summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2011-11-22 11:53:51 -0800
committerJeremy Allison <jra@samba.org>2011-11-22 11:53:51 -0800
commit6795432f272e725198dcd3514910c823d96d0a55 (patch)
treec97195021cd6d9ca24721f68e372c60f0e6e3382 /source3
parent7b275c551ba3caee9e020740a672f8dd447769ff (diff)
downloadsamba-6795432f272e725198dcd3514910c823d96d0a55.tar.gz
samba-6795432f272e725198dcd3514910c823d96d0a55.tar.bz2
samba-6795432f272e725198dcd3514910c823d96d0a55.zip
Move the "set SD" code into provided SD and "inherit acls" branches.
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/open.c61
1 files changed, 32 insertions, 29 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 936c27e64d..95b980f99a 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3457,42 +3457,45 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
}
}
- /*
- * According to the MS documentation, the only time the security
- * descriptor is applied to the opened file is iff we *created* the
- * file; an existing file stays the same.
- *
- * Also, it seems (from observation) that you can open the file with
- * any access mask but you can still write the sd. We need to override
- * the granted access before we call set_sd
- * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
- */
-
- if ((sd != NULL) && (info == FILE_WAS_CREATED)
- && lp_nt_acl_support(SNUM(conn)) && fsp->base_fsp == NULL) {
+ if ((info == FILE_WAS_CREATED) && lp_nt_acl_support(SNUM(conn)) &&
+ fsp->base_fsp == NULL) {
+ if (sd != NULL) {
+ /*
+ * According to the MS documentation, the only time the security
+ * descriptor is applied to the opened file is iff we *created* the
+ * file; an existing file stays the same.
+ *
+ * Also, it seems (from observation) that you can open the file with
+ * any access mask but you can still write the sd. We need to override
+ * the granted access before we call set_sd
+ * Patch for bug #2242 from Tom Lackemann <cessnatomny@yahoo.com>.
+ */
- uint32_t sec_info_sent;
- uint32_t saved_access_mask = fsp->access_mask;
+ uint32_t sec_info_sent;
+ uint32_t saved_access_mask = fsp->access_mask;
- sec_info_sent = get_sec_info(sd);
+ sec_info_sent = get_sec_info(sd);
- fsp->access_mask = FILE_GENERIC_ALL;
+ fsp->access_mask = FILE_GENERIC_ALL;
- /* Convert all the generic bits. */
- security_acl_map_generic(sd->dacl, &file_generic_mapping);
- security_acl_map_generic(sd->sacl, &file_generic_mapping);
+ /* Convert all the generic bits. */
+ security_acl_map_generic(sd->dacl, &file_generic_mapping);
+ security_acl_map_generic(sd->sacl, &file_generic_mapping);
- if (sec_info_sent & (SECINFO_OWNER|
- SECINFO_GROUP|
- SECINFO_DACL|
- SECINFO_SACL)) {
- status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
- }
+ if (sec_info_sent & (SECINFO_OWNER|
+ SECINFO_GROUP|
+ SECINFO_DACL|
+ SECINFO_SACL)) {
+ status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
+ }
- fsp->access_mask = saved_access_mask;
+ fsp->access_mask = saved_access_mask;
- if (!NT_STATUS_IS_OK(status)) {
- goto fail;
+ if (!NT_STATUS_IS_OK(status)) {
+ goto fail;
+ }
+ } else if (lp_inherit_acls(SNUM(conn))) {
+ /* Inherit from parent. */
}
}