diff options
author | Jeremy Allison <jra@samba.org> | 2009-12-02 12:09:48 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2009-12-02 12:09:48 -0800 |
commit | 486c8d57ec5a9aa63aff275621ff45c22b8cde61 (patch) | |
tree | dd7a853c5ca46f35a73d036be4feef4f539d9a90 /source3/modules | |
parent | b6fdecd11210a3d2ff803bdc315aacd9f8b445a1 (diff) | |
download | samba-486c8d57ec5a9aa63aff275621ff45c22b8cde61.tar.gz samba-486c8d57ec5a9aa63aff275621ff45c22b8cde61.tar.bz2 samba-486c8d57ec5a9aa63aff275621ff45c22b8cde61.zip |
Ensure get_nt_acl_internal() only looks at the ACL blobs, not
reads off the underlying filesystem. Ensure that vfs_acl_tdb.c
returns NT_STATUS_NOT_FOUND, not NT_STATUS_OBJECT_NAME_NOT_FOUND
when it can't find a blob matching the file.
Jeremy.
Diffstat (limited to 'source3/modules')
-rw-r--r-- | source3/modules/vfs_acl_common.c | 40 | ||||
-rw-r--r-- | source3/modules/vfs_acl_tdb.c | 2 |
2 files changed, 23 insertions, 19 deletions
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 116211c9c0..ff97a04c73 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -161,7 +161,8 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd, } /******************************************************************* - Store a DATA_BLOB into an xattr given a pathname. + Pull a DATA_BLOB from an xattr given a pathname. + DOES NOT FALL BACK TO THE UNDERLYING ACLs ON THE FILESYSTEM. *******************************************************************/ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, @@ -185,21 +186,8 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, status = get_acl_blob(talloc_tos(), handle, fsp, name, &blob); if (!NT_STATUS_IS_OK(status)) { - DEBUG(10, ("get_acl_blob returned %s\n", nt_errstr(status))); - if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { - /* Pull the ACL from the underlying system. */ - if (fsp) { - status = SMB_VFS_NEXT_FGET_NT_ACL(handle, - fsp, - security_info, - ppdesc); - } else { - status = SMB_VFS_NEXT_GET_NT_ACL(handle, - name, - security_info, - ppdesc); - } - } + DEBUG(10, ("get_nt_acl_internal: get_acl_blob returned %s\n", + nt_errstr(status))); return status; } @@ -668,8 +656,16 @@ static int mkdir_acl_common(vfs_handle_struct *handle, const char *path, mode_t static NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, uint32_t security_info, struct security_descriptor **ppdesc) { - return get_nt_acl_internal(handle, fsp, + NTSTATUS status = get_nt_acl_internal(handle, fsp, NULL, security_info, ppdesc); + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { + /* Pull the ACL from the underlying system. */ + status = SMB_VFS_NEXT_FGET_NT_ACL(handle, + fsp, + security_info, + ppdesc); + } + return status; } /********************************************************************* @@ -679,8 +675,16 @@ static NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, static NTSTATUS get_nt_acl_common(vfs_handle_struct *handle, const char *name, uint32_t security_info, struct security_descriptor **ppdesc) { - return get_nt_acl_internal(handle, NULL, + NTSTATUS status = get_nt_acl_internal(handle, NULL, name, security_info, ppdesc); + if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) { + /* Pull the ACL from the underlying system. */ + status = SMB_VFS_NEXT_GET_NT_ACL(handle, + name, + security_info, + ppdesc); + } + return status; } /********************************************************************* diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c index f9e766d001..dcd323a148 100644 --- a/source3/modules/vfs_acl_tdb.c +++ b/source3/modules/vfs_acl_tdb.c @@ -188,7 +188,7 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx, (unsigned int)data.dsize, name )); if (pblob->length == 0 || pblob->data == NULL) { - return NT_STATUS_OBJECT_NAME_NOT_FOUND; + return NT_STATUS_NOT_FOUND; } return NT_STATUS_OK; } |