summaryrefslogtreecommitdiff
path: root/source3/smbd/vfs-wrap.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd/vfs-wrap.c')
-rw-r--r--source3/smbd/vfs-wrap.c38
1 files changed, 38 insertions, 0 deletions
diff --git a/source3/smbd/vfs-wrap.c b/source3/smbd/vfs-wrap.c
index a9d8a32430..ad4d4ddbef 100644
--- a/source3/smbd/vfs-wrap.c
+++ b/source3/smbd/vfs-wrap.c
@@ -107,6 +107,20 @@ int vfswrap_mkdir(connection_struct *conn, char *path, mode_t mode)
#endif
result = mkdir(path, mode);
+
+ if (result == 0) {
+ /*
+ * We need to do this as the default behavior of POSIX ACLs
+ * is to set the mask to be the requested group permission
+ * bits, not the group permission bits to be the requested
+ * group permission bits. This is not what we want, as it will
+ * mess up any inherited ACL bits that were set. JRA.
+ */
+ if (conn->vfs_ops.chmod_acl != NULL) {
+ conn->vfs_ops.chmod_acl(conn, path, mode);
+ }
+ }
+
END_PROFILE(syscall_mkdir);
return result;
}
@@ -332,6 +346,19 @@ int vfswrap_chmod(connection_struct *conn, char *path, mode_t mode)
}
#endif
+ /*
+ * We need to do this due to the fact that the default POSIX ACL
+ * chmod modifies the ACL *mask* for the group owner, not the
+ * group owner bits directly. JRA.
+ */
+
+ if (conn->vfs_ops.chmod_acl != NULL) {
+ if ((result = conn->vfs_ops.chmod_acl(conn, path, mode)) == 0) {
+ END_PROFILE(syscall_chmod);
+ return result;
+ }
+ }
+
result = chmod(path, mode);
END_PROFILE(syscall_chmod);
return result;
@@ -506,4 +533,15 @@ BOOL vfswrap_set_nt_acl(files_struct *fsp, char *name, uint32 security_info_sent
{
return set_nt_acl(fsp, security_info_sent, psd);
}
+
+int vfswrap_chmod_acl(connection_struct *conn, char *name, mode_t mode)
+{
+ return chmod_acl(name, mode);
+}
+
+int vfswrap_fchmod_acl(files_struct *fsp, int fd, mode_t mode)
+{
+ return fchmod_acl(fd, mode);
+}
+
#undef OLD_NTDOMAIN