From: Jeremy Allison <jra@samba.org>
Date: Thu, 25 Mar 2021 22:46:45 +0000 (-0700)
Subject: s3: smbd: Fix SMB_VFS_FGET_NT_ACL/SMB_VFS_FSET_NT_ACL on stream handles.
X-Git-Tag: tevent-0.11.0~1340
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ff48422e63957dd863fda1ede622450312dcb45a;p=thirdparty%2Fsamba.git

s3: smbd: Fix SMB_VFS_FGET_NT_ACL/SMB_VFS_FSET_NT_ACL on stream handles.

As this is done on existing files, we know that
fsp->base_fsp != NULL and fsp->base_fsp->fh->fd != -1
(i.e. it's a pathref fd) for stream handles.

When getting and setting ACLs on stream handles,
use the fsp->base_fsp instead (as Windows does).

This not only fixes streams_xattr, but will
allow us to later analyze and remove all
special casing code for get/set ACLs on streams
handles.

Remove the knownfail.d/stream-acl file.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 30 20:14:35 UTC 2021 on sn-devel-184
---

diff --git a/selftest/knownfail.d/stream-acl b/selftest/knownfail.d/stream-acl
deleted file mode 100644
index 8537396c40b..00000000000
--- a/selftest/knownfail.d/stream-acl
+++ /dev/null
@@ -1 +0,0 @@
-^samba3.smbtorture_s3.plain.SMB2-STREAM-ACL.smbtorture\(fileserver\)
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 86426c36042..921f3fa692c 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -982,6 +982,7 @@ static void canonicalize_inheritance_bits(struct security_descriptor *psd)
 NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
 		       uint32_t security_info_sent)
 {
+	files_struct *sd_fsp = fsp;
 	NTSTATUS status;
 
 	if (!CAN_WRITE(fsp->conn)) {
@@ -1058,7 +1059,14 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
 		NDR_PRINT_DEBUG(security_descriptor, psd);
 	}
 
-	status = SMB_VFS_FSET_NT_ACL(fsp, security_info_sent, psd);
+	if (fsp->base_fsp != NULL) {
+		/*
+		 * This is a stream handle. Use
+		 * the underlying pathref handle.
+		 */
+		sd_fsp = fsp->base_fsp;
+	}
+	status = SMB_VFS_FSET_NT_ACL(sd_fsp, security_info_sent, psd);
 
 	TALLOC_FREE(psd);
 
@@ -2172,8 +2180,16 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
 	    ((security_info_wanted & SECINFO_LABEL) == 0) &&
 	    need_to_read_sd)
 	{
+		files_struct *sd_fsp = fsp;
+		if (fsp->base_fsp != NULL) {
+			/*
+			 * This is a stream handle. Use
+			 * the underlying pathref handle.
+			 */
+			sd_fsp = fsp->base_fsp;
+		}
 		status = SMB_VFS_FGET_NT_ACL(
-			fsp, security_info_wanted, frame, &psd);
+			sd_fsp, security_info_wanted, frame, &psd);
 	} else {
 		status = get_null_nt_acl(frame, &psd);
 	}