From 291b02a639aa6551ac1f59e47a78d5590d2b7f6e Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Fri, 31 Dec 2004 08:56:32 +0000 Subject: r4448: - fixed access_mask checking on acl set - honor the change ownership requests of acl set, changing the underlying unix owner/group - fix the access mask on file create with SEC_FLAG_MAXIMUM_ALLOWED (This used to be commit 5761fa35ab727b51ef1b52459911bafbdd788755) --- source4/ntvfs/posix/pvfs_setfileinfo.c | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_setfileinfo.c') diff --git a/source4/ntvfs/posix/pvfs_setfileinfo.c b/source4/ntvfs/posix/pvfs_setfileinfo.c index fbc71dc9d4..7144f37a14 100644 --- a/source4/ntvfs/posix/pvfs_setfileinfo.c +++ b/source4/ntvfs/posix/pvfs_setfileinfo.c @@ -29,11 +29,11 @@ /* determine what access bits are needed for a call */ -static uint32_t pvfs_setfileinfo_access(enum smb_setfileinfo_level level) +static uint32_t pvfs_setfileinfo_access(union smb_setfileinfo *info) { uint32_t needed; - switch (level) { + switch (info->generic.level) { case RAW_SFILEINFO_EA_SET: needed = SEC_FILE_WRITE_EA; break; @@ -51,6 +51,13 @@ static uint32_t pvfs_setfileinfo_access(enum smb_setfileinfo_level level) needed = 0; break; + case RAW_SFILEINFO_SEC_DESC: + needed = 0; + if (info->set_secdesc.in.secinfo_flags & (SECINFO_DACL|SECINFO_SACL)) { + needed |= SEC_STD_WRITE_DAC; + } + break; + default: needed = SEC_FILE_WRITE_ATTRIBUTE; break; @@ -248,7 +255,7 @@ NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs, h = f->handle; - access_needed = pvfs_setfileinfo_access(info->generic.level); + access_needed = pvfs_setfileinfo_access(info); if ((f->access_mask & access_needed) != access_needed) { return NT_STATUS_ACCESS_DENIED; } @@ -358,7 +365,7 @@ NTSTATUS pvfs_setfileinfo(struct ntvfs_module_context *ntvfs, &info->rename_information.in); case RAW_SFILEINFO_SEC_DESC: - return pvfs_acl_set(pvfs, req, h->name, h->fd, info); + return pvfs_acl_set(pvfs, req, h->name, h->fd, f->access_mask, info); default: return NT_STATUS_INVALID_LEVEL; @@ -442,7 +449,7 @@ NTSTATUS pvfs_setpathinfo(struct ntvfs_module_context *ntvfs, return NT_STATUS_OBJECT_NAME_NOT_FOUND; } - access_needed = pvfs_setfileinfo_access(info->generic.level); + access_needed = pvfs_setfileinfo_access(info); status = pvfs_access_check_simple(pvfs, req, name, access_needed); if (!NT_STATUS_IS_OK(status)) { return status; -- cgit