diff options
author | Andrew Tridgell <tridge@samba.org> | 2005-01-07 02:14:34 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:08:29 -0500 |
commit | ad7da47948a5a3ed2c3fc18392b83c059bec5b6e (patch) | |
tree | 2b9dda60131d9bc259917be21fa63e669f94dbef /source4/ntvfs/posix/pvfs_acl.c | |
parent | 1a019f988385ee8ef947fc5054ee86b9c2cc632e (diff) | |
download | samba-ad7da47948a5a3ed2c3fc18392b83c059bec5b6e.tar.gz samba-ad7da47948a5a3ed2c3fc18392b83c059bec5b6e.tar.xz samba-ad7da47948a5a3ed2c3fc18392b83c059bec5b6e.zip |
r4584: fix pvfs backend to pass the new enhanced RAW-ACLS test. Easy once I really the
strange behaviour I saw was a w2k3 bug :-)
(This used to be commit e729061bcde25d0565a72222e4720ca8074ef23f)
Diffstat (limited to 'source4/ntvfs/posix/pvfs_acl.c')
-rw-r--r-- | source4/ntvfs/posix/pvfs_acl.c | 34 |
1 files changed, 32 insertions, 2 deletions
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 86a9a56ee91..5d8225f8ecd 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -392,6 +392,8 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, /* expand the generic access bits to file specific bits */ *access_mask = pvfs_translate_mask(*access_mask); + *access_mask &= ~SEC_FILE_READ_ATTRIBUTE; + /* check the acl against the required access mask */ status = sec_access_check(sd, token, *access_mask, access_mask); @@ -424,7 +426,35 @@ NTSTATUS pvfs_access_check_simple(struct pvfs_state *pvfs, */ NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs, struct smbsrv_request *req, - struct pvfs_filename *name) + struct pvfs_filename *name, + uint32_t *access_mask) +{ + struct pvfs_filename *parent; + NTSTATUS status; + + status = pvfs_resolve_parent(pvfs, req, name, &parent); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + status = pvfs_access_check(pvfs, req, parent, access_mask); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + + if (! ((*access_mask) & SEC_DIR_ADD_FILE)) { + return pvfs_access_check_simple(pvfs, req, name, SEC_DIR_ADD_FILE); + } + + return status; +} + +/* + access check for creating a new file/directory - no access mask supplied +*/ +NTSTATUS pvfs_access_check_create_nomask(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name) { struct pvfs_filename *parent; NTSTATUS status; @@ -434,7 +464,7 @@ NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs, return status; } - return pvfs_access_check_simple(pvfs, req, parent, SEC_DIR_ADD_FILE); + return pvfs_access_check_simple(pvfs, req, name, SEC_DIR_ADD_FILE); } |