summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2003-05-30 23:07:33 +0000
committerJeremy Allison <jra@samba.org>2003-05-30 23:07:33 +0000
commit974d402d6dec202109a3fb7896e52581ebb5d4ad (patch)
treee86cb04b7d4147479b099ac70afd709fa2ddac98
parent4f276f969633f3c39e3ffc609b167930ff7fd42c (diff)
downloadsamba-974d402d6dec202109a3fb7896e52581ebb5d4ad.tar.gz
samba-974d402d6dec202109a3fb7896e52581ebb5d4ad.tar.bz2
samba-974d402d6dec202109a3fb7896e52581ebb5d4ad.zip
Ensure 'blank' entries show up in both default and normal entries to
allow them to be changed. Works well with W2K and above. Jeremy. (This used to be commit 685e4e518236079f201650f26152f6f9ad3c61ab)
-rw-r--r--source3/include/rpc_secdes.h11
-rw-r--r--source3/smbd/posix_acls.c20
2 files changed, 17 insertions, 14 deletions
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h
index 1bb25e8651..c271d292b5 100644
--- a/source3/include/rpc_secdes.h
+++ b/source3/include/rpc_secdes.h
@@ -94,9 +94,18 @@
#define GROUP_SECURITY_INFORMATION 0x00000002
#define DACL_SECURITY_INFORMATION 0x00000004
#define SACL_SECURITY_INFORMATION 0x00000008
+/* Extra W2K flags. */
+#define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000
+#define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000
+#define PROTECTED_SACL_SECURITY_INFORMATION 0x40000000
+#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
#define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\
- DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION)
+ DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION\
+ UNPROTECTED_SACL_SECURITY_INFORMATION|\
+ UNPROTECTED_DACL_SECURITY_INFORMATION|\
+ PROTECTED_SACL_SECURITY_INFORMATION|\
+ PROTECTED_DACL_SECURITY_INFORMATION)
/* Globally Unique ID */
#define GUID_SIZE 16
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 9773076a46..12eef46595 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -2324,20 +2324,8 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
DLIST_REMOVE(file_ace, ace);
SAFE_FREE(ace);
}
- } else {
-
- ace = canon_ace_entry_for(dir_ace, SMB_ACL_OTHER, NULL);
- if (ace && !ace->perms) {
- DLIST_REMOVE(dir_ace, ace);
- SAFE_FREE(ace);
- }
- ace = canon_ace_entry_for(dir_ace, SMB_ACL_GROUP_OBJ, NULL);
- if (ace && !ace->perms) {
- DLIST_REMOVE(dir_ace, ace);
- SAFE_FREE(ace);
- }
}
-
+
num_acls = count_canon_ace_list(file_ace);
num_dir_acls = count_canon_ace_list(dir_ace);
@@ -2424,6 +2412,11 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
DEBUG(0,("get_nt_acl: Unable to malloc space for security descriptor.\n"));
sd_size = 0;
} else {
+#if 1
+ /*
+ * JRA. Setting this flag causes W2K clients not to
+ * propagate ACL sets down a directory tree correctly.
+ */
/*
* Windows 2000: The DACL_PROTECTED flag in the security
* descriptor marks the ACL as non-inheriting, i.e., no
@@ -2434,6 +2427,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
* flag doesn't seem to bother Windows NT.
*/
(*ppdesc)->type |= SE_DESC_DACL_PROTECTED;
+#endif
}
done: