svn commit: samba r6945 - in trunk/source: include smbd

Mon May 23 20:47:31 GMT 2005

Author: jra
Date: 2005-05-23 20:47:31 +0000 (Mon, 23 May 2005)
New Revision: 6945

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=6945

Log:
Allow mapping of POSIX ACLs to NT perms to differentiate between directories
and files. Needed for Volker's coming changes.
Jeremy.

Modified:
   trunk/source/include/smb.h
   trunk/source/smbd/posix_acls.c


Changeset:
Modified: trunk/source/include/smb.h
===================================================================

--- trunk/source/include/smb.h	2005-05-23 19:40:47 UTC (rev 6944)
+++ trunk/source/include/smb.h	2005-05-23 20:47:31 UTC (rev 6945)
@@ -1112,6 +1112,12 @@
 #define UNIX_ACCESS_W		FILE_GENERIC_WRITE
 #define UNIX_ACCESS_X		FILE_GENERIC_EXECUTE
 
+/* Mapping of access rights to UNIX perms. for a UNIX directory. */
+#define UNIX_DIRECTORY_ACCESS_RWX		FILE_GENERIC_ALL
+#define UNIX_DIRECTORY_ACCESS_R 		FILE_GENERIC_READ
+#define UNIX_DIRECTORY_ACCESS_W			FILE_GENERIC_WRITE
+#define UNIX_DIRECTORY_ACCESS_X			FILE_GENERIC_EXECUTE
+
 #if 0
 /*
  * This is the old mapping we used to use. To get W2KSP2 profiles

Modified: trunk/source/smbd/posix_acls.c
===================================================================
--- trunk/source/smbd/posix_acls.c	2005-05-23 19:40:47 UTC (rev 6944)
+++ trunk/source/smbd/posix_acls.c	2005-05-23 20:47:31 UTC (rev 6945)
@@ -801,7 +801,7 @@
  not get. Deny entries are implicit on get with ace->perms = 0.
 ****************************************************************************/
 
-static SEC_ACCESS map_canon_ace_perms(int *pacl_type, DOM_SID *powner_sid, canon_ace *ace)
+static SEC_ACCESS map_canon_ace_perms(int *pacl_type, DOM_SID *powner_sid, canon_ace *ace, BOOL directory_ace)
 {
 	SEC_ACCESS sa;
 	uint32 nt_mask = 0;
@@ -809,7 +809,11 @@
 	*pacl_type = SEC_ACE_TYPE_ACCESS_ALLOWED;
 
 	if ((ace->perms & ALL_ACE_PERMS) == ALL_ACE_PERMS) {
+		if (directory_ace) {
+			nt_mask = UNIX_DIRECTORY_ACCESS_RWX;
+		} else {
 			nt_mask = UNIX_ACCESS_RWX;
+		}
 	} else if ((ace->perms & ALL_ACE_PERMS) == (mode_t)0) {
 		/*
 		 * Windows NT refuses to display ACEs with no permissions in them (but
@@ -825,9 +829,15 @@
 		else
 			nt_mask = 0;
 	} else {
-		nt_mask |= ((ace->perms & S_IRUSR) ? UNIX_ACCESS_R : 0 );
-		nt_mask |= ((ace->perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
-		nt_mask |= ((ace->perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
+		if (directory_ace) {
+			nt_mask |= ((ace->perms & S_IRUSR) ? UNIX_DIRECTORY_ACCESS_R : 0 );
+			nt_mask |= ((ace->perms & S_IWUSR) ? UNIX_DIRECTORY_ACCESS_W : 0 );
+			nt_mask |= ((ace->perms & S_IXUSR) ? UNIX_DIRECTORY_ACCESS_X : 0 );
+		} else {
+			nt_mask |= ((ace->perms & S_IRUSR) ? UNIX_ACCESS_R : 0 );
+			nt_mask |= ((ace->perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
+			nt_mask |= ((ace->perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
+		}
 	}
 
 	DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",
@@ -2815,7 +2825,7 @@
 			for (i = 0; i < num_acls; i++, ace = ace->next) {
 				SEC_ACCESS acc;
 
-				acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace );
+				acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace, fsp->is_directory);
 				init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc, ace->inherited ? SEC_ACE_FLAG_INHERITED_ACE : 0);
 			}
 
@@ -2833,7 +2843,7 @@
 			for (i = 0; i < num_def_acls; i++, ace = ace->next) {
 				SEC_ACCESS acc;
 	
-				acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace );
+				acc = map_canon_ace_perms(&nt_acl_type, &owner_sid, ace, fsp->is_directory);
 				init_sec_ace(&nt_ace_list[num_aces++], &ace->trustee, nt_acl_type, acc,
 						SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT|
 						SEC_ACE_FLAG_INHERIT_ONLY|

