[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-4310-gaf1cbfa
Jeremy Allison
jra at samba.org
Thu Oct 30 20:52:25 GMT 2008
The branch, v3-3-test has been updated
via af1cbfac50050ee7c185ea5267dc3c7a8159077a (commit)
from 08fed7b1429fcea9f60b9b0a9048339d21f11ebb (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit af1cbfac50050ee7c185ea5267dc3c7a8159077a
Author: Jeremy Allison <jra at samba.org>
Date: Thu Oct 30 13:51:51 2008 -0700
Inherit Windows ACLs on a new directory.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/lib/secdesc.c | 6 ++--
source/modules/vfs_acl_xattr.c | 68 ++++++++++++++++++++++++++++++++-------
2 files changed, 58 insertions(+), 16 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/lib/secdesc.c b/source/lib/secdesc.c
index f6491f2..029fc3d 100644
--- a/source/lib/secdesc.c
+++ b/source/lib/secdesc.c
@@ -527,9 +527,9 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
if (creator && container &&
(new_flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) {
- /* First add the regular ACE entry with flags = 0. */
+ /* First add the regular ACE entry. */
init_sec_ace(new_ace, ptrustee, ace->type,
- ace->access_mask, 0);
+ ace->access_mask, SEC_ACE_FLAG_INHERITED_ACE);
DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x"
" inherited as %s:%d/0x%02x/0x%08x\n",
@@ -549,7 +549,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
}
init_sec_ace(new_ace, ptrustee, ace->type,
- ace->access_mask, new_flags);
+ ace->access_mask, new_flags | SEC_ACE_FLAG_INHERITED_ACE);
DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
" inherited as %s:%d/0x%02x/0x%08x\n",
diff --git a/source/modules/vfs_acl_xattr.c b/source/modules/vfs_acl_xattr.c
index 1e5ca18..fba3091 100644
--- a/source/modules/vfs_acl_xattr.c
+++ b/source/modules/vfs_acl_xattr.c
@@ -182,13 +182,13 @@ static NTSTATUS create_acl_blob(const SEC_DESC *psd, DATA_BLOB *pblob)
return NT_STATUS_OK;
}
-static NTSTATUS store_acl_blob(files_struct *fsp,
+static NTSTATUS store_acl_blob_fsp(files_struct *fsp,
DATA_BLOB *pblob)
{
int ret;
int saved_errno = 0;
- DEBUG(10,("store_acl_blob: storing blob length %u on file %s\n",
+ DEBUG(10,("store_acl_blob_fsp: storing blob length %u on file %s\n",
(unsigned int)pblob->length, fsp->fsp_name));
become_root();
@@ -206,7 +206,7 @@ static NTSTATUS store_acl_blob(files_struct *fsp,
unbecome_root();
if (ret) {
errno = saved_errno;
- DEBUG(5, ("store_acl_blob: setting attr failed for file %s"
+ DEBUG(5, ("store_acl_blob_fsp: setting attr failed for file %s"
"with error %s\n",
fsp->fsp_name,
strerror(errno) ));
@@ -215,6 +215,36 @@ static NTSTATUS store_acl_blob(files_struct *fsp,
return NT_STATUS_OK;
}
+static NTSTATUS store_acl_blob_pathname(connection_struct *conn,
+ const char *fname,
+ DATA_BLOB *pblob)
+{
+ int ret;
+ int saved_errno = 0;
+
+ DEBUG(10,("store_acl_blob_pathname: storing blob "
+ "length %u on file %s\n",
+ (unsigned int)pblob->length, fname));
+
+ become_root();
+ ret = SMB_VFS_SETXATTR(conn, fname,
+ XATTR_NTACL_NAME,
+ pblob->data, pblob->length, 0);
+ if (ret) {
+ saved_errno = errno;
+ }
+ unbecome_root();
+ if (ret) {
+ errno = saved_errno;
+ DEBUG(5, ("store_acl_blob_pathname: setting attr failed "
+ "for file %s with error %s\n",
+ fname,
+ strerror(errno) ));
+ return map_nt_error_from_unix(errno);
+ }
+ return NT_STATUS_OK;
+}
+
static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle,
files_struct *fsp,
@@ -261,11 +291,6 @@ static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle,
return status;
}
-static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode)
-{
- return SMB_VFS_NEXT_MKDIR(handle, path, mode);
-}
-
/*********************************************************************
* Currently this only works for existing files. Need to work on
* inheritance for new files.
@@ -273,7 +298,8 @@ static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t
static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
const char *fname,
- files_struct *fsp)
+ files_struct *fsp,
+ bool container)
{
TALLOC_CTX *ctx = talloc_tos();
NTSTATUS status;
@@ -313,7 +339,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
parent_desc,
&handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX],
&handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX],
- false);
+ container);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -321,7 +347,11 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- return store_acl_blob(fsp, &blob);
+ if (fsp) {
+ return store_acl_blob_fsp(fsp, &blob);
+ } else {
+ return store_acl_blob_pathname(handle->conn, fname, &blob);
+ }
}
/*********************************************************************
@@ -368,12 +398,24 @@ static int open_acl_xattr(vfs_handle_struct *handle,
if (!file_existed && fsp->fh->fd != -1) {
/* File was created. Inherit from parent directory. */
string_set(&fsp->fsp_name, fname);
- inherit_new_acl(handle, fname, fsp);
+ inherit_new_acl(handle, fname, fsp, false);
}
return fsp->fh->fd;
}
+static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode)
+{
+ int ret = SMB_VFS_NEXT_MKDIR(handle, path, mode);
+
+ if (ret == -1) {
+ return ret;
+ }
+ /* New directory - inherit from parent. */
+ inherit_new_acl(handle, path, NULL, true);
+ return ret;
+}
+
static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info, SEC_DESC **ppdesc)
{
@@ -426,7 +468,7 @@ static NTSTATUS fset_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
}
create_acl_blob(psd, &blob);
- store_acl_blob(fsp, &blob);
+ store_acl_blob_fsp(fsp, &blob);
return NT_STATUS_OK;
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list