static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode)
{
int ret = SMB_VFS_NEXT_MKDIR(handle, path, mode);
if (ret == -1) {
return ret;
}
/* New directory - inherit from parent. */
inherit_new_acl(handle, path, NULL, true);
return ret;
}
static int open_acl_xattr(vfs_handle_struct *handle,
const char *fname,
files_struct *fsp,
int flags,
mode_t mode)
{
uint32_t access_granted = 0;
struct security_descriptor *pdesc = NULL;
bool file_existed = true;
NTSTATUS status = get_nt_acl_xattr_internal(handle,
NULL,
fname,
(OWNER_SECURITY_INFORMATION |
GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION),
&pdesc);
if (NT_STATUS_IS_OK(status)) {
/* See if we can access it. */
status = smb1_file_se_access_check(pdesc,
handle->conn->server_info->ptok,
fsp->access_mask,
&access_granted);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10,("open_acl_xattr: file %s open "
"refused with error %s\n",
fname,
nt_errstr(status) ));
errno = map_errno_from_nt_status(status);
return -1;
}
} else if (NT_STATUS_EQUAL(status,NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
file_existed = false;
}
DEBUG(10,("open_acl_xattr: get_nt_acl_attr_internal for "
"file %s returned %s\n",
fname,
nt_errstr(status) ));
fsp->fh->fd = SMB_VFS_NEXT_OPEN(handle, fname, fsp, flags, mode);
if (!file_existed && fsp->fh->fd != -1) {
/* File was created. Inherit from parent directory. */
string_set(&fsp->fsp_name, fname);
inherit_new_acl(handle, fname, fsp, false);
}
return fsp->fh->fd;
}
static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
struct smb_request *req,
uint16_t root_dir_fid,
struct smb_filename *smb_fname,
uint32_t access_mask,
uint32_t share_access,
uint32_t create_disposition,
uint32_t create_options,
uint32_t file_attributes,
uint32_t oplock_request,
uint64_t allocation_size,
struct security_descriptor *sd,
struct ea_list *ea_list,
files_struct **result,
int *pinfo)
{
NTSTATUS status, status1;
files_struct *fsp = NULL;
int info;
struct security_descriptor *parent_sd = NULL;
status = SMB_VFS_NEXT_CREATE_FILE(handle,
req,
root_dir_fid,
smb_fname,
access_mask,
share_access,
create_disposition,
create_options,
file_attributes,
oplock_request,
allocation_size,
sd,
ea_list,
result,
&info);
if (info != FILE_WAS_CREATED) {
/* File/directory was opened, not created. */
goto out;
}
fsp = *result;
if (!NT_STATUS_IS_OK(status) || fsp == NULL) {
/* Only handle success. */
goto out;
}
if (sd) {
/* Security descriptor already set. */
goto out;
}
if (fsp->base_fsp) {
/* Stream open. */
goto out;
}
/* We must have a cached parent sd in this case.
* attached to the handle. */
SMB_VFS_HANDLE_GET_DATA(handle, parent_sd,
struct security_descriptor,
goto err);
if (!parent_sd) {
goto err;
}
/* New directory - inherit from parent. */
status1 = inherit_new_acl(handle, fsp, parent_sd, fsp->is_directory);
if (!NT_STATUS_IS_OK(status1)) {
DEBUG(1,("create_file_acl_common: error setting "
"sd for %s (%s)\n",
fsp_str_dbg(fsp),
nt_errstr(status1) ));
}
out:
/* Ensure we never leave attached data around. */
SMB_VFS_HANDLE_FREE_DATA(handle);
if (NT_STATUS_IS_OK(status) && pinfo) {
*pinfo = info;
}
return status;
err:
smb_panic("create_file_acl_common: logic error.\n");
/* NOTREACHED */
return status;
}
