summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2003-05-17 00:46:28 +0000
committerJeremy Allison <jra@samba.org>2003-05-17 00:46:28 +0000
commit1854e7b8e56a907d25a0614288d21a5f223cb279 (patch)
treef9bdb92858cc3a533df7846cb886b4c368534aad /source3/smbd
parent3ebfe59d0fdeb6d58400b25f5b444fda42c6200a (diff)
downloadsamba-1854e7b8e56a907d25a0614288d21a5f223cb279.tar.gz
samba-1854e7b8e56a907d25a0614288d21a5f223cb279.tar.bz2
samba-1854e7b8e56a907d25a0614288d21a5f223cb279.zip
Cope with cumulative permissions sets. This code is #ifdef'ed out at the
moment as I don't think cumulative permission sets make sense in POSIX even though that's the way Windows works.... Jeremy. (This used to be commit 6ddd5b6ca7dde45ce866f852861e143434c84c7e)
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/posix_acls.c50
1 files changed, 49 insertions, 1 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index aaf71c82ca..3824afe3c4 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1171,7 +1171,7 @@ Deny entry after Allow entry. Failing to set on file %s.\n", fsp->fsp_name ));
/****************************************************************************
ASCII art time again... JRA :-).
- We have 3 cases to process when moving from an NT ACL to a POSIX ACL. Firstly,
+ We have 4 cases to process when moving from an NT ACL to a POSIX ACL. Firstly,
we insist the ACL is in canonical form (ie. all DENY entries preceede ALLOW
entries). Secondly, the merge code has ensured that all duplicate SID entries for
allow or deny have been merged, so the same SID can only appear once in the deny
@@ -1244,6 +1244,15 @@ Deny entry after Allow entry. Failing to set on file %s.\n", fsp->fsp_name ));
best we can do and has the advantage of failing closed rather
than open.
---------------------------------------------------------------------------
+ Fourth pass - cope with cumulative permissions.
+
+ for all allow user entries, if there exists an allow group entry with
+ more permissive permissions, and the user is in that group, rewrite the
+ allow user permissions to contain both sets of permissions.
+
+ Currently the code for this is #ifdef'ed out as these semantics make
+ no sense to me. JRA.
+ ---------------------------------------------------------------------------
Note we *MUST* do the deny user pass first as this will convert deny user
entries into allow user entries which can then be processed by the deny
@@ -1433,6 +1442,45 @@ static void process_deny_list( canon_ace **pp_ace_list )
}
+ /* Doing this fourth pass allows Windows semantics to be layered
+ * on top of POSIX semantics. I'm not sure if this is desirable.
+ * For example, in W2K ACLs there is no way to say, "Group X no
+ * access, user Y full access" if user Y is a member of group X.
+ * This seems completely broken semantics to me.... JRA.
+ */
+
+#if 0
+ /* Pass 4 above - deal with allow entries. */
+
+ for (curr_ace = ace_list; curr_ace; curr_ace = curr_ace_next) {
+ canon_ace *allow_ace_p;
+
+ curr_ace_next = curr_ace->next; /* So we can't lose the link. */
+
+ if (curr_ace->attr != ALLOW_ACE)
+ continue;
+
+ if (curr_ace->owner_type != UID_ACE)
+ continue;
+
+ for (allow_ace_p = ace_list; allow_ace_p; allow_ace_p = allow_ace_p->next) {
+
+ if (allow_ace_p->attr != ALLOW_ACE)
+ continue;
+
+ /* We process GID_ACE entries only. */
+
+ if (allow_ace_p->owner_type != GID_ACE)
+ continue;
+
+ /* OR in the group perms. */
+
+ if (uid_entry_in_group( curr_ace, allow_ace_p))
+ curr_ace->perms |= allow_ace_p->perms;
+ }
+ }
+#endif
+
*pp_ace_list = ace_list;
}