diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-12-14 22:17:41 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:07:26 -0500 |
commit | d21a55dda787a65f15eccb6442189ad7d97526f0 (patch) | |
tree | 637d754c709a0802f0bdb364983ae40a0f5ca150 /source4/ntvfs | |
parent | 1a340869c43f9ce741e8a4bd28ea01ec63301df5 (diff) | |
download | samba-d21a55dda787a65f15eccb6442189ad7d97526f0.tar.gz samba-d21a55dda787a65f15eccb6442189ad7d97526f0.tar.xz samba-d21a55dda787a65f15eccb6442189ad7d97526f0.zip |
r4205: fixed the default acl mapping from posix permissions to use the mapped
uid->sid and gid->sid
(This used to be commit 590e1a91bfc719c2d84a9a066fb4e0308b6d9803)
Diffstat (limited to 'source4/ntvfs')
-rw-r--r-- | source4/ntvfs/posix/pvfs_acl.c | 66 |
1 files changed, 33 insertions, 33 deletions
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index e2d779f91cd..95a4e5765c0 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -68,17 +68,11 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, struct xattr_NTACL *acl) { struct security_descriptor *sd; - int i; - struct security_ace ace; NTSTATUS status; - const char *sid_names[] = { - SID_BUILTIN_ADMINISTRATORS, - SID_CREATOR_OWNER, - SID_CREATOR_GROUP, - SID_WORLD - }; - uint32_t access_masks[4]; + struct security_ace aces[4]; mode_t mode; + struct dom_sid *sid; + int i; sd = security_descriptor_initialise(req); if (sd == NULL) { @@ -103,15 +97,15 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, - Group - Everyone */ - access_masks[0] = SEC_RIGHTS_FILE_ALL; - access_masks[1] = 0; - access_masks[2] = 0; - access_masks[3] = 0; + aces[0].access_mask = SEC_RIGHTS_FILE_ALL; + aces[1].access_mask = 0; + aces[2].access_mask = 0; + aces[3].access_mask = 0; mode = name->st.st_mode; if (mode & S_IRUSR) { - access_masks[1] |= + aces[1].access_mask |= SEC_FILE_READ_DATA | SEC_FILE_READ_EA | SEC_FILE_READ_ATTRIBUTE | @@ -120,7 +114,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, SEC_STD_READ_CONTROL; } if (mode & S_IWUSR) { - access_masks[1] |= + aces[1].access_mask |= SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | SEC_FILE_WRITE_EA | @@ -129,7 +123,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, } if (mode & S_IRGRP) { - access_masks[2] |= + aces[2].access_mask |= SEC_FILE_READ_DATA | SEC_FILE_READ_EA | SEC_FILE_READ_ATTRIBUTE | @@ -138,7 +132,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, SEC_STD_READ_CONTROL; } if (mode & S_IWGRP) { - access_masks[2] |= + aces[2].access_mask |= SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | SEC_FILE_WRITE_EA | @@ -146,7 +140,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, } if (mode & S_IROTH) { - access_masks[3] |= + aces[3].access_mask |= SEC_FILE_READ_DATA | SEC_FILE_READ_EA | SEC_FILE_READ_ATTRIBUTE | @@ -155,31 +149,37 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs, SEC_STD_READ_CONTROL; } if (mode & S_IWOTH) { - access_masks[3] |= + aces[3].access_mask |= SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE; } - ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED; - ace.flags = 0; + sid = dom_sid_parse_talloc(sd, SID_BUILTIN_ADMINISTRATORS); + if (sid == NULL) return NT_STATUS_NO_MEMORY; + + aces[0].type = SEC_ACE_TYPE_ACCESS_ALLOWED; + aces[0].flags = 0; + aces[0].trustee = *sid; + + aces[1].type = SEC_ACE_TYPE_ACCESS_ALLOWED; + aces[1].flags = 0; + aces[1].trustee = *sd->owner_sid; - for (i=0;i<ARRAY_SIZE(sid_names);i++) { - struct dom_sid *sid; + aces[2].type = SEC_ACE_TYPE_ACCESS_ALLOWED; + aces[2].flags = 0; + aces[2].trustee = *sd->group_sid; - ace.access_mask = access_masks[i]; + sid = dom_sid_parse_talloc(sd, SID_WORLD); + if (sid == NULL) return NT_STATUS_NO_MEMORY; - sid = dom_sid_parse_talloc(sd, sid_names[i]); - if (sid == NULL) { - return NT_STATUS_NO_MEMORY; - } - ace.trustee = *sid; + aces[3].type = SEC_ACE_TYPE_ACCESS_ALLOWED; + aces[3].flags = 0; + aces[3].trustee = *sid; - status = security_descriptor_dacl_add(sd, &ace); - if (!NT_STATUS_IS_OK(status)) { - return status; - } + for (i=0;i<4;i++) { + security_descriptor_dacl_add(sd, &aces[i]); } acl->version = 1; |