From bf3e90462b8c1172ada2a8346db376984dd54394 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 15 Mar 2018 09:52:30 -0700 Subject: [PATCH] s3: smbd: vfs_fruit: Add remove_virtual_nfs_aces() a generic NFS ACE remover. Not yet used, will be used to tidyup existing code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit ef091e2cf836793e2aa533990913609ccab5119a) --- source3/modules/vfs_fruit.c | 43 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c index c8b318cacca..f63d53b9a99 100644 --- a/source3/modules/vfs_fruit.c +++ b/source3/modules/vfs_fruit.c @@ -2936,6 +2936,49 @@ static NTSTATUS readdir_attr_macmeta(struct vfs_handle_struct *handle, return status; } +static NTSTATUS remove_virtual_nfs_aces(struct security_descriptor *psd) +{ + NTSTATUS status; + uint32_t i; + + if (psd->dacl == NULL) { + return NT_STATUS_OK; + } + + for (i = 0; i < psd->dacl->num_aces; i++) { + /* MS NFS style mode/uid/gid */ + if (!dom_sid_compare_domain( + &global_sid_Unix_NFS, + &psd->dacl->aces[i].trustee) == 0) { + /* Normal ACE entry. */ + continue; + } + + /* + * security_descriptor_dacl_del() + * *must* return NT_STATUS_OK as we know + * we have something to remove. + */ + + status = security_descriptor_dacl_del(psd, + &psd->dacl->aces[i].trustee); + if (!NT_STATUS_IS_OK(status)) { + DBG_WARNING("failed to remove MS NFS style ACE: %s\n", + nt_errstr(status)); + return status; + } + + /* + * security_descriptor_dacl_del() may delete more + * then one entry subsequent to this one if the + * SID matches, but we only need to ensure that + * we stay looking at the same element in the array. + */ + i--; + } + return NT_STATUS_OK; +} + /* Search MS NFS style ACE with UNIX mode */ static NTSTATUS check_ms_nfs(vfs_handle_struct *handle, files_struct *fsp, -- 2.11.4.GIT