r11585: Implement the possibility to have AFS users as SIDs in pts.

Volker
(This used to be commit 5b1b72ce7b944c7515a605369cb55a2f0171fe6f)

1 files changed, 24 insertions, 0 deletions

diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c
index 0e2e1295b9..41f40d1e3c 100644
--- a/source3/modules/vfs_afsacl.c
+++ b/source3/modules/vfs_afsacl.c
@@ -39,6 +39,9 @@ extern const DOM_SID global_sid_NULL;
 
 static char space_replacement = '%';
 
+/* Do we expect SIDs as pts names? */
+static BOOL sidpts;
+
 extern int afs_syscall(int, char *, int, char *, int);
 
 struct afs_ace {
@@ -151,6 +154,18 @@ static struct afs_ace *new_afs_ace(TALLOC_CTX *mem_ctx,
 		sid_copy(&sid, &global_sid_Builtin_Backup_Operators);
 		type = SID_NAME_ALIAS;
 
+	} else if (sidpts) {
+		/* All PTS users/groups are expressed as SIDs */
+
+		sid_copy(&sid, &global_sid_NULL);
+		type = SID_NAME_UNKNOWN;
+
+		if (string_to_sid(&sid, name)) {
+			fstring user, domain;
+			/* We have to find the type, look up the SID */
+			lookup_sid(&sid, domain, user, &type);
+		}
+
 	} else {
 
 		fstring user, domain;
@@ -771,6 +786,11 @@ static BOOL nt_to_afs_acl(const char *filename,
 					     only_username);
 				strlower_m(name);
 			}
+
+			if (sidpts) {
+				/* Expect all users/groups in pts as SIDs */
+				sid_to_string(name, &ace->trustee);
+			}
 		}
 
 		while ((p = strchr_m(name, ' ')) != NULL)
@@ -825,6 +845,8 @@ static size_t afs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
 
 	DEBUG(5, ("afs_get_nt_acl: %s\n", fsp->fsp_name));
 
+	sidpts = lp_parm_bool(SNUM(fsp->conn), "afsacl", "sidpts", False);
+
 	if (!afs_get_afs_acl(fsp->fsp_name, &acl)) {
 		return 0;
 	}
@@ -883,6 +905,8 @@ static BOOL afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
 	fileacls = lp_parm_const_string(SNUM(handle->conn), "afsacl", "fileacls",
 					"yes");
 
+	sidpts = lp_parm_bool(SNUM(handle->conn), "afsacl", "sidpts", False);
+
 	ZERO_STRUCT(old_afs_acl);
 	ZERO_STRUCT(new_afs_acl);
 	ZERO_STRUCT(dir_acl);