diff options
author | Ralph Boehme <slow@samba.org> | 2020-12-14 10:44:47 +0100 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2020-12-17 18:56:29 +0000 |
commit | 8d323aebe34f4d6188e98c7a9551b140d9ee1121 (patch) | |
tree | 72cf6505b3f21d96a955661538377aaddc3444b3 /source3 | |
parent | 1f4426b44e178d05337b7804987a74c4628a2530 (diff) | |
download | samba-8d323aebe34f4d6188e98c7a9551b140d9ee1121.tar.gz |
posix_acls: use SMB_VFS_SYS_ACL_SET_FD() in set_canon_ace_list()
SMB_VFS_SYS_ACL_SET_FD() can now safely be used to set default ACLs on
directories.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/posix_acls.c | 95 |
1 files changed, 25 insertions, 70 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 87a89fcbd38..7d9cd8e538f 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -2869,6 +2869,7 @@ static bool set_canon_ace_list(files_struct *fsp, SMB_ACL_TYPE_T the_acl_type = (default_ace ? SMB_ACL_TYPE_DEFAULT : SMB_ACL_TYPE_ACCESS); bool needs_mask = False; mode_t mask_perms = 0; + int sret; /* Use the psbuf that was passed in. */ if (psbuf != &fsp->fsp_name->st) { @@ -3020,81 +3021,35 @@ static bool set_canon_ace_list(files_struct *fsp, /* * Finally apply it to the file or directory. */ - - if (default_ace || fsp->fsp_flags.is_directory || fsp_get_io_fd(fsp) == -1) { - if (SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name, - the_acl_type, the_acl) == -1) { - /* - * Some systems allow all the above calls and only fail with no ACL support - * when attempting to apply the acl. HPUX with HFS is an example of this. JRA. - */ - if (no_acl_syscall_error(errno)) { - *pacl_set_support = False; - } - - if (acl_group_override(conn, fsp->fsp_name)) { - int sret; - - DEBUG(5,("set_canon_ace_list: acl group " - "control on and current user in file " - "%s primary group.\n", - fsp_str_dbg(fsp))); - - become_root(); - sret = SMB_VFS_SYS_ACL_SET_FILE(conn, - fsp->fsp_name, the_acl_type, - the_acl); - unbecome_root(); - if (sret == 0) { - ret = True; - } - } - - if (ret == False) { - DEBUG(2,("set_canon_ace_list: " - "sys_acl_set_file type %s failed for " - "file %s (%s).\n", - the_acl_type == SMB_ACL_TYPE_DEFAULT ? - "directory default" : "file", - fsp_str_dbg(fsp), strerror(errno))); - goto fail; - } + sret = SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl_type, the_acl); + if (sret == -1) { + /* + * Some systems allow all the above calls and only fail with no ACL support + * when attempting to apply the acl. HPUX with HFS is an example of this. JRA. + */ + if (no_acl_syscall_error(errno)) { + *pacl_set_support = false; } - } else { - if (SMB_VFS_SYS_ACL_SET_FD(fsp, SMB_ACL_TYPE_ACCESS, the_acl) == -1) { - /* - * Some systems allow all the above calls and only fail with no ACL support - * when attempting to apply the acl. HPUX with HFS is an example of this. JRA. - */ - if (no_acl_syscall_error(errno)) { - *pacl_set_support = False; - } - if (acl_group_override(conn, fsp->fsp_name)) { - int sret; + if (acl_group_override(conn, fsp->fsp_name)) { + DBG_DEBUG("acl group control on and current user in " + "file [%s] primary group.\n", + fsp_str_dbg(fsp)); - DEBUG(5,("set_canon_ace_list: acl group " - "control on and current user in file " - "%s primary group.\n", - fsp_str_dbg(fsp))); - - become_root(); - sret = SMB_VFS_SYS_ACL_SET_FD(fsp, - SMB_ACL_TYPE_ACCESS, - the_acl); - unbecome_root(); - if (sret == 0) { - ret = True; - } + become_root(); + sret = SMB_VFS_SYS_ACL_SET_FD(fsp, + the_acl_type, + the_acl); + unbecome_root(); + if (sret == 0) { + ret = true; } + } - if (ret == False) { - DEBUG(2,("set_canon_ace_list: " - "sys_acl_set_file failed for file %s " - "(%s).\n", - fsp_str_dbg(fsp), strerror(errno))); - goto fail; - } + if (ret == false) { + DBG_WARNING("sys_acl_set_file on file [%s]: (%s)\n", + fsp_str_dbg(fsp), strerror(errno)); + goto fail; } } |