r23620: Convert set_nt_acl to return NTSTATUS. Also fix the chown

return to correctly return NT_STATUS_INVALID_OWNER if it
should be disallowed. Matches better what W2K3R3 does.

NFSv4 ACL module owners, please examine these changes.

Jeremy.
(This used to be commit fc6899a5506b272f8cd5f5837ca13300b4e69a5f)

9 files changed, 53 insertions, 74 deletions

diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 1da8d1b7a33..30c209dd93a 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -42,7 +42,7 @@ typedef struct _SMB_ACL4_INT_T
 
 extern struct current_user current_user;
 extern int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid);
-extern BOOL unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp,
+extern NTSTATUS unpack_nt_owners(int snum, uid_t *puser, gid_t *pgrp,
 	uint32 security_info_sent, SEC_DESC *psd);
 
 static SMB_ACL4_INT_T *get_validated_aclint(SMB4ACL_T *acl)
@@ -559,7 +559,7 @@ static SMB4ACL_T *smbacl4_win2nfs4(
 	return acl;
 }
 
-BOOL smb_set_nt_acl_nfs4(files_struct *fsp,
+NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
 	uint32 security_info_sent,
 	SEC_DESC *psd,
 	set_nfs4acl_native_fn_t set_nfs4_native)
@@ -569,7 +569,6 @@ BOOL smb_set_nt_acl_nfs4(files_struct *fsp,
 	BOOL	result;
 
 	SMB_STRUCT_STAT sbuf;
-	BOOL need_chown = False;
 	uid_t newUID = (uid_t)-1;
 	gid_t newGID = (gid_t)-1;
 
@@ -580,43 +579,37 @@ BOOL smb_set_nt_acl_nfs4(files_struct *fsp,
 	{
 		DEBUG(9, ("security_info_sent (0x%x) ignored\n",
 			security_info_sent));
-		return True; /* won't show error - later to be refined... */
+		return NT_STATUS_OK; /* won't show error - later to be refined... */
 	}
 
 	/* Special behaviours */
 	if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME, fsp, &params))
-		return False;
+		return NT_STATUS_NO_MEMORY;
 
 	if (smbacl4_GetFileOwner(fsp, &sbuf))
-		return False;
+		return map_nt_error_from_unix(errno);
 
 	if (params.do_chown) {
 		/* chown logic is a copy/paste from posix_acl.c:set_nt_acl */
-		if (!unpack_nt_owners(SNUM(fsp->conn), &newUID, &newGID, security_info_sent, psd))
-		{
+		NTSTATUS status = unpack_nt_owners(SNUM(fsp->conn), &newUID, &newGID, security_info_sent, psd);
+		if (!NT_STATUS_IS_OK(status)) {
 			DEBUG(8, ("unpack_nt_owners failed"));
-			return False;
+			return status;
 		}
 		if (((newUID != (uid_t)-1) && (sbuf.st_uid != newUID)) ||
-			((newGID != (gid_t)-1) && (sbuf.st_gid != newGID))) {
-			need_chown = True;
-		}
-		if (need_chown) {
-			if ((newUID == (uid_t)-1 || newUID == current_user.ut.uid)) {
-				if(try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) {
-					DEBUG(3,("chown %s, %u, %u failed. Error = %s.\n",
-						fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID, strerror(errno) ));
-					return False;
+				((newGID != (gid_t)-1) && (sbuf.st_gid != newGID))) {
+			if(try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) {
+				DEBUG(3,("chown %s, %u, %u failed. Error = %s.\n",
+					fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID, strerror(errno) ));
+				if (errno == EPERM) {
+					return NT_STATUS_INVALID_OWNER;
 				}
-				DEBUG(10,("chown %s, %u, %u succeeded.\n",
-					fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID));
-				if (smbacl4_GetFileOwner(fsp, &sbuf))
-					return False;
-				need_chown = False;
-			} else { /* chown is needed, but _after_ changing acl */
-				sbuf.st_uid = newUID; /* OWNER@ in case of e_special */
-				sbuf.st_gid = newGID; /* GROUP@ in case of e_special */
+				return map_nt_error_from_unix(errno);
 			}
+			DEBUG(10,("chown %s, %u, %u succeeded.\n",
+				fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID));
+			if (smbacl4_GetFileOwner(fsp, &sbuf))
+				return map_nt_error_from_unix(errno);
 		}
 	}
 
@@ -624,7 +617,7 @@ BOOL smb_set_nt_acl_nfs4(files_struct *fsp,
 	{
 		acl = smbacl4_win2nfs4(psd->dacl, &params, sbuf.st_uid, sbuf.st_gid);
 		if (!acl)
-			return False;
+			return map_nt_error_from_unix(errno);
 
 		smbacl4_dump_nfs4acl(10, acl);
 
@@ -632,25 +625,11 @@ BOOL smb_set_nt_acl_nfs4(files_struct *fsp,
 		if (result!=True)
 		{
 			DEBUG(10, ("set_nfs4_native failed with %s\n", strerror(errno)));
-			return False;
+			return map_nt_error_from_unix(errno);
 		}
 	} else
 		DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n", security_info_sent));
 
-	/* Any chown pending? */
-	if (need_chown) {
-		DEBUG(3,("chown#2 %s. uid = %u, gid = %u.\n",
-			fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID));
-		if (try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) {
-			DEBUG(2,("chown#2 %s, %u, %u failed. Error = %s.\n",
-				fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID,
-				strerror(errno)));
-			return False;
-		}
-		DEBUG(10,("chown#2 %s, %u, %u succeeded.\n",
-			fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID));
-	}
-
 	DEBUG(10, ("smb_set_nt_acl_nfs4 succeeded\n"));
-	return True;
+	return NT_STATUS_OK;
 }
diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c
index 47e8ec5aefa..2f472df28cd 100644
--- a/source3/modules/vfs_afsacl.c
+++ b/source3/modules/vfs_afsacl.c
@@ -883,7 +883,7 @@ static void merge_unknown_aces(struct afs_acl *src, struct afs_acl *dst)
 	}
 }
 
-static BOOL afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 			   uint32 security_info_sent,
 			   struct security_descriptor *psd)
 {
@@ -980,7 +980,7 @@ static BOOL afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 	free_afs_acl(&old_afs_acl);
 	free_afs_acl(&new_afs_acl);
 
-	return (ret == 0);
+	return (ret == 0) ? NT_STATUS_OK : NT_STATUS_ACCESS_DENIED;
 }
 
 static size_t afsacl_fget_nt_acl(struct vfs_handle_struct *handle,
@@ -998,7 +998,7 @@ static size_t afsacl_get_nt_acl(struct vfs_handle_struct *handle,
 	return afs_get_nt_acl(fsp, security_info, ppdesc);
 }
 
-BOOL afsacl_fset_nt_acl(vfs_handle_struct *handle,
+NTSTATUS afsacl_fset_nt_acl(vfs_handle_struct *handle,
 			 files_struct *fsp,
 			 int fd, uint32 security_info_sent,
 			 SEC_DESC *psd)
@@ -1006,7 +1006,7 @@ BOOL afsacl_fset_nt_acl(vfs_handle_struct *handle,
 	return afs_set_nt_acl(handle, fsp, security_info_sent, psd);
 }
 
-BOOL afsacl_set_nt_acl(vfs_handle_struct *handle,
+NTSTATUS afsacl_set_nt_acl(vfs_handle_struct *handle,
 		       files_struct *fsp,
 		       const char *name, uint32 security_info_sent,
 		       SEC_DESC *psd)
diff --git a/source3/modules/vfs_aixacl2.c b/source3/modules/vfs_aixacl2.c
index f1e116ec197..0ec2e6a5b3e 100644
--- a/source3/modules/vfs_aixacl2.c
+++ b/source3/modules/vfs_aixacl2.c
@@ -366,10 +366,10 @@ static BOOL aixjfs2_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
 	return True;
 }
 
-static BOOL aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
+static NTSTATUS aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 {
 	acl_type_t	acl_type_info;
-	BOOL	result = False;
+	NTSTATUS	result = NT_STATUS_ACCESS_DENIED;
 	int	rc;
 
 	rc = aixjfs2_query_acl_support(
@@ -385,17 +385,17 @@ static BOOL aixjfs2_set_nt_acl_common(files_struct *fsp, uint32 security_info_se
 	} else if (rc==1) { /* assume POSIX ACL - by default... */
 		result = set_nt_acl(fsp, security_info_sent, psd);
 	} else
-		result = False; /* query failed */
+		result = map_nt_error_from_unix(errno); /* query failed */
 	
 	return result;
 }
 
-BOOL aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd)
+NTSTATUS aixjfs2_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd)
 {
 	return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd);
 }
 
-BOOL aixjfs2_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd)
+NTSTATUS aixjfs2_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd)
 {
 	return aixjfs2_set_nt_acl_common(fsp, security_info_sent, psd);
 }
diff --git a/source3/modules/vfs_cap.c b/source3/modules/vfs_cap.c
index ab99031e4d6..04dbec95b6b 100644
--- a/source3/modules/vfs_cap.c
+++ b/source3/modules/vfs_cap.c
@@ -184,7 +184,7 @@ static char *cap_realpath(vfs_handle_struct *handle, const char *path, char *res
 	return SMB_VFS_NEXT_REALPATH(handle, path, resolved_path);
 }
 
-static BOOL cap_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor *psd)
+static NTSTATUS cap_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor *psd)
 {
         pstring capname;
 	capencode(capname, name);
diff --git a/source3/modules/vfs_catia.c b/source3/modules/vfs_catia.c
index a32bd59d5c7..a4a2f8f7bde 100644
--- a/source3/modules/vfs_catia.c
+++ b/source3/modules/vfs_catia.c
@@ -238,7 +238,7 @@ static size_t catia_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 				       ppdesc);
 }
 
-static BOOL catia_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, 
+static NTSTATUS catia_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, 
 			     const char *name, uint32 security_info_sent,
 			     struct security_descriptor_info *psd)
 {
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 28fe4d4ea78..930b7c85072 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -947,9 +947,9 @@ static size_t vfswrap_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp, c
 	return result;
 }
 
-static BOOL vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd)
+static NTSTATUS vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd)
 {
-	BOOL result;
+	NTSTATUS result;
 
 	START_PROFILE(fset_nt_acl);
 	result = set_nt_acl(fsp, security_info_sent, psd);
@@ -957,9 +957,9 @@ static BOOL vfswrap_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, in
 	return result;
 }
 
-static BOOL vfswrap_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd)
+static NTSTATUS vfswrap_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, const char *name, uint32 security_info_sent, SEC_DESC *psd)
 {
-	BOOL result;
+	NTSTATUS result;
 
 	START_PROFILE(set_nt_acl);
 	result = set_nt_acl(fsp, security_info_sent, psd);
diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index cd434f1951f..e76cb9fc23f 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -191,10 +191,10 @@ static size_t smb_full_audit_fget_nt_acl(vfs_handle_struct *handle, files_struct
 static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 			       const char *name, uint32 security_info,
 			       SEC_DESC **ppdesc);
-static BOOL smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 			      int fd, uint32 security_info_sent,
 			      SEC_DESC *psd);
-static BOOL smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 			     const char *name, uint32 security_info_sent,
 			     SEC_DESC *psd);
 static int smb_full_audit_chmod_acl(vfs_handle_struct *handle,
@@ -1497,30 +1497,30 @@ static size_t smb_full_audit_get_nt_acl(vfs_handle_struct *handle, files_struct
 	return result;
 }
 
-static BOOL smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS smb_full_audit_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 			      int fd, uint32 security_info_sent,
 			      SEC_DESC *psd)
 {
-	BOOL result;
+	NTSTATUS result;
 
 	result = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, fd, security_info_sent,
 					  psd);
 
-	do_log(SMB_VFS_OP_FSET_NT_ACL, result, handle, "%s", fsp->fsp_name);
+	do_log(SMB_VFS_OP_FSET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name);
 
 	return result;
 }
 
-static BOOL smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS smb_full_audit_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 			     const char *name, uint32 security_info_sent,
 			     SEC_DESC *psd)
 {
-	BOOL result;
+	NTSTATUS result;
 
 	result = SMB_VFS_NEXT_SET_NT_ACL(handle, fsp, name, security_info_sent,
 					 psd);
 
-	do_log(SMB_VFS_OP_SET_NT_ACL, result, handle, "%s", fsp->fsp_name);
+	do_log(SMB_VFS_OP_SET_NT_ACL, NT_STATUS_IS_OK(result), handle, "%s", fsp->fsp_name);
 
 	return result;
 }
diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index 3795a5d4a63..9c9503e7722 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -334,14 +334,14 @@ static BOOL gpfsacl_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
 	return True;
 }
 
-static BOOL gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
+static NTSTATUS gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_sent, SEC_DESC *psd)
 {
 	struct gpfs_acl *acl;
-	BOOL	result = False;
+	NTSTATUS result = NT_STATUS_ACCESS_DENIED;
 
 	acl = gpfs_getacl_alloc(fsp->fsp_name, GPFS_ACL_TYPE_ACCESS);
 	if (acl == NULL)
-		return False;
+		return result;
 
 	if (acl->acl_version&GPFS_ACL_VERSION_NFS4)
 	{
@@ -355,12 +355,12 @@ static BOOL gpfsacl_set_nt_acl_internal(files_struct *fsp, uint32 security_info_
 	return result;
 }
 
-static BOOL gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd)
+static NTSTATUS gpfsacl_fset_nt_acl(vfs_handle_struct *handle, files_struct *fsp, int fd, uint32 security_info_sent, SEC_DESC *psd)
 {
 	return gpfsacl_set_nt_acl_internal(fsp, security_info_sent, psd);
 }
 
-static BOOL gpfsacl_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, char *name, uint32 security_info_sent, SEC_DESC *psd)
+static NTSTATUS gpfsacl_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp, char *name, uint32 security_info_sent, SEC_DESC *psd)
 {
 	return gpfsacl_set_nt_acl_internal(fsp, security_info_sent, psd);
 }
diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
index 79602c22211..a68258cfdb9 100644
--- a/source3/modules/vfs_zfsacl.c
+++ b/source3/modules/vfs_zfsacl.c
@@ -125,7 +125,7 @@ static BOOL zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
  * set the local file's acls obtaining it in NT form
  * using the NFSv4 format conversion
  */
-static BOOL zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
+static NTSTATUS zfs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 			   uint32 security_info_sent,
 			   struct security_descriptor *psd)
 {
@@ -149,7 +149,7 @@ static size_t zfsacl_get_nt_acl(struct vfs_handle_struct *handle,
 	return zfs_get_nt_acl(fsp, security_info, ppdesc);
 }
 
-static BOOL zfsacl_fset_nt_acl(vfs_handle_struct *handle,
+static NTSTATUS zfsacl_fset_nt_acl(vfs_handle_struct *handle,
 			 files_struct *fsp,
 			 int fd, uint32 security_info_sent,
 			 SEC_DESC *psd)
@@ -157,7 +157,7 @@ static BOOL zfsacl_fset_nt_acl(vfs_handle_struct *handle,
 	return zfs_set_nt_acl(handle, fsp, security_info_sent, psd);
 }
 
-static BOOL zfsacl_set_nt_acl(vfs_handle_struct *handle,
+static NTSTATUS zfsacl_set_nt_acl(vfs_handle_struct *handle,
 		       files_struct *fsp,
 		       const char *name, uint32 security_info_sent,
 		       SEC_DESC *psd)