diff options
author | Jeremy Allison <jra@samba.org> | 2008-10-08 15:18:25 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2008-10-08 15:18:25 -0700 |
commit | 646df8bec618d78905f83779bf57d96141109d8f (patch) | |
tree | 2259dfa1675a0a3ef781bc07fd09a42b68f0aff7 | |
parent | 14f835ba4b7e553d0cd75f3b311378c5c875e87c (diff) | |
download | samba-646df8bec618d78905f83779bf57d96141109d8f.tar.gz samba-646df8bec618d78905f83779bf57d96141109d8f.tar.bz2 samba-646df8bec618d78905f83779bf57d96141109d8f.zip |
Deal with inheritance from parent directory when setting Windows
ACLs.
Jeremy.
-rw-r--r-- | source3/include/proto.h | 3 | ||||
-rw-r--r-- | source3/modules/vfs_acl_xattr.c | 16 | ||||
-rw-r--r-- | source3/smbd/posix_acls.c | 2 |
3 files changed, 20 insertions, 1 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index efa29be16d..535adf7e2f 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -9930,6 +9930,9 @@ NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info, NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name, uint32_t security_info, SEC_DESC **ppdesc); int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid); +NTSTATUS append_parent_acl(files_struct *fsp, + const SEC_DESC *pcsd, + SEC_DESC **pp_new_sd); NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd); int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode ); int chmod_acl(connection_struct *conn, const char *name, mode_t mode); diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 4a8f6fec01..b641195fd7 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -317,6 +317,22 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, return status; } + if ((security_info_sent & DACL_SECURITY_INFORMATION) && + psd->dacl != NULL && + (psd->type & (SE_DESC_DACL_AUTO_INHERITED| + SE_DESC_DACL_AUTO_INHERIT_REQ))== + (SE_DESC_DACL_AUTO_INHERITED| + SE_DESC_DACL_AUTO_INHERIT_REQ) ) { + SEC_DESC *new_psd = NULL; + status = append_parent_acl(fsp, psd, &new_psd); + if (!NT_STATUS_IS_OK(status)) { + /* Lower level acl set succeeded, + * so still return OK. */ + return NT_STATUS_OK; + } + psd = new_psd; + } + create_acl_blob(psd, &blob); store_acl_blob(fsp, &blob); diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 48ea993e28..da17e53b2c 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3227,7 +3227,7 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid) Take care of parent ACL inheritance. ****************************************************************************/ -static NTSTATUS append_parent_acl(files_struct *fsp, +NTSTATUS append_parent_acl(files_struct *fsp, const SEC_DESC *pcsd, SEC_DESC **pp_new_sd) { |