From e0b147f650fe59f606d1faffe57059e6e9d7837b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 2 Mar 2018 13:53:55 -0800 Subject: [PATCH] s3: vfs_fruit. Change check_ms_nfs() to remove the virtual ACE's generated by fruit_fget_nt_acl(). MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit Ensures they don't get stored in the underlying ACL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13319 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Thu Mar 8 04:09:38 CET 2018 on sn-devel-144 --- source3/modules/vfs_fruit.c | 43 ++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 42 insertions(+), 1 deletion(-) diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c index 8909bcc7c37..29372e90174 100644 --- a/source3/modules/vfs_fruit.c +++ b/source3/modules/vfs_fruit.c @@ -2957,12 +2957,15 @@ static NTSTATUS readdir_attr_macmeta(struct vfs_handle_struct *handle, /* Search MS NFS style ACE with UNIX mode */ static NTSTATUS check_ms_nfs(vfs_handle_struct *handle, files_struct *fsp, - const struct security_descriptor *psd, + struct security_descriptor *psd, mode_t *pmode, bool *pdo_chmod) { uint32_t i; struct fruit_config_data *config = NULL; + struct dom_sid sid; + NTSTATUS status = NT_STATUS_OK; + bool remove_ok = false; *pdo_chmod = false; @@ -2991,6 +2994,44 @@ static NTSTATUS check_ms_nfs(vfs_handle_struct *handle, } } + /* + * Remove any incoming virtual ACE entries generated by + * fruit_fget_nt_acl(). + */ + + /* MS NFS style mode */ + sid_compose(&sid, &global_sid_Unix_NFS_Mode, + fsp->fsp_name->st.st_ex_mode); + status = security_descriptor_dacl_del(psd, &sid); + remove_ok = (NT_STATUS_IS_OK(status) || + NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)); + if (!remove_ok) { + DBG_WARNING("failed to remove MS NFS_mode style ACE\n"); + return status; + } + + /* MS NFS style uid */ + sid_compose(&sid, &global_sid_Unix_NFS_Users, + fsp->fsp_name->st.st_ex_uid); + status = security_descriptor_dacl_del(psd, &sid); + remove_ok = (NT_STATUS_IS_OK(status) || + NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)); + if (!remove_ok) { + DBG_WARNING("failed to remove MS NFS_users style ACE\n"); + return status; + } + + /* MS NFS style gid */ + sid_compose(&sid, &global_sid_Unix_NFS_Groups, + fsp->fsp_name->st.st_ex_gid); + status = security_descriptor_dacl_del(psd, &sid); + remove_ok = (NT_STATUS_IS_OK(status) || + NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)); + if (!remove_ok) { + DBG_WARNING("failed to remove MS NFS_groups style ACE\n"); + return status; + } + return NT_STATUS_OK; } -- 2.11.4.GIT