diff options
| author | Alexander Werth <alexander.werth@de.ibm.com> | 2013-05-02 16:53:35 +0200 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2013-05-09 06:18:21 +0200 |
| commit | a9f75bd3b7e86090eb95ae3d9c3dce787befcfc1 (patch) | |
| tree | 30750db7eb05592ca6505776496963d2e5b58a83 /source3/modules | |
| parent | ec138b2f8218a9b13dac06c66d208bf27f0cb78b (diff) | |
| download | samba-a9f75bd3b7e86090eb95ae3d9c3dce787befcfc1.tar.gz samba-a9f75bd3b7e86090eb95ae3d9c3dce787befcfc1.tar.bz2 samba-a9f75bd3b7e86090eb95ae3d9c3dce787befcfc1.zip | |
s3: Use mode bits in some cases in mode simple.
Non inheriting ACL entries will show mode bits.
With this an file owner change does affect the effective ACL because
the special owner acl will now refer to the new owner.
This could be fixed by updating the ACL on a file owner change.
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Diffstat (limited to 'source3/modules')
| -rw-r--r-- | source3/modules/nfs4_acls.c | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index e906fcd161..3f6d8d8258 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -820,6 +820,48 @@ static int smbacl4_substitute_special( return True; /* OK */ } +static int smbacl4_substitute_simple( + SMB4ACL_T *theacl, + uid_t ownerUID, + gid_t ownerGID +) +{ + SMB_ACL4_INT_T *aclint = get_validated_aclint(theacl); + SMB_ACE4_INT_T *aceint; + + for(aceint = aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) { + SMB_ACE4PROP_T *ace = &aceint->prop; + + DEBUG(10,("ace type: %d, iflags: %x, flags: %x, " + "mask: %x, who: %d\n", + ace->aceType, ace->flags, ace->aceFlags, + ace->aceMask, ace->who.id)); + + if (!(ace->flags & SMB_ACE4_ID_SPECIAL) && + !(ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP) && + ace->who.uid == ownerUID && + !(ace->aceFlags & SMB_ACE4_INHERIT_ONLY_ACE) && + !(ace->aceFlags & SMB_ACE4_FILE_INHERIT_ACE) && + !(ace->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE)) { + ace->flags |= SMB_ACE4_ID_SPECIAL; + ace->who.special_id = SMB_ACE4_WHO_OWNER; + DEBUG(10,("replaced with special owner ace\n")); + } + + if (!(ace->flags & SMB_ACE4_ID_SPECIAL) && + ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP && + ace->who.uid == ownerGID && + !(ace->aceFlags & SMB_ACE4_INHERIT_ONLY_ACE) && + !(ace->aceFlags & SMB_ACE4_FILE_INHERIT_ACE) && + !(ace->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE)) { + ace->flags |= SMB_ACE4_ID_SPECIAL; + ace->who.special_id = SMB_ACE4_WHO_GROUP; + DEBUG(10,("replaced with special group ace\n")); + } + } + return True; /* OK */ +} + static SMB4ACL_T *smbacl4_win2nfs4( TALLOC_CTX *mem_ctx, const files_struct *fsp, @@ -862,6 +904,10 @@ static SMB4ACL_T *smbacl4_win2nfs4( smb_add_ace4(theacl, &ace_v4); } + if (pparams->mode==e_simple) { + smbacl4_substitute_simple(theacl, ownerUID, ownerGID); + } + if (pparams->mode==e_special) { smbacl4_substitute_special(theacl, ownerUID, ownerGID); } |