diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-12-31 08:56:32 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:07:51 -0500 |
commit | 291b02a639aa6551ac1f59e47a78d5590d2b7f6e (patch) | |
tree | dcba74eba6867928205402457385ed7d1c9f8f04 /source4/ntvfs/posix/pvfs_setfileinfo.c | |
parent | 90a322f6d7fc2d9a12daea8bd752d549eb874814 (diff) | |
download | samba-291b02a639aa6551ac1f59e47a78d5590d2b7f6e.tar.gz samba-291b02a639aa6551ac1f59e47a78d5590d2b7f6e.tar.bz2 samba-291b02a639aa6551ac1f59e47a78d5590d2b7f6e.zip |
r4448: - fixed access_mask checking on acl set
- honor the change ownership requests of acl set, changing the underlying
unix owner/group
- fix the access mask on file create with SEC_FLAG_MAXIMUM_ALLOWED
(This used to be commit 5761fa35ab727b51ef1b52459911bafbdd788755)
Diffstat (limited to 'source4/ntvfs/posix/pvfs_setfileinfo.c')
-rw-r--r-- | source4/ntvfs/posix/pvfs_setfileinfo.c | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/source4/ntvfs/posix/pvfs_setfileinfo.c b/source4/ntvfs/posix/pvfs_setfileinfo.c index fbc71dc9d4..7144f37a14 100644 --- a/source4/ntvfs/posix/pvfs_setfileinfo.c +++ b/source4/ntvfs/posix/pvfs_setfileinfo.c @@ -29,11 +29,11 @@ /* determine what access bits are needed for a call */ -static uint32_t pvfs_setfileinfo_access(enum smb_setfileinfo_level level) +static uint32_t pvfs_setfileinfo_access(union smb_setfileinfo *info) { uint32_t needed; - switch (level) { + switch (info->generic.level) { case RAW_SFILEINFO_EA_SET: needed = SEC_FILE_WRITE_EA; break; @@ -51,6 +51,13 @@ static uint32_t pvfs_setfileinfo_access(enum smb_setfileinfo_level level) needed = 0; break; + case RAW_SFILEINFO_SEC_DESC: + needed = 0; + if (info->set_secdesc.in.secinfo_flags & (SECINFO_DACL|SECINFO_SACL)) { + needed |= SEC_STD_WRITE_DAC; + } + break; + default: needed = SEC_FILE_WRITE_ATTRIBUTE; break; @@ -248,7 +255,7 @@ NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs, h = f->handle; - access_needed = pvfs_setfileinfo_access(info->generic.level); + access_needed = pvfs_setfileinfo_access(info); if ((f->access_mask & access_needed) != access_needed) { return NT_STATUS_ACCESS_DENIED; } @@ -358,7 +365,7 @@ NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs, &info->rename_information.in); case RAW_SFILEINFO_SEC_DESC: - return pvfs_acl_set(pvfs, req, h->name, h->fd, info); + return pvfs_acl_set(pvfs, req, h->name, h->fd, f->access_mask, info); default: return NT_STATUS_INVALID_LEVEL; @@ -442,7 +449,7 @@ NTSTATUS pvfs_setpathinfo(struct ntvfs_module_context *ntvfs, return NT_STATUS_OBJECT_NAME_NOT_FOUND; } - access_needed = pvfs_setfileinfo_access(info->generic.level); + access_needed = pvfs_setfileinfo_access(info); status = pvfs_access_check_simple(pvfs, req, name, access_needed); if (!NT_STATUS_IS_OK(status)) { return status; |