From: Ralph Boehme Date: Mon, 14 Dec 2020 09:44:47 +0000 (+0100) Subject: posix_acls: use SMB_VFS_SYS_ACL_SET_FD() in set_canon_ace_list() X-Git-Tag: samba-4.14.0rc1~210 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d323aebe34f4d6188e98c7a9551b140d9ee1121;p=thirdparty%2Fsamba.git posix_acls: use SMB_VFS_SYS_ACL_SET_FD() in set_canon_ace_list() SMB_VFS_SYS_ACL_SET_FD() can now safely be used to set default ACLs on directories. Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison --- diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 87a89fcbd38..7d9cd8e538f 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -2869,6 +2869,7 @@ static bool set_canon_ace_list(files_struct *fsp, SMB_ACL_TYPE_T the_acl_type = (default_ace ? SMB_ACL_TYPE_DEFAULT : SMB_ACL_TYPE_ACCESS); bool needs_mask = False; mode_t mask_perms = 0; + int sret; /* Use the psbuf that was passed in. */ if (psbuf != &fsp->fsp_name->st) { @@ -3020,81 +3021,35 @@ static bool set_canon_ace_list(files_struct *fsp, /* * Finally apply it to the file or directory. */ - - if (default_ace || fsp->fsp_flags.is_directory || fsp_get_io_fd(fsp) == -1) { - if (SMB_VFS_SYS_ACL_SET_FILE(conn, fsp->fsp_name, - the_acl_type, the_acl) == -1) { - /* - * Some systems allow all the above calls and only fail with no ACL support - * when attempting to apply the acl. HPUX with HFS is an example of this. JRA. - */ - if (no_acl_syscall_error(errno)) { - *pacl_set_support = False; - } - - if (acl_group_override(conn, fsp->fsp_name)) { - int sret; - - DEBUG(5,("set_canon_ace_list: acl group " - "control on and current user in file " - "%s primary group.\n", - fsp_str_dbg(fsp))); - - become_root(); - sret = SMB_VFS_SYS_ACL_SET_FILE(conn, - fsp->fsp_name, the_acl_type, - the_acl); - unbecome_root(); - if (sret == 0) { - ret = True; - } - } - - if (ret == False) { - DEBUG(2,("set_canon_ace_list: " - "sys_acl_set_file type %s failed for " - "file %s (%s).\n", - the_acl_type == SMB_ACL_TYPE_DEFAULT ? - "directory default" : "file", - fsp_str_dbg(fsp), strerror(errno))); - goto fail; - } + sret = SMB_VFS_SYS_ACL_SET_FD(fsp, the_acl_type, the_acl); + if (sret == -1) { + /* + * Some systems allow all the above calls and only fail with no ACL support + * when attempting to apply the acl. HPUX with HFS is an example of this. JRA. + */ + if (no_acl_syscall_error(errno)) { + *pacl_set_support = false; } - } else { - if (SMB_VFS_SYS_ACL_SET_FD(fsp, SMB_ACL_TYPE_ACCESS, the_acl) == -1) { - /* - * Some systems allow all the above calls and only fail with no ACL support - * when attempting to apply the acl. HPUX with HFS is an example of this. JRA. - */ - if (no_acl_syscall_error(errno)) { - *pacl_set_support = False; - } - if (acl_group_override(conn, fsp->fsp_name)) { - int sret; + if (acl_group_override(conn, fsp->fsp_name)) { + DBG_DEBUG("acl group control on and current user in " + "file [%s] primary group.\n", + fsp_str_dbg(fsp)); - DEBUG(5,("set_canon_ace_list: acl group " - "control on and current user in file " - "%s primary group.\n", - fsp_str_dbg(fsp))); - - become_root(); - sret = SMB_VFS_SYS_ACL_SET_FD(fsp, - SMB_ACL_TYPE_ACCESS, - the_acl); - unbecome_root(); - if (sret == 0) { - ret = True; - } + become_root(); + sret = SMB_VFS_SYS_ACL_SET_FD(fsp, + the_acl_type, + the_acl); + unbecome_root(); + if (sret == 0) { + ret = true; } + } - if (ret == False) { - DEBUG(2,("set_canon_ace_list: " - "sys_acl_set_file failed for file %s " - "(%s).\n", - fsp_str_dbg(fsp), strerror(errno))); - goto fail; - } + if (ret == false) { + DBG_WARNING("sys_acl_set_file on file [%s]: (%s)\n", + fsp_str_dbg(fsp), strerror(errno)); + goto fail; } }