diff options
| author | Jeremy Allison <jra@samba.org> | 2007-06-26 22:49:10 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 12:23:37 -0500 |
| commit | fc6899a5506b272f8cd5f5837ca13300b4e69a5f (patch) | |
| tree | 01ae06c1ff3c71112749b7903c428ef5c886d30b /source/modules | |
| parent | 05520d6b0a86c1cd5abbf6252c4a32629cdf8619 (diff) | |
| download | samba-fc6899a5506b272f8cd5f5837ca13300b4e69a5f.tar.gz | |
r23620: Convert set_nt_acl to return NTSTATUS. Also fix the chown
return to correctly return NT_STATUS_INVALID_OWNER if it
should be disallowed. Matches better what W2K3R3 does.
NFSv4 ACL module owners, please examine these changes.
Jeremy.
Diffstat (limited to 'source/modules')
| -rw-r--r-- | source/modules/nfs4_acls.c | 65 | ||||
| -rw-r--r-- | source/modules/vfs_afsacl.c | 8 | ||||
| -rw-r--r-- | source/modules/vfs_aixacl2.c | 10 | ||||
| -rw-r--r-- | source/modules/vfs_cap.c | 2 | ||||
| -rw-r--r-- | source/modules/vfs_catia.c | 2 | ||||
| -rw-r--r-- | source/modules/vfs_default.c | 8 | ||||
| -rw-r--r-- | source/modules/vfs_full_audit.c | 16 | ||||
| -rw-r--r-- | source/modules/vfs_gpfs.c | 10 | ||||
| -rw-r--r-- | source/modules/vfs_zfsacl.c | 6 |
9 files changed, 53 insertions, 74 deletions
diff --git a/source/modules/nfs4_acls.c b/source/modules/nfs4_acls.c index 1da8d1b7a33..30c209dd93a 100644 --- a/source/modules/nfs4_acls.c +++ b/source/modules/nfs4_acls.c @@ -42,7 +42,7 @@ typedef struct _SMB_ACL4_INT_T extern struct current_user current_user; extern int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid); -extern BOOL unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, +extern NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp, uint32 security_info_sent, SEC_DESC *psd); static SMB_ACL4_INT_T *get_validated_aclint(SMB4ACL_T *acl) @@ -559,7 +559,7 @@ static SMB4ACL_T *smbacl4_win2nfs4( return acl; } -BOOL smb_set_nt_acl_nfs4(files_struct *fsp, +NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd, set_nfs4acl_native_fn_t set_nfs4_native) @@ -569,7 +569,6 @@ BOOL smb_set_nt_acl_nfs4(files_struct *fsp, BOOL result; SMB_STRUCT_STAT sbuf; - BOOL need_chown = False; uid_t newUID = (uid_t)-1; gid_t newGID = (gid_t)-1; @@ -580,43 +579,37 @@ BOOL smb_set_nt_acl_nfs4(files_struct *fsp, { DEBUG(9, ("security_info_sent (0x%x) ignored\n", security_info_sent)); - return True; /* won't show error - later to be refined... */ + return NT_STATUS_OK; /* won't show error - later to be refined... */ } /* Special behaviours */ if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME, fsp, ¶ms)) - return False; + return NT_STATUS_NO_MEMORY; if (smbacl4_GetFileOwner(fsp, &sbuf)) - return False; + return map_nt_error_from_unix(errno); if (params.do_chown) { /* chown logic is a copy/paste from posix_acl.c:set_nt_acl */ - if (!unpack_nt_owners(SNUM(fsp->conn), &newUID, &newGID, security_info_sent, psd)) - { + NTSTATUS status = unpack_nt_owners(SNUM(fsp->conn), &newUID, &newGID, security_info_sent, psd); + if (!NT_STATUS_IS_OK(status)) { DEBUG(8, ("unpack_nt_owners failed")); - return False; + return status; } if (((newUID != (uid_t)-1) && (sbuf.st_uid != newUID)) || - ((newGID != (gid_t)-1) && (sbuf.st_gid != newGID))) { - need_chown = True; - } - if (need_chown) { - if ((newUID == (uid_t)-1 || newUID == current_user.ut.uid)) { - if(try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) { - DEBUG(3,("chown %s, %u, %u failed. Error = %s.\n", - fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID, strerror(errno) )); - return False; + ((newGID != (gid_t)-1) && (sbuf.st_gid != newGID))) { + if(try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) { + DEBUG(3,("chown %s, %u, %u failed. Error = %s.\n", + fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID, strerror(errno) )); + if (errno == EPERM) { + return NT_STATUS_INVALID_OWNER; } - DEBUG(10,("chown %s, %u, %u succeeded.\n", - fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID)); - if (smbacl4_GetFileOwner(fsp, &sbuf)) - return False; - need_chown = False; - } else { /* chown is needed, but _after_ changing acl */ - sbuf.st_uid = newUID; /* OWNER@ in case of e_special */ - sbuf.st_gid = newGID; /* GROUP@ in case of e_special */ + return map_nt_error_from_unix(errno); } + DEBUG(10,("chown %s, %u, %u succeeded.\n", + fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID)); + if (smbacl4_GetFileOwner(fsp, &sbuf)) + return map_nt_error_from_unix(errno); } } @@ -624,7 +617,7 @@ BOOL smb_set_nt_acl_nfs4(files_struct *fsp, { acl = smbacl4_win2nfs4(psd->dacl, ¶ms, sbuf.st_uid, sbuf.st_gid); if (!acl) - return False; + return map_nt_error_from_unix(errno); smbacl4_dump_nfs4acl(10, acl); @@ -632,25 +625,11 @@ BOOL smb_set_nt_acl_nfs4(files_struct *fsp, if (result!=True) { DEBUG(10, ("set_nfs4_native failed with %s\n", strerror(errno))); - return False; + return map_nt_error_from_unix(errno); } } else DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n", security_info_sent)); - /* Any chown pending? */ - if (need_chown) { - DEBUG(3,("chown#2 %s. uid = %u, gid = %u.\n", - fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID)); - if (try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) { - DEBUG(2,("chown#2 %s, %u, %u failed. Error = %s.\n", - fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID, - strerror(errno))); - return False; - } - DEBUG(10,("chown#2 %s, %u, %u succeeded.\n", - fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID)); - } - DEBUG(10, ("smb_set_nt_acl_nfs4 succeeded\n")); - return True; + return NT_STATUS_OK; } diff --git a/source/modules/vfs_afsacl.c b/source/modules/vfs_afsacl.c index 47e8ec5aefa..2f472df28cd 100644 --- a/source/modules/vfs_afsacl.c +++ b/source/modules/vfs_afsacl.c @@ -883,7 +883,7 @@ static void merge_unknown_aces(struct afs_acl *src, struct afs_acl *dst) } } -static BOOL afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, struct security_descriptor *psd) { @@ -980,7 +980,7 @@ static BOOL afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, free_afs_acl(&old_afs_acl); free_afs_acl(&new_afs_acl); - return (ret == 0); + return (ret == 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED; } static size_t afsacl_fget_nt_acl(struct vfs_handle_struct *handle, @@ -998,7 +998,7 @@ static size_t afsacl_get_nt_acl(struct vfs_handle_struct *handle, return afs_get_nt_acl(fsp, security_info, ppdesc); } -BOOL afsacl_fset_nt_acl(vfs_handle_struct *handle, +NTSTATUS afsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd) @@ -1006,7 +1006,7 @@ BOOL afsacl_fset_nt_acl(vfs_handle_struct *handle, return afs_set_nt_acl(handle, fsp, security_info_sent, psd); } -BOOL afsacl_set_nt_acl(vfs_handle_struct *handle, +NTSTATUS afsacl_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd) diff --git a/source/modules/vfs_aixacl2.c b/source/modules/vfs_aixacl2.c index f1e116ec197..0ec2e6a5b3e 100644 --- a/source/modules/vfs_aixacl2.c +++ b/source/modules/vfs_aixacl2.c @@ -366,10 +366,10 @@ static BOOL aixjfs2_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) return True; } -static BOOL aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) +static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) { acl_type_t acl_type_info; - BOOL result = False; + NTSTATUS result = NT_STATUS_ACCESS_DENIED; int rc; rc = aixjfs2_query_acl_support( @@ -385,17 +385,17 @@ static BOOL aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_se } else if (rc==1) { /* assume POSIX ACL - by default... */ result = set_nt_acl(fsp, security_info_sent, psd); } else - result = False; /* query failed */ + result = map_nt_error_from_unix(errno); /* query failed */ return result; } -BOOL aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd) +NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd) { return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd); } -BOOL aixjfs2_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd) +NTSTATUS aixjfs2_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd) { return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd); } diff --git a/source/modules/vfs_cap.c b/source/modules/vfs_cap.c index ab99031e4d6..04dbec95b6b 100644 --- a/source/modules/vfs_cap.c +++ b/source/modules/vfs_cap.c @@ -184,7 +184,7 @@ static char *cap_realpath(vfs_handle_struct *handle, const char *path, char *res return SMB_VFS_NEXT_REALPATH(handle, path, resolved_path); } -static BOOL cap_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor *psd) +static NTSTATUS cap_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor *psd) { pstring capname; capencode(capname, name); diff --git a/source/modules/vfs_catia.c b/source/modules/vfs_catia.c index a32bd59d5c7..a4a2f8f7bde 100644 --- a/source/modules/vfs_catia.c +++ b/source/modules/vfs_catia.c @@ -238,7 +238,7 @@ static size_t catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, ppdesc); } -static BOOL catia_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS catia_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor_info *psd) { diff --git a/source/modules/vfs_default.c b/source/modules/vfs_default.c index 28fe4d4ea78..930b7c85072 100644 --- a/source/modules/vfs_default.c +++ b/source/modules/vfs_default.c @@ -947,9 +947,9 @@ static size_t vfswrap_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, c return result; } -static BOOL vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd) +static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd) { - BOOL result; + NTSTATUS result; START_PROFILE(fset_nt_acl); result = set_nt_acl(fsp, security_info_sent, psd); @@ -957,9 +957,9 @@ static BOOL vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, in return result; } -static BOOL vfswrap_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd) +static NTSTATUS vfswrap_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd) { - BOOL result; + NTSTATUS result; START_PROFILE(set_nt_acl); result = set_nt_acl(fsp, security_info_sent, psd); diff --git a/source/modules/vfs_full_audit.c b/source/modules/vfs_full_audit.c index cd434f1951f..e76cb9fc23f 100644 --- a/source/modules/vfs_full_audit.c +++ b/source/modules/vfs_full_audit.c @@ -191,10 +191,10 @@ static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, SEC_DESC **ppdesc); -static BOOL smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd); -static BOOL smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd); static int smb_full_audit_chmod_acl(vfs_handle_struct *handle, @@ -1497,30 +1497,30 @@ static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct return result; } -static BOOL smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd) { - BOOL result; + NTSTATUS result; result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, fd, security_info_sent, psd); - do_log(SMB_VFS_OP_FSET_NT_ACL, result, handle, "%s", fsp->fsp_name); + do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name); return result; } -static BOOL smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd) { - BOOL result; + NTSTATUS result; result = SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent, psd); - do_log(SMB_VFS_OP_SET_NT_ACL, result, handle, "%s", fsp->fsp_name); + do_log(SMB_VFS_OP_SET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name); return result; } diff --git a/source/modules/vfs_gpfs.c b/source/modules/vfs_gpfs.c index 3795a5d4a63..9c9503e7722 100644 --- a/source/modules/vfs_gpfs.c +++ b/source/modules/vfs_gpfs.c @@ -334,14 +334,14 @@ static BOOL gpfsacl_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) return True; } -static BOOL gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) +static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd) { struct gpfs_acl *acl; - BOOL result = False; + NTSTATUS result = NT_STATUS_ACCESS_DENIED; acl = gpfs_getacl_alloc(fsp->fsp_name, GPFS_ACL_TYPE_ACCESS); if (acl == NULL) - return False; + return result; if (acl->acl_version&GPFS_ACL_VERSION_NFS4) { @@ -355,12 +355,12 @@ static BOOL gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_ return result; } -static BOOL gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd) +static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd) { return gpfsacl_set_nt_acl_internal(fsp, security_info_sent, psd); } -static BOOL gpfsacl_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, char *name, uint32 security_info_sent, SEC_DESC *psd) +static NTSTATUS gpfsacl_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, char *name, uint32 security_info_sent, SEC_DESC *psd) { return gpfsacl_set_nt_acl_internal(fsp, security_info_sent, psd); } diff --git a/source/modules/vfs_zfsacl.c b/source/modules/vfs_zfsacl.c index 79602c22211..a68258cfdb9 100644 --- a/source/modules/vfs_zfsacl.c +++ b/source/modules/vfs_zfsacl.c @@ -125,7 +125,7 @@ static BOOL zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl) * set the local file's acls obtaining it in NT form * using the NFSv4 format conversion */ -static BOOL zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, +static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, struct security_descriptor *psd) { @@ -149,7 +149,7 @@ static size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle, return zfs_get_nt_acl(fsp, security_info, ppdesc); } -static BOOL zfsacl_fset_nt_acl(vfs_handle_struct *handle, +static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd) @@ -157,7 +157,7 @@ static BOOL zfsacl_fset_nt_acl(vfs_handle_struct *handle, return zfs_set_nt_acl(handle, fsp, security_info_sent, psd); } -static BOOL zfsacl_set_nt_acl(vfs_handle_struct *handle, +static NTSTATUS zfsacl_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd) |