s4-ntvfs: added allow_override check based on use of NT ACL

This disables the posix permission override if the calculated
permissions did not come from a NT ACL.

Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Dec  1 05:14:49 CET 2011 on sn-devel-104

1 files changed, 13 insertions, 1 deletions

diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index 664196ab3e..810dcddbd3 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -643,6 +643,14 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
 	/* check the acl against the required access mask */
 	status = se_access_check(sd, token, *access_mask, access_mask);
 	talloc_free(acl);
+
+	/* if we used a NT acl, then allow access override if the
+	   share allows for posix permission override
+	*/
+	if (NT_STATUS_IS_OK(status)) {
+		name->allow_override = (pvfs->flags & PVFS_FLAG_PERM_OVERRIDE) != 0;
+	}
+
 done:
 	if (pvfs->ntvfs->ctx->protocol < PROTOCOL_SMB2_02) {
 		/* on SMB, this bit is always granted, even if not
@@ -771,7 +779,11 @@ NTSTATUS pvfs_access_check_parent(struct pvfs_state *pvfs,
 		return status;
 	}
 
-	return pvfs_access_check_simple(pvfs, req, parent, access_mask);
+	status = pvfs_access_check_simple(pvfs, req, parent, access_mask);
+	if (NT_STATUS_IS_OK(status) && parent->allow_override) {
+		name->allow_override = true;
+	}
+	return status;
 }