diff options
| author | Jeremy Allison <jra@samba.org> | 2001-06-12 01:49:30 +0000 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2001-06-12 01:49:30 +0000 |
| commit | 2f99c0e602f4fe4d7a95e08d882a0669d9adad11 (patch) | |
| tree | 44ec3ae64ac9f6712dda2373b7fc13c40ee77932 /source3/smbd | |
| parent | 3fc8c04cc23e3eff3f3fc636a56b1acb8fb52a81 (diff) | |
| download | samba-2f99c0e602f4fe4d7a95e08d882a0669d9adad11.tar.gz samba-2f99c0e602f4fe4d7a95e08d882a0669d9adad11.tar.bz2 samba-2f99c0e602f4fe4d7a95e08d882a0669d9adad11.zip | |
lib/util_getent.c: removed debug code.
smbd/posix_acls.c: Attempt to fix the "lose default acl" problem in Solaris.
Needs testing.
lib/sysacls.c: Typo fix.
Jeremy.
(This used to be commit d989f8bd3e1524183a24fb67be1af05b3289f648)
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/posix_acls.c | 53 |
1 files changed, 49 insertions, 4 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index d369746e50..4832184df7 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -631,18 +631,19 @@ static BOOL create_canon_ace_lists(files_struct *fsp, canon_ace *current_ace = NULL; BOOL got_dir_allow = False; BOOL got_file_allow = False; - int i; + int i, j; *ppfile_ace = NULL; *ppdir_ace = NULL; + /* + * Convert the incoming ACL into a more regular form. + */ + for(i = 0; i < dacl->num_aces; i++) { - enum SID_NAME_USE sid_type; SEC_ACE *psa = &dacl->ace[i]; if((psa->type != SEC_ACE_TYPE_ACCESS_ALLOWED) && (psa->type != SEC_ACE_TYPE_ACCESS_DENIED)) { - free_canon_ace_list(file_ace); - free_canon_ace_list(dir_ace); DEBUG(3,("create_canon_ace_lists: unable to set anything but an ALLOW or DENY ACE.\n")); return False; } @@ -664,6 +665,50 @@ static BOOL create_canon_ace_lists(files_struct *fsp, if(psa->info.mask != UNIX_ACCESS_NONE) psa->info.mask &= ~UNIX_ACCESS_NONE; + } + + /* + * Deal with the fact that NT 4.x re-writes the canonical format + * that we return for default ACLs. If a directory ACE is identical + * to a inherited directory ACE then NT changes the bits so that the + * first ACE is set to OI|IO and the second ACE for this SID is set + * to CI. We need to repair this. JRA. + */ + + for(i = 0; i < dacl->num_aces; i++) { + SEC_ACE *psa1 = &dacl->ace[i]; + + for (j = i + 1; j < dacl->num_aces; j++) { + SEC_ACE *psa2 = &dacl->ace[j]; + + if (psa1->info.mask != psa2->info.mask) + continue; + + if (!sid_equal(&psa1->sid, &psa2->sid)) + continue; + + /* + * Ok - permission bits and SIDs are equal. + * Check if flags were re-written. + */ + + if (psa1->flags & SEC_ACE_FLAG_INHERIT_ONLY) { + + psa1->flags |= (psa2->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT)); + psa2->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT); + + } else if (psa2->flags & SEC_ACE_FLAG_INHERIT_ONLY) { + + psa2->flags |= (psa1->flags & (SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT)); + psa1->flags &= ~(SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_OBJECT_INHERIT); + + } + } + } + + for(i = 0; i < dacl->num_aces; i++) { + enum SID_NAME_USE sid_type; + SEC_ACE *psa = &dacl->ace[i]; /* * Create a cannon_ace entry representing this NT DACL ACE. |