                         break;
1978                 }
1979
1980                 for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
1981
1982                         /* 
1983                          * Only mask off allow entries.
1984                          */
1985
1986                         if (allow_ace_p->attr != ALLOW_ACE)
1987                                 continue;
1988
1989                         allow_ace_p->perms &= ~curr_ace->perms;
1990                 }
1991
1992                 /*
1993                  * Now it's been applied, remove it.
1994                  */
1995
1996                 DLIST_REMOVE(ace_list, curr_ace);
1997         }
1998
1999         /* Pass 2 above - deal with deny user entries. */
2000
2001         for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2002                 mode_t new_perms = (mode_t)0;
2003                 canon_ace *allow_ace_p;
2004
2005                 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2006
2007                 if (curr_ace->attr != DENY_ACE)
2008                         continue;
2009
2010                 if (curr_ace->owner_type != UID_ACE)
2011                         continue;
2012
2013                 if (curr_ace->perms == ALL_ACE_PERMS) {
2014
2015                         /*
2016                          * Optimisation - this is a deny everything to this user.
2017                          * Convert to an allow nothing and push to the end of the list.
2018                          */
2019
2020                         curr_ace->attr = ALLOW_ACE;
2021                         curr_ace->perms = (mode_t)0;
2022                         DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
2023                         continue;
2024                 }
2025
2026                 for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2027
2028                         if (allow_ace_p->attr != ALLOW_ACE)
2029                                 continue;
2030
2031                         /* We process GID_ACE and WORLD_ACE entries only. */
2032
2033                         if (allow_ace_p->owner_type == UID_ACE)
2034                                 continue;
2035
2036                         if (uid_entry_in_group( curr_ace, allow_ace_p))
2037                                 new_perms |= allow_ace_p->perms;
2038                 }
2039
2040                 /*
2041                  * Convert to a allow entry, modify the perms and push to the end
2042                  * of the list.
2043                  */
2044
2045                 curr_ace->attr = ALLOW_ACE;
2046                 curr_ace->perms = (new_perms & ~curr_ace->perms);
2047                 DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
2048         }
2049
2050         /* Pass 3 above - deal with deny group entries. */
2051
2052         for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2053                 canon_ace *allow_ace_p;
2054                 canon_ace *allow_everyone_p = NULL;
2055
2056                 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2057
2058                 if (curr_ace->attr != DENY_ACE)
2059                         continue;
2060
2061                 if (curr_ace->owner_type != GID_ACE)
2062                         continue;
2063
2064                 for (allow_ace_p = curr_ace->next; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2065
2066                         if (allow_ace_p->attr != ALLOW_ACE)
2067                                 continue;
2068
2069                         /* Store a pointer to the Everyone allow, if it exists. */
2070                         if (allow_ace_p->owner_type == WORLD_ACE)
2071                                 allow_everyone_p = allow_ace_p;
2072
2073                         /* We process UID_ACE entries only. */
2074
2075                         if (allow_ace_p->owner_type != UID_ACE)
2076                                 continue;
2077
2078                         /* Mask off the deny group perms. */
2079
2080                         if (uid_entry_in_group( allow_ace_p, curr_ace))
2081                                 allow_ace_p->perms &= ~curr_ace->perms;
2082                 }
2083
2084                 /*
2085                  * Convert the deny to an allow with the correct perms and
2086                  * push to the end of the list.
2087                  */
2088
2089                 curr_ace->attr = ALLOW_ACE;
2090                 if (allow_everyone_p)
2091                         curr_ace->perms = allow_everyone_p->perms & ~curr_ace->perms;
2092                 else
2093                         curr_ace->perms = (mode_t)0;
2094                 DLIST_DEMOTE(ace_list, curr_ace, canon_ace *);
2095         }
2096
2097         /* Doing this fourth pass allows Windows semantics to be layered
2098          * on top of POSIX semantics. I'm not sure if this is desirable.
2099          * For example, in W2K ACLs there is no way to say, "Group X no
2100          * access, user Y full access" if user Y is a member of group X.
2101          * This seems completely broken semantics to me.... JRA.
2102          */
2103
2104 #if 0
2105         /* Pass 4 above - deal with allow entries. */
2106
2107         for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
2108                 canon_ace *allow_ace_p;
2109
2110                 curr_ace_next = curr_ace->next; /* So we can't lose the link. */
2111
2112                 if (curr_ace->attr != ALLOW_ACE)
2113                         continue;
2114
2115                 if (curr_ace->owner_type != UID_ACE)
2116                         continue;
2117
2118                 for (allow_ace_p = ace_list; allow_ace_p; allow_ace_p = allow_ace_p->next) {
2119
2120                         if (allow_ace_p->attr != ALLOW_ACE)
2121                                 continue;
2122
2123                         /* We process GID_ACE entries only. */
2124
2125                         if (allow_ace_p->owner_type != GID_ACE)
2126                                 continue;
2127
2128                         /* OR in the group perms. */
2129
2130                         if (uid_entry_in_group( curr_ace, allow_ace_p))
2131                                 curr_ace->perms |= allow_ace_p->perms;
2132                 }
2133         }
2134 #endif
2135
2136         *pp_ace_list = ace_list;
2137 }
2138
2139 /****************************************************************************
2140  Create a default mode that will be used if a security descriptor entry has
2141  no user/group/world entries.
2142 ****************************************************************************/
2143
2144 static mode_t create_default_mode(files_struct *fsp, bool interitable_mode)
2145 {
2146         int snum = SNUM(fsp->conn);
2147         mode_t and_bits = (mode_t)0;
2148         mode_t or_bits = (mode_t)0;
2149         mode_t mode = interitable_mode
2150                 ? unix_mode( fsp->conn, FILE_ATTRIBUTE_ARCHIVE, fsp->fsp_name,
2151                              NULL )
2152                 : S_IRUSR;
2153
2154         if (fsp->is_directory)
2155                 mode |= (S_IWUSR|S_IXUSR);
2156
2157         /*
2158          * Now AND with the create mode/directory mode bits then OR with the
2159          * force create mode/force directory mode bits.
2160          */
2161
2162         if (fsp->is_directory) {
2163                 and_bits = lp_dir_security_mask(snum);
2164                 or_bits = lp_force_dir_security_mode(snum);
2165         } else {
2166                 and_bits = lp_security_mask(snum);
2167                 or_bits = lp_force_security_mode(snum);
2168         }
2169
2170         return ((mode & and_bits)|or_bits);
2171 }
2172
2173 /****************************************************************************
2174  Unpack a SEC_DESC into two canonical ace lists. We don't depend on this
2175  succeeding.
2176 ****************************************************************************/
2177
2178 static bool unpack_canon_ace(files_struct *fsp,
2179                                 SMB_STRUCT_STAT *pst,
2180                                 DOM_SID *pfile_owner_sid,
2181                                 DOM_SID *pfile_grp_sid,
2182                                 canon_ace **ppfile_ace,
2183                                 canon_ace **ppdir_ace,
2184                                 uint32 security_info_sent,
2185                                 const SEC_DESC *psd)
2186 {
2187         canon_ace *file_ace = NULL;
2188         canon_ace *dir_ace = NULL;
2189
2190         *ppfile_ace = NULL;
2191         *ppdir_ace = NULL;
2192
2193         if(security_info_sent == 0) {
2194                 DEBUG(0,("unpack_canon_ace: no security info sent !\n"));
2195                 return False;
2196         }
2197
2198         /*
2199          * If no DACL then this is a chown only security descriptor.
2200          */
2201
2202         if(!(security_info_sent & DACL_SECURITY_INFORMATION) || !psd->dacl)
2203                 return True;
2204
2205         /*
2206          * Now go through the DACL and create the canon_ace lists.
2207          */
2208
2209         if (!create_canon_ace_lists( fsp, pst, pfile_owner_sid, pfile_grp_sid,
2210                                                                 &file_ace, &dir_ace, psd->dacl))
2211                 return False;
2212
2213         if ((file_ace == NULL) && (dir_ace == NULL)) {
2214                 /* W2K traverse DACL set - ignore. */
2215                 return True;
2216         }
2217
2218         /*
2219          * Go through the canon_ace list and merge entries
2220          * belonging to identical users of identical allow or deny type.
2221          * We can do this as all deny entries come first, followed by
2222          * all allow entries (we have mandated this before accepting this acl).
2223          */
2224
2225         print_canon_ace_list( "file ace - before merge", file_ace);
2226         merge_aces( &file_ace );
2227
2228         print_canon_ace_list( "dir ace - before merge", dir_ace);
2229         merge_aces( &dir_ace );
2230
2231         /*
2232          * NT ACLs are order dependent. Go through the acl lists and
2233          * process DENY entries by masking the allow entries.
2234          */
2235
2236         print_canon_ace_list( "file ace - before deny", file_ace);
2237         process_deny_list( &file_ace);
2238
2239         print_canon_ace_list( "dir ace - before deny", dir_ace);
2240         process_deny_list( &dir_ace);
2241
2242         /*
2243          * A well formed POSIX file or default ACL has at least 3 entries, a 
2244          * SMB_ACL_USER_OBJ, SMB_ACL_GROUP_OBJ, SMB_ACL_OTHER_OBJ
2245          * and optionally a mask entry. Ensure this is the case.
2246          */
2247
2248         print_canon_ace_list( "file ace - before valid", file_ace);
2249
2250         /*
2251          * A default 3 element mode entry for a file should be r-- --- ---.
2252          * A default 3 element mode entry for a directory should be rwx --- ---.
2253          */
2254
2255         pst->st_mode = create_default_mode(fsp, False);
2256
2257         if (!ensure_canon_entry_valid(&file_ace, fsp->conn->params, fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
2258                 free_canon_ace_list(file_ace);
2259                 free_canon_ace_list(dir_ace);
2260                 return False;
2261         }
2262
2263         print_canon_ace_list( "dir ace - before valid", dir_ace);
2264
2265         /*
2266          * A default inheritable 3 element mode entry for a directory should be the
2267          * mode Samba will use to create a file within. Ensure user rwx bits are set if
2268          * it's a directory.
2269          */
2270
2271         pst->st_mode = create_default_mode(fsp, True);
2272
2273         if (dir_ace && !ensure_canon_entry_valid(&dir_ace, fsp->conn->params, fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
2274                 free_canon_ace_list(file_ace);
2275                 free_canon_ace_list(dir_ace);
2276                 return False;
2277         }
2278
2279         print_canon_ace_list( "file ace - return", file_ace);
2280         print_canon_ace_list( "dir ace - return", dir_ace);
2281
2282         *ppfile_ace = file_ace;
2283         *ppdir_ace = dir_ace;
2284         return True;
2285
2286 }
2287
2288 /******************************************************************************
2289  When returning permissions, try and fit NT display
2290  semantics if possible. Note the the canon_entries here must have been malloced.
2291  The list format should be - first entry = owner, followed by group and other user
2292  entries, last entry = other.
2293
2294  Note that this doesn't exactly match the NT semantics for an ACL. As POSIX entries
2295  are not ordered, and match on the most specific entry rather than walking a list,
2296  then a simple POSIX permission of rw-r--r-- should really map to 5 entries,
2297
2298  Entry 0: owner : deny all except read and write.
2299  Entry 1: owner : allow read and write.
2300  Entry 2: group : deny all except read.
2301  Entry 3: group : allow read.
2302  Entry 4: Everyone : allow read.
2303
2304  But NT cannot display this in their ACL editor !
2305 ********************************************************************************/
2306
2307 static void arrange_posix_perms(const char *filename, canon_ace **pp_list_head)
2308 {
2309         canon_ace *l_head = *pp_list_head;
2310         canon_ace *owner_ace = NULL;
2311         canon_ace *other_ace = NULL;
2312         canon_ace *ace = NULL;
2313
2314         for (ace = l_head; ace; ace = ace->next) {
2315                 if (ace->type == SMB_ACL_USER_OBJ)
2316                         owner_ace = ace;
2317                 else if (ace->type == SMB_ACL_OTHER) {
2318                         /* Last ace - this is "other" */
2319                         other_ace = ace;
2320                 }
2321         }
2322
2323         if (!owner_ace || !other_ace) {
2324                 DEBUG(0,("arrange_posix_perms: Invalid POSIX permissions for file %s, missing owner or other.\n",
2325                         filename ));
2326                 return;
2327         }
2328
2329         /*
2330          * The POSIX algorithm applies to owner first, and other last,
2331          * so ensure they are arranged in this order.
2332          */
2333
2334         if (owner_ace) {
2335                 DLIST_PROMOTE(l_head, owner_ace);
2336         }
2337
2338         if (other_ace) {
2339                 DLIST_DEMOTE(l_head, other_ace, canon_ace *);
2340         }
2341
2342         /* We have probably changed the head of the list. */
2343
2344         *pp_list_head = l_head;
2345 }
2346
2347 /****************************************************************************
2348  Create a linked list of canonical ACE entries.
2349 ****************************************************************************/
2350
2351 static canon_ace *canonicalise_acl(struct connection_struct *conn,
2352                                    const char *fname, SMB_ACL_T posix_acl,
2353                                    const SMB_STRUCT_STAT *psbuf,
2354                                    const DOM_SID *powner, const DOM_SID *pgroup, struct pai_val *pal, SMB_ACL_TYPE_T the_acl_type)
2355 {
2356         mode_t acl_mask = (S_IRUSR|S_IWUSR|S_IXUSR);
2357         canon_ace *l_head = NULL;
2358         canon_ace *ace = NULL;
2359         canon_ace *next_ace = NULL;
2360         int entry_id = SMB_ACL_FIRST_ENTRY;
2361         SMB_ACL_ENTRY_T entry;
2362         size_t ace_count;
2363
2364         while ( posix_acl && (SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1)) {
2365                 SMB_ACL_TAG_T tagtype;
2366                 SMB_ACL_PERMSET_T permset;
2367                 DOM_SID sid;
2368                 posix_id unix_ug;
2369                 enum ace_owner owner_type;
2370
2371                 entry_id = SMB_ACL_NEXT_ENTRY;
2372
2373                 /* Is this a MASK entry ? */
2374                 if (SMB_VFS_SYS_ACL_GET_TAG_TYPE(conn, entry, &tagtype) == -1)
2375                         continue;
2376
2377                 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, entry, &permset) == -1)
2378                         continue;
2379
2380                 /* Decide which SID to use based on the ACL type. */
2381                 switch(tagtype) {
2382                         case SMB_ACL_USER_OBJ:
2383                                 /* Get the SID from the owner. */
2384                                 sid_copy(&sid, powner);
2385                                 unix_ug.uid = psbuf->st_uid;
2386                                 owner_type = UID_ACE;
2387                                 break;
2388                         case SMB_ACL_USER:
2389                                 {
2390                                         uid_t *puid = (uid_t *)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry);
2391                                         if (puid == NULL) {
2392                                                 DEBUG(0,("canonicalise_acl: Failed to get uid.\n"));
2393                                                 continue;
2394                                         }
2395                                         /*
2396                                          * A SMB_ACL_USER entry for the owner is shadowed by the
2397                                          * SMB_ACL_USER_OBJ entry and Windows also cannot represent
2398                                          * that entry, so we ignore it. We also don't create such
2399                                          * entries out of the blue when setting ACLs, so a get/set
2400                                          * cycle will drop them.
2401                                          */
2402                                         if (the_acl_type == SMB_ACL_TYPE_ACCESS && *puid == psbuf->st_uid) {
2403                                                 SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)puid,tagtype);
2404                                                 continue;
2405                                         }
2406                                         uid_to_sid( &sid, *puid);
2407                                         unix_ug.uid = *puid;
2408                                         owner_type = UID_ACE;
2409                                         SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)puid,tagtype);
2410                                         break;
2411                                 }
2412                         case SMB_ACL_GROUP_OBJ:
2413                                 /* Get the SID from the owning group. */
2414                                 sid_copy(&sid, pgroup);
2415                                 unix_ug.gid = psbuf->st_gid;
2416                                 owner_type = GID_ACE;
2417                                 break;
2418                         case SMB_ACL_GROUP:
2419                                 {
2420                                         gid_t *pgid = (gid_t *)SMB_VFS_SYS_ACL_GET_QUALIFIER(conn, entry);
2421                                         if (pgid == NULL) {
2422                                                 DEBUG(0,("canonicalise_acl: Failed to get gid.\n"));
2423                                                 continue;
2424                                         }
2425                                         gid_to_sid( &sid, *pgid);
2426                                         unix_ug.gid = *pgid;
2427                                         owner_type = GID_ACE;
2428                                         SMB_VFS_SYS_ACL_FREE_QUALIFIER(conn, (void *)pgid,tagtype);
2429                                         break;
2430                                 }
2431                         case SMB_ACL_MASK:
2432                                 acl_mask = convert_permset_to_mode_t(conn, permset);
2433                                 continue; /* Don't count the mask as an entry. */
2434                         case SMB_ACL_OTHER:
2435                                 /* Use the Everyone SID */
2436                                 sid = global_sid_World;
2437                                 unix_ug.world = -1;
2438                                 owner_type = WORLD_ACE;
2439                                 break;
2440                         default:
2441                                 DEBUG(0,("canonicalise_acl: Unknown tagtype %u\n", (unsigned int)tagtype));
2442                                 continue;
2443                 }
2444
2445                 /*
2446                  * Add this entry to the list.
2447                  */
2448
2449                 if ((ace = SMB_MALLOC_P(canon_ace)) == NULL)
2450                         goto fail;
2451
2452                 ZERO_STRUCTP(ace);
2453                 ace->type = tagtype;
2454                 ace->perms = convert_permset_to_mode_t(conn, permset);
2455                 ace->attr = ALLOW_ACE;
2456                 ace->trustee = sid;
2457                 ace->unix_ug = unix_ug;
2458                 ace->owner_type = owner_type;
2459                 ace->ace_flags = get_pai_flags(pal, ace, (the_acl_type == SMB_ACL_TYPE_DEFAULT));
2460
2461                 DLIST_ADD(l_head, ace);
2462         }
2463
2464         /*
2465          * This next call will ensure we have at least a user/group/world set.
2466          */
2467
2468         if (!ensure_canon_entry_valid(&l_head, conn->params,
2469                                       S_ISDIR(psbuf->st_mode), powner, pgroup,
2470                                       psbuf, False))
2471                 goto fail;
2472
2473         /*
2474          * Now go through the list, masking the permissions with the
2475          * acl_mask. Ensure all DENY Entries are at the start of the list.
2476          */
2477
2478         DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", the_acl_type == SMB_ACL_TYPE_ACCESS ? "Access" : "Default" ));
2479
2480         for ( ace_count = 0, ace = l_head; ace; ace = next_ace, ace_count++) {
2481                 next_ace = ace->next;
2482
2483                 /* Masks are only applied to entries other than USER_OBJ and OTHER. */
2484                 if (ace->type != SMB_ACL_OTHER && ace->type != SMB_ACL_USER_OBJ)
2485                         ace->perms &= acl_mask;
2486
2487                 if (ace->perms == 0) {
2488                         DLIST_PROMOTE(l_head, ace);
2489                 }
2490
2491                 if( DEBUGLVL( 10 ) ) {
2492                         print_canon_ace(ace, ace_count);
2493                 }
2494         }
2495
2496         arrange_posix_perms(fname,&l_head );
2497
2498         print_canon_ace_list( "canonicalise_acl: ace entries after arrange", l_head );
2499
2500         return l_head;
2501
2502   fail:
2503
2504         free_canon_ace_list(l_head);
2505         return NULL;
2506 }
2507
2508 /****************************************************************************
2509  Check if the current user group list contains a given group.
2510 ****************************************************************************/
2511
2512 static bool current_user_in_group(gid_t gid)
2513 {
2514         int i;
2515
2516         for (i = 0; i < current_user.ut.ngroups; i++) {
2517                 if (current_user.ut.groups[i] == gid) {
2518                         return True;
2519                 }
2520         }
2521
2522         return False;
2523 }
2524
2525 /****************************************************************************
2526  Should we override a deny ? Check 'acl group control' and 'dos filemode'.
2527 ****************************************************************************/
2528
2529 static bool acl_group_override(connection_struct *conn,
2530                                 gid_t prim_gid,
2531                                 const char *fname)
2532 {
2533         SMB_STRUCT_STAT sbuf;
2534
2535         if ((errno != EPERM) && (errno != EACCES)) {
2536                 return false;
2537         }
2538
2539         /* file primary group == user primary or supplementary group */
2540         if (lp_acl_group_control(SNUM(conn)) &&
2541                         current_user_in_group(prim_gid)) {
2542                 return true;
2543         }
2544
2545         /* user has writeable permission */
2546         if (lp_dos_filemode(SNUM(conn)) &&
2547                         can_write_to_file(conn, fname, &sbuf)) {
2548                 return true;
2549         }
2550
2551         return false;
2552 }
2553
2554 /****************************************************************************
2555  Attempt to apply an ACL to a file or directory.
2556 ****************************************************************************/
2557
2558 static bool set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, bool default_ace, gid_t prim_gid, bool *pacl_set_support)
2559 {
2560         connection_struct *conn = fsp->conn;
2561         bool ret = False;
2562         SMB_ACL_T the_acl = SMB_VFS_SYS_ACL_INIT(conn, (int)count_canon_ace_list(the_ace) + 1);
2563         canon_ace *p_ace;
2564         int i;
2565         SMB_ACL_ENTRY_T mask_entry;
2566         bool got_mask_entry = False;
2567         SMB_ACL_PERMSET_T mask_permset;
2568         SMB_ACL_TYPE_T the_acl_type = (default_ace ? SMB_ACL_TYPE_DEFAULT : SMB_ACL_TYPE_ACCESS);
2569         bool needs_mask = False;
2570         mode_t mask_perms = 0;
2571
2572 #if defined(POSIX_ACL_NEEDS_MASK)
2573         /* HP-UX always wants to have a mask (called "class" there). */
2574         needs_mask = True;
2575 #endif
2576
2577         if (the_acl == NULL) {
2578
2579                 if (!no_acl_syscall_error(errno)) {
2580                         /*
2581                          * Only print this error message if we have some kind of ACL
2582                          * support that's not working. Otherwise we would always get this.
2583                          */
2584                         DEBUG(0,("set_canon_ace_list: Unable to init %s ACL. (%s)\n",
2585                                 default_ace ? "default" : "file", strerror(errno) ));
2586                 }
2587                 *pacl_set_support = False;
2588                 return False;
2589         }
2590
2591         if( DEBUGLVL( 10 )) {
2592                 dbgtext("set_canon_ace_list: setting ACL:\n");
2593                 for (i = 0, p_ace = the_ace; p_ace; p_ace = p_ace->next, i++ ) {
2594                         print_canon_ace( p_ace, i);
2595                 }
2596         }
2597
2598         for (i = 0, p_ace = the_ace; p_ace; p_ace = p_ace->next, i++ ) {
2599                 SMB_ACL_ENTRY_T the_entry;
2600                 SMB_ACL_PERMSET_T the_permset;
2601
2602                 /*
2603                  * ACLs only "need" an ACL_MASK entry if there are any named user or
2604                  * named group entries. But if there is an ACL_MASK entry, it applies
2605                  * to ACL_USER, ACL_GROUP, and ACL_GROUP_OBJ entries. Set the mask
2606                  * so that it doesn't deny (i.e., mask off) any permissions.
2607                  */
2608
2609                 if (p_ace->type == SMB_ACL_USER || p_ace->type == SMB_ACL_GROUP) {
2610                         needs_mask = True;
2611                         mask_perms |= p_ace->perms;
2612                 } else if (p_ace->type == SMB_ACL_GROUP_OBJ) {
2613                         mask_perms |= p_ace->perms;
2614                 }
2615
2616                 /*
2617                  * Get the entry for this ACE.
2618                  */
2619
2620                 if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &the_acl, &the_entry) == -1) {
2621                         DEBUG(0,("set_canon_ace_list: Failed to create entry %d. (%s)\n",
2622                                 i, strerror(errno) ));
2623                         goto fail;
2624                 }
2625
2626                 if (p_ace->type == SMB_ACL_MASK) {
2627                         mask_entry = the_entry;
2628                         got_mask_entry = True;
2629                 }
2630
2631                 /*
2632                  * Ok - we now know the ACL calls should be working, don't
2633                  * allow fallback to chmod.
2634                  */
2635
2636                 *pacl_set_support = True;
2637
2638                 /*
2639                  * Initialise the entry from the canon_ace.
2640                  */
2641
2642                 /*
2643                  * First tell the entry what type of ACE this is.
2644                  */
2645
2646                 if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, the_entry, p_ace->type) == -1) {
2647                         DEBUG(0,("set_canon_ace_list: Failed to set tag type on entry %d. (%s)\n",
2648                                 i, strerror(errno) ));
2649                         goto fail;
2650                 }
2651
2652                 /*
2653                  * Only set the qualifier (user or group id) if the entry is a user
2654                  * or group id ACE.
2655                  */
2656
2657                 if ((p_ace->type == SMB_ACL_USER) || (p_ace->type == SMB_ACL_GROUP)) {
2658                         if (SMB_VFS_SYS_ACL_SET_QUALIFIER(conn, the_entry,(void *)&p_ace->unix_ug.uid) == -1) {
2659                                 DEBUG(0,("set_canon_ace_list: Failed to set qualifier on entry %d. (%s)\n",
2660                                         i, strerror(errno) ));
2661                                 goto fail;
2662                         }
2663                 }
2664
2665                 /*
2666                  * Convert the mode_t perms in the canon_ace to a POSIX permset.
2667                  */
2668
2669                 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, the_entry, &the_permset) == -1) {
2670                         DEBUG(0,("set_canon_ace_list: Failed to get permset on entry %d. (%s)\n",
2671                                 i, strerror(errno) ));
2672                         goto fail;
2673                 }
2674
2675                 if (map_acl_perms_to_permset(conn, p_ace->perms, &the_permset) == -1) {
2676                         DEBUG(0,("set_canon_ace_list: Failed to create permset for mode (%u) on entry %d. (%s)\n",
2677                                 (unsigned int)p_ace->perms, i, strerror(errno) ));
2678                         goto fail;
2679                 }
2680
2681                 /*
2682                  * ..and apply them to the entry.
2683                  */
2684
2685                 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, the_entry, the_permset) == -1) {
2686                         DEBUG(0,("set_canon_ace_list: Failed to add permset on entry %d. (%s)\n",
2687                                 i, strerror(errno) ));
2688                         goto fail;
2689                 }
2690
2691                 if( DEBUGLVL( 10 ))
2692                         print_canon_ace( p_ace, i);
2693
2694         }
2695
2696         if (needs_mask && !got_mask_entry) {
2697                 if (SMB_VFS_SYS_ACL_CREATE_ENTRY(conn, &the_acl, &mask_entry) == -1) {
2698                         DEBUG(0,("set_canon_ace_list: Failed to create mask entry. (%s)\n", strerror(errno) ));
2699                         goto fail;
2700                 }
2701
2702                 if (SMB_VFS_SYS_ACL_SET_TAG_TYPE(conn, mask_entry, SMB_ACL_MASK) == -1) {
2703                         DEBUG(0,("set_canon_ace_list: Failed to set tag type on mask entry. (%s)\n",strerror(errno) ));
2704                         goto fail;
2705                 }
2706
2707                 if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, mask_entry, &mask_permset) == -1) {
2708                         DEBUG(0,("set_canon_ace_list: Failed to get mask permset. (%s)\n", strerror(errno) ));
2709                         goto fail;
2710                 }
2711
2712                 if (map_acl_perms_to_permset(conn, S_IRUSR|S_IWUSR|S_IXUSR, &mask_permset) == -1) {
2713                         DEBUG(0,("set_canon_ace_list: Failed to create mask permset. (%s)\n", strerror(errno) ));
2714                         goto fail;
2715                 }
2716
2717                 if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, mask_entry, mask_permset) == -1) {
2718                         DEBUG(0,("set_canon_ace_list: Failed to add mask permset. (%s)\n", strerror(errno) ));
2719                         goto fail;
2720                 }
2721         }
2722
2723         /*
2724          * Finally apply it to the file or directory.
2725          */
2726
2727         if(default_ace || fsp->is_directory || fsp->fh->fd == -1) {
2728                 if (SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name, the_acl_type, the_acl) == -1) {
2729                         /*
2730                          * Some systems allow all the above calls and only fail with no ACL support
2731                          * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
2732                          */
2733                         if (no_acl_syscall_error(errno)) {
2734                                 *pacl_set_support = False;
2735                         }
2736
2737                         if (acl_group_override(conn, prim_gid, fsp->fsp_name)) {
2738                                 int sret;
2739
2740                                 DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n",
2741                                         fsp->fsp_name ));
2742
2743                                 become_root();
2744                                 sret = SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name, the_acl_type, the_acl);
2745                                 unbecome_root();
2746                                 if (sret == 0) {
2747                                         ret = True;     
2748                                 }
2749                         }
2750
2751                         if (ret == False) {
2752                                 DEBUG(2,("set_canon_ace_list: sys_acl_set_file type %s failed for file %s (%s).\n",
2753                                                 the_acl_type == SMB_ACL_TYPE_DEFAULT ? "directory default" : "file",
2754                                                 fsp->fsp_name, strerror(errno) ));
2755                                 goto fail;
2756                         }
2757                 }
2758         } else {
2759                 if (SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl) == -1) {
2760                         /*
2761                          * Some systems allow all the above calls and only fail with no ACL support
2762                          * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
2763                          */
2764                         if (no_acl_syscall_error(errno)) {
2765                                 *pacl_set_support = False;
2766                         }
2767
2768                         if (acl_group_override(conn, prim_gid, fsp->fsp_name)) {
2769                                 int sret;
2770
2771                                 DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n",
2772                                         fsp->fsp_name ));
2773
2774                                 become_root();
2775                                 sret = SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl);
2776                                 unbecome_root();
2777                                 if (sret == 0) {
2778                                         ret = True;
2779                                 }
2780                         }
2781
2782                         if (ret == False) {
2783                                 DEBUG(2,("set_canon_ace_list: sys_acl_set_file failed for file %s (%s).\n",
2784                                                 fsp->fsp_name, strerror(errno) ));
2785                                 goto fail;
2786                         }
2787                 }
2788         }
2789
2790         ret = True;
2791
2792   fail:
2793
2794         if (the_acl != NULL) {
2795                 SMB_VFS_SYS_ACL_FREE_ACL(conn, the_acl);
2796         }
2797
2798         return ret;
2799 }
2800
2801 /****************************************************************************
2802  Find a particular canon_ace entry.
2803 ****************************************************************************/
2804
2805 static struct canon_ace *canon_ace_entry_for(struct canon_ace *list, SMB_ACL_TAG_T type, posix_id *id)
2806 {
2807         while (list) {
2808                 if (list->type == type && ((type != SMB_ACL_USER && type != SMB_ACL_GROUP) ||
2809                                 (type == SMB_ACL_USER  && id && id->uid == list->unix_ug.uid) ||
2810                                 (type == SMB_ACL_GROUP && id && id->gid == list->unix_ug.gid)))
2811                         break;
2812                 list = list->next;
2813         }
2814         return list;
2815 }
2816
2817 /****************************************************************************
2818  
2819 ****************************************************************************/
2820
2821 SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl)
2822 {
2823         SMB_ACL_ENTRY_T entry;
2824
2825         if (!the_acl)
2826                 return NULL;
2827         if (SMB_VFS_SYS_ACL_GET_ENTRY(conn, the_acl, SMB_ACL_FIRST_ENTRY, &entry) != 1) {
2828                 SMB_VFS_SYS_ACL_FREE_ACL(conn, the_acl);
2829                 return NULL;
2830         }
2831         return the_acl;
2832 }
2833
2834 /****************************************************************************
2835  Convert a canon_ace to a generic 3 element permission - if possible.
2836 ****************************************************************************/
2837
2838 #define MAP_PERM(p,mask,result) (((p) & (mask)) ? (result) : 0 )
2839
2840 static bool convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file_ace_list, mode_t *posix_perms)
2841 {
2842         int snum = SNUM(fsp->conn);
2843         size_t ace_count = count_canon_ace_list(file_ace_list);
2844         canon_ace *ace_p;
2845         canon_ace *owner_ace = NULL;
2846         canon_ace *group_ace = NULL;
2847         canon_ace *other_ace = NULL;
2848         mode_t and_bits;
2849         mode_t or_bits;
2850
2851         if (ace_count != 3) {
2852                 DEBUG(3,("convert_canon_ace_to_posix_perms: Too many ACE entries for file %s to convert to \
2853 posix perms.\n", fsp->fsp_name ));
2854                 return False;
2855         }
2856
2857         for (ace_p = file_ace_list; ace_p; ace_p = ace_p->next) {
2858                 if (ace_p->owner_type == UID_ACE)
2859                         owner_ace = ace_p;
2860                 else if (ace_p->owner_type == GID_ACE)
2861                         group_ace = ace_p;
2862                 else if (ace_p->owner_type == WORLD_ACE)
2863                         other_ace = ace_p;
2864         }
2865
2866         if (!owner_ace || !group_ace || !other_ace) {
2867                 DEBUG(3,("convert_canon_ace_to_posix_perms: Can't get standard entries for file %s.\n",
2868                                 fsp->fsp_name ));
2869                 return False;
2870         }
2871
2872         *posix_perms = (mode_t)0;
2873
2874         *posix_perms |= owner_ace->perms;
2875         *posix_perms |= MAP_PERM(group_ace->perms, S_IRUSR, S_IRGRP);
2876         *posix_perms |= MAP_PERM(group_ace->perms, S_IWUSR, S_IWGRP);
2877         *posix_perms |= MAP_PERM(group_ace->perms, S_IXUSR, S_IXGRP);
2878         *posix_perms |= MAP_PERM(other_ace->perms, S_IRUSR, S_IROTH);
2879         *posix_perms |= MAP_PERM(other_ace->perms, S_IWUSR, S_IWOTH);
2880         *posix_perms |= MAP_PERM(other_ace->perms, S_IXUSR, S_IXOTH);
2881
2882         /* The owner must have at least read access. */
2883
2884         *posix_perms |= S_IRUSR;
2885         if (fsp->is_directory)
2886                 *posix_perms |= (S_IWUSR|S_IXUSR);
2887
2888         /* If requested apply the masks. */
2889
2890         /* Get the initial bits to apply. */
2891
2892         if (fsp->is_directory) {
2893                 and_bits = lp_dir_security_mask(snum);
2894                 or_bits = lp_force_dir_security_mode(snum);
2895         } else {
2896                 and_bits = lp_security_mask(snum);
2897                 or_bits = lp_force_security_mode(snum);
2898         }
2899
2900         *posix_perms = (((*posix_perms) & and_bits)|or_bits);
2901
2902         DEBUG(10,("convert_canon_ace_to_posix_perms: converted u=%o,g=%o,w=%o to perm=0%o for file %s.\n",
2903                 (int)owner_ace->perms, (int)group_ace->perms, (int)other_ace->perms, (int)*posix_perms,
2904                 fsp->fsp_name ));
2905
2906         return True;
2907 }
2908
2909 /****************************************************************************
2910   Incoming NT ACLs on a directory can be split into a default POSIX acl (CI|OI|IO) and
2911   a normal POSIX acl. Win2k needs these split acls re-merging into one ACL
2912   with CI|OI set so it is inherited and also applies to the directory.
2913   Based on code from "Jim McDonough" <jmcd@us.ibm.com>.
2914 ****************************************************************************/
2915
2916 static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces)
2917 {
2918         size_t i, j;
2919
2920         for (i = 0; i < num_aces; i++) {
2921                 for (j = i+1; j < num_aces; j++) {
2922                         uint32 i_flags_ni = (nt_ace_list[i].flags & ~SEC_ACE_FLAG_INHERITED_ACE);
2923                         uint32 j_flags_ni = (nt_ace_list[j].flags & ~SEC_ACE_FLAG_INHERITED_ACE);
2924                         bool i_inh = (nt_ace_list[i].flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False;
2925                         bool j_inh = (nt_ace_list[j].flags & SEC_ACE_FLAG_INHERITED_ACE) ? True : False;
2926
2927                         /* We know the lower number ACE's are file entries. */
2928                         if ((nt_ace_list[i].type == nt_ace_list[j].type) &&
2929                                 (nt_ace_list[i].size == nt_ace_list[j].size) &&
2930                                 (nt_ace_list[i].access_mask == nt_ace_list[j].access_mask) &&
2931                                 sid_equal(&nt_ace_list[i].trustee, &nt_ace_list[j].trustee) &&
2932                                 (i_inh == j_inh) &&
2933                                 (i_flags_ni == 0) &&
2934                                 (j_flags_ni == (SEC_ACE_FLAG_OBJECT_INHERIT|
2935                                                   SEC_ACE_FLAG_CONTAINER_INHERIT|
2936                                                   SEC_ACE_FLAG_INHERIT_ONLY))) {
2937                                 /*
2938                                  * W2K wants to have access allowed zero access ACE's
2939                                  * at the end of the list. If the mask is zero, merge
2940                                  * the non-inherited ACE onto the inherited ACE.
2941                                  */
2942
2943                                 if (nt_ace_list[i].access_mask == 0) {
2944                                         nt_ace_list[j].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
2945                                                                 (i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0);
2946                                         if (num_aces - i - 1 > 0)
2947                                                 memmove(&nt_ace_list[i], &nt_ace_list[i+1], (num_aces-i-1) *
2948                                                                 sizeof(SEC_ACE));
2949
2950                                         DEBUG(10,("merge_default_aces: Merging zero access ACE %u onto ACE %u.\n",
2951                                                 (unsigned int)i, (unsigned int)j ));
2952                                 } else {
2953                                         /*
2954                                          * These are identical except for the flags.
2955                                          * Merge the inherited ACE onto the non-inherited ACE.
2956                                          */
2957
2958                                         nt_ace_list[i].flags = SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
2959                                                                 (i_inh ? SEC_ACE_FLAG_INHERITED_ACE : 0);
2960                                         if (num_aces - j - 1 > 0)
2961                                                 memmove(&nt_ace_list[j], &nt_ace_list[j+1], (num_aces-j-1) *
2962                                                                 sizeof(SEC_ACE));
2963
2964                                         DEBUG(10,("merge_default_aces: Merging ACE %u onto ACE %u.\n",
2965                                                 (unsigned int)j, (unsigned int)i ));
2966                                 }
2967                                 num_aces--;
2968                                 break;
2969                         }
2970                 }
2971         }
2972
2973         return num_aces;
2974 }
2975
2976 /*
2977  * Add or Replace ACE entry.
2978  * In some cases we need to add a specific ACE for compatibility reasons.
2979  * When doing that we must make sure we are not actually creating a duplicate
2980  * entry. So we need to search whether an ACE entry already exist and eventually
2981  * replacce the access mask, or add a completely new entry if none was found.
2982  *
2983  * This function assumes the array has enough space to add a new entry without
2984  * any reallocation of memory.
2985  */
2986
2987 static void add_or_replace_ace(SEC_ACE *nt_ace_list, size_t *num_aces,
2988                                 const DOM_SID *sid, enum security_ace_type type,
2989                                 uint32_t mask, uint8_t flags)
2990 {
2991         int i;
2992
2993         /* first search for a duplicate */
2994         for (i = 0; i < *num_aces; i++) {
2995                 if (sid_equal(&nt_ace_list[i].trustee, sid) &&
2996                     (nt_ace_list[i].flags == flags)) break;
2997         }
2998
2999         if (i < *num_aces) { /* found */
3000                 nt_ace_list[i].type = type;
3001                 nt_ace_list[i].access_mask = mask;
3002                 DEBUG(10, ("Replacing ACE %d with SID %s and flags %02x\n",
3003                            i, sid_string_dbg(sid), flags));
3004                 return;
3005         }
3006
3007         /* not found, append it */
3008         init_sec_ace(&nt_ace_list[(*num_aces)++], sid, type, mask, flags);
3009 }
3010
3011
3012 /****************************************************************************
3013  Reply to query a security descriptor from an fsp. If it succeeds it allocates
3014  the space for the return elements and returns the size needed to return the
3015  security descriptor. This should be the only external function needed for
3016  the UNIX style get ACL.
3017 ****************************************************************************/
3018
3019 static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
3020                                       const char *name,
3021                                       const SMB_STRUCT_STAT *sbuf,
3022                                       struct pai_val *pal,
3023                                       SMB_ACL_T posix_acl,
3024                                       SMB_ACL_T def_acl,
3025                                       uint32_t security_info,
3026                                       SEC_DESC **ppdesc)
3027 {
3028         DOM_SID owner_sid;
3029         DOM_SID group_sid;
3030         size_t sd_size = 0;
3031         SEC_ACL *psa = NULL;
3032         size_t num_acls = 0;
3033         size_t num_def_acls = 0;
3034         size_t num_aces = 0;
3035         canon_ace *file_ace = NULL;
3036         canon_ace *dir_ace = NULL;
3037         SEC_ACE *nt_ace_list = NULL;
3038         size_t num_profile_acls = 0;
3039         SEC_DESC *psd = NULL;
3040
3041         /*
3042          * Get the owner, group and world SIDs.
3043          */
3044
3045         if (lp_profile_acls(SNUM(conn))) {
3046                 /* For WXP SP1 the owner must be administrators. */
3047                 sid_copy(&owner_sid, &global_sid_Builtin_Administrators);
3048                 sid_copy(&group_sid, &global_sid_Builtin_Users);
3049                 num_profile_acls = 2;
3050         } else {
3051                 create_file_sids(sbuf, &owner_sid, &group_sid);
3052         }
3053
3054         if ((security_info & DACL_SECURITY_INFORMATION) && !(security_info & PROTECTED_DACL_SECURITY_INFORMATION)) {
3055
3056                 /*
3057                  * In the optimum case Creator Owner and Creator Group would be used for
3058                  * the ACL_USER_OBJ and ACL_GROUP_OBJ entries, respectively, but this
3059                  * would lead to usability problems under Windows: The Creator entries
3060                  * are only available in browse lists of directories and not for files;
3061                  * additionally the identity of the owning group couldn't be determined.
3062                  * We therefore use those identities only for Default ACLs. 
3063                  */
3064
3065                 /* Create the canon_ace lists. */
3066                 file_ace = canonicalise_acl(conn, name, posix_acl, sbuf,
3067                                             &owner_sid, &group_sid, pal,
3068                                             SMB_ACL_TYPE_ACCESS);
3069
3070                 /* We must have *some* ACLS. */
3071         
3072                 if (count_canon_ace_list(file_ace) == 0) {
3073                         DEBUG(0,("get_nt_acl : No ACLs on file (%s) !\n", name));
3074                         goto done;
3075                 }
3076
3077                 if (S_ISDIR(sbuf->st_mode) && def_acl) {
3078                         dir_ace = canonicalise_acl(conn, name, def_acl,
3079                                                    sbuf,
3080                                                    &global_sid_Creator_Owner,
3081                                                    &global_sid_Creator_Group,
3082                                                    pal, SMB_ACL_TYPE_DEFAULT);
3083                 }
3084
3085                 /*
3086                  * Create the NT ACE list from the canonical ace lists.
3087                  */
3088
3089                 {
3090                         canon_ace *ace;
3091                         enum security_ace_type nt_acl_type;
3092
3093                         if (nt4_compatible_acls() && dir_ace) {