diff options
-rw-r--r-- | source3/include/rpc_secdes.h | 11 | ||||
-rw-r--r-- | source3/smbd/posix_acls.c | 20 |
2 files changed, 17 insertions, 14 deletions
diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h index 1bb25e8651..c271d292b5 100644 --- a/source3/include/rpc_secdes.h +++ b/source3/include/rpc_secdes.h @@ -94,9 +94,18 @@ #define GROUP_SECURITY_INFORMATION 0x00000002 #define DACL_SECURITY_INFORMATION 0x00000004 #define SACL_SECURITY_INFORMATION 0x00000008 +/* Extra W2K flags. */ +#define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000 +#define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000 +#define PROTECTED_SACL_SECURITY_INFORMATION 0x40000000 +#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000 #define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\ - DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION) + DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION\ + UNPROTECTED_SACL_SECURITY_INFORMATION|\ + UNPROTECTED_DACL_SECURITY_INFORMATION|\ + PROTECTED_SACL_SECURITY_INFORMATION|\ + PROTECTED_DACL_SECURITY_INFORMATION) /* Globally Unique ID */ #define GUID_SIZE 16 diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 9773076a46..12eef46595 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -2324,20 +2324,8 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) DLIST_REMOVE(file_ace, ace); SAFE_FREE(ace); } - } else { - - ace = canon_ace_entry_for(dir_ace, SMB_ACL_OTHER, NULL); - if (ace && !ace->perms) { - DLIST_REMOVE(dir_ace, ace); - SAFE_FREE(ace); - } - ace = canon_ace_entry_for(dir_ace, SMB_ACL_GROUP_OBJ, NULL); - if (ace && !ace->perms) { - DLIST_REMOVE(dir_ace, ace); - SAFE_FREE(ace); - } } - + num_acls = count_canon_ace_list(file_ace); num_dir_acls = count_canon_ace_list(dir_ace); @@ -2424,6 +2412,11 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) DEBUG(0,("get_nt_acl: Unable to malloc space for security descriptor.\n")); sd_size = 0; } else { +#if 1 + /* + * JRA. Setting this flag causes W2K clients not to + * propagate ACL sets down a directory tree correctly. + */ /* * Windows 2000: The DACL_PROTECTED flag in the security * descriptor marks the ACL as non-inheriting, i.e., no @@ -2434,6 +2427,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc) * flag doesn't seem to bother Windows NT. */ (*ppdesc)->type |= SE_DESC_DACL_PROTECTED; +#endif } done: |