svn commit: samba r6945 - in trunk/source: include smbd
jra at samba.org
jra at samba.org
Mon May 23 20:47:31 GMT 2005
Author: jra
Date: 2005-05-23 20:47:31 +0000 (Mon, 23 May 2005)
New Revision: 6945
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6945
Log:
Allow mapping of POSIX ACLs to NT perms to differentiate between directories
and files. Needed for Volker's coming changes.
Jeremy.
Modified:
trunk/source/include/smb.h
trunk/source/smbd/posix_acls.c
Changeset:
Modified: trunk/source/include/smb.h
===================================================================
--- trunk/source/include/smb.h 2005-05-23 19:40:47 UTC (rev 6944)
+++ trunk/source/include/smb.h 2005-05-23 20:47:31 UTC (rev 6945)
@@ -1112,6 +1112,12 @@
#define UNIX_ACCESS_W FILE_GENERIC_WRITE
#define UNIX_ACCESS_X FILE_GENERIC_EXECUTE
+/* Mapping of access rights to UNIX perms. for a UNIX directory. */
+#define UNIX_DIRECTORY_ACCESS_RWX FILE_GENERIC_ALL
+#define UNIX_DIRECTORY_ACCESS_R FILE_GENERIC_READ
+#define UNIX_DIRECTORY_ACCESS_W FILE_GENERIC_WRITE
+#define UNIX_DIRECTORY_ACCESS_X FILE_GENERIC_EXECUTE
+
#if 0
/*
* This is the old mapping we used to use. To get W2KSP2 profiles
Modified: trunk/source/smbd/posix_acls.c
===================================================================
--- trunk/source/smbd/posix_acls.c 2005-05-23 19:40:47 UTC (rev 6944)
+++ trunk/source/smbd/posix_acls.c 2005-05-23 20:47:31 UTC (rev 6945)
@@ -801,7 +801,7 @@
not get. Deny entries are implicit on get with ace->perms = 0.
****************************************************************************/
-static SEC_ACCESS map_canon_ace_perms(int *pacl_type, DOM_SID *powner_sid, canon_ace *ace)
+static SEC_ACCESS map_canon_ace_perms(int *pacl_type, DOM_SID *powner_sid, canon_ace *ace, BOOL directory_ace)
{
SEC_ACCESS sa;
uint32 nt_mask = 0;
@@ -809,7 +809,11 @@
*pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED;
if ((ace->perms & ALL_ACE_PERMS) == ALL_ACE_PERMS) {
+ if (directory_ace) {
+ nt_mask = UNIX_DIRECTORY_ACCESS_RWX;
+ } else {
nt_mask = UNIX_ACCESS_RWX;
+ }
} else if ((ace->perms & ALL_ACE_PERMS) == (mode_t)0) {
/*
* Windows NT refuses to display ACEs with no permissions in them (but
@@ -825,9 +829,15 @@
else
nt_mask = 0;
} else {
- nt_mask |= ((ace->perms & S_IRUSR) ? UNIX_ACCESS_R : 0 );
- nt_mask |= ((ace->perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
- nt_mask |= ((ace->perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
+ if (directory_ace) {
+ nt_mask |= ((ace->perms & S_IRUSR) ? UNIX_DIRECTORY_ACCESS_R : 0 );
+ nt_mask |= ((ace->perms & S_IWUSR) ? UNIX_DIRECTORY_ACCESS_W : 0 );
+ nt_mask |= ((ace->perms & S_IXUSR) ? UNIX_DIRECTORY_ACCESS_X : 0 );
+ } else {
+ nt_mask |= ((ace->perms & S_IRUSR) ? UNIX_ACCESS_R : 0 );
+ nt_mask |= ((ace->perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
+ nt_mask |= ((ace->perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
+ }
}
DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",
@@ -2815,7 +2825,7 @@
for (i = 0; i < num_acls; i++, ace = ace->next) {
SEC_ACCESS acc;
- acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace );
+ acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace, fsp->is_directory);
init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc, ace->inherited ? SEC_ACE_FLAG_INHERITED_ACE : 0);
}
@@ -2833,7 +2843,7 @@
for (i = 0; i < num_def_acls; i++, ace = ace->next) {
SEC_ACCESS acc;
- acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace );
+ acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace, fsp->is_directory);
init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc,
SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
SEC_ACE_FLAG_INHERIT_ONLY|
More information about the samba-cvs
mailing list