s3: smbd: Fix SMB_VFS_FGET_NT_ACL/SMB_VFS_FSET_NT_ACL on stream handles.

As this is done on existing files, we know that
fsp->base_fsp != NULL and fsp->base_fsp->fh->fd != -1
(i.e. it's a pathref fd) for stream handles.

When getting and setting ACLs on stream handles,
use the fsp->base_fsp instead (as Windows does).

This not only fixes streams_xattr, but will
allow us to later analyze and remove all
special casing code for get/set ACLs on streams
handles.

Remove the knownfail.d/stream-acl file.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 30 20:14:35 UTC 2021 on sn-devel-184

diff --git a/selftest/knownfail.d/stream-acl b/selftest/knownfail.d/stream-acl
deleted file mode 100644 (file)
index 8537396..0000000
--- a/selftest/knownfail.d/stream-acl
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.smbtorture_s3.plain.SMB2-STREAM-ACL.smbtorture\(fileserver\)

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 86426c360424c7cc3b333d9a818379050ce35bd6..921f3fa692cd789f51842ce713060d5c78a69bff 100644 (file)
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -982,6 +982,7 @@ static void canonicalize_inheritance_bits(struct security_descriptor *psd)
 NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
                       uint32_t security_info_sent)
 {
+       files_struct *sd_fsp = fsp;
        NTSTATUS status;
 
        if (!CAN_WRITE(fsp->conn)) {
@@ -1058,7 +1059,14 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
                NDR_PRINT_DEBUG(security_descriptor, psd);
        }
 
-       status = SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, psd);
+       if (fsp->base_fsp != NULL) {
+               /*
+                * This is a stream handle. Use
+                * the underlying pathref handle.
+                */
+               sd_fsp = fsp->base_fsp;
+       }
+       status = SMB_VFS_FSET_NT_ACL(sd_fsp, security_info_sent, psd);
 
        TALLOC_FREE(psd);
 
@@ -2172,8 +2180,16 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
            ((security_info_wanted & SECINFO_LABEL) == 0) &&
            need_to_read_sd)
        {
+               files_struct *sd_fsp = fsp;
+               if (fsp->base_fsp != NULL) {
+                       /*
+                        * This is a stream handle. Use
+                        * the underlying pathref handle.
+                        */
+                       sd_fsp = fsp->base_fsp;
+               }
                status = SMB_VFS_FGET_NT_ACL(
-                       fsp, security_info_wanted, frame, &psd);
+                       sd_fsp, security_info_wanted, frame, &psd);
        } else {
                status = get_null_nt_acl(frame, &psd);
        }