Ensure get_nt_acl_internal() only looks at the ACL blobs, not

reads off the underlying filesystem. Ensure that vfs_acl_tdb.c
returns NT_STATUS_NOT_FOUND, not NT_STATUS_OBJECT_NAME_NOT_FOUND
when it can't find a blob matching the file.
Jeremy.

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 116211c9c0ada4b81a1237a4e1b3d91bcd76ee8f..ff97a04c73cfc1ce74b3972b1f8dc4c99bcf7c05 100644 (file)
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -161,7 +161,8 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd,
 }
 
 /*******************************************************************
- Store a DATA_BLOB into an xattr given a pathname.
+ Pull a DATA_BLOB from an xattr given a pathname.
+ DOES NOT FALL BACK TO THE UNDERLYING ACLs ON THE FILESYSTEM.
 *******************************************************************/
 
 static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
@@ -185,21 +186,8 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle,
 
        status = get_acl_blob(talloc_tos(), handle, fsp, name, &blob);
        if (!NT_STATUS_IS_OK(status)) {
-               DEBUG(10, ("get_acl_blob returned %s\n", nt_errstr(status)));
-               if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
-                       /* Pull the ACL from the underlying system. */
-                       if (fsp) {
-                               status = SMB_VFS_NEXT_FGET_NT_ACL(handle,
-                                                               fsp,
-                                                               security_info,
-                                                               ppdesc);
-                       } else {
-                               status = SMB_VFS_NEXT_GET_NT_ACL(handle,
-                                                               name,
-                                                               security_info,
-                                                               ppdesc);
-                       }
-               }
+               DEBUG(10, ("get_nt_acl_internal: get_acl_blob returned %s\n",
+                       nt_errstr(status)));
                return status;
        }
 
@@ -668,8 +656,16 @@ static int mkdir_acl_common(vfs_handle_struct *handle, const char *path, mode_t
 static NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
         uint32_t security_info, struct security_descriptor **ppdesc)
 {
-       return get_nt_acl_internal(handle, fsp,
+       NTSTATUS status = get_nt_acl_internal(handle, fsp,
                                NULL, security_info, ppdesc);
+       if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+               /* Pull the ACL from the underlying system. */
+               status = SMB_VFS_NEXT_FGET_NT_ACL(handle,
+                                               fsp,
+                                               security_info,
+                                               ppdesc);
+       }
+       return status;
 }
 
 /*********************************************************************
@@ -679,8 +675,16 @@ static NTSTATUS fget_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 static NTSTATUS get_nt_acl_common(vfs_handle_struct *handle,
         const char *name, uint32_t security_info, struct security_descriptor **ppdesc)
 {
-       return get_nt_acl_internal(handle, NULL,
+       NTSTATUS status = get_nt_acl_internal(handle, NULL,
                                name, security_info, ppdesc);
+       if (NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+               /* Pull the ACL from the underlying system. */
+               status = SMB_VFS_NEXT_GET_NT_ACL(handle,
+                                               name,
+                                               security_info,
+                                               ppdesc);
+       }
+       return status;
 }
 
 /*********************************************************************

diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
index f9e766d001349fe8a9a836cb30f430fbc9d61f20..dcd323a1487452c6c3b680a70999c76d5eaf5ae3 100644 (file)
--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -188,7 +188,7 @@ static NTSTATUS get_acl_blob(TALLOC_CTX *ctx,
                (unsigned int)data.dsize, name ));
 
        if (pblob->length == 0 || pblob->data == NULL) {
-               return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+               return NT_STATUS_NOT_FOUND;
        }
        return NT_STATUS_OK;
 }