default:
DEBUG(8, ("invalid special who id %d "
"ignored\n", ace->who.special_id));
+ continue;
}
} else {
if (ace->aceFlags & SMB_ACE4_IDENTIFIER_GROUP) {
enum smbacl4_mode_enum mode;
bool do_chown;
enum smbacl4_acedup_enum acedup;
- struct db_context *sid_mapping_table;
} smbacl4_vfs_params;
/*
return NULL;
}
-static bool nfs4_map_sid(smbacl4_vfs_params *params, const struct dom_sid *src,
- struct dom_sid *dst)
-{
- static struct db_context *mapping_db = NULL;
- TDB_DATA data;
- NTSTATUS status;
-
- if (mapping_db == NULL) {
- const char *dbname = lp_parm_const_string(
- -1, SMBACL4_PARAM_TYPE_NAME, "sidmap", NULL);
-
- if (dbname == NULL) {
- DEBUG(10, ("%s:sidmap not defined\n",
- SMBACL4_PARAM_TYPE_NAME));
- return False;
- }
-
- become_root();
- mapping_db = db_open(NULL, dbname, 0, TDB_DEFAULT,
- O_RDONLY, 0600);
- unbecome_root();
-
- if (mapping_db == NULL) {
- DEBUG(1, ("could not open sidmap: %s\n",
- strerror(errno)));
- return False;
- }
- }
-
- status = dbwrap_fetch(mapping_db, NULL,
- string_term_tdb_data(sid_string_tos(src)),
- &data);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("could not find mapping for SID %s\n",
- sid_string_dbg(src)));
- return False;
- }
-
- if ((data.dptr == NULL) || (data.dsize <= 0)
- || (data.dptr[data.dsize-1] != '\0')) {
- DEBUG(5, ("invalid mapping for SID %s\n",
- sid_string_dbg(src)));
- TALLOC_FREE(data.dptr);
- return False;
- }
-
- if (!string_to_sid(dst, (char *)data.dptr)) {
- DEBUG(1, ("invalid mapping %s for SID %s\n",
- (char *)data.dptr, sid_string_dbg(src)));
- TALLOC_FREE(data.dptr);
- return False;
- }
-
- TALLOC_FREE(data.dptr);
-
- return True;
-}
static bool smbacl4_fill_ace4(
TALLOC_CTX *mem_ctx,
- const char *filename,
+ const files_struct *fsp,
smbacl4_vfs_params *params,
uid_t ownerUID,
gid_t ownerGID,
SMB_ACE4PROP_T *ace_v4 /* output */
)
{
+ const char *filename = fsp->fsp_name->base_name;
DEBUG(10, ("got ace for %s\n", sid_string_dbg(&ace_nt->trustee)));
memset(ace_v4, 0, sizeof(SMB_ACE4PROP_T));
ace_v4->aceFlags = map_windows_ace_flags_to_nfs4_ace_flags(
ace_nt->flags);
+
+ /* remove inheritance flags on files */
+ if (VALID_STAT(fsp->fsp_name->st) &&
+ !S_ISDIR(fsp->fsp_name->st.st_ex_mode)) {
+ DEBUG(10, ("Removing inheritance flags from a file\n"));
+ ace_v4->aceFlags &= ~(SMB_ACE4_FILE_INHERIT_ACE|
+ SMB_ACE4_DIRECTORY_INHERIT_ACE|
+ SMB_ACE4_NO_PROPAGATE_INHERIT_ACE|
+ SMB_ACE4_INHERIT_ONLY_ACE);
+ }
+
ace_v4->aceMask = ace_nt->access_mask &
(SEC_STD_ALL | SEC_FILE_ALL);
ace_v4->who.special_id = SMB_ACE4_WHO_EVERYONE;
ace_v4->flags |= SMB_ACE4_ID_SPECIAL;
} else {
- const char *dom, *name;
- enum lsa_SidType type;
uid_t uid;
gid_t gid;
- struct dom_sid sid;
-
- sid_copy(&sid, &ace_nt->trustee);
-
- if (!lookup_sid(mem_ctx, &sid, &dom, &name, &type)) {
-
- struct dom_sid mapped;
-
- if (!nfs4_map_sid(params, &sid, &mapped)) {
- DEBUG(1, ("nfs4_acls.c: file [%s]: SID %s "
- "unknown\n", filename,
- sid_string_dbg(&sid)));
- errno = EINVAL;
- return False;
- }
-
- DEBUG(2, ("nfs4_acls.c: file [%s]: mapped SID %s "
- "to %s\n", filename, sid_string_dbg(&sid),
- sid_string_dbg(&mapped)));
-
- if (!lookup_sid(mem_ctx, &mapped, &dom,
- &name, &type)) {
- DEBUG(1, ("nfs4_acls.c: file [%s]: SID %s "
- "mapped from %s is unknown\n",
- filename, sid_string_dbg(&mapped),
- sid_string_dbg(&sid)));
- errno = EINVAL;
- return False;
- }
-
- sid_copy(&sid, &mapped);
- }
-
- if (type == SID_NAME_USER) {
- if (!sid_to_uid(&sid, &uid)) {
- DEBUG(1, ("nfs4_acls.c: file [%s]: could not "
- "convert %s to uid\n", filename,
- sid_string_dbg(&sid)));
- return False;
- }
-
- if (params->mode==e_special && uid==ownerUID) {
- ace_v4->flags |= SMB_ACE4_ID_SPECIAL;
- ace_v4->who.special_id = SMB_ACE4_WHO_OWNER;
- } else {
- ace_v4->who.uid = uid;
- }
- } else { /* else group? - TODO check it... */
- if (!sid_to_gid(&sid, &gid)) {
- DEBUG(1, ("nfs4_acls.c: file [%s]: could not "
- "convert %s to gid\n", filename,
- sid_string_dbg(&sid)));
- return False;
- }
+ if (sid_to_gid(&ace_nt->trustee, &gid)) {
ace_v4->aceFlags |= SMB_ACE4_IDENTIFIER_GROUP;
if (params->mode==e_special && gid==ownerGID) {
} else {
ace_v4->who.gid = gid;
}
+ } else if (sid_to_uid(&ace_nt->trustee, &uid)) {
+ if (params->mode==e_special && uid==ownerUID) {
+ ace_v4->flags |= SMB_ACE4_ID_SPECIAL;
+ ace_v4->who.special_id = SMB_ACE4_WHO_OWNER;
+ } else {
+ ace_v4->who.uid = uid;
+ }
+ } else {
+ DEBUG(1, ("nfs4_acls.c: file [%s]: could not "
+ "convert %s to uid or gid\n", filename,
+ sid_string_dbg(&ace_nt->trustee)));
+ return False;
}
}
}
static SMB4ACL_T *smbacl4_win2nfs4(
- const char *filename,
+ const files_struct *fsp,
const struct security_acl *dacl,
smbacl4_vfs_params *pparams,
uid_t ownerUID,
SMB4ACL_T *theacl;
uint32 i;
TALLOC_CTX *mem_ctx = talloc_tos();
+ const char *filename = fsp->fsp_name->base_name;
DEBUG(10, ("smbacl4_win2nfs4 invoked\n"));
SMB_ACE4PROP_T ace_v4;
bool addNewACE = True;
- if (!smbacl4_fill_ace4(mem_ctx, filename, pparams,
+ if (!smbacl4_fill_ace4(mem_ctx, fsp, pparams,
ownerUID, ownerGID,
dacl->aces + i, &ace_v4)) {
DEBUG(3, ("Could not fill ace for file %s, SID %s\n",
return NT_STATUS_OK;
}
- theacl = smbacl4_win2nfs4(fsp->fsp_name->base_name, psd->dacl, ¶ms,
+ theacl = smbacl4_win2nfs4(fsp, psd->dacl, ¶ms,
sbuf.st_ex_uid, sbuf.st_ex_gid);
if (!theacl)
return map_nt_error_from_unix(errno);