6706181 Make smbfs present real ACLs for ls -V, libsec

3 files changed, 43 insertions, 8 deletions

diff --git a/usr/src/lib/libsmbfs/netsmb/smbfs_acl.h b/usr/src/lib/libsmbfs/netsmb/smbfs_acl.h
index b8cf6a8036..acdef1d062 100644
--- a/usr/src/lib/libsmbfs/netsmb/smbfs_acl.h
+++ b/usr/src/lib/libsmbfs/netsmb/smbfs_acl.h
@@ -20,7 +20,7 @@
  */
 
 /*
- * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -79,9 +79,28 @@ int smbfs_acl_getsd(int fd, uint32_t, struct i_ntsd **);
  */
 int smbfs_acl_setsd(int fd, uint32_t, struct i_ntsd *);
 
+/*
+ * Selector bits (2nd arg above) copied from smb.h so we
+ * don't need that whole thing exposed to our consumers.
+ * Any mismatch would be detected in smb/acl_api.c
+ */
+#define	OWNER_SECURITY_INFORMATION		0x00000001
+#define	GROUP_SECURITY_INFORMATION		0x00000002
+#define	DACL_SECURITY_INFORMATION		0x00000004
+#define	SACL_SECURITY_INFORMATION		0x00000008
+
 struct __FILE;
 void smbfs_acl_print_sd(struct __FILE *, struct i_ntsd *);
 
+/*
+ * These are duplicated from common/smbclnt/smbfs_ntacl.h
+ * rather than exporting that header for this library.
+ * Any mismatch would be detected in smb/acl_api.c
+ */
+int smbfs_acl_sd2zfs(struct i_ntsd *, acl_t *, uid_t *, gid_t *);
+int smbfs_acl_zfs2sd(acl_t *, uid_t, gid_t, uint32_t, struct i_ntsd **);
+void smbfs_acl_free_sd(struct i_ntsd *);
+
 #ifdef	__cplusplus
 }
 #endif
diff --git a/usr/src/lib/libsmbfs/smb/acl_api.c b/usr/src/lib/libsmbfs/smb/acl_api.c
index b5b6123063..052539316b 100644
--- a/usr/src/lib/libsmbfs/smb/acl_api.c
+++ b/usr/src/lib/libsmbfs/smb/acl_api.c
@@ -20,7 +20,7 @@
  */
 
 /*
- * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -274,10 +274,14 @@ out:
 int
 smbfs_acl_set(int fd, acl_t *acl, uid_t uid, gid_t gid)
 {
+	struct stat st;
 	i_ntsd_t *sd = NULL;
 	uint32_t selector;
 	int error;
 
+	if (acl && acl->acl_type != ACE_T)
+		return (EINVAL);
+
 	/*
 	 * Which parts of the SD are being modified?
 	 * XXX: Ditto comments above re. SACL.
@@ -292,14 +296,25 @@ smbfs_acl_set(int fd, acl_t *acl, uid_t uid, gid_t gid)
 	if (selector == 0)
 		return (0);
 
-	if (acl && acl->acl_type != ACE_T)
-		return (EINVAL);
+	if (uid == (uid_t)-1 || gid == (gid_t)-1) {
+		/*
+		 * If not setting owner or group, we need the
+		 * current owner and group for translating
+		 * references via owner@ or group@ ACEs.
+		 */
+		if (fstat(fd, &st) != 0)
+			return (errno);
+		if (uid == (uid_t)-1)
+			uid = st.st_uid;
+		if (gid == (gid_t)-1)
+			gid = st.st_gid;
+	}
 
 	/*
 	 * Convert the ZFS ACL to an internal SD.
 	 * Returns allocated data in sd
 	 */
-	error = smbfs_acl_zfs2sd(acl, uid, gid, &sd);
+	error = smbfs_acl_zfs2sd(acl, uid, gid, selector, &sd);
 	if (error == 0)
 		error = smbfs_acl_setsd(fd, selector, sd);
 
diff --git a/usr/src/lib/libsmbfs/smb/acl_print.c b/usr/src/lib/libsmbfs/smb/acl_print.c
index 6d399e32aa..62e8b846f1 100644
--- a/usr/src/lib/libsmbfs/smb/acl_print.c
+++ b/usr/src/lib/libsmbfs/smb/acl_print.c
@@ -20,7 +20,7 @@
  */
 
 /*
- * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
+ * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
  * Use is subject to license terms.
  */
 
@@ -81,10 +81,11 @@ fprint_ntace(FILE *fp, i_ntace_t *ace)
 
 	/* ACEs are always printed in a list, so indent by 2. */
 	fprintf(fp, "  ace_type=%d ace_flags=0x%x ace_rights=0x%x\n",
-	    ace->ace_type, ace->ace_flags, ace->ace_rights);
+	    ace->ace_hdr.ace_type, ace->ace_hdr.ace_flags,
+	    ace->ace_v2.ace_rights);
 	/* Show the SID as a "continuation" line. */
 	fprintf(fp, "    ace_sid: ");
-	fprint_sid(fp, ace->ace_sid);
+	fprint_sid(fp, ace->ace_v2.ace_sid);
 }
 
 static void