From 58e5e1ea8d4c5a9eb8d36aa8132fd1ba3985ca53 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 5 Aug 2009 11:21:06 +1000 Subject: make the UID_WRAPPER skip checks at runtime This fixes two issues pointed out by Andrew. It adds a runtime uwrap_enabled() call that wraps the skips needed for uid emulation. It also makes the skip in the directory_create_or_exist() function only change the uid checking code, not the permissions code --- source4/ntvfs/posix/pvfs_acl.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'source4/ntvfs/posix') diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index f5a00c08a8..232883911e 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -473,13 +473,13 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, max_bits |= SEC_STD_ALL; } -#ifdef UID_WRAPPER_REPLACE - /* when running with the uid wrapper, files will be created - owned by the ruid, but we may have a different simulated - euid. We need to force the permission bits as though the - files owner matches the euid */ - max_bits |= SEC_STD_ALL; -#endif + if (!uwrap_enabled()) { + /* when running with the uid wrapper, files will be created + owned by the ruid, but we may have a different simulated + euid. We need to force the permission bits as though the + files owner matches the euid */ + max_bits |= SEC_STD_ALL; + } if (*access_mask == SEC_FLAG_MAXIMUM_ALLOWED) { *access_mask = max_bits; -- cgit