posix_acls: use SMB_VFS_SYS_ACL_SET_FD() in set_canon_ace_list()

SMB_VFS_SYS_ACL_SET_FD() can now safely be used to set default ACLs on
directories.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 87a89fcbd38afac338e588722a44ac282df8fe4b..7d9cd8e538f68000d5ccc21fa7e1b55d70329a95 100644 (file)
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -2869,6 +2869,7 @@ static bool set_canon_ace_list(files_struct *fsp,
        SMB_ACL_TYPE_T the_acl_type = (default_ace ? SMB_ACL_TYPE_DEFAULT : SMB_ACL_TYPE_ACCESS);
        bool needs_mask = False;
        mode_t mask_perms = 0;
+       int sret;
 
        /* Use the psbuf that was passed in. */
        if (psbuf != &fsp->fsp_name->st) {
@@ -3020,81 +3021,35 @@ static bool set_canon_ace_list(files_struct *fsp,
        /*
         * Finally apply it to the file or directory.
         */
-
-       if (default_ace || fsp->fsp_flags.is_directory || fsp_get_io_fd(fsp) == -1) {
-               if (SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name,
-                                            the_acl_type, the_acl) == -1) {
-                       /*
-                        * Some systems allow all the above calls and only fail with no ACL support
-                        * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
-                        */
-                       if (no_acl_syscall_error(errno)) {
-                               *pacl_set_support = False;
-                       }
-
-                       if (acl_group_override(conn, fsp->fsp_name)) {
-                               int sret;
-
-                               DEBUG(5,("set_canon_ace_list: acl group "
-                                        "control on and current user in file "
-                                        "%s primary group.\n",
-                                        fsp_str_dbg(fsp)));
-
-                               become_root();
-                               sret = SMB_VFS_SYS_ACL_SET_FILE(conn,
-                                   fsp->fsp_name, the_acl_type,
-                                   the_acl);
-                               unbecome_root();
-                               if (sret == 0) {
-                                       ret = True;     
-                               }
-                       }
-
-                       if (ret == False) {
-                               DEBUG(2,("set_canon_ace_list: "
-                                        "sys_acl_set_file type %s failed for "
-                                        "file %s (%s).\n",
-                                        the_acl_type == SMB_ACL_TYPE_DEFAULT ?
-                                        "directory default" : "file",
-                                        fsp_str_dbg(fsp), strerror(errno)));
-                               goto fail;
-                       }
+       sret = SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl_type, the_acl);
+       if (sret == -1) {
+               /*
+                * Some systems allow all the above calls and only fail with no ACL support
+                * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
+                */
+               if (no_acl_syscall_error(errno)) {
+                       *pacl_set_support = false;
                }
-       } else {
-               if (SMB_VFS_SYS_ACL_SET_FD(fsp, SMB_ACL_TYPE_ACCESS, the_acl) == -1) {
-                       /*
-                        * Some systems allow all the above calls and only fail with no ACL support
-                        * when attempting to apply the acl. HPUX with HFS is an example of this. JRA.
-                        */
-                       if (no_acl_syscall_error(errno)) {
-                               *pacl_set_support = False;
-                       }
 
-                       if (acl_group_override(conn, fsp->fsp_name)) {
-                               int sret;
+               if (acl_group_override(conn, fsp->fsp_name)) {
+                       DBG_DEBUG("acl group control on and current user in "
+                                 "file [%s] primary group.\n",
+                                 fsp_str_dbg(fsp));
 
-                               DEBUG(5,("set_canon_ace_list: acl group "
-                                        "control on and current user in file "
-                                        "%s primary group.\n",
-                                        fsp_str_dbg(fsp)));
-
-                               become_root();
-                               sret = SMB_VFS_SYS_ACL_SET_FD(fsp,
-                                                             SMB_ACL_TYPE_ACCESS,
-                                                             the_acl);
-                               unbecome_root();
-                               if (sret == 0) {
-                                       ret = True;
-                               }
+                       become_root();
+                       sret = SMB_VFS_SYS_ACL_SET_FD(fsp,
+                                                     the_acl_type,
+                                                     the_acl);
+                       unbecome_root();
+                       if (sret == 0) {
+                               ret = true;
                        }
+               }
 
-                       if (ret == False) {
-                               DEBUG(2,("set_canon_ace_list: "
-                                        "sys_acl_set_file failed for file %s "
-                                        "(%s).\n",
-                                        fsp_str_dbg(fsp), strerror(errno)));
-                               goto fail;
-                       }
+               if (ret == false) {
+                       DBG_WARNING("sys_acl_set_file on file [%s]: (%s)\n",
+                                   fsp_str_dbg(fsp), strerror(errno));
+                       goto fail;
                }
        }