diff options
Diffstat (limited to 'source3/smbd/posix_acls.c')
-rw-r--r-- | source3/smbd/posix_acls.c | 30 |
1 files changed, 2 insertions, 28 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index e6ae1c7d79..043e33e836 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1881,8 +1881,6 @@ static int nt_ace_comp( SEC_ACE *a1, SEC_ACE *a2) size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc) { - extern DOM_SID global_sid_Builtin_Administrators; - extern DOM_SID global_sid_Builtin_Users; connection_struct *conn = fsp->conn; SMB_STRUCT_STAT sbuf; SEC_ACE *nt_ace_list = NULL; @@ -1897,7 +1895,6 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc) SMB_ACL_T dir_acl = NULL; canon_ace *file_ace = NULL; canon_ace *dir_ace = NULL; - size_t num_profile_acls = 0; *ppdesc = NULL; @@ -1942,14 +1939,7 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc) * Get the owner, group and world SIDs. */ - if (lp_profile_acls(SNUM(fsp->conn))) { - /* For WXP SP1 the owner must be administrators. */ - sid_copy(&owner_sid, &global_sid_Builtin_Administrators); - sid_copy(&group_sid, &global_sid_Builtin_Users); - num_profile_acls = 2; - } else { - create_file_sids(&sbuf, &owner_sid, &group_sid); - } + create_file_sids(&sbuf, &owner_sid, &group_sid); /* Create the canon_ace lists. */ file_ace = canonicalise_acl( fsp, posix_acl, &sbuf, &owner_sid, &group_sid); @@ -1973,7 +1963,7 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc) } /* Allocate the ace list. */ - if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_profile_acls + num_dir_acls)* sizeof(SEC_ACE))) == NULL) { + if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_dir_acls)* sizeof(SEC_ACE))) == NULL) { DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n")); goto done; } @@ -1996,13 +1986,6 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc) init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc, 0); } - /* The User must have access to a profile share - even if we can't map the SID. */ - if (lp_profile_acls(SNUM(fsp->conn))) { - SEC_ACCESS acc; - init_sec_access(&acc,FILE_GENERIC_ALL); - init_sec_ace(&nt_ace_list[num_aces++], &global_sid_Builtin_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, acc, 0); - } - ace = dir_ace; for (i = 0; i < num_dir_acls; i++, ace = ace->next) { @@ -2011,15 +1994,6 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc) SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_INHERIT_ONLY); } - /* The User must have access to a profile share - even if we can't map the SID. */ - if (lp_profile_acls(SNUM(fsp->conn))) { - SEC_ACCESS acc; - init_sec_access(&acc,FILE_GENERIC_ALL); - init_sec_ace(&nt_ace_list[num_aces++], &global_sid_Builtin_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, acc, - SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT| - SEC_ACE_FLAG_INHERIT_ONLY); - } - /* * Sort to force deny entries to the front. */ |