diff options
author | Jeremy Allison <jra@samba.org> | 2009-12-02 15:02:28 -0800 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2009-12-02 15:02:28 -0800 |
commit | 365c6b4ce0bd84bfb1d9cec03bc835b92b1c5af7 (patch) | |
tree | 89510a69206825497e14a2af7eb1ae4787363dd9 /source3/include | |
parent | 1d013fd03295433698f2b301dbf8324a3db528eb (diff) | |
download | samba-365c6b4ce0bd84bfb1d9cec03bc835b92b1c5af7.tar.gz samba-365c6b4ce0bd84bfb1d9cec03bc835b92b1c5af7.tar.bz2 samba-365c6b4ce0bd84bfb1d9cec03bc835b92b1c5af7.zip |
Restructure the ACL code some more, get the internal semantics
right. The previous bugs were due to the fact that get_nt_acl_internal()
could return an NTSTATUS error if there was no stored ACL blob, but
otherwise would return the underlying ACL from the filysystem. Fix
this so it always returns a valid acl if it can, and if it does not
its an error to be reported back to the client. This then changes
the inherit acl code. Previously we were trying to match Windows
by setting a minimal ACL on a new file that didn't inherit anything
from a parent directory. This is silly - the returned ACL wouldn't
match the underlying UNIX permissions. The current code will correctly
inherit from a parent if a parent has any inheritable ACE entries
that apply to the new object, but will return a mapping from the
underlying UNIX permissions if the parent has no inheritable entries.
This makes much more sense for new files/directories.
Jeremy.
Diffstat (limited to 'source3/include')
-rw-r--r-- | source3/include/proto.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 7013709fbb..8f14ef8702 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -691,6 +691,7 @@ SEC_DESC_BUF *dup_sec_desc_buf(TALLOC_CTX *ctx, SEC_DESC_BUF *src); NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32 mask, size_t *sd_size); NTSTATUS sec_desc_mod_sid(SEC_DESC *sd, DOM_SID *sid, uint32 mask); NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t *sd_size); +bool sd_has_inheritable_components(const SEC_DESC *parent_ctr, bool container); NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC **ppsd, size_t *psize, |