From a9f75bd3b7e86090eb95ae3d9c3dce787befcfc1 Mon Sep 17 00:00:00 2001 From: Alexander Werth Date: Thu, 2 May 2013 16:53:35 +0200 Subject: s3: Use mode bits in some cases in mode simple. Non inheriting ACL entries will show mode bits. With this an file owner change does affect the effective ACL because the special owner acl will now refer to the new owner. This could be fixed by updating the ACL on a file owner change. Reviewed-by: Andrew Bartlett Reviewed-by: Jeremy Allison --- source3/modules/nfs4_acls.c | 46 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'source3') diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c index e906fcd161..3f6d8d8258 100644 --- a/source3/modules/nfs4_acls.c +++ b/source3/modules/nfs4_acls.c @@ -820,6 +820,48 @@ static int smbacl4_substitute_special( return True; /* OK */ } +static int smbacl4_substitute_simple( + SMB4ACL_T *theacl, + uid_t ownerUID, + gid_t ownerGID +) +{ + SMB_ACL4_INT_T *aclint = get_validated_aclint(theacl); + SMB_ACE4_INT_T *aceint; + + for(aceint = aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) { + SMB_ACE4PROP_T *ace = &aceint->prop; + + DEBUG(10,("ace type: %d, iflags: %x, flags: %x, " + "mask: %x, who: %d\n", + ace->aceType, ace->flags, ace->aceFlags, + ace->aceMask, ace->who.id)); + + if (!(ace->flags & SMB_ACE4_ID_SPECIAL) && + !(ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP) && + ace->who.uid == ownerUID && + !(ace->aceFlags & SMB_ACE4_INHERIT_ONLY_ACE) && + !(ace->aceFlags & SMB_ACE4_FILE_INHERIT_ACE) && + !(ace->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE)) { + ace->flags |= SMB_ACE4_ID_SPECIAL; + ace->who.special_id = SMB_ACE4_WHO_OWNER; + DEBUG(10,("replaced with special owner ace\n")); + } + + if (!(ace->flags & SMB_ACE4_ID_SPECIAL) && + ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP && + ace->who.uid == ownerGID && + !(ace->aceFlags & SMB_ACE4_INHERIT_ONLY_ACE) && + !(ace->aceFlags & SMB_ACE4_FILE_INHERIT_ACE) && + !(ace->aceFlags & SMB_ACE4_DIRECTORY_INHERIT_ACE)) { + ace->flags |= SMB_ACE4_ID_SPECIAL; + ace->who.special_id = SMB_ACE4_WHO_GROUP; + DEBUG(10,("replaced with special group ace\n")); + } + } + return True; /* OK */ +} + static SMB4ACL_T *smbacl4_win2nfs4( TALLOC_CTX *mem_ctx, const files_struct *fsp, @@ -862,6 +904,10 @@ static SMB4ACL_T *smbacl4_win2nfs4( smb_add_ace4(theacl, &ace_v4); } + if (pparams->mode==e_simple) { + smbacl4_substitute_simple(theacl, ownerUID, ownerGID); + } + if (pparams->mode==e_special) { smbacl4_substitute_special(theacl, ownerUID, ownerGID); } -- cgit