summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2005-05-23 20:47:43 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 10:56:58 -0500
commit4a494ccf768ea242013a42b8dac61655ca863df4 (patch)
tree28d85194e99ce5056488b5cc67b133320910b96c /source3
parentdc993c13a823c910f342567e0e35465b7409dcf5 (diff)
downloadsamba-4a494ccf768ea242013a42b8dac61655ca863df4.tar.gz
samba-4a494ccf768ea242013a42b8dac61655ca863df4.tar.bz2
samba-4a494ccf768ea242013a42b8dac61655ca863df4.zip
r6946: Allow mapping of POSIX ACLs to NT perms to differentiate between directories
and files. Needed for Volker's coming changes. Jeremy. (This used to be commit b257744fdfd0a8d940ae834b3c21f0f298c7d1f9)
Diffstat (limited to 'source3')
-rw-r--r--source3/include/smb.h6
-rw-r--r--source3/smbd/posix_acls.c22
2 files changed, 22 insertions, 6 deletions
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 41aaa317fd..35ae5723b0 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1110,6 +1110,12 @@ struct bitmap {
#define UNIX_ACCESS_W FILE_GENERIC_WRITE
#define UNIX_ACCESS_X FILE_GENERIC_EXECUTE
+/* Mapping of access rights to UNIX perms. for a UNIX directory. */
+#define UNIX_DIRECTORY_ACCESS_RWX FILE_GENERIC_ALL
+#define UNIX_DIRECTORY_ACCESS_R FILE_GENERIC_READ
+#define UNIX_DIRECTORY_ACCESS_W FILE_GENERIC_WRITE
+#define UNIX_DIRECTORY_ACCESS_X FILE_GENERIC_EXECUTE
+
#if 0
/*
* This is the old mapping we used to use. To get W2KSP2 profiles
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index b5052eec25..b5ac2e8241 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -801,7 +801,7 @@ static BOOL nt4_compatible_acls(void)
not get. Deny entries are implicit on get with ace->perms = 0.
****************************************************************************/
-static SEC_ACCESS map_canon_ace_perms(int *pacl_type, DOM_SID *powner_sid, canon_ace *ace)
+static SEC_ACCESS map_canon_ace_perms(int *pacl_type, DOM_SID *powner_sid, canon_ace *ace, BOOL directory_ace)
{
SEC_ACCESS sa;
uint32 nt_mask = 0;
@@ -809,7 +809,11 @@ static SEC_ACCESS map_canon_ace_perms(int *pacl_type, DOM_SID *powner_sid, canon
*pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED;
if ((ace->perms & ALL_ACE_PERMS) == ALL_ACE_PERMS) {
+ if (directory_ace) {
+ nt_mask = UNIX_DIRECTORY_ACCESS_RWX;
+ } else {
nt_mask = UNIX_ACCESS_RWX;
+ }
} else if ((ace->perms & ALL_ACE_PERMS) == (mode_t)0) {
/*
* Windows NT refuses to display ACEs with no permissions in them (but
@@ -825,9 +829,15 @@ static SEC_ACCESS map_canon_ace_perms(int *pacl_type, DOM_SID *powner_sid, canon
else
nt_mask = 0;
} else {
- nt_mask |= ((ace->perms & S_IRUSR) ? UNIX_ACCESS_R : 0 );
- nt_mask |= ((ace->perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
- nt_mask |= ((ace->perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
+ if (directory_ace) {
+ nt_mask |= ((ace->perms & S_IRUSR) ? UNIX_DIRECTORY_ACCESS_R : 0 );
+ nt_mask |= ((ace->perms & S_IWUSR) ? UNIX_DIRECTORY_ACCESS_W : 0 );
+ nt_mask |= ((ace->perms & S_IXUSR) ? UNIX_DIRECTORY_ACCESS_X : 0 );
+ } else {
+ nt_mask |= ((ace->perms & S_IRUSR) ? UNIX_ACCESS_R : 0 );
+ nt_mask |= ((ace->perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
+ nt_mask |= ((ace->perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
+ }
}
DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",
@@ -2815,7 +2825,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
for (i = 0; i < num_acls; i++, ace = ace->next) {
SEC_ACCESS acc;
- acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace );
+ acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace, fsp->is_directory);
init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc, ace->inherited ? SEC_ACE_FLAG_INHERITED_ACE : 0);
}
@@ -2833,7 +2843,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
for (i = 0; i < num_def_acls; i++, ace = ace->next) {
SEC_ACCESS acc;
- acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace );
+ acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace, fsp->is_directory);
init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc,
SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
SEC_ACE_FLAG_INHERIT_ONLY|