diff options
| author | Jeremy Allison <jra@samba.org> | 2008-10-08 15:19:04 -0700 |
|---|---|---|
| committer | Karolin Seeger <kseeger@samba.org> | 2008-10-15 18:05:46 +0200 |
| commit | 833a9f5f57933cab0ebf480212f016f70696a150 (patch) | |
| tree | f7da1a03f6fd9790df0b0cc584ddc97fc987b4b0 /source | |
| parent | c62e2d9e7a5c2c4dc04c2b1d78af90c6d557a40f (diff) | |
| download | samba-833a9f5f57933cab0ebf480212f016f70696a150.tar.gz | |
Deal with inheritance from parent directory when setting Windows
ACLs.
Jeremy.
(cherry picked from commit efc3de5e2490be615121f7231cd1611df2163e78)
Diffstat (limited to 'source')
| -rw-r--r-- | source/include/proto.h | 3 | ||||
| -rw-r--r-- | source/modules/vfs_acl_xattr.c | 16 | ||||
| -rw-r--r-- | source/smbd/posix_acls.c | 2 |
3 files changed, 20 insertions, 1 deletions
diff --git a/source/include/proto.h b/source/include/proto.h index 23a56835a09..46933d6fc3e 100644 --- a/source/include/proto.h +++ b/source/include/proto.h @@ -10024,6 +10024,9 @@ NTSTATUS posix_fget_nt_acl(struct files_struct *fsp, uint32_t security_info, NTSTATUS posix_get_nt_acl(struct connection_struct *conn, const char *name, uint32_t security_info, SEC_DESC **ppdesc); int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid); +NTSTATUS append_parent_acl(files_struct *fsp, + const SEC_DESC *pcsd, + SEC_DESC **pp_new_sd); NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd); int get_acl_group_bits( connection_struct *conn, const char *fname, mode_t *mode ); int chmod_acl(connection_struct *conn, const char *name, mode_t mode); diff --git a/source/modules/vfs_acl_xattr.c b/source/modules/vfs_acl_xattr.c index f390786da38..106c33e3c86 100644 --- a/source/modules/vfs_acl_xattr.c +++ b/source/modules/vfs_acl_xattr.c @@ -317,6 +317,22 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp, return status; } + if ((security_info_sent & DACL_SECURITY_INFORMATION) && + psd->dacl != NULL && + (psd->type & (SE_DESC_DACL_AUTO_INHERITED| + SE_DESC_DACL_AUTO_INHERIT_REQ))== + (SE_DESC_DACL_AUTO_INHERITED| + SE_DESC_DACL_AUTO_INHERIT_REQ) ) { + SEC_DESC *new_psd = NULL; + status = append_parent_acl(fsp, psd, &new_psd); + if (!NT_STATUS_IS_OK(status)) { + /* Lower level acl set succeeded, + * so still return OK. */ + return NT_STATUS_OK; + } + psd = new_psd; + } + create_acl_blob(psd, &blob); store_acl_blob(fsp, &blob); diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 48ea993e28f..da17e53b2ca 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -3227,7 +3227,7 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid) Take care of parent ACL inheritance. ****************************************************************************/ -static NTSTATUS append_parent_acl(files_struct *fsp, +NTSTATUS append_parent_acl(files_struct *fsp, const SEC_DESC *pcsd, SEC_DESC **pp_new_sd) { |