summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlexander Werth <alexander.werth@de.ibm.com>2013-05-02 16:53:35 +0200
committerAndrew Bartlett <abartlet@samba.org>2013-05-09 06:18:21 +0200
commita9f75bd3b7e86090eb95ae3d9c3dce787befcfc1 (patch)
tree30750db7eb05592ca6505776496963d2e5b58a83
parentec138b2f8218a9b13dac06c66d208bf27f0cb78b (diff)
downloadsamba-a9f75bd3b7e86090eb95ae3d9c3dce787befcfc1.tar.gz
samba-a9f75bd3b7e86090eb95ae3d9c3dce787befcfc1.tar.bz2
samba-a9f75bd3b7e86090eb95ae3d9c3dce787befcfc1.zip
s3: Use mode bits in some cases in mode simple.
Non inheriting ACL entries will show mode bits. With this an file owner change does affect the effective ACL because the special owner acl will now refer to the new owner. This could be fixed by updating the ACL on a file owner change. Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat
-rw-r--r--source3/modules/nfs4_acls.c46
1 files changed, 46 insertions, 0 deletions
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index e906fcd161..3f6d8d8258 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -820,6 +820,48 @@ static int smbacl4_substitute_special(
return True; /* OK */
}
+static int smbacl4_substitute_simple(
+ SMB4ACL_T *theacl,
+ uid_t ownerUID,
+ gid_t ownerGID
+)
+{
+ SMB_ACL4_INT_T *aclint = get_validated_aclint(theacl);
+ SMB_ACE4_INT_T *aceint;
+
+ for(aceint = aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) {
+ SMB_ACE4PROP_T *ace = &aceint->prop;
+
+ DEBUG(10,("ace type: %d, iflags: %x, flags: %x, "
+ "mask: %x, who: %d\n",
+ ace->aceType, ace->flags, ace->aceFlags,
+ ace->aceMask, ace->who.id));
+
+ if (!(ace->flags & SMB_ACE4_ID_SPECIAL) &&
+ !(ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP) &&
+ ace->who.uid == ownerUID &&
+ !(ace->aceFlags & SMB_ACE4_INHERIT_ONLY_ACE) &&
+ !(ace->aceFlags & SMB_ACE4_FILE_INHERIT_ACE) &&
+ !(ace->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE)) {
+ ace->flags |= SMB_ACE4_ID_SPECIAL;
+ ace->who.special_id = SMB_ACE4_WHO_OWNER;
+ DEBUG(10,("replaced with special owner ace\n"));
+ }
+
+ if (!(ace->flags & SMB_ACE4_ID_SPECIAL) &&
+ ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP &&
+ ace->who.uid == ownerGID &&
+ !(ace->aceFlags & SMB_ACE4_INHERIT_ONLY_ACE) &&
+ !(ace->aceFlags & SMB_ACE4_FILE_INHERIT_ACE) &&
+ !(ace->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE)) {
+ ace->flags |= SMB_ACE4_ID_SPECIAL;
+ ace->who.special_id = SMB_ACE4_WHO_GROUP;
+ DEBUG(10,("replaced with special group ace\n"));
+ }
+ }
+ return True; /* OK */
+}
+
static SMB4ACL_T *smbacl4_win2nfs4(
TALLOC_CTX *mem_ctx,
const files_struct *fsp,
@@ -862,6 +904,10 @@ static SMB4ACL_T *smbacl4_win2nfs4(
smb_add_ace4(theacl, &ace_v4);
}
+ if (pparams->mode==e_simple) {
+ smbacl4_substitute_simple(theacl, ownerUID, ownerGID);
+ }
+
if (pparams->mode==e_special) {
smbacl4_substitute_special(theacl, ownerUID, ownerGID);
}
generated by cgit (git 2.34.1) at 2024-06-27 07:29:46 +0000