summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@sernet.de>2007-10-13 21:06:49 +0200
committerMichael Adam <obnox@samba.org>2007-11-13 15:47:01 +0100
commit15953b82eb3b49d736b4b835b1d0d3cf0da0bff8 (patch)
tree4b3d872f0e8747386fb21fc1a893c0558aa2fc75
parent9441d1ba87313e0ecc6e6971a25e7ad0c280fdd7 (diff)
downloadsamba-15953b82eb3b49d736b4b835b1d0d3cf0da0bff8.tar.gz
samba-15953b82eb3b49d736b4b835b1d0d3cf0da0bff8.tar.bz2
samba-15953b82eb3b49d736b4b835b1d0d3cf0da0bff8.zip
Make [f]get_nt_acl return NTSTATUS
(This used to be commit dcbe1bf942d017a3cd5084c6ef605a13912f795b)
-rw-r--r--source3/include/vfs.h12
-rw-r--r--source3/modules/nfs4_acls.c20
-rw-r--r--source3/modules/vfs_afsacl.c24
-rw-r--r--source3/modules/vfs_aixacl2.c8
-rw-r--r--source3/modules/vfs_catia.c2
-rw-r--r--source3/modules/vfs_default.c12
-rw-r--r--source3/modules/vfs_full_audit.c22
-rw-r--r--source3/modules/vfs_gpfs.c8
-rw-r--r--source3/modules/vfs_zfsacl.c16
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c11
-rw-r--r--source3/smbd/dir.c11
-rw-r--r--source3/smbd/file_access.c15
-rw-r--r--source3/smbd/nttrans.c18
-rw-r--r--source3/smbd/posix_acls.c20
14 files changed, 112 insertions, 87 deletions
diff --git a/source3/include/vfs.h b/source3/include/vfs.h
index 03af04d1e3..b45320dd87 100644
--- a/source3/include/vfs.h
+++ b/source3/include/vfs.h
@@ -74,6 +74,7 @@
/* Leave at 22 - not yet released. Add file_id_create operation. --metze */
/* Leave at 22 - not yet released. Change all BOOL parameters (int) to bool. jra. */
/* Leave at 22 - not yet released. Added recvfile. */
+/* Leave at 22 - not yet released. Change get_nt_acl to return NTSTATUS - vl */
#define SMB_VFS_INTERFACE_VERSION 22
@@ -305,8 +306,15 @@ struct vfs_ops {
/* NT ACL operations. */
- size_t (*fget_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info, struct security_descriptor **ppdesc);
- size_t (*get_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info, struct security_descriptor **ppdesc);
+ NTSTATUS (*fget_nt_acl)(struct vfs_handle_struct *handle,
+ struct files_struct *fsp, int fd,
+ uint32 security_info,
+ struct security_descriptor **ppdesc);
+ NTSTATUS (*get_nt_acl)(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name,
+ uint32 security_info,
+ struct security_descriptor **ppdesc);
NTSTATUS (*fset_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor *psd);
NTSTATUS (*set_nt_acl)(struct vfs_handle_struct *handle, struct files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor *psd);
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 2d81739203..207c2ab537 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -257,7 +257,7 @@ static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *acl, /* in */
return True;
}
-size_t smb_get_nt_acl_nfs4(files_struct *fsp,
+NTSTATUS smb_get_nt_acl_nfs4(files_struct *fsp,
uint32 security_info,
SEC_DESC **ppdesc, SMB4ACL_T *acl)
{
@@ -272,23 +272,25 @@ size_t smb_get_nt_acl_nfs4(files_struct *fsp,
DEBUG(10, ("smb_get_nt_acl_nfs4 invoked for %s\n", fsp->fsp_name));
if (acl==NULL || smb_get_naces(acl)==0)
- return 0; /* special because we shouldn't alloc 0 for win */
+ return NT_STATUS_ACCESS_DENIED; /* special because we
+ * shouldn't alloc 0 for
+ * win */
if (smbacl4_GetFileOwner(fsp, &sbuf))
- return 0;
+ return map_nt_error_from_unix(errno);
uid_to_sid(&sid_owner, sbuf.st_uid);
gid_to_sid(&sid_group, sbuf.st_gid);
if (smbacl4_nfs42win(mem_ctx, acl, &sid_owner, &sid_group, &nt_ace_list, &good_aces)==False) {
DEBUG(8,("smbacl4_nfs42win failed\n"));
- return 0;
+ return map_nt_error_from_unix(errno);
}
psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, good_aces, nt_ace_list);
if (psa == NULL) {
DEBUG(2,("make_sec_acl failed\n"));
- return 0;
+ return NT_STATUS_NO_MEMORY;
}
DEBUG(10,("after make sec_acl\n"));
@@ -298,11 +300,13 @@ size_t smb_get_nt_acl_nfs4(files_struct *fsp,
NULL, psa, &sd_size);
if (*ppdesc==NULL) {
DEBUG(2,("make_sec_desc failed\n"));
- return 0;
+ return NT_STATUS_NO_MEMORY;
}
- DEBUG(10, ("smb_get_nt_acl_nfs4 successfully exited with sd_size %d\n", sd_size));
- return sd_size;
+ DEBUG(10, ("smb_get_nt_acl_nfs4 successfully exited with sd_size %d\n",
+ sec_desc_size(*ppdesc)));
+
+ return NT_STATUS_OK;
}
enum smbacl4_mode_enum {e_simple=0, e_special=1};
diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c
index a1043d6f6a..eac70f4f20 100644
--- a/source3/modules/vfs_afsacl.c
+++ b/source3/modules/vfs_afsacl.c
@@ -829,8 +829,8 @@ static bool afs_get_afs_acl(char *filename, struct afs_acl *acl)
return True;
}
-static size_t afs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
- struct security_descriptor **ppdesc)
+static NTSTATUS afs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
+ struct security_descriptor **ppdesc)
{
struct afs_acl acl;
size_t sd_size;
@@ -840,14 +840,14 @@ static size_t afs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
sidpts = lp_parm_bool(SNUM(fsp->conn), "afsacl", "sidpts", False);
if (!afs_get_afs_acl(fsp->fsp_name, &acl)) {
- return 0;
+ return NT_STATUS_ACCESS_DENIED;
}
sd_size = afs_to_nt_acl(&acl, fsp, security_info, ppdesc);
free_afs_acl(&acl);
- return sd_size;
+ return (sd_size != 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
}
/* For setting an AFS ACL we have to take care of the ACEs we could
@@ -982,17 +982,17 @@ static NTSTATUS afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
return (ret == 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
}
-static size_t afsacl_fget_nt_acl(struct vfs_handle_struct *handle,
- struct files_struct *fsp,
- int fd, uint32 security_info,
- struct security_descriptor **ppdesc)
+static NTSTATUS afsacl_fget_nt_acl(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ int fd, uint32 security_info,
+ struct security_descriptor **ppdesc)
{
return afs_get_nt_acl(fsp, security_info, ppdesc);
}
-static size_t afsacl_get_nt_acl(struct vfs_handle_struct *handle,
- struct files_struct *fsp,
- const char *name, uint32 security_info,
- struct security_descriptor **ppdesc)
+static NTSTATUS afsacl_get_nt_acl(struct vfs_handle_struct *handle,
+ struct files_struct *fsp,
+ const char *name, uint32 security_info,
+ struct security_descriptor **ppdesc)
{
return afs_get_nt_acl(fsp, security_info, ppdesc);
}
diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c
index 058fef1d1b..756977df4f 100644
--- a/source3/modules/vfs_aixacl2.c
+++ b/source3/modules/vfs_aixacl2.c
@@ -158,7 +158,7 @@ static bool aixjfs2_get_nfs4_acl(files_struct *fsp,
return True;
}
-static size_t aixjfs2_get_nt_acl_common(files_struct *fsp,
+static NTSTATUS aixjfs2_get_nt_acl_common(files_struct *fsp,
uint32 security_info, SEC_DESC **ppdesc)
{
SMB4ACL_T *pacl = NULL;
@@ -173,19 +173,19 @@ static size_t aixjfs2_get_nt_acl_common(files_struct *fsp,
return get_nt_acl(fsp, security_info, ppdesc);
}
if (result==False)
- return 0;
+ return NT_STATUS_ACCESS_DENIED;
return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
}
-size_t aixjfs2_fget_nt_acl(vfs_handle_struct *handle,
+NTSTATUS aixjfs2_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, int fd, uint32 security_info,
SEC_DESC **ppdesc)
{
return aixjfs2_get_nt_acl_common(fsp, security_info, ppdesc);
}
-size_t aixjfs2_get_nt_acl(vfs_handle_struct *handle,
+NTSTATUS aixjfs2_get_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, const char *name,
uint32 security_info, SEC_DESC **ppdesc)
{
diff --git a/source3/modules/vfs_catia.c b/source3/modules/vfs_catia.c
index 1f5a0163bc..dbb9550dbf 100644
--- a/source3/modules/vfs_catia.c
+++ b/source3/modules/vfs_catia.c
@@ -229,7 +229,7 @@ static char *catia_realpath(vfs_handle_struct *handle,
return SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
}
-static size_t catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
const char *name, uint32 security_info,
struct security_descriptor **ppdesc)
{
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 8c2bbfea96..cce5430493 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -943,9 +943,11 @@ static struct file_id vfswrap_file_id_create(struct vfs_handle_struct *handle, S
return file_id_create_dev(dev, inode);
}
-static size_t vfswrap_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info, SEC_DESC **ppdesc)
+static NTSTATUS vfswrap_fget_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp, int fd,
+ uint32 security_info, SEC_DESC **ppdesc)
{
- size_t result;
+ NTSTATUS result;
START_PROFILE(fget_nt_acl);
result = get_nt_acl(fsp, security_info, ppdesc);
@@ -953,9 +955,11 @@ static size_t vfswrap_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
return result;
}
-static size_t vfswrap_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info, SEC_DESC **ppdesc)
+static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp, const char *name,
+ uint32 security_info, SEC_DESC **ppdesc)
{
- size_t result;
+ NTSTATUS result;
START_PROFILE(get_nt_acl);
result = get_nt_acl(fsp, security_info, ppdesc);
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index c8a82e3d9a..0f84c4de17 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -190,10 +190,10 @@ static int smb_full_audit_chflags(vfs_handle_struct *handle,
const char *path, unsigned int flags);
static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *handle,
SMB_DEV_T dev, SMB_INO_T inode);
-static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
int fd, uint32 security_info,
SEC_DESC **ppdesc);
-static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
const char *name, uint32 security_info,
SEC_DESC **ppdesc);
static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
@@ -1510,31 +1510,33 @@ static struct file_id smb_full_audit_file_id_create(struct vfs_handle_struct *ha
return result;
}
-static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
int fd, uint32 security_info,
SEC_DESC **ppdesc)
{
- size_t result;
+ NTSTATUS result;
result = SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, fd, security_info,
ppdesc);
- do_log(SMB_VFS_OP_FGET_NT_ACL, (result > 0), handle,
+ do_log(SMB_VFS_OP_FGET_NT_ACL, NT_STATUS_IS_OK(result), handle,
"%s", fsp->fsp_name);
return result;
}
-static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
- const char *name, uint32 security_info,
- SEC_DESC **ppdesc)
+static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle,
+ files_struct *fsp,
+ const char *name,
+ uint32 security_info,
+ SEC_DESC **ppdesc)
{
- size_t result;
+ NTSTATUS result;
result = SMB_VFS_NEXT_GET_NT_ACL(handle, fsp, name, security_info,
ppdesc);
- do_log(SMB_VFS_OP_GET_NT_ACL, (result > 0), handle,
+ do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle,
"%s", fsp->fsp_name);
return result;
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index 0188e380e9..c207bbfe2d 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -226,7 +226,7 @@ static int gpfs_get_nfs4_acl(const char *fname, SMB4ACL_T **ppacl)
return 0;
}
-static size_t gpfsacl_get_nt_acl_common(files_struct *fsp,
+static NTSTATUS gpfsacl_get_nt_acl_common(files_struct *fsp,
uint32 security_info, SEC_DESC **ppdesc)
{
SMB4ACL_T *pacl = NULL;
@@ -244,17 +244,17 @@ static size_t gpfsacl_get_nt_acl_common(files_struct *fsp,
}
/* GPFS ACL was not read, something wrong happened, error code is set in errno */
- return 0;
+ return map_nt_error_from_unix(errno);
}
-size_t gpfsacl_fget_nt_acl(vfs_handle_struct *handle,
+NTSTATUS gpfsacl_fget_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, int fd, uint32 security_info,
SEC_DESC **ppdesc)
{
return gpfsacl_get_nt_acl_common(fsp, security_info, ppdesc);
}
-size_t gpfsacl_get_nt_acl(vfs_handle_struct *handle,
+NTSTATUS gpfsacl_get_nt_acl(vfs_handle_struct *handle,
files_struct *fsp, const char *name,
uint32 security_info, SEC_DESC **ppdesc)
{
diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
index a817022032..d265931cf2 100644
--- a/source3/modules/vfs_zfsacl.c
+++ b/source3/modules/vfs_zfsacl.c
@@ -34,7 +34,7 @@
* read the local file's acls and return it in NT form
* using the NFSv4 format conversion
*/
-static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
+static NTSTATUS zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
struct security_descriptor **ppdesc)
{
int naces, i;
@@ -50,20 +50,19 @@ static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
DEBUG(9, ("acl(ACE_GETACLCNT, %s): %s ", fsp->fsp_name,
strerror(errno)));
}
- return 0;
+ return map_nt_error_from_unix(errno);
}
/* allocate the field of ZFS aces */
mem_ctx = talloc_tos();
acebuf = (ace_t *) talloc_size(mem_ctx, sizeof(ace_t)*naces);
if(acebuf == NULL) {
- errno = ENOMEM;
- return 0;
+ return NT_STATUS_NO_MEMORY;
}
/* read the aces into the field */
if(acl(fsp->fsp_name, ACE_GETACL, naces, acebuf) < 0) {
DEBUG(9, ("acl(ACE_GETACL, %s): %s ", fsp->fsp_name,
strerror(errno)));
- return 0;
+ return map_nt_error_from_unix(errno);
}
/* create SMB4ACL data */
if((pacl = smb_create_smb4acl()) == NULL) return 0;
@@ -87,7 +86,8 @@ static size_t zfs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
} else {
aceprop.flags = 0;
}
- if(smb_add_ace4(pacl, &aceprop) == NULL) return 0;
+ if(smb_add_ace4(pacl, &aceprop) == NULL)
+ return NT_STATUS_NO_MEMORY;
}
return smb_get_nt_acl_nfs4(fsp, security_info, ppdesc, pacl);
@@ -164,7 +164,7 @@ static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
zfs_process_smbacl);
}
-static size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
+static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp,
int fd, uint32 security_info,
struct security_descriptor **ppdesc)
@@ -172,7 +172,7 @@ static size_t zfsacl_fget_nt_acl(struct vfs_handle_struct *handle,
return zfs_get_nt_acl(fsp, security_info, ppdesc);
}
-static size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
+static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
struct files_struct *fsp,
const char *name, uint32 security_info,
struct security_descriptor **ppdesc)
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index 55c30c5315..5a3c451cde 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -2050,14 +2050,19 @@ WERROR _srv_net_file_query_secdesc(pipes_struct *p, SRV_Q_NET_FILE_QUERY_SECDESC
goto error_exit;
}
- sd_size = SMB_VFS_GET_NT_ACL(fsp, fsp->fsp_name, (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
+ nt_status = SMB_VFS_GET_NT_ACL(fsp, fsp->fsp_name,
+ (OWNER_SECURITY_INFORMATION
+ |GROUP_SECURITY_INFORMATION
+ |DACL_SECURITY_INFORMATION), &psd);
- if (sd_size == 0) {
+ if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(3,("_srv_net_file_query_secdesc: Unable to get NT ACL for file %s\n", filename));
- r_u->status = WERR_ACCESS_DENIED;
+ r_u->status = ntstatus_to_werror(nt_status);
goto error_exit;
}
+ sd_size = sec_desc_size(psd);
+
r_u->ptr_response = 1;
r_u->size_response = sd_size;
r_u->ptr_secdesc = 1;
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index f6a8b27ab4..05679ee0ee 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -911,7 +911,6 @@ bool get_dir_entry(TALLOC_CTX *ctx,
static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst)
{
SEC_DESC *psd = NULL;
- size_t sd_size;
files_struct *fsp;
NTSTATUS status;
uint32 access_granted;
@@ -951,12 +950,12 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S
}
/* Get NT ACL -allocated in main loop talloc context. No free needed here. */
- sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
+ status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
close_file(fsp, NORMAL_CLOSE);
/* No access if SD get failed. */
- if (!sd_size) {
+ if (!NT_STATUS_IS_OK(status)) {
return False;
}
@@ -974,7 +973,6 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S
static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst)
{
SEC_DESC *psd = NULL;
- size_t sd_size;
files_struct *fsp;
int info;
NTSTATUS status;
@@ -1014,13 +1012,14 @@ static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_
}
/* Get NT ACL -allocated in main loop talloc context. No free needed here. */
- sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
+ status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
close_file(fsp, NORMAL_CLOSE);
/* No access if SD get failed. */
- if (!sd_size)
+ if (!NT_STATUS_IS_OK(status)) {
return False;
+ }
return se_access_check(psd, current_user.nt_user_token, FILE_WRITE_DATA,
&access_granted, &status);
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 121e7f79a9..46472665e5 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -41,7 +41,6 @@ static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx,
NTSTATUS status;
struct files_struct *fsp = NULL;
struct security_descriptor *secdesc = NULL;
- size_t secdesc_size;
if (!VALID_STAT(*psbuf)) {
if (SMB_VFS_STAT(conn, fname, psbuf) != 0) {
@@ -70,14 +69,14 @@ static NTSTATUS conn_get_nt_acl(TALLOC_CTX *mem_ctx,
return status;
}
- secdesc_size = SMB_VFS_GET_NT_ACL(fsp, fname,
- (OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION),
- &secdesc);
- if (secdesc_size == 0) {
+ status = SMB_VFS_GET_NT_ACL(fsp, fname,
+ (OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION),
+ &secdesc);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("Unable to get NT ACL for file %s\n", fname));
- return NT_STATUS_ACCESS_DENIED;
+ return status;
}
*psd = talloc_move(mem_ctx, &secdesc);
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index f07d64eded..d03abaeadb 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -2302,17 +2302,17 @@ static void call_nt_transact_rename(connection_struct *conn,
Fake up a completely empty SD.
*******************************************************************************/
-static size_t get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
+static NTSTATUS get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
{
size_t sd_size;
*ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size);
if(!*ppsd) {
DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
- sd_size = 0;
+ return NT_STATUS_NO_MEMORY;
}
- return sd_size;
+ return NT_STATUS_OK;
}
/****************************************************************************
@@ -2337,6 +2337,7 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
uint32 security_info_wanted;
TALLOC_CTX *mem_ctx;
files_struct *fsp = NULL;
+ NTSTATUS status;
if(parameter_count < 8) {
reply_doserror(req, ERRDOS, ERRbadfunc);
@@ -2371,17 +2372,20 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
*/
if (!lp_nt_acl_support(SNUM(conn))) {
- sd_size = get_null_nt_acl(mem_ctx, &psd);
+ status = get_null_nt_acl(mem_ctx, &psd);
} else {
- sd_size = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd, security_info_wanted, &psd);
+ status = SMB_VFS_FGET_NT_ACL(fsp, fsp->fh->fd,
+ security_info_wanted, &psd);
}
- if (sd_size == 0) {
+ if (!NT_STATUS_IS_OK(status)) {
talloc_destroy(mem_ctx);
- reply_unixerror(req, ERRDOS, ERRnoaccess);
+ reply_nterror(req, status);
return;
}
+ sd_size = sec_desc_size(psd);
+
DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size));
SIVAL(params,0,(uint32)sd_size);
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 6e7dae4892..27953a2051 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -2728,7 +2728,7 @@ static size_t merge_default_aces( SEC_ACE *nt_ace_list, size_t num_aces)
the UNIX style get ACL.
****************************************************************************/
-size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
+NTSTATUS get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
{
connection_struct *conn = fsp->conn;
SMB_STRUCT_STAT sbuf;
@@ -2756,7 +2756,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
/* Get the stat struct for the owner info. */
if(SMB_VFS_STAT(fsp->conn,fsp->fsp_name, &sbuf) != 0) {
- return 0;
+ return map_nt_error_from_unix(errno);
}
/*
* Get the ACL from the path.
@@ -2777,7 +2777,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
/* Get the stat struct for the owner info. */
if(SMB_VFS_FSTAT(fsp,fsp->fh->fd,&sbuf) != 0) {
- return 0;
+ return map_nt_error_from_unix(errno);
}
/*
* Get the ACL from the fd.
@@ -3027,7 +3027,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
free_inherited_info(pal);
SAFE_FREE(nt_ace_list);
- return sd_size;
+ return NT_STATUS_OK;
}
/****************************************************************************
@@ -3174,7 +3174,6 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
SMB_STRUCT_STAT sbuf;
NTSTATUS status;
int info;
- size_t sd_size;
unsigned int i, j;
mode_t unx_mode;
@@ -3213,13 +3212,13 @@ static NTSTATUS append_parent_acl(files_struct *fsp,
return status;
}
- sd_size = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name,
- DACL_SECURITY_INFORMATION, &parent_sd );
+ status = SMB_VFS_GET_NT_ACL(parent_fsp, parent_fsp->fsp_name,
+ DACL_SECURITY_INFORMATION, &parent_sd );
close_file(parent_fsp, NORMAL_CLOSE);
- if (!sd_size) {
- return NT_STATUS_ACCESS_DENIED;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
/*
@@ -4174,7 +4173,8 @@ SEC_DESC *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname)
finfo.fh->fd = -1;
finfo.fsp_name = CONST_DISCARD(char *,fname);
- if (get_nt_acl( &finfo, DACL_SECURITY_INFORMATION, &psd ) == 0) {
+ if (!NT_STATUS_IS_OK(get_nt_acl( &finfo, DACL_SECURITY_INFORMATION,
+ &psd ))) {
DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n"));
conn_free_internal( &conn );
return NULL;