NDR_PRINT_DEBUG(security_descriptor,
CONST_DISCARD(struct security_descriptor *,psd));
}
+ /*
+ * Perhaps create_acl_blob should have a status return as well
+ */
create_acl_blob(psd, &blob, XATTR_SD_HASH_TYPE_SHA256, hash);
- store_acl_blob_fsp(handle, fsp, &blob);
+ status = store_acl_blob_fsp(handle, fsp, &blob);
- return NT_STATUS_OK;
+ return status;
}
static SMB_STRUCT_DIR *opendir_acl_common(vfs_handle_struct *handle,
const char *fname, const char *mask, uint32 attr)
{
- NTSTATUS status = check_parent_acl_common(handle, fname,
- SEC_DIR_LIST, NULL);
+ NTSTATUS status;
+ uint32_t access_granted = 0;
+ struct security_descriptor *sd = NULL;
+
+ status = get_nt_acl_internal(handle,
+ NULL,
+ fname,
+ (SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL |
+ SECINFO_SACL),
+ &sd);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("opendir_acl_common: "
+ "get_nt_acl_internal for dir %s "
+ "failed with error %s\n",
+ fname,
+ nt_errstr(status) ));
+ errno = map_errno_from_nt_status(status);
+ return NULL;
+ }
+ /* See if we can access it. */
+ status = smb1_file_se_access_check(handle->conn,
+ sd,
+ get_current_nttok(handle->conn),
+ SEC_DIR_LIST,
+ &access_granted);
if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("opendir_acl_common: %s open "
+ "for access SEC_DIR_LIST "
+ "refused with error %s\n",
+ fname,
+ nt_errstr(status) ));
errno = map_errno_from_nt_status(status);
return NULL;
}
+
return SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
}
git.samba.org / ddiss / samba.git / blobdiff