4
* Copyright (C) Jim McDonough, 2006
6
* This program is free software; you can redistribute it and/or modify
7
* it under the terms of the GNU General Public License as published by
8
* the Free Software Foundation; either version 3 of the License, or
9
* (at your option) any later version.
11
* This program is distributed in the hope that it will be useful,
12
* but WITHOUT ANY WARRANTY; without even the implied warranty of
13
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14
* GNU General Public License for more details.
16
* You should have received a copy of the GNU General Public License
17
* along with this program; if not, see <http://www.gnu.org/licenses/>.
21
#include "nfs4_acls.h"
24
#define DBGC_CLASS DBGC_ACLS
26
#define SMBACL4_PARAM_TYPE_NAME "nfs4"
28
extern const struct generic_mapping file_generic_mapping;
30
#define SMB_ACE4_INT_MAGIC 0x76F8A967
31
typedef struct _SMB_ACE4_INT_T
38
#define SMB_ACL4_INT_MAGIC 0x29A3E792
39
typedef struct _SMB_ACL4_INT_T
43
SMB_ACE4_INT_T *first;
47
static SMB_ACL4_INT_T *get_validated_aclint(SMB4ACL_T *theacl)
49
SMB_ACL4_INT_T *aclint = (SMB_ACL4_INT_T *)theacl;
52
DEBUG(2, ("acl is NULL\n"));
56
if (aclint->magic!=SMB_ACL4_INT_MAGIC)
58
DEBUG(2, ("aclint bad magic 0x%x\n", aclint->magic));
65
static SMB_ACE4_INT_T *get_validated_aceint(SMB4ACE_T *ace)
67
SMB_ACE4_INT_T *aceint = (SMB_ACE4_INT_T *)ace;
70
DEBUG(2, ("ace is NULL\n"));
74
if (aceint->magic!=SMB_ACE4_INT_MAGIC)
76
DEBUG(2, ("aceint bad magic 0x%x\n", aceint->magic));
83
SMB4ACL_T *smb_create_smb4acl(void)
85
TALLOC_CTX *mem_ctx = talloc_tos();
86
SMB_ACL4_INT_T *theacl = (SMB_ACL4_INT_T *)TALLOC_ZERO_SIZE(mem_ctx, sizeof(SMB_ACL4_INT_T));
89
DEBUG(0, ("TALLOC_SIZE failed\n"));
93
theacl->magic = SMB_ACL4_INT_MAGIC;
94
/* theacl->first, last = NULL not needed */
95
return (SMB4ACL_T *)theacl;
98
SMB4ACE_T *smb_add_ace4(SMB4ACL_T *theacl, SMB_ACE4PROP_T *prop)
100
SMB_ACL4_INT_T *aclint = get_validated_aclint(theacl);
101
TALLOC_CTX *mem_ctx = talloc_tos();
104
ace = (SMB_ACE4_INT_T *)TALLOC_ZERO_SIZE(mem_ctx, sizeof(SMB_ACE4_INT_T));
107
DEBUG(0, ("TALLOC_SIZE failed\n"));
111
ace->magic = SMB_ACE4_INT_MAGIC;
112
/* ace->next = NULL not needed */
113
memcpy(&ace->prop, prop, sizeof(SMB_ACE4PROP_T));
115
if (aclint->first==NULL)
120
aclint->last->next = (void *)ace;
125
return (SMB4ACE_T *)ace;
128
SMB_ACE4PROP_T *smb_get_ace4(SMB4ACE_T *ace)
130
SMB_ACE4_INT_T *aceint = get_validated_aceint(ace);
134
return &aceint->prop;
137
SMB4ACE_T *smb_next_ace4(SMB4ACE_T *ace)
139
SMB_ACE4_INT_T *aceint = get_validated_aceint(ace);
143
return (SMB4ACE_T *)aceint->next;
146
SMB4ACE_T *smb_first_ace4(SMB4ACL_T *theacl)
148
SMB_ACL4_INT_T *aclint = get_validated_aclint(theacl);
152
return (SMB4ACE_T *)aclint->first;
155
uint32 smb_get_naces(SMB4ACL_T *theacl)
157
SMB_ACL4_INT_T *aclint = get_validated_aclint(theacl);
161
return aclint->naces;
164
static int smbacl4_GetFileOwner(struct connection_struct *conn,
165
const char *filename,
166
SMB_STRUCT_STAT *psbuf)
169
memset(psbuf, 0, sizeof(SMB_STRUCT_STAT));
171
/* Get the stat struct for the owner info. */
172
if (lp_posix_pathnames()) {
173
ret = SMB_VFS_LSTAT(conn, filename, psbuf);
175
ret = SMB_VFS_STAT(conn, filename, psbuf);
179
DEBUG(8, ("SMB_VFS_STAT failed with error %s\n",
187
static int smbacl4_fGetFileOwner(files_struct *fsp, SMB_STRUCT_STAT *psbuf)
189
memset(psbuf, 0, sizeof(SMB_STRUCT_STAT));
191
if (fsp->is_directory || fsp->fh->fd == -1) {
192
return smbacl4_GetFileOwner(fsp->conn, fsp->fsp_name, psbuf);
194
if (SMB_VFS_FSTAT(fsp, psbuf) != 0)
196
DEBUG(8, ("SMB_VFS_FSTAT failed with error %s\n",
204
static bool smbacl4_nfs42win(TALLOC_CTX *mem_ctx, SMB4ACL_T *theacl, /* in */
205
DOM_SID *psid_owner, /* in */
206
DOM_SID *psid_group, /* in */
207
bool is_directory, /* in */
208
SEC_ACE **ppnt_ace_list, /* out */
209
int *pgood_aces /* out */
212
SMB_ACL4_INT_T *aclint = (SMB_ACL4_INT_T *)theacl;
213
SMB_ACE4_INT_T *aceint;
214
SEC_ACE *nt_ace_list = NULL;
217
DEBUG(10, ("smbacl_nfs42win entered"));
219
aclint = get_validated_aclint(theacl);
220
/* We do not check for naces being 0 or theacl being NULL here because it is done upstream */
221
/* in smb_get_nt_acl_nfs4(). */
222
nt_ace_list = (SEC_ACE *)TALLOC_ZERO_SIZE(mem_ctx, aclint->naces * sizeof(SEC_ACE));
223
if (nt_ace_list==NULL)
225
DEBUG(10, ("talloc error"));
230
for (aceint=aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) {
233
SMB_ACE4PROP_T *ace = &aceint->prop;
235
DEBUG(10, ("magic: 0x%x, type: %d, iflags: %x, flags: %x, mask: %x, "
236
"who: %d\n", aceint->magic, ace->aceType, ace->flags,
237
ace->aceFlags, ace->aceMask, ace->who.id));
239
SMB_ASSERT(aceint->magic==SMB_ACE4_INT_MAGIC);
241
if (ace->flags & SMB_ACE4_ID_SPECIAL) {
242
switch (ace->who.special_id) {
243
case SMB_ACE4_WHO_OWNER:
244
sid_copy(&sid, psid_owner);
246
case SMB_ACE4_WHO_GROUP:
247
sid_copy(&sid, psid_group);
249
case SMB_ACE4_WHO_EVERYONE:
250
sid_copy(&sid, &global_sid_World);
253
DEBUG(8, ("invalid special who id %d "
254
"ignored\n", ace->who.special_id));
257
if (ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP) {
258
gid_to_sid(&sid, ace->who.gid);
260
uid_to_sid(&sid, ace->who.uid);
263
DEBUG(10, ("mapped %d to %s\n", ace->who.id,
264
sid_string_dbg(&sid)));
266
if (is_directory && (ace->aceMask & SMB_ACE4_ADD_FILE)) {
267
ace->aceMask |= SMB_ACE4_DELETE_CHILD;
271
init_sec_ace(&nt_ace_list[good_aces++], &sid,
273
ace->aceFlags & 0xf);
276
*ppnt_ace_list = nt_ace_list;
277
*pgood_aces = good_aces;
282
static NTSTATUS smb_get_nt_acl_nfs4_common(const SMB_STRUCT_STAT *sbuf,
283
uint32 security_info,
284
SEC_DESC **ppdesc, SMB4ACL_T *theacl)
287
DOM_SID sid_owner, sid_group;
289
SEC_ACE *nt_ace_list = NULL;
291
TALLOC_CTX *mem_ctx = talloc_tos();
293
if (theacl==NULL || smb_get_naces(theacl)==0)
294
return NT_STATUS_ACCESS_DENIED; /* special because we
295
* shouldn't alloc 0 for
298
uid_to_sid(&sid_owner, sbuf->st_uid);
299
gid_to_sid(&sid_group, sbuf->st_gid);
301
if (smbacl4_nfs42win(mem_ctx, theacl, &sid_owner, &sid_group, S_ISDIR(sbuf->st_mode),
302
&nt_ace_list, &good_aces)==False) {
303
DEBUG(8,("smbacl4_nfs42win failed\n"));
304
return map_nt_error_from_unix(errno);
307
psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, good_aces, nt_ace_list);
309
DEBUG(2,("make_sec_acl failed\n"));
310
return NT_STATUS_NO_MEMORY;
313
DEBUG(10,("after make sec_acl\n"));
314
*ppdesc = make_sec_desc(mem_ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
315
(security_info & OWNER_SECURITY_INFORMATION) ? &sid_owner : NULL,
316
(security_info & GROUP_SECURITY_INFORMATION) ? &sid_group : NULL,
317
NULL, psa, &sd_size);
319
DEBUG(2,("make_sec_desc failed\n"));
320
return NT_STATUS_NO_MEMORY;
323
DEBUG(10, ("smb_get_nt_acl_nfs4_common successfully exited with sd_size %d\n",
324
ndr_size_security_descriptor(*ppdesc, NULL, 0)));
329
NTSTATUS smb_fget_nt_acl_nfs4(files_struct *fsp,
330
uint32 security_info,
331
SEC_DESC **ppdesc, SMB4ACL_T *theacl)
333
SMB_STRUCT_STAT sbuf;
335
DEBUG(10, ("smb_fget_nt_acl_nfs4 invoked for %s\n", fsp->fsp_name));
337
if (smbacl4_fGetFileOwner(fsp, &sbuf)) {
338
return map_nt_error_from_unix(errno);
341
return smb_get_nt_acl_nfs4_common(&sbuf, security_info, ppdesc, theacl);
344
NTSTATUS smb_get_nt_acl_nfs4(struct connection_struct *conn,
346
uint32 security_info,
347
SEC_DESC **ppdesc, SMB4ACL_T *theacl)
349
SMB_STRUCT_STAT sbuf;
351
DEBUG(10, ("smb_get_nt_acl_nfs4 invoked for %s\n", name));
353
if (smbacl4_GetFileOwner(conn, name, &sbuf)) {
354
return map_nt_error_from_unix(errno);
357
return smb_get_nt_acl_nfs4_common(&sbuf, security_info, ppdesc, theacl);
360
enum smbacl4_mode_enum {e_simple=0, e_special=1};
361
enum smbacl4_acedup_enum {e_dontcare=0, e_reject=1, e_ignore=2, e_merge=3};
363
typedef struct _smbacl4_vfs_params {
364
enum smbacl4_mode_enum mode;
366
enum smbacl4_acedup_enum acedup;
367
struct db_context *sid_mapping_table;
368
} smbacl4_vfs_params;
371
* Gather special parameters for NFS4 ACL handling
373
static int smbacl4_get_vfs_params(
374
const char *type_name,
376
smbacl4_vfs_params *params
379
static const struct enum_list enum_smbacl4_modes[] = {
380
{ e_simple, "simple" },
381
{ e_special, "special" }
383
static const struct enum_list enum_smbacl4_acedups[] = {
384
{ e_dontcare, "dontcare" },
385
{ e_reject, "reject" },
386
{ e_ignore, "ignore" },
387
{ e_merge, "merge" },
390
memset(params, 0, sizeof(smbacl4_vfs_params));
391
params->mode = (enum smbacl4_mode_enum)lp_parm_enum(
392
SNUM(fsp->conn), type_name,
393
"mode", enum_smbacl4_modes, e_simple);
394
params->do_chown = lp_parm_bool(SNUM(fsp->conn), type_name,
396
params->acedup = (enum smbacl4_acedup_enum)lp_parm_enum(
397
SNUM(fsp->conn), type_name,
398
"acedup", enum_smbacl4_acedups, e_dontcare);
400
DEBUG(10, ("mode:%s, do_chown:%s, acedup: %s\n",
401
enum_smbacl4_modes[params->mode].name,
402
params->do_chown ? "true" : "false",
403
enum_smbacl4_acedups[params->acedup].name));
408
static void smbacl4_dump_nfs4acl(int level, SMB4ACL_T *theacl)
410
SMB_ACL4_INT_T *aclint = get_validated_aclint(theacl);
411
SMB_ACE4_INT_T *aceint;
413
DEBUG(level, ("NFS4ACL: size=%d\n", aclint->naces));
415
for(aceint = aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) {
416
SMB_ACE4PROP_T *ace = &aceint->prop;
418
DEBUG(level, ("\tACE: type=%d, flags=0x%x, fflags=0x%x, mask=0x%x, id=%d\n",
420
ace->aceFlags, ace->flags,
427
* Find 2 NFS4 who-special ACE property (non-copy!!!)
428
* match nonzero if "special" and who is equal
429
* return ace if found matching; otherwise NULL
431
static SMB_ACE4PROP_T *smbacl4_find_equal_special(
433
SMB_ACE4PROP_T *aceNew)
435
SMB_ACL4_INT_T *aclint = get_validated_aclint(theacl);
436
SMB_ACE4_INT_T *aceint;
438
for(aceint = aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) {
439
SMB_ACE4PROP_T *ace = &aceint->prop;
441
if (ace->flags == aceNew->flags &&
442
ace->aceType==aceNew->aceType &&
443
(ace->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)==
444
(aceNew->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)
446
/* keep type safety; e.g. gid is an u.short */
447
if (ace->flags & SMB_ACE4_ID_SPECIAL)
449
if (ace->who.special_id==aceNew->who.special_id)
452
if (ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP)
454
if (ace->who.gid==aceNew->who.gid)
457
if (ace->who.uid==aceNew->who.uid)
467
static bool nfs4_map_sid(smbacl4_vfs_params *params, const DOM_SID *src,
470
static struct db_context *mapping_db = NULL;
473
if (mapping_db == NULL) {
474
const char *dbname = lp_parm_const_string(
475
-1, SMBACL4_PARAM_TYPE_NAME, "sidmap", NULL);
477
if (dbname == NULL) {
478
DEBUG(10, ("%s:sidmap not defined\n",
479
SMBACL4_PARAM_TYPE_NAME));
484
mapping_db = db_open(NULL, dbname, 0, TDB_DEFAULT,
488
if (mapping_db == NULL) {
489
DEBUG(1, ("could not open sidmap: %s\n",
495
if (mapping_db->fetch(mapping_db, NULL,
496
string_term_tdb_data(sid_string_tos(src)),
498
DEBUG(10, ("could not find mapping for SID %s\n",
499
sid_string_dbg(src)));
503
if ((data.dptr == NULL) || (data.dsize <= 0)
504
|| (data.dptr[data.dsize-1] != '\0')) {
505
DEBUG(5, ("invalid mapping for SID %s\n",
506
sid_string_dbg(src)));
507
TALLOC_FREE(data.dptr);
511
if (!string_to_sid(dst, (char *)data.dptr)) {
512
DEBUG(1, ("invalid mapping %s for SID %s\n",
513
(char *)data.dptr, sid_string_dbg(src)));
514
TALLOC_FREE(data.dptr);
518
TALLOC_FREE(data.dptr);
523
static bool smbacl4_fill_ace4(
525
const char *filename,
526
smbacl4_vfs_params *params,
529
const SEC_ACE *ace_nt, /* input */
530
SMB_ACE4PROP_T *ace_v4 /* output */
533
DEBUG(10, ("got ace for %s\n", sid_string_dbg(&ace_nt->trustee)));
535
memset(ace_v4, 0, sizeof(SMB_ACE4PROP_T));
536
ace_v4->aceType = ace_nt->type; /* only ACCESS|DENY supported right now */
537
ace_v4->aceFlags = ace_nt->flags & SEC_ACE_FLAG_VALID_INHERIT;
538
ace_v4->aceMask = ace_nt->access_mask &
539
(STD_RIGHT_ALL_ACCESS | SA_RIGHT_FILE_ALL_ACCESS);
541
se_map_generic(&ace_v4->aceMask, &file_generic_mapping);
543
if (ace_v4->aceFlags!=ace_nt->flags)
544
DEBUG(9, ("ace_v4->aceFlags(0x%x)!=ace_nt->flags(0x%x)\n",
545
ace_v4->aceFlags, ace_nt->flags));
547
if (ace_v4->aceMask!=ace_nt->access_mask)
548
DEBUG(9, ("ace_v4->aceMask(0x%x)!=ace_nt->access_mask(0x%x)\n",
549
ace_v4->aceMask, ace_nt->access_mask));
551
if (sid_equal(&ace_nt->trustee, &global_sid_World)) {
552
ace_v4->who.special_id = SMB_ACE4_WHO_EVERYONE;
553
ace_v4->flags |= SMB_ACE4_ID_SPECIAL;
555
const char *dom, *name;
556
enum lsa_SidType type;
561
sid_copy(&sid, &ace_nt->trustee);
563
if (!lookup_sid(mem_ctx, &sid, &dom, &name, &type)) {
567
if (!nfs4_map_sid(params, &sid, &mapped)) {
568
DEBUG(1, ("nfs4_acls.c: file [%s]: SID %s "
569
"unknown\n", filename, sid_string_dbg(&sid)));
574
DEBUG(2, ("nfs4_acls.c: file [%s]: mapped SID %s "
575
"to %s\n", filename, sid_string_dbg(&sid), sid_string_dbg(&mapped)));
577
if (!lookup_sid(mem_ctx, &mapped, &dom,
579
DEBUG(1, ("nfs4_acls.c: file [%s]: SID %s "
580
"mapped from %s is unknown\n",
581
filename, sid_string_dbg(&mapped), sid_string_dbg(&sid)));
586
sid_copy(&sid, &mapped);
589
if (type == SID_NAME_USER) {
590
if (!sid_to_uid(&sid, &uid)) {
591
DEBUG(1, ("nfs4_acls.c: file [%s]: could not "
592
"convert %s to uid\n", filename,
593
sid_string_dbg(&sid)));
597
if (params->mode==e_special && uid==ownerUID) {
598
ace_v4->flags |= SMB_ACE4_ID_SPECIAL;
599
ace_v4->who.special_id = SMB_ACE4_WHO_OWNER;
601
ace_v4->who.uid = uid;
603
} else { /* else group? - TODO check it... */
604
if (!sid_to_gid(&sid, &gid)) {
605
DEBUG(1, ("nfs4_acls.c: file [%s]: could not "
606
"convert %s to gid\n", filename,
607
sid_string_dbg(&sid)));
611
ace_v4->aceFlags |= SMB_ACE4_IDENTIFIER_GROUP;
613
if (params->mode==e_special && gid==ownerGID) {
614
ace_v4->flags |= SMB_ACE4_ID_SPECIAL;
615
ace_v4->who.special_id = SMB_ACE4_WHO_GROUP;
617
ace_v4->who.gid = gid;
622
return True; /* OK */
625
static int smbacl4_MergeIgnoreReject(
626
enum smbacl4_acedup_enum acedup,
627
SMB4ACL_T *theacl, /* may modify it */
628
SMB_ACE4PROP_T *ace, /* the "new" ACE */
634
SMB_ACE4PROP_T *ace4found = smbacl4_find_equal_special(theacl, ace);
639
case e_merge: /* "merge" flags */
641
ace4found->aceFlags |= ace->aceFlags;
642
ace4found->aceMask |= ace->aceMask;
644
case e_ignore: /* leave out this record */
647
case e_reject: /* do an error */
648
DEBUG(8, ("ACL rejected by duplicate nt ace#%d\n", i));
649
errno = EINVAL; /* SHOULD be set on any _real_ error */
659
static SMB4ACL_T *smbacl4_win2nfs4(
660
const char *filename,
662
smbacl4_vfs_params *pparams,
669
TALLOC_CTX *mem_ctx = talloc_tos();
671
DEBUG(10, ("smbacl4_win2nfs4 invoked\n"));
673
theacl = smb_create_smb4acl();
677
for(i=0; i<dacl->num_aces; i++) {
678
SMB_ACE4PROP_T ace_v4;
679
bool addNewACE = True;
681
if (!smbacl4_fill_ace4(mem_ctx, filename, pparams,
683
dacl->aces + i, &ace_v4)) {
684
DEBUG(3, ("Could not fill ace for file %s, SID %s\n",
686
sid_string_dbg(&((dacl->aces+i)->trustee))));
690
if (pparams->acedup!=e_dontcare) {
691
if (smbacl4_MergeIgnoreReject(pparams->acedup, theacl,
692
&ace_v4, &addNewACE, i))
697
smb_add_ace4(theacl, &ace_v4);
703
NTSTATUS smb_set_nt_acl_nfs4(files_struct *fsp,
704
uint32 security_info_sent,
706
set_nfs4acl_native_fn_t set_nfs4_native)
708
smbacl4_vfs_params params;
709
SMB4ACL_T *theacl = NULL;
712
SMB_STRUCT_STAT sbuf;
713
bool set_acl_as_root = false;
714
uid_t newUID = (uid_t)-1;
715
gid_t newGID = (gid_t)-1;
718
DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp->fsp_name));
720
if ((security_info_sent & (DACL_SECURITY_INFORMATION |
721
GROUP_SECURITY_INFORMATION | OWNER_SECURITY_INFORMATION)) == 0)
723
DEBUG(9, ("security_info_sent (0x%x) ignored\n",
724
security_info_sent));
725
return NT_STATUS_OK; /* won't show error - later to be refined... */
728
/* Special behaviours */
729
if (smbacl4_get_vfs_params(SMBACL4_PARAM_TYPE_NAME, fsp, ¶ms))
730
return NT_STATUS_NO_MEMORY;
732
if (smbacl4_fGetFileOwner(fsp, &sbuf))
733
return map_nt_error_from_unix(errno);
735
if (params.do_chown) {
736
/* chown logic is a copy/paste from posix_acl.c:set_nt_acl */
737
NTSTATUS status = unpack_nt_owners(SNUM(fsp->conn), &newUID, &newGID, security_info_sent, psd);
738
if (!NT_STATUS_IS_OK(status)) {
739
DEBUG(8, ("unpack_nt_owners failed"));
742
if (((newUID != (uid_t)-1) && (sbuf.st_uid != newUID)) ||
743
((newGID != (gid_t)-1) && (sbuf.st_gid != newGID))) {
744
if(try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) {
745
DEBUG(3,("chown %s, %u, %u failed. Error = %s.\n",
746
fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID,
748
return map_nt_error_from_unix(errno);
751
DEBUG(10,("chown %s, %u, %u succeeded.\n",
752
fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID));
753
if (smbacl4_GetFileOwner(fsp->conn, fsp->fsp_name, &sbuf))
754
return map_nt_error_from_unix(errno);
756
/* If we successfully chowned, we know we must
757
* be able to set the acl, so do it as root.
759
set_acl_as_root = true;
763
if (!(security_info_sent & DACL_SECURITY_INFORMATION) || psd->dacl ==NULL) {
764
DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n", security_info_sent));
768
theacl = smbacl4_win2nfs4(fsp->fsp_name, psd->dacl, ¶ms, sbuf.st_uid, sbuf.st_gid);
770
return map_nt_error_from_unix(errno);
772
smbacl4_dump_nfs4acl(10, theacl);
774
if (set_acl_as_root) {
777
result = set_nfs4_native(fsp, theacl);
779
if (set_acl_as_root) {
784
DEBUG(10, ("set_nfs4_native failed with %s\n", strerror(errno)));
785
return map_nt_error_from_unix(errno);
788
DEBUG(10, ("smb_set_nt_acl_nfs4 succeeded\n"));