r11585: Implement the possibility to have AFS users as SIDs in pts.

author Volker Lendecke <vlendec@samba.org>

Tue, 8 Nov 2005 20:13:26 +0000 (20:13 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 16:05:21 +0000 (11:05 -0500)
author Volker Lendecke <vlendec@samba.org>
Tue, 8 Nov 2005 20:13:26 +0000 (20:13 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 16:05:21 +0000 (11:05 -0500)
diff --git a/source3/modules/vfs_afsacl.c b/source3/modules/vfs_afsacl.c

index 0e2e1295b9f7bf2a8e216a636c281de479ea47e8..41f40d1e3c4f15ec6c0a5ebb5bbae097a5e70830 100644 (file)
--- a/source3/modules/vfs_afsacl.c
+++ b/source3/modules/vfs_afsacl.c
@@ -39,6 +39,9 @@ extern const DOM_SID global_sid_NULL;
  
  static char space_replacement = '%';
  
+/* Do we expect SIDs as pts names? */
+static BOOL sidpts;
+
  extern int afs_syscall(int, char *, int, char *, int);
  
  struct afs_ace {
@@ -151,6 +154,18 @@ static struct afs_ace *new_afs_ace(TALLOC_CTX *mem_ctx,
                 sid_copy(&sid, &global_sid_Builtin_Backup_Operators);
                 type = SID_NAME_ALIAS;
  
+       } else if (sidpts) {
+               /* All PTS users/groups are expressed as SIDs */
+
+               sid_copy(&sid, &global_sid_NULL);
+               type = SID_NAME_UNKNOWN;
+
+               if (string_to_sid(&sid, name)) {
+                       fstring user, domain;
+                       /* We have to find the type, look up the SID */
+                       lookup_sid(&sid, domain, user, &type);
+               }
+
         } else {
  
                 fstring user, domain;
@@ -771,6 +786,11 @@ static BOOL nt_to_afs_acl(const char *filename,
                                              only_username);
                                 strlower_m(name);
                         }
+
+                       if (sidpts) {
+                               /* Expect all users/groups in pts as SIDs */
+                               sid_to_string(name, &ace->trustee);
+                       }
                 }
  
                 while ((p = strchr_m(name, ' ')) != NULL)
@@ -825,6 +845,8 @@ static size_t afs_get_nt_acl(struct files_struct *fsp, uint32 security_info,
  
         DEBUG(5, ("afs_get_nt_acl: %s\n", fsp->fsp_name));
  
+       sidpts = lp_parm_bool(SNUM(fsp->conn), "afsacl", "sidpts", False);
+
         if (!afs_get_afs_acl(fsp->fsp_name, &acl)) {
                 return 0;
         }
@@ -883,6 +905,8 @@ static BOOL afs_set_nt_acl(vfs_handle_struct *handle, files_struct *fsp,
         fileacls = lp_parm_const_string(SNUM(handle->conn), "afsacl", "fileacls",
                                         "yes");
  
+       sidpts = lp_parm_bool(SNUM(handle->conn), "afsacl", "sidpts", False);
+
         ZERO_STRUCT(old_afs_acl);
         ZERO_STRUCT(new_afs_acl);
         ZERO_STRUCT(dir_acl);
author	Volker Lendecke <vlendec@samba.org>
	Tue, 8 Nov 2005 20:13:26 +0000 (20:13 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 16:05:21 +0000 (11:05 -0500)