summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-12-14 22:17:41 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:07:26 -0500
commitd21a55dda787a65f15eccb6442189ad7d97526f0 (patch)
tree637d754c709a0802f0bdb364983ae40a0f5ca150
parent1a340869c43f9ce741e8a4bd28ea01ec63301df5 (diff)
downloadsamba-d21a55dda787a65f15eccb6442189ad7d97526f0.tar.gz
samba-d21a55dda787a65f15eccb6442189ad7d97526f0.tar.bz2
samba-d21a55dda787a65f15eccb6442189ad7d97526f0.zip
r4205: fixed the default acl mapping from posix permissions to use the mapped
uid->sid and gid->sid (This used to be commit 590e1a91bfc719c2d84a9a066fb4e0308b6d9803)
-rw-r--r--source4/ntvfs/posix/pvfs_acl.c66
1 files changed, 33 insertions, 33 deletions
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index e2d779f91c..95a4e5765c 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -68,17 +68,11 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
struct xattr_NTACL *acl)
{
struct security_descriptor *sd;
- int i;
- struct security_ace ace;
NTSTATUS status;
- const char *sid_names[] = {
- SID_BUILTIN_ADMINISTRATORS,
- SID_CREATOR_OWNER,
- SID_CREATOR_GROUP,
- SID_WORLD
- };
- uint32_t access_masks[4];
+ struct security_ace aces[4];
mode_t mode;
+ struct dom_sid *sid;
+ int i;
sd = security_descriptor_initialise(req);
if (sd == NULL) {
@@ -103,15 +97,15 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
- Group
- Everyone
*/
- access_masks[0] = SEC_RIGHTS_FILE_ALL;
- access_masks[1] = 0;
- access_masks[2] = 0;
- access_masks[3] = 0;
+ aces[0].access_mask = SEC_RIGHTS_FILE_ALL;
+ aces[1].access_mask = 0;
+ aces[2].access_mask = 0;
+ aces[3].access_mask = 0;
mode = name->st.st_mode;
if (mode & S_IRUSR) {
- access_masks[1] |=
+ aces[1].access_mask |=
SEC_FILE_READ_DATA |
SEC_FILE_READ_EA |
SEC_FILE_READ_ATTRIBUTE |
@@ -120,7 +114,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
SEC_STD_READ_CONTROL;
}
if (mode & S_IWUSR) {
- access_masks[1] |=
+ aces[1].access_mask |=
SEC_FILE_WRITE_DATA |
SEC_FILE_APPEND_DATA |
SEC_FILE_WRITE_EA |
@@ -129,7 +123,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
}
if (mode & S_IRGRP) {
- access_masks[2] |=
+ aces[2].access_mask |=
SEC_FILE_READ_DATA |
SEC_FILE_READ_EA |
SEC_FILE_READ_ATTRIBUTE |
@@ -138,7 +132,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
SEC_STD_READ_CONTROL;
}
if (mode & S_IWGRP) {
- access_masks[2] |=
+ aces[2].access_mask |=
SEC_FILE_WRITE_DATA |
SEC_FILE_APPEND_DATA |
SEC_FILE_WRITE_EA |
@@ -146,7 +140,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
}
if (mode & S_IROTH) {
- access_masks[3] |=
+ aces[3].access_mask |=
SEC_FILE_READ_DATA |
SEC_FILE_READ_EA |
SEC_FILE_READ_ATTRIBUTE |
@@ -155,31 +149,37 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
SEC_STD_READ_CONTROL;
}
if (mode & S_IWOTH) {
- access_masks[3] |=
+ aces[3].access_mask |=
SEC_FILE_WRITE_DATA |
SEC_FILE_APPEND_DATA |
SEC_FILE_WRITE_EA |
SEC_FILE_WRITE_ATTRIBUTE;
}
- ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
- ace.flags = 0;
+ sid = dom_sid_parse_talloc(sd, SID_BUILTIN_ADMINISTRATORS);
+ if (sid == NULL) return NT_STATUS_NO_MEMORY;
+
+ aces[0].type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+ aces[0].flags = 0;
+ aces[0].trustee = *sid;
+
+ aces[1].type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+ aces[1].flags = 0;
+ aces[1].trustee = *sd->owner_sid;
- for (i=0;i<ARRAY_SIZE(sid_names);i++) {
- struct dom_sid *sid;
+ aces[2].type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+ aces[2].flags = 0;
+ aces[2].trustee = *sd->group_sid;
- ace.access_mask = access_masks[i];
+ sid = dom_sid_parse_talloc(sd, SID_WORLD);
+ if (sid == NULL) return NT_STATUS_NO_MEMORY;
- sid = dom_sid_parse_talloc(sd, sid_names[i]);
- if (sid == NULL) {
- return NT_STATUS_NO_MEMORY;
- }
- ace.trustee = *sid;
+ aces[3].type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+ aces[3].flags = 0;
+ aces[3].trustee = *sid;
- status = security_descriptor_dacl_add(sd, &ace);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+ for (i=0;i<4;i++) {
+ security_descriptor_dacl_add(sd, &aces[i]);
}
acl->version = 1;