From 7555f12175773f95db1ecf26a842c629f73450b2 Mon Sep 17 00:00:00 2001 From: Christof Schmitt Date: Tue, 16 Jul 2019 15:30:36 -0700 Subject: nfs4_acls: Move adding of NFS4 ACE to ACL to smbacl4_fill_ace4 BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032 Signed-off-by: Christof Schmitt Reviewed-by: Ralph Boehme (cherry picked from commit abb58b17599bd3f9a06037e208dcc5033c7fdd8b) --- source3/modules/nfs4_acls.c | 68 ++++++++++++++++++++++++++------------------- 1 file changed, 39 insertions(+), 29 deletions(-) diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index cb407c6e032..bab4dd0fd64 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -685,16 +685,41 @@ static int smbacl4_MergeIgnoreReject(enum smbacl4_acedup_enum acedup, return result; } -static bool smbacl4_fill_ace4( +static int nfs4_acl_add_ace(enum smbacl4_acedup_enum acedup, + struct SMB4ACL_T *nfs4_acl, + SMB_ACE4PROP_T *nfs4_ace) +{ + bool add_ace = true; + + if (acedup != e_dontcare) { + int ret; + + ret = smbacl4_MergeIgnoreReject(acedup, nfs4_acl, + nfs4_ace, &add_ace); + if (ret == -1) { + return -1; + } + } + + if (add_ace) { + smb_add_ace4(nfs4_acl, nfs4_ace); + } + + return 0; +} + +static int smbacl4_fill_ace4( bool is_directory, const struct smbacl4_vfs_params *params, uid_t ownerUID, gid_t ownerGID, const struct security_ace *ace_nt, /* input */ - SMB_ACE4PROP_T *ace_v4 /* output */ + struct SMB4ACL_T *nfs4_acl ) { struct dom_sid_buf buf; + SMB_ACE4PROP_T nfs4_ace = { 0 }; + SMB_ACE4PROP_T *ace_v4 = &nfs4_ace; DEBUG(10, ("got ace for %s\n", dom_sid_str_buf(&ace_nt->trustee, &buf))); @@ -742,7 +767,7 @@ static bool smbacl4_fill_ace4( ace_v4->aceFlags |= SMB_ACE4_INHERIT_ONLY_ACE; if (!(ace_v4->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE) && !(ace_v4->aceFlags & SMB_ACE4_FILE_INHERIT_ACE)) { - return false; + return 0; } } else if (params->mode!=e_special && dom_sid_equal(&ace_nt->trustee, @@ -754,7 +779,7 @@ static bool smbacl4_fill_ace4( ace_v4->aceFlags |= SMB_ACE4_INHERIT_ONLY_ACE; if (!(ace_v4->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE) && !(ace_v4->aceFlags & SMB_ACE4_FILE_INHERIT_ACE)) { - return false; + return 0; } } else { struct unixid unixid; @@ -764,12 +789,12 @@ static bool smbacl4_fill_ace4( if (!ok) { DBG_WARNING("Could not convert %s to uid or gid.\n", dom_sid_str_buf(&ace_nt->trustee, &buf)); - return false; + return 0; } if (dom_sid_compare_domain(&ace_nt->trustee, &global_sid_Unix_NFS) == 0) { - return false; + return 0; } switch (unixid.type) { @@ -788,11 +813,11 @@ static bool smbacl4_fill_ace4( default: DBG_WARNING("Could not convert %s to uid or gid.\n", dom_sid_str_buf(&ace_nt->trustee, &buf)); - return false; + return 0; } } - return true; /* OK */ + return nfs4_acl_add_ace(params->acedup, nfs4_acl, &nfs4_ace); } static int smbacl4_substitute_special( @@ -886,28 +911,13 @@ static struct SMB4ACL_T *smbacl4_win2nfs4( return NULL; for(i=0; inum_aces; i++) { - SMB_ACE4PROP_T ace_v4; - bool addNewACE = true; - - if (!smbacl4_fill_ace4(is_directory, pparams, - ownerUID, ownerGID, - dacl->aces + i, &ace_v4)) { - struct dom_sid_buf buf; - DEBUG(3, ("Could not fill ace for file, SID %s\n", - dom_sid_str_buf(&((dacl->aces+i)->trustee), - &buf))); - continue; - } - - if (pparams->acedup!=e_dontcare) { - if (smbacl4_MergeIgnoreReject(pparams->acedup, theacl, - &ace_v4, &addNewACE)) { - return NULL; - } - } + int ret; - if (addNewACE) { - smb_add_ace4(theacl, &ace_v4); + ret = smbacl4_fill_ace4(is_directory, pparams, + ownerUID, ownerGID, + dacl->aces + i, theacl); + if (ret == -1) { + return NULL; } } -- cgit v1.2.1