r4205: fixed the default acl mapping from posix permissions to use the mapped
authorAndrew Tridgell <tridge@samba.org>
Tue, 14 Dec 2004 22:17:41 +0000 (22:17 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:07:26 +0000 (13:07 -0500)
uid->sid and gid->sid
(This used to be commit 590e1a91bfc719c2d84a9a066fb4e0308b6d9803)

source4/ntvfs/posix/pvfs_acl.c

index e2d779f91cd9f72e0e22a79be5811a110636c1d9..95a4e5765c02a02632a3e81f8f2eae2bc4192086 100644 (file)
@@ -68,17 +68,11 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
                                 struct xattr_NTACL *acl)
 {
        struct security_descriptor *sd;
-       int i;
-       struct security_ace ace;
        NTSTATUS status;
-       const char *sid_names[] = {
-               SID_BUILTIN_ADMINISTRATORS,
-               SID_CREATOR_OWNER,
-               SID_CREATOR_GROUP,
-               SID_WORLD
-       };
-       uint32_t access_masks[4];
+       struct security_ace aces[4];
        mode_t mode;
+       struct dom_sid *sid;
+       int i;
 
        sd = security_descriptor_initialise(req);
        if (sd == NULL) {
@@ -103,15 +97,15 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
            - Group
            - Everyone
         */
-       access_masks[0] = SEC_RIGHTS_FILE_ALL;
-       access_masks[1] = 0;
-       access_masks[2] = 0;
-       access_masks[3] = 0;
+       aces[0].access_mask = SEC_RIGHTS_FILE_ALL;
+       aces[1].access_mask = 0;
+       aces[2].access_mask = 0;
+       aces[3].access_mask = 0;
 
        mode = name->st.st_mode;
 
        if (mode & S_IRUSR) {
-               access_masks[1] |= 
+               aces[1].access_mask |= 
                        SEC_FILE_READ_DATA | 
                        SEC_FILE_READ_EA |
                        SEC_FILE_READ_ATTRIBUTE |
@@ -120,7 +114,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
                        SEC_STD_READ_CONTROL;
        }
        if (mode & S_IWUSR) {
-               access_masks[1] |= 
+               aces[1].access_mask |= 
                        SEC_FILE_WRITE_DATA | 
                        SEC_FILE_APPEND_DATA |
                        SEC_FILE_WRITE_EA |
@@ -129,7 +123,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
        }
 
        if (mode & S_IRGRP) {
-               access_masks[2] |= 
+               aces[2].access_mask |= 
                        SEC_FILE_READ_DATA | 
                        SEC_FILE_READ_EA |
                        SEC_FILE_READ_ATTRIBUTE |
@@ -138,7 +132,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
                        SEC_STD_READ_CONTROL;
        }
        if (mode & S_IWGRP) {
-               access_masks[2] |= 
+               aces[2].access_mask |= 
                        SEC_FILE_WRITE_DATA | 
                        SEC_FILE_APPEND_DATA |
                        SEC_FILE_WRITE_EA |
@@ -146,7 +140,7 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
        }
 
        if (mode & S_IROTH) {
-               access_masks[3] |= 
+               aces[3].access_mask |= 
                        SEC_FILE_READ_DATA | 
                        SEC_FILE_READ_EA |
                        SEC_FILE_READ_ATTRIBUTE |
@@ -155,31 +149,37 @@ static NTSTATUS pvfs_default_acl(struct pvfs_state *pvfs,
                        SEC_STD_READ_CONTROL;
        }
        if (mode & S_IWOTH) {
-               access_masks[3] |= 
+               aces[3].access_mask |= 
                        SEC_FILE_WRITE_DATA | 
                        SEC_FILE_APPEND_DATA |
                        SEC_FILE_WRITE_EA |
                        SEC_FILE_WRITE_ATTRIBUTE;
        }
 
-       ace.type = SEC_ACE_TYPE_ACCESS_ALLOWED;
-       ace.flags = 0;
+       sid = dom_sid_parse_talloc(sd, SID_BUILTIN_ADMINISTRATORS);
+       if (sid == NULL) return NT_STATUS_NO_MEMORY;
+
+       aces[0].type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+       aces[0].flags = 0;
+       aces[0].trustee = *sid;
+
+       aces[1].type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+       aces[1].flags = 0;
+       aces[1].trustee = *sd->owner_sid;
 
-       for (i=0;i<ARRAY_SIZE(sid_names);i++) {
-               struct dom_sid *sid;
+       aces[2].type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+       aces[2].flags = 0;
+       aces[2].trustee = *sd->group_sid;
 
-               ace.access_mask = access_masks[i];
+       sid = dom_sid_parse_talloc(sd, SID_WORLD);
+       if (sid == NULL) return NT_STATUS_NO_MEMORY;
 
-               sid = dom_sid_parse_talloc(sd, sid_names[i]);
-               if (sid == NULL) {
-                       return NT_STATUS_NO_MEMORY;
-               }
-               ace.trustee = *sid;
+       aces[3].type = SEC_ACE_TYPE_ACCESS_ALLOWED;
+       aces[3].flags = 0;
+       aces[3].trustee = *sid;
 
-               status = security_descriptor_dacl_add(sd, &ace);
-               if (!NT_STATUS_IS_OK(status)) {
-                       return status;
-               }
+       for (i=0;i<4;i++) {
+               security_descriptor_dacl_add(sd, &aces[i]);
        }
        
        acl->version = 1;