if (creator && container &&
(new_flags & SEC_ACE_FLAG_CONTAINER_INHERIT)) {
- /* First add the regular ACE entry with flags = 0. */
+ /* First add the regular ACE entry. */
init_sec_ace(new_ace, ptrustee, ace->type,
- ace->access_mask, 0);
+ ace->access_mask, SEC_ACE_FLAG_INHERITED_ACE);
DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x"
" inherited as %s:%d/0x%02x/0x%08x\n",
}
init_sec_ace(new_ace, ptrustee, ace->type,
- ace->access_mask, new_flags);
+ ace->access_mask, new_flags | SEC_ACE_FLAG_INHERITED_ACE);
DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x "
" inherited as %s:%d/0x%02x/0x%08x\n",
return NT_STATUS_OK;
}
-static NTSTATUS store_acl_blob(files_struct *fsp,
+static NTSTATUS store_acl_blob_fsp(files_struct *fsp,
DATA_BLOB *pblob)
{
int ret;
int saved_errno = 0;
- DEBUG(10,("store_acl_blob: storing blob length %u on file %s\n",
+ DEBUG(10,("store_acl_blob_fsp: storing blob length %u on file %s\n",
(unsigned int)pblob->length, fsp->fsp_name));
become_root();
unbecome_root();
if (ret) {
errno = saved_errno;
- DEBUG(5, ("store_acl_blob: setting attr failed for file %s"
+ DEBUG(5, ("store_acl_blob_fsp: setting attr failed for file %s"
"with error %s\n",
fsp->fsp_name,
strerror(errno) ));
return NT_STATUS_OK;
}
+static NTSTATUS store_acl_blob_pathname(connection_struct *conn,
+ const char *fname,
+ DATA_BLOB *pblob)
+{
+ int ret;
+ int saved_errno = 0;
+
+ DEBUG(10,("store_acl_blob_pathname: storing blob "
+ "length %u on file %s\n",
+ (unsigned int)pblob->length, fname));
+
+ become_root();
+ ret = SMB_VFS_SETXATTR(conn, fname,
+ XATTR_NTACL_NAME,
+ pblob->data, pblob->length, 0);
+ if (ret) {
+ saved_errno = errno;
+ }
+ unbecome_root();
+ if (ret) {
+ errno = saved_errno;
+ DEBUG(5, ("store_acl_blob_pathname: setting attr failed "
+ "for file %s with error %s\n",
+ fname,
+ strerror(errno) ));
+ return map_nt_error_from_unix(errno);
+ }
+ return NT_STATUS_OK;
+}
+
static NTSTATUS get_nt_acl_xattr_internal(vfs_handle_struct *handle,
files_struct *fsp,
return status;
}
-static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode)
-{
- return SMB_VFS_NEXT_MKDIR(handle, path, mode);
-}
-
/*********************************************************************
* Currently this only works for existing files. Need to work on
* inheritance for new files.
static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
const char *fname,
- files_struct *fsp)
+ files_struct *fsp,
+ bool container)
{
TALLOC_CTX *ctx = talloc_tos();
NTSTATUS status;
parent_desc,
&handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX],
&handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX],
- false);
+ container);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (!NT_STATUS_IS_OK(status)) {
return status;
}
- return store_acl_blob(fsp, &blob);
+ if (fsp) {
+ return store_acl_blob_fsp(fsp, &blob);
+ } else {
+ return store_acl_blob_pathname(handle->conn, fname, &blob);
+ }
}
/*********************************************************************
if (!file_existed && fsp->fh->fd != -1) {
/* File was created. Inherit from parent directory. */
string_set(&fsp->fsp_name, fname);
- inherit_new_acl(handle, fname, fsp);
+ inherit_new_acl(handle, fname, fsp, false);
}
return fsp->fh->fd;
}
+static int mkdir_acl_xattr(vfs_handle_struct *handle, const char *path, mode_t mode)
+{
+ int ret = SMB_VFS_NEXT_MKDIR(handle, path, mode);
+
+ if (ret == -1) {
+ return ret;
+ }
+ /* New directory - inherit from parent. */
+ inherit_new_acl(handle, path, NULL, true);
+ return ret;
+}
+
static NTSTATUS fget_nt_acl_xattr(vfs_handle_struct *handle, files_struct *fsp,
uint32 security_info, SEC_DESC **ppdesc)
{
}
create_acl_blob(psd, &blob);
- store_acl_blob(fsp, &blob);
+ store_acl_blob_fsp(fsp, &blob);
return NT_STATUS_OK;
}