diff options
author | Andrew Tridgell <tridge@samba.org> | 2011-12-01 13:40:49 +1100 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2011-12-01 05:14:49 +0100 |
commit | 3c4af39aa506a25fc6d6753dbe34e4e1c0dd0b43 (patch) | |
tree | 7ac56983f5a5d2d2de177cc21f056270d892334c /source4/ntvfs/posix/pvfs_acl.c | |
parent | d1274f7f6236b47a1c6aa1737b054ed521d31b67 (diff) | |
download | samba-3c4af39aa506a25fc6d6753dbe34e4e1c0dd0b43.tar.gz samba-3c4af39aa506a25fc6d6753dbe34e4e1c0dd0b43.tar.bz2 samba-3c4af39aa506a25fc6d6753dbe34e4e1c0dd0b43.zip |
s4-ntvfs: added allow_override check based on use of NT ACL
This disables the posix permission override if the calculated
permissions did not come from a NT ACL.
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Dec 1 05:14:49 CET 2011 on sn-devel-104
Diffstat (limited to 'source4/ntvfs/posix/pvfs_acl.c')
-rw-r--r-- | source4/ntvfs/posix/pvfs_acl.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 664196ab3e..810dcddbd3 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -643,6 +643,14 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, /* check the acl against the required access mask */ status = se_access_check(sd, token, *access_mask, access_mask); talloc_free(acl); + + /* if we used a NT acl, then allow access override if the + share allows for posix permission override + */ + if (NT_STATUS_IS_OK(status)) { + name->allow_override = (pvfs->flags & PVFS_FLAG_PERM_OVERRIDE) != 0; + } + done: if (pvfs->ntvfs->ctx->protocol < PROTOCOL_SMB2_02) { /* on SMB, this bit is always granted, even if not @@ -771,7 +779,11 @@ NTSTATUS pvfs_access_check_parent(struct pvfs_state *pvfs, return status; } - return pvfs_access_check_simple(pvfs, req, parent, access_mask); + status = pvfs_access_check_simple(pvfs, req, parent, access_mask); + if (NT_STATUS_IS_OK(status) && parent->allow_override) { + name->allow_override = true; + } + return status; } |