diff options
| author | Volker Lendecke <vlendec@samba.org> | 2004-11-18 08:16:59 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 10:53:19 -0500 |
| commit | 7c747d2624862c2b940fdd34df8e2355d22c913f (patch) | |
| tree | 7b44fe7deb708881e75d1015f1d4854bac8047e8 /source3/modules/vfs_afsacl.c | |
| parent | 0c639097cf033b25c956222c72622e6b97695f59 (diff) | |
| download | samba-7c747d2624862c2b940fdd34df8e2355d22c913f.tar.gz samba-7c747d2624862c2b940fdd34df8e2355d22c913f.tar.bz2 samba-7c747d2624862c2b940fdd34df8e2355d22c913f.zip | |
r3839: Some more specific NT security descriptors we've come across. Map them to
defined AFS acls. Thanks to Horst Birthelmer.
Volker
(This used to be commit fea467657d5b4f67040c8fe3e89b3b20e10c6c68)
Diffstat (limited to 'source3/modules/vfs_afsacl.c')
| -rw-r--r-- | source3/modules/vfs_afsacl.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c index cd10dc71c2..f4b254a109 100644 --- a/source3/modules/vfs_afsacl.c +++ b/source3/modules/vfs_afsacl.c @@ -488,6 +488,17 @@ static struct static_dir_ace_mapping { { 0, SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT, 0x00120089, 8 /* l */ }, + /* some stupid workaround for preventing fallbacks */ + { 0, 0x3, 0x0012019F, 9 /* rl */ }, + { 0, 0x13, PERMS_FULL, 127 /* full */ }, + + /* read, delete and execute access plus synchronize */ + { 0, 0x3, 0x001300A9, 9 /* should be rdl, set to rl */}, + /* classical read list */ + { 0, 0x13, 0x001200A9, 9 /* rl */}, + /* almost full control, no delete */ + { 0, 0x13, PERMS_CHANGE, 63 /* rwidlk */}, + /* List folder */ { 0, SEC_ACE_FLAG_CONTAINER_INHERIT, PERMS_READ, 8 /* l */ }, @@ -527,8 +538,8 @@ static uint32 nt_to_afs_dir_rights(const char *filename, const SEC_ACE *ace) return m->afs_rights; } - DEBUG(1, ("AFSACL FALLBACK: 0x%X 0x%X 0x%X %s\n", - ace->type, ace->flags, ace->info.mask, filename)); + DEBUG(1, ("AFSACL FALLBACK: 0x%X 0x%X 0x%X %s %X\n", + ace->type, ace->flags, ace->info.mask, filename, rights)); if (rights & (GENERIC_ALL_ACCESS|WRITE_DAC_ACCESS)) { result |= PRSFS_READ | PRSFS_WRITE | PRSFS_INSERT | |