/* nfs4_set_nt_acl() * set the local file's acls obtaining it in NT form * using the NFSv4 format conversion */ static NTSTATUS nfs4_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd) { return smb_set_nt_acl_nfs4(handle, fsp, security_info_sent, psd, nfs4acl_xattr_fset_smb4acl); }
/* zfs_set_nt_acl() * set the local file's acls obtaining it in NT form * using the NFSv4 format conversion */ static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd) { return smb_set_nt_acl_nfs4(fsp, security_info_sent, psd, zfs_process_smbacl); }
static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd) { struct gpfs_acl *acl; NTSTATUS result = NT_STATUS_ACCESS_DENIED; acl = gpfs_getacl_alloc(fsp->fsp_name, 0); if (acl == NULL) return result; if (acl->acl_version&GPFS_ACL_VERSION_NFS4) { result = smb_set_nt_acl_nfs4( fsp, security_info_sent, psd, gpfsacl_process_smbacl); } else { /* assume POSIX ACL - by default... */ result = set_nt_acl(fsp, security_info_sent, psd); } return result; }
static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd) { acl_type_t acl_type_info; NTSTATUS result = NT_STATUS_ACCESS_DENIED; int rc; rc = aixjfs2_query_acl_support( fsp->fsp_name, ACL_NFS4, &acl_type_info); if (rc==0) { result = smb_set_nt_acl_nfs4( fsp, security_info_sent, psd, aixjfs2_process_smbacl); } else if (rc==1) { /* assume POSIX ACL - by default... */ result = set_nt_acl(fsp, security_info_sent, psd); } else result = map_nt_error_from_unix(errno); /* query failed */ return result; }
static NTSTATUS nfs4acl_xattr_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info_sent, const struct security_descriptor *psd) { struct nfs4acl_config *config = NULL; const struct security_token *token = NULL; mode_t existing_mode; mode_t expected_mode; mode_t restored_mode; bool chown_needed = false; NTSTATUS status; int ret; SMB_VFS_HANDLE_GET_DATA(handle, config, struct nfs4acl_config, return NT_STATUS_INTERNAL_ERROR); if (!VALID_STAT(fsp->fsp_name->st)) { DBG_ERR("Invalid stat info on [%s]\n", fsp_str_dbg(fsp)); return NT_STATUS_INTERNAL_ERROR; } existing_mode = fsp->fsp_name->st.st_ex_mode; if (S_ISDIR(existing_mode)) { expected_mode = 0777; } else { expected_mode = 0666; } if ((existing_mode & expected_mode) != expected_mode) { int saved_errno = 0; restored_mode = existing_mode | expected_mode; become_root(); if (fsp->fh->fd != -1) { ret = SMB_VFS_NEXT_FCHMOD(handle, fsp, restored_mode); } else { ret = SMB_VFS_NEXT_CHMOD(handle, fsp->fsp_name, restored_mode); } if (ret != 0) { saved_errno = errno; } unbecome_root(); if (saved_errno != 0) { errno = saved_errno; } if (ret != 0) { DBG_ERR("Resetting POSIX mode on [%s] from [0%o]: %s\n", fsp_str_dbg(fsp), existing_mode, strerror(errno)); return map_nt_error_from_unix(errno); } } status = smb_set_nt_acl_nfs4(handle, fsp, &config->nfs4_params, security_info_sent, psd, nfs4acl_smb4acl_set_fn); if (NT_STATUS_IS_OK(status)) { return NT_STATUS_OK; } /* * We got access denied. If we're already root, or we didn't * need to do a chown, or the fsp isn't open with WRITE_OWNER * access, just return. */ if ((security_info_sent & SECINFO_OWNER) && (psd->owner_sid != NULL)) { chown_needed = true; } if ((security_info_sent & SECINFO_GROUP) && (psd->group_sid != NULL)) { chown_needed = true; } if (get_current_uid(handle->conn) == 0 || chown_needed == false || !(fsp->access_mask & SEC_STD_WRITE_OWNER)) { return NT_STATUS_ACCESS_DENIED; } /* * Only allow take-ownership, not give-ownership. That's the way Windows * implements SEC_STD_WRITE_OWNER. MS-FSA 2.1.5.16 just states: If * InputBuffer.OwnerSid is not a valid owner SID for a file in the * objectstore, as determined in an implementation specific manner, the * object store MUST return STATUS_INVALID_OWNER. */ token = get_current_nttok(fsp->conn); if (!security_token_is_sid(token, psd->owner_sid)) { return NT_STATUS_INVALID_OWNER; } DBG_DEBUG("overriding chown on file %s for sid %s\n", fsp_str_dbg(fsp), sid_string_tos(psd->owner_sid)); become_root(); status = smb_set_nt_acl_nfs4(handle, fsp, &config->nfs4_params, security_info_sent, psd, nfs4acl_smb4acl_set_fn); unbecome_root(); return status; }