Removed "restrict acl with mask" - redundent.
Jeremy.
BOOL string_to_sid(DOM_SID *sidout, char *sidstr);
BOOL sid_append_rid(DOM_SID *sid, uint32 rid);
BOOL sid_split_rid(DOM_SID *sid, uint32 *rid);
+BOOL sid_peek_rid(DOM_SID *sid, uint32 *rid);
void sid_copy(DOM_SID *dst, const DOM_SID *src);
DOM_SID *sid_dup(DOM_SID *src);
BOOL sid_linearize(char *outbuf, size_t len, DOM_SID *sid);
BOOL lp_fake_dir_create_times(int );
BOOL lp_blocking_locks(int );
BOOL lp_inherit_perms(int );
-BOOL lp_restrict_acl_with_mask(int );
int lp_create_mask(int );
int lp_force_create_mode(int );
-int _lp_security_mask(int );
-int _lp_force_security_mode(int );
+int lp_security_mask(int );
+int lp_force_security_mode(int );
int lp_dir_mask(int );
int lp_force_dir_mode(int );
-int _lp_dir_security_mask(int );
-int _lp_force_dir_security_mode(int );
+int lp_dir_security_mask(int );
+int lp_force_dir_security_mode(int );
int lp_max_connections(int );
int lp_defaultcase(int );
int lp_minprintspace(int );
int lp_major_announce_version(void);
int lp_minor_announce_version(void);
void lp_set_name_resolve_order(char *new_order);
-int lp_security_mask(int snum);
-int lp_force_security_mode(int snum);
-int lp_dir_security_mask(int snum);
-int lp_force_dir_security_mode(int snum);
char *lp_printername(int snum);
/*The following definitions come from param/params.c */
uint32 _samr_create_dom_alias(pipes_struct *p, SAMR_Q_CREATE_DOM_ALIAS *q_u, SAMR_R_CREATE_DOM_ALIAS *r_u);
uint32 _samr_query_groupinfo(pipes_struct *p, SAMR_Q_QUERY_GROUPINFO *q_u, SAMR_R_QUERY_GROUPINFO *r_u);
uint32 _samr_set_groupinfo(pipes_struct *p, SAMR_Q_SET_GROUPINFO *q_u, SAMR_R_SET_GROUPINFO *r_u);
+uint32 _samr_set_aliasinfo(pipes_struct *p, SAMR_Q_SET_ALIASINFO *q_u, SAMR_R_SET_ALIASINFO *r_u);
uint32 _samr_get_dom_pwinfo(pipes_struct *p, SAMR_Q_GET_DOM_PWINFO *q_u, SAMR_R_GET_DOM_PWINFO *r_u);
uint32 _samr_open_group(pipes_struct *p, SAMR_Q_OPEN_GROUP *q_u, SAMR_R_OPEN_GROUP *r_u);
uint32 _samr_unknown_2d(pipes_struct *p, SAMR_Q_UNKNOWN_2D *q_u, SAMR_R_UNKNOWN_2D *r_u);
BOOL bBlockingLocks;
BOOL bInheritPerms;
BOOL bMSDfsRoot;
- BOOL bRestrictAclWithMask;
char dummy[3]; /* for alignment */
}
0, /* iWriteCacheSize */
0744, /* iCreate_mask */
0000, /* iCreate_force_mode */
- -1, /* iSecurity_mask */
- -1, /* iSecurity_force_mode */
+ 0777, /* iSecurity_mask */
+ 0, /* iSecurity_force_mode */
0755, /* iDir_mask */
0000, /* iDir_force_mode */
- -1, /* iDir_Security_mask */
- -1, /* iDir_Security_force_mode */
+ 777, /* iDir_Security_mask */
+ 0, /* iDir_Security_force_mode */
0, /* iMaxConnections */
CASE_LOWER, /* iDefaultCase */
DEFAULT_PRINTING, /* iPrinting */
True, /* bBlockingLocks */
False, /* bInheritPerms */
False, /* bMSDfsRoot */
- False, /* bRestrictAclWithMask */
"" /* dummy */
};
{"nt smb support", P_BOOL, P_GLOBAL, &Globals.bNTSmbSupport, NULL, NULL, 0},
{"nt pipe support", P_BOOL, P_GLOBAL, &Globals.bNTPipeSupport, NULL, NULL, 0},
{"nt acl support", P_BOOL, P_GLOBAL, &Globals.bNTAclSupport, NULL, NULL, 0},
- {"restrict acl with mask", P_BOOL, P_LOCAL, &sDefault.bRestrictAclWithMask, NULL, NULL, FLAG_SHARE},
{"announce version", P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, 0},
{"announce as", P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, 0},
{"max mux", P_INTEGER, P_GLOBAL, &Globals.max_mux, NULL, NULL, 0},
FN_LOCAL_BOOL(lp_fake_dir_create_times, bFakeDirCreateTimes)
FN_LOCAL_BOOL(lp_blocking_locks, bBlockingLocks)
FN_LOCAL_BOOL(lp_inherit_perms, bInheritPerms)
-FN_LOCAL_BOOL(lp_restrict_acl_with_mask, bRestrictAclWithMask)
FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask)
FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode)
-FN_LOCAL_INTEGER(_lp_security_mask, iSecurity_mask)
-FN_LOCAL_INTEGER(_lp_force_security_mode, iSecurity_force_mode)
+FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask)
+FN_LOCAL_INTEGER(lp_force_security_mode, iSecurity_force_mode)
FN_LOCAL_INTEGER(lp_dir_mask, iDir_mask)
FN_LOCAL_INTEGER(lp_force_dir_mode, iDir_force_mode)
-FN_LOCAL_INTEGER(_lp_dir_security_mask, iDir_Security_mask)
-FN_LOCAL_INTEGER(_lp_force_dir_security_mode, iDir_Security_force_mode)
+FN_LOCAL_INTEGER(lp_dir_security_mask, iDir_Security_mask)
+FN_LOCAL_INTEGER(lp_force_dir_security_mode, iDir_Security_force_mode)
FN_LOCAL_INTEGER(lp_max_connections, iMaxConnections)
FN_LOCAL_INTEGER(lp_defaultcase, iDefaultCase)
FN_LOCAL_INTEGER(lp_minprintspace, iMinPrintSpace)
Globals.szNameResolveOrder = new_order;
}
-/***********************************************************
- Functions to return the current security masks/modes. If
- set to -1 then return the create mask/mode instead.
-************************************************************/
-
-int lp_security_mask(int snum)
-{
- int val = _lp_security_mask(snum);
- if (val == -1)
- return lp_create_mask(snum);
- return val;
-}
-
-int lp_force_security_mode(int snum)
-{
- int val = _lp_force_security_mode(snum);
- if (val == -1)
- return lp_force_create_mode(snum);
- return val;
-}
-
-int lp_dir_security_mask(int snum)
-{
- int val = _lp_dir_security_mask(snum);
- if (val == -1)
- return lp_dir_mask(snum);
- return val;
-}
-
-int lp_force_dir_security_mode(int snum)
-{
- int val = _lp_force_dir_security_mode(snum);
- if (val == -1)
- return lp_force_dir_mode(snum);
- return val;
-}
-
char *lp_printername(int snum)
{
char *ret = _lp_printername(snum);
mode_t and_bits = (mode_t)0;
mode_t or_bits = (mode_t)0;
- if (!lp_restrict_acl_with_mask(snum))
- return perms;
-
/* Get the initial bits to apply. */
if (fsp->is_directory) {
- and_bits = lp_dir_mask(snum);
- or_bits = lp_force_dir_mode(snum);
+ and_bits = lp_dir_security_mask(snum);
+ or_bits = lp_force_dir_security_mode(snum);
} else {
- and_bits = lp_create_mask(snum);
- or_bits = lp_force_create_mode(snum);
+ and_bits = lp_security_mask(snum);
+ or_bits = lp_force_security_mode(snum);
}
/* Now bounce them into the S_USR space. */
if (fsp->is_directory)
mode |= (S_IWUSR|S_IXUSR);
- if (!lp_restrict_acl_with_mask(snum))
- return mode;
-
/*
* Now AND with the create mode/directory mode bits then OR with the
* force create mode/force directory mode bits.
*/
if (fsp->is_directory) {
- and_bits = lp_dir_mask(snum);
- or_bits = lp_force_dir_mode(snum);
+ and_bits = lp_dir_security_mask(snum);
+ or_bits = lp_force_dir_security_mode(snum);
} else {
- and_bits = lp_create_mask(snum);
- or_bits = lp_force_create_mode(snum);
+ and_bits = lp_security_mask(snum);
+ or_bits = lp_force_security_mode(snum);
}
return ((mode & and_bits)|or_bits);
canon_ace *owner_ace = NULL;
canon_ace *group_ace = NULL;
canon_ace *other_ace = NULL;
+ mode_t and_bits;
+ mode_t or_bits;
if (ace_count != 3) {
DEBUG(3,("convert_canon_ace_to_posix_perms: Too many ACE entries for file %s to convert to \
/* If requested apply the masks. */
- if (lp_restrict_acl_with_mask(snum)) {
- mode_t and_bits;
- mode_t or_bits;
-
- /* Get the initial bits to apply. */
-
- if (fsp->is_directory) {
- and_bits = lp_dir_mask(snum);
- or_bits = lp_force_dir_mode(snum);
- } else {
- and_bits = lp_create_mask(snum);
- or_bits = lp_force_create_mode(snum);
- }
-
- *posix_perms = (((*posix_perms) & and_bits)|or_bits);
+ /* Get the initial bits to apply. */
+ if (fsp->is_directory) {
+ and_bits = lp_dir_security_mask(snum);
+ or_bits = lp_force_dir_security_mode(snum);
+ } else {
+ and_bits = lp_security_mask(snum);
+ or_bits = lp_force_security_mode(snum);
}
+ *posix_perms = (((*posix_perms) & and_bits)|or_bits);
+
DEBUG(10,("convert_canon_ace_to_posix_perms: converted u=%o,g=%o,w=%o to perm=0%o for file %s.\n",
(int)owner_ace->perms, (int)group_ace->perms, (int)other_ace->perms, (int)*posix_perms,
fsp->fsp_name ));