From: Jeremy Allison Date: Fri, 12 Feb 2016 18:30:10 +0000 (-0800) Subject: s3: VFS: Modify SMB_VFS_GET_NT_ACL to take a const struct smb_filename * instead... X-Git-Tag: ldb-1.1.26~13 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=616d068f0cebb8e50a855b6e30f36fccb7f5a3c8;p=thirdparty%2Fsamba.git s3: VFS: Modify SMB_VFS_GET_NT_ACL to take a const struct smb_filename * instead of const char * Bumps VFS version to 35. Preparing to reduce use of lp_posix_pathnames(). Most of this is boilerplate, the only subtleties are in the modules: vfs_catia.c vfs_media_harmony.c vfs_shadow_copy2.c vfs_unityed_media.c Where the path is modified then passed to SMB_VFS_NEXT_GET_NT_ACL(). In these cases the change uses synthetic_smb_fname() to create a new struct smb_filename from the modified path. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- diff --git a/examples/VFS/skel_opaque.c b/examples/VFS/skel_opaque.c index a4309d4de69..0d5571ca99e 100644 --- a/examples/VFS/skel_opaque.c +++ b/examples/VFS/skel_opaque.c @@ -667,7 +667,8 @@ static NTSTATUS skel_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, } static NTSTATUS skel_get_nt_acl(vfs_handle_struct *handle, - const char *name, uint32_t security_info, + const struct smb_filename *smb_fname, + uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc) { diff --git a/examples/VFS/skel_transparent.c b/examples/VFS/skel_transparent.c index 2d1ed790cbb..fc3c8181fd9 100644 --- a/examples/VFS/skel_transparent.c +++ b/examples/VFS/skel_transparent.c @@ -794,12 +794,16 @@ static NTSTATUS skel_fget_nt_acl(vfs_handle_struct *handle, files_struct *fsp, } static NTSTATUS skel_get_nt_acl(vfs_handle_struct *handle, - const char *name, uint32_t security_info, + const struct smb_filename *smb_fname, + uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc) { - return SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, mem_ctx, - ppdesc); + return SMB_VFS_NEXT_GET_NT_ACL(handle, + smb_fname, + security_info, + mem_ctx, + ppdesc); } static NTSTATUS skel_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, diff --git a/source3/include/vfs.h b/source3/include/vfs.h index c18ea5947ac..d416a5b1e95 100644 --- a/source3/include/vfs.h +++ b/source3/include/vfs.h @@ -170,8 +170,11 @@ /* Bump to version 34 - Samba 4.4 will ship with that */ /* Version 34 - Remove bool posix_open, add uint64_t posix_flags */ /* Version 34 - Added bool posix_pathnames to struct smb_request */ +/* Bump to version 35 - Samba 4.5 will ship with that */ +/* Version 35 - Change get_nt_acl_fn from const char *, to + const struct smb_filename * */ -#define SMB_VFS_INTERFACE_VERSION 34 +#define SMB_VFS_INTERFACE_VERSION 35 /* All intercepted VFS operations must be declared as static functions inside module source @@ -745,7 +748,7 @@ struct vfs_fn_pointers { TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc); NTSTATUS (*get_nt_acl_fn)(struct vfs_handle_struct *handle, - const char *name, + const struct smb_filename *smb_fname, uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc); @@ -1188,7 +1191,7 @@ NTSTATUS smb_vfs_call_fget_nt_acl(struct vfs_handle_struct *handle, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc); NTSTATUS smb_vfs_call_get_nt_acl(struct vfs_handle_struct *handle, - const char *name, + const struct smb_filename *smb_fname, uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc); diff --git a/source3/include/vfs_macros.h b/source3/include/vfs_macros.h index 16d5bfdb270..cef38496636 100644 --- a/source3/include/vfs_macros.h +++ b/source3/include/vfs_macros.h @@ -437,10 +437,10 @@ #define SMB_VFS_NEXT_FGET_NT_ACL(handle, fsp, security_info, mem_ctx, ppdesc) \ smb_vfs_call_fget_nt_acl((handle)->next, (fsp), (security_info), (mem_ctx), (ppdesc)) -#define SMB_VFS_GET_NT_ACL(conn, name, security_info, mem_ctx, ppdesc) \ - smb_vfs_call_get_nt_acl((conn)->vfs_handles, (name), (security_info), (mem_ctx), (ppdesc)) -#define SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, mem_ctx, ppdesc) \ - smb_vfs_call_get_nt_acl((handle)->next, (name), (security_info), (mem_ctx), (ppdesc)) +#define SMB_VFS_GET_NT_ACL(conn, smb_fname, security_info, mem_ctx, ppdesc) \ + smb_vfs_call_get_nt_acl((conn)->vfs_handles, (smb_fname), (security_info), (mem_ctx), (ppdesc)) +#define SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info, mem_ctx, ppdesc) \ + smb_vfs_call_get_nt_acl((handle)->next, (smb_fname), (security_info), (mem_ctx), (ppdesc)) #define SMB_VFS_AUDIT_FILE(conn, name, sacl, access_requested, access_denied) \ smb_vfs_call_audit_file((conn)->vfs_handles, (name), (sacl), (access_requested), (access_denied)) diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index f73e80c5ada..30574e0e06f 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -366,7 +366,7 @@ static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle, static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, files_struct *fsp, - const char *name, + const struct smb_filename *smb_fname, uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc) @@ -381,14 +381,17 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, uint8_t sys_acl_hash_tmp[XATTR_SD_HASH_SIZE]; struct security_descriptor *psd = NULL; struct security_descriptor *pdesc_next = NULL; + const char *name = NULL; bool ignore_file_system_acl = lp_parm_bool(SNUM(handle->conn), ACL_MODULE_NAME, "ignore system acls", false); TALLOC_CTX *frame = talloc_stackframe(); - if (fsp && name == NULL) { + if (fsp && smb_fname == NULL) { name = fsp->fsp_name->base_name; + } else { + name = smb_fname->base_name; } DEBUG(10, ("get_nt_acl_internal: name=%s\n", name)); @@ -509,7 +512,7 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, &pdesc_next); } else { status = SMB_VFS_NEXT_GET_NT_ACL(handle, - name, + smb_fname, HASH_SECURITY_INFO, mem_ctx, &pdesc_next); @@ -575,7 +578,7 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, &pdesc_next); } else { status = SMB_VFS_NEXT_GET_NT_ACL(handle, - name, + smb_fname, security_info, mem_ctx, &pdesc_next); @@ -728,13 +731,17 @@ static NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle, *********************************************************************/ static NTSTATUS get_nt_acl_common(vfs_handle_struct *handle, - const char *name, + const struct smb_filename *smb_fname, uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc) { - return get_nt_acl_internal(handle, NULL, - name, security_info, mem_ctx, ppdesc); + return get_nt_acl_internal(handle, + NULL, + smb_fname, + security_info, + mem_ctx, + ppdesc); } /********************************************************************* diff --git a/source3/modules/vfs_catia.c b/source3/modules/vfs_catia.c index c17ffa8f13c..48e2e3ff9f3 100644 --- a/source3/modules/vfs_catia.c +++ b/source3/modules/vfs_catia.c @@ -778,12 +778,14 @@ catia_streaminfo(struct vfs_handle_struct *handle, static NTSTATUS catia_get_nt_acl(struct vfs_handle_struct *handle, - const char *path, + const struct smb_filename *smb_fname, uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc) { char *mapped_name = NULL; + const char *path = smb_fname->base_name; + struct smb_filename *mapped_smb_fname = NULL; NTSTATUS status; status = catia_string_replace_allocate(handle->conn, @@ -792,9 +794,19 @@ catia_get_nt_acl(struct vfs_handle_struct *handle, errno = map_errno_from_nt_status(status); return status; } - status = SMB_VFS_NEXT_GET_NT_ACL(handle, mapped_name, + mapped_smb_fname = synthetic_smb_fname(talloc_tos(), + mapped_name, + NULL, + NULL); + if (mapped_smb_fname == NULL) { + TALLOC_FREE(mapped_name); + return NT_STATUS_NO_MEMORY; + } + + status = SMB_VFS_NEXT_GET_NT_ACL(handle, mapped_smb_fname, security_info, mem_ctx, ppdesc); TALLOC_FREE(mapped_name); + TALLOC_FREE(mapped_smb_fname); return status; } diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c index 762624bec66..43e65acc110 100644 --- a/source3/modules/vfs_default.c +++ b/source3/modules/vfs_default.c @@ -2327,7 +2327,7 @@ static NTSTATUS vfswrap_fget_nt_acl(vfs_handle_struct *handle, } static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle, - const char *name, + const struct smb_filename *smb_fname, uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc) @@ -2335,8 +2335,11 @@ static NTSTATUS vfswrap_get_nt_acl(vfs_handle_struct *handle, NTSTATUS result; START_PROFILE(get_nt_acl); - result = posix_get_nt_acl(handle->conn, name, security_info, - mem_ctx, ppdesc); + result = posix_get_nt_acl(handle->conn, + smb_fname->base_name, + security_info, + mem_ctx, + ppdesc); END_PROFILE(get_nt_acl); return result; } diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c index 904b56905ee..9c771852488 100644 --- a/source3/modules/vfs_full_audit.c +++ b/source3/modules/vfs_full_audit.c @@ -1897,18 +1897,18 @@ static NTSTATUS smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_stru } static NTSTATUS smb_full_audit_get_nt_acl(vfs_handle_struct *handle, - const char *name, + const struct smb_filename *smb_fname, uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc) { NTSTATUS result; - result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, + result = SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info, mem_ctx, ppdesc); do_log(SMB_VFS_OP_GET_NT_ACL, NT_STATUS_IS_OK(result), handle, - "%s", name); + "%s", smb_fname_str_do_log(smb_fname)); return result; } diff --git a/source3/modules/vfs_media_harmony.c b/source3/modules/vfs_media_harmony.c index d960fae9fc5..65673e17fa4 100644 --- a/source3/modules/vfs_media_harmony.c +++ b/source3/modules/vfs_media_harmony.c @@ -2016,19 +2016,20 @@ out: * In this case, "name" is a path. */ static NTSTATUS mh_get_nt_acl(vfs_handle_struct *handle, - const char *name, + const struct smb_filename *smb_fname, uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc) { NTSTATUS status; char *clientPath; + struct smb_filename *client_smb_fname = NULL; TALLOC_CTX *ctx; DEBUG(MH_INFO_DEBUG, ("Entering mh_get_nt_acl\n")); - if (!is_in_media_files(name)) + if (!is_in_media_files(smb_fname->base_name)) { - status = SMB_VFS_NEXT_GET_NT_ACL(handle, name, + status = SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info, mem_ctx, ppdesc); goto out; @@ -2038,18 +2039,28 @@ static NTSTATUS mh_get_nt_acl(vfs_handle_struct *handle, ctx = talloc_tos(); if (alloc_get_client_path(handle, ctx, - name, + smb_fname->base_name, &clientPath)) { status = map_nt_error_from_unix(errno); goto err; } - status = SMB_VFS_NEXT_GET_NT_ACL(handle, clientPath, + client_smb_fname = synthetic_smb_fname(talloc_tos(), + clientPath, + NULL, + NULL); + if (client_smb_fname == NULL) { + TALLOC_FREE(clientPath); + return NT_STATUS_NO_MEMORY; + } + + status = SMB_VFS_NEXT_GET_NT_ACL(handle, client_smb_fname, security_info, mem_ctx, ppdesc); err: TALLOC_FREE(clientPath); + TALLOC_FREE(client_smb_fname); out: return status; } diff --git a/source3/modules/vfs_nfs4acl_xattr.c b/source3/modules/vfs_nfs4acl_xattr.c index b0416998e34..c02fd6a829c 100644 --- a/source3/modules/vfs_nfs4acl_xattr.c +++ b/source3/modules/vfs_nfs4acl_xattr.c @@ -541,12 +541,14 @@ static NTSTATUS nfs4acl_xattr_fget_nt_acl(struct vfs_handle_struct *handle, } static NTSTATUS nfs4acl_xattr_get_nt_acl(struct vfs_handle_struct *handle, - const char *name, uint32_t security_info, + const struct smb_filename *smb_fname, + uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc) { struct SMB4ACL_T *pacl; NTSTATUS status; + const char *name = smb_fname->base_name; TALLOC_CTX *frame = talloc_stackframe(); status = nfs4_get_nfs4_acl(handle, frame, name, &pacl); diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c index 61ef5d49fb0..87b4cd2a791 100644 --- a/source3/modules/vfs_shadow_copy2.c +++ b/source3/modules/vfs_shadow_copy2.c @@ -1466,6 +1466,7 @@ static NTSTATUS shadow_copy2_fget_nt_acl(vfs_handle_struct *handle, char *stripped; NTSTATUS status; char *conv; + struct smb_filename *smb_fname = NULL; if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, fsp->fsp_name->base_name, @@ -1482,14 +1483,24 @@ static NTSTATUS shadow_copy2_fget_nt_acl(vfs_handle_struct *handle, if (conv == NULL) { return map_nt_error_from_unix(errno); } - status = SMB_VFS_NEXT_GET_NT_ACL(handle, conv, security_info, + smb_fname = synthetic_smb_fname(talloc_tos(), + conv, + NULL, + NULL); + if (smb_fname == NULL) { + TALLOC_FREE(conv); + return NT_STATUS_NO_MEMORY; + } + + status = SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info, mem_ctx, ppdesc); TALLOC_FREE(conv); + TALLOC_FREE(smb_fname); return status; } static NTSTATUS shadow_copy2_get_nt_acl(vfs_handle_struct *handle, - const char *fname, + const struct smb_filename *smb_fname, uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc) @@ -1498,13 +1509,17 @@ static NTSTATUS shadow_copy2_get_nt_acl(vfs_handle_struct *handle, char *stripped; NTSTATUS status; char *conv; + struct smb_filename *conv_smb_fname = NULL; - if (!shadow_copy2_strip_snapshot(talloc_tos(), handle, fname, - ×tamp, &stripped)) { + if (!shadow_copy2_strip_snapshot(talloc_tos(), + handle, + smb_fname->base_name, + ×tamp, + &stripped)) { return map_nt_error_from_unix(errno); } if (timestamp == 0) { - return SMB_VFS_NEXT_GET_NT_ACL(handle, fname, security_info, + return SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info, mem_ctx, ppdesc); } conv = shadow_copy2_convert(talloc_tos(), handle, stripped, timestamp); @@ -1512,9 +1527,18 @@ static NTSTATUS shadow_copy2_get_nt_acl(vfs_handle_struct *handle, if (conv == NULL) { return map_nt_error_from_unix(errno); } - status = SMB_VFS_NEXT_GET_NT_ACL(handle, conv, security_info, + conv_smb_fname = synthetic_smb_fname(talloc_tos(), + conv, + NULL, + NULL); + if (conv_smb_fname == NULL) { + TALLOC_FREE(conv); + return NT_STATUS_NO_MEMORY; + } + status = SMB_VFS_NEXT_GET_NT_ACL(handle, conv_smb_fname, security_info, mem_ctx, ppdesc); TALLOC_FREE(conv); + TALLOC_FREE(conv_smb_fname); return status; } diff --git a/source3/modules/vfs_time_audit.c b/source3/modules/vfs_time_audit.c index 2fc6afdfef6..6e0c8a4c2a8 100644 --- a/source3/modules/vfs_time_audit.c +++ b/source3/modules/vfs_time_audit.c @@ -1895,7 +1895,7 @@ static NTSTATUS smb_time_audit_fget_nt_acl(vfs_handle_struct *handle, } static NTSTATUS smb_time_audit_get_nt_acl(vfs_handle_struct *handle, - const char *name, + const struct smb_filename *smb_fname, uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc) @@ -1905,13 +1905,15 @@ static NTSTATUS smb_time_audit_get_nt_acl(vfs_handle_struct *handle, double timediff; clock_gettime_mono(&ts1); - result = SMB_VFS_NEXT_GET_NT_ACL(handle, name, security_info, + result = SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info, mem_ctx, ppdesc); clock_gettime_mono(&ts2); timediff = nsec_time_diff(&ts2,&ts1)*1.0e-9; if (timediff > audit_timeout) { - smb_time_audit_log_fname("get_nt_acl", timediff, name); + smb_time_audit_log_fname("get_nt_acl", + timediff, + smb_fname->base_name); } return result; diff --git a/source3/modules/vfs_unityed_media.c b/source3/modules/vfs_unityed_media.c index b4d7dc09b49..f53a13b60b4 100644 --- a/source3/modules/vfs_unityed_media.c +++ b/source3/modules/vfs_unityed_media.c @@ -1518,34 +1518,45 @@ err: */ static NTSTATUS um_get_nt_acl(vfs_handle_struct *handle, - const char *name, + const struct smb_filename *smb_fname, uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc) { NTSTATUS status; char *client_path = NULL; + struct smb_filename *client_smb_fname = NULL; int ret; DEBUG(10, ("Entering um_get_nt_acl\n")); - if (!is_in_media_files(name)) { - return SMB_VFS_NEXT_GET_NT_ACL(handle, name, + if (!is_in_media_files(smb_fname->base_name)) { + return SMB_VFS_NEXT_GET_NT_ACL(handle, smb_fname, security_info, mem_ctx, ppdesc); } ret = alloc_get_client_path(handle, talloc_tos(), - name, &client_path); + smb_fname->base_name, &client_path); if (ret != 0) { status = map_nt_error_from_unix(errno); goto err; } - status = SMB_VFS_NEXT_GET_NT_ACL(handle, client_path, + client_smb_fname = synthetic_smb_fname(talloc_tos(), + client_path, + NULL, + NULL); + if (client_smb_fname == NULL) { + TALLOC_FREE(client_path); + return NT_STATUS_NO_MEMORY; + } + + status = SMB_VFS_NEXT_GET_NT_ACL(handle, client_smb_fname, security_info, mem_ctx, ppdesc); err: + TALLOC_FREE(client_smb_fname); TALLOC_FREE(client_path); return status; } diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 38059152106..a586edf8aa9 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -1386,7 +1386,7 @@ static bool user_can_read_file(connection_struct *conn, } status = SMB_VFS_GET_NT_ACL(conn, - smb_fname->base_name, + smb_fname, (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL), diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 75fd13f15bd..0a6d6b154a4 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -151,7 +151,17 @@ bool directory_has_default_acl(connection_struct *conn, const char *fname) { struct security_descriptor *secdesc = NULL; unsigned int i; - NTSTATUS status = SMB_VFS_GET_NT_ACL(conn, fname, + NTSTATUS status; + struct smb_filename *smb_fname = synthetic_smb_fname(talloc_tos(), + fname, + NULL, + NULL); + + if (smb_fname == NULL) { + return false; + } + + status = SMB_VFS_GET_NT_ACL(conn, smb_fname, SECINFO_DACL, talloc_tos(), &secdesc); diff --git a/source3/smbd/open.c b/source3/smbd/open.c index fa817e44563..449a76f86a2 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -119,7 +119,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn, return NT_STATUS_OK; } - status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name, + status = SMB_VFS_GET_NT_ACL(conn, smb_fname, (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL), talloc_tos(), &sd); @@ -243,6 +243,7 @@ static NTSTATUS check_parent_access(struct connection_struct *conn, char *parent_dir = NULL; struct security_descriptor *parent_sd = NULL; uint32_t access_granted = 0; + struct smb_filename *parent_smb_fname = NULL; if (!parent_dirname(talloc_tos(), smb_fname->base_name, @@ -251,6 +252,14 @@ static NTSTATUS check_parent_access(struct connection_struct *conn, return NT_STATUS_NO_MEMORY; } + parent_smb_fname = synthetic_smb_fname(talloc_tos(), + parent_dir, + NULL, + NULL); + if (parent_smb_fname == NULL) { + return NT_STATUS_NO_MEMORY; + } + if (get_current_uid(conn) == (uid_t)0) { /* I'm sorry sir, I didn't know you were root... */ DEBUG(10,("check_parent_access: root override " @@ -261,7 +270,7 @@ static NTSTATUS check_parent_access(struct connection_struct *conn, } status = SMB_VFS_GET_NT_ACL(conn, - parent_dir, + parent_smb_fname, SECINFO_DACL, talloc_tos(), &parent_sd); @@ -2171,7 +2180,7 @@ static NTSTATUS smbd_calculate_maximum_allowed_access( return NT_STATUS_OK; } - status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name, + status = SMB_VFS_GET_NT_ACL(conn, smb_fname, (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL), @@ -3977,14 +3986,24 @@ static NTSTATUS inherit_new_acl(files_struct *fsp) const struct dom_sid *SY_U_sid = NULL; const struct dom_sid *SY_G_sid = NULL; size_t size = 0; + struct smb_filename *parent_smb_fname = NULL; if (!parent_dirname(frame, fsp->fsp_name->base_name, &parent_name, NULL)) { TALLOC_FREE(frame); return NT_STATUS_NO_MEMORY; } + parent_smb_fname = synthetic_smb_fname(talloc_tos(), + parent_name, + NULL, + NULL); + + if (parent_smb_fname == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } status = SMB_VFS_GET_NT_ACL(fsp->conn, - parent_name, + parent_smb_fname, (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL), frame, &parent_desc); diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 0c9c749db0e..336af81f61e 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -4629,6 +4629,15 @@ NTSTATUS get_nt_acl_no_snum(TALLOC_CTX *ctx, const char *fname, TALLOC_CTX *frame = talloc_stackframe(); connection_struct *conn; NTSTATUS status = NT_STATUS_OK; + struct smb_filename *smb_fname = synthetic_smb_fname(talloc_tos(), + fname, + NULL, + NULL); + + if (smb_fname == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } if (!posix_locking_init(false)) { TALLOC_FREE(frame); @@ -4650,7 +4659,11 @@ NTSTATUS get_nt_acl_no_snum(TALLOC_CTX *ctx, const char *fname, return status; } - status = SMB_VFS_GET_NT_ACL(conn, fname, security_info_wanted, ctx, sd); + status = SMB_VFS_GET_NT_ACL(conn, + smb_fname, + security_info_wanted, + ctx, + sd); if (!NT_STATUS_IS_OK(status)) { DEBUG(0, ("get_nt_acl_no_snum: SMB_VFS_GET_NT_ACL returned %s.\n", nt_errstr(status))); diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index df8d0799929..cd6a1e2e724 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -195,8 +195,22 @@ static NTSTATUS get_nt_acl_conn(TALLOC_CTX *mem_ctx, struct security_descriptor **sd) { TALLOC_CTX *frame = talloc_stackframe(); - NTSTATUS status = SMB_VFS_GET_NT_ACL( conn, fname, security_info_wanted, - mem_ctx, sd); + NTSTATUS status; + struct smb_filename *smb_fname = synthetic_smb_fname(talloc_tos(), + fname, + NULL, + NULL); + + if (smb_fname == NULL) { + TALLOC_FREE(frame); + return NT_STATUS_NO_MEMORY; + } + + status = SMB_VFS_GET_NT_ACL(conn, + smb_fname, + security_info_wanted, + mem_ctx, + sd); if (!NT_STATUS_IS_OK(status)) { DEBUG(0,("get_nt_acl_conn: get_nt_acl returned %s.\n", nt_errstr(status))); } diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c index 89f0ae194f0..57b833bbdf7 100644 --- a/source3/smbd/vfs.c +++ b/source3/smbd/vfs.c @@ -2261,13 +2261,17 @@ NTSTATUS smb_vfs_call_fget_nt_acl(struct vfs_handle_struct *handle, } NTSTATUS smb_vfs_call_get_nt_acl(struct vfs_handle_struct *handle, - const char *name, + const struct smb_filename *smb_fname, uint32_t security_info, TALLOC_CTX *mem_ctx, struct security_descriptor **ppdesc) { VFS_FIND(get_nt_acl); - return handle->fns->get_nt_acl_fn(handle, name, security_info, mem_ctx, ppdesc); + return handle->fns->get_nt_acl_fn(handle, + smb_fname, + security_info, + mem_ctx, + ppdesc); } NTSTATUS smb_vfs_call_fset_nt_acl(struct vfs_handle_struct *handle, diff --git a/source3/torture/cmd_vfs.c b/source3/torture/cmd_vfs.c index 040759af0c8..3a8b7f7136b 100644 --- a/source3/torture/cmd_vfs.c +++ b/source3/torture/cmd_vfs.c @@ -1380,13 +1380,23 @@ static NTSTATUS cmd_get_nt_acl(struct vfs_state *vfs, TALLOC_CTX *mem_ctx, { NTSTATUS status; struct security_descriptor *sd; + struct smb_filename *smb_fname = NULL; if (argc != 2) { printf("Usage: get_nt_acl \n"); return NT_STATUS_OK; } - status = SMB_VFS_GET_NT_ACL(vfs->conn, argv[1], + smb_fname = synthetic_smb_fname(talloc_tos(), + argv[1], + NULL, + NULL); + + if (smb_fname == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = SMB_VFS_GET_NT_ACL(vfs->conn, smb_fname, SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL, talloc_tos(), &sd); if (!NT_STATUS_IS_OK(status)) {