From a834a73e341059be154426390304a42e4a011f72 Mon Sep 17 00:00:00 2001
From: Gerald Carter <jerry@samba.org>
Date: Wed, 25 Sep 2002 15:19:00 +0000
Subject: sync'ing up for 3.0alpha20 release (This used to be commit
 65e7b5273bb58802bf0c389b77f7fcae0a1f6139)

---
 source3/smbd/posix_acls.c | 30 ++++++++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

(limited to 'source3/smbd/posix_acls.c')

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 043e33e836..e6ae1c7d79 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1881,6 +1881,8 @@ static int nt_ace_comp( SEC_ACE *a1, SEC_ACE *a2)
 
 size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
 {
+	extern DOM_SID global_sid_Builtin_Administrators;
+	extern DOM_SID global_sid_Builtin_Users;
 	connection_struct *conn = fsp->conn;
 	SMB_STRUCT_STAT sbuf;
 	SEC_ACE *nt_ace_list = NULL;
@@ -1895,6 +1897,7 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
 	SMB_ACL_T dir_acl = NULL;
 	canon_ace *file_ace = NULL;
 	canon_ace *dir_ace = NULL;
+	size_t num_profile_acls = 0;
  
 	*ppdesc = NULL;
 
@@ -1939,7 +1942,14 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
 	 * Get the owner, group and world SIDs.
 	 */
 
-	create_file_sids(&sbuf, &owner_sid, &group_sid);
+	if (lp_profile_acls(SNUM(fsp->conn))) {
+		/* For WXP SP1 the owner must be administrators. */
+		sid_copy(&owner_sid, &global_sid_Builtin_Administrators);
+		sid_copy(&group_sid, &global_sid_Builtin_Users);
+		num_profile_acls = 2;
+	} else {
+		create_file_sids(&sbuf, &owner_sid, &group_sid);
+	}
 
 	/* Create the canon_ace lists. */
 	file_ace = canonicalise_acl( fsp, posix_acl, &sbuf,  &owner_sid, &group_sid);
@@ -1963,7 +1973,7 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
 	}
 
 	/* Allocate the ace list. */
-	if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_dir_acls)* sizeof(SEC_ACE))) == NULL) {
+	if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_profile_acls + num_dir_acls)* sizeof(SEC_ACE))) == NULL) {
 		DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
 		goto done;
 	}
@@ -1986,6 +1996,13 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
 			init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc, 0);
 		}
 
+		/* The User must have access to a profile share - even if we can't map the SID. */
+		if (lp_profile_acls(SNUM(fsp->conn))) {
+			SEC_ACCESS acc;
+			init_sec_access(&acc,FILE_GENERIC_ALL);
+			init_sec_ace(&nt_ace_list[num_aces++], &global_sid_Builtin_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, acc, 0);
+		}
+
 		ace = dir_ace;
 
 		for (i = 0; i < num_dir_acls; i++, ace = ace->next) {
@@ -1994,6 +2011,15 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
 					SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|SEC_ACE_FLAG_INHERIT_ONLY);
 		}
 
+		/* The User must have access to a profile share - even if we can't map the SID. */
+		if (lp_profile_acls(SNUM(fsp->conn))) {
+			SEC_ACCESS acc;
+			init_sec_access(&acc,FILE_GENERIC_ALL);
+			init_sec_ace(&nt_ace_list[num_aces++], &global_sid_Builtin_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, acc,
+					SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
+					SEC_ACE_FLAG_INHERIT_ONLY);
+		}
+
 		/*
 		 * Sort to force deny entries to the front.
 		 */
-- 
cgit