s3: vfs_fruit. Change check_ms_nfs() to remove the virtual ACE's generated by fruit_f...

author Jeremy Allison <jra@samba.org>

Fri, 2 Mar 2018 21:53:55 +0000 (13:53 -0800)

committer Ralph Boehme <slow@samba.org>

Thu, 8 Mar 2018 03:09:38 +0000 (04:09 +0100)
author Jeremy Allison <jra@samba.org>
Fri, 2 Mar 2018 21:53:55 +0000 (13:53 -0800)
committer Ralph Boehme <slow@samba.org>
Thu, 8 Mar 2018 03:09:38 +0000 (04:09 +0100)
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c

index 8909bcc7c3797801726ca9f7acfd0632844adeb2..29372e901743fc4444881ad26e7c8921c281306b 100644 (file)
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -2957,12 +2957,15 @@ static NTSTATUS readdir_attr_macmeta(struct vfs_handle_struct *handle,
  /* Search MS NFS style ACE with UNIX mode */
  static NTSTATUS check_ms_nfs(vfs_handle_struct *handle,
                              files_struct *fsp,
-                            const struct security_descriptor *psd,
+                            struct security_descriptor *psd,
                              mode_t *pmode,
                              bool *pdo_chmod)
  {
         uint32_t i;
         struct fruit_config_data *config = NULL;
+       struct dom_sid sid;
+       NTSTATUS status = NT_STATUS_OK;
+       bool remove_ok = false;
  
         *pdo_chmod = false;
  
@@ -2991,6 +2994,44 @@ static NTSTATUS check_ms_nfs(vfs_handle_struct *handle,
                 }
         }
  
+       /*
+        * Remove any incoming virtual ACE entries generated by
+        * fruit_fget_nt_acl().
+        */
+
+       /* MS NFS style mode */
+       sid_compose(&sid, &global_sid_Unix_NFS_Mode,
+                   fsp->fsp_name->st.st_ex_mode);
+       status = security_descriptor_dacl_del(psd, &sid);
+       remove_ok = (NT_STATUS_IS_OK(status) ||
+                    NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND));
+       if (!remove_ok) {
+               DBG_WARNING("failed to remove MS NFS_mode style ACE\n");
+               return status;
+       }
+
+       /* MS NFS style uid */
+       sid_compose(&sid, &global_sid_Unix_NFS_Users,
+                   fsp->fsp_name->st.st_ex_uid);
+       status = security_descriptor_dacl_del(psd, &sid);
+       remove_ok = (NT_STATUS_IS_OK(status) ||
+                    NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND));
+       if (!remove_ok) {
+               DBG_WARNING("failed to remove MS NFS_users style ACE\n");
+               return status;
+       }
+
+       /* MS NFS style gid */
+       sid_compose(&sid, &global_sid_Unix_NFS_Groups,
+                   fsp->fsp_name->st.st_ex_gid);
+       status = security_descriptor_dacl_del(psd, &sid);
+       remove_ok = (NT_STATUS_IS_OK(status) ||
+                    NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND));
+       if (!remove_ok) {
+               DBG_WARNING("failed to remove MS NFS_groups style ACE\n");
+               return status;
+       }
+
         return NT_STATUS_OK;
  }
author	Jeremy Allison <jra@samba.org>
	Fri, 2 Mar 2018 21:53:55 +0000 (13:53 -0800)
committer	Ralph Boehme <slow@samba.org>
	Thu, 8 Mar 2018 03:09:38 +0000 (04:09 +0100)