Changeset 224 for branches/samba-3.3.x/source/smbd/posix_acls.c
- Timestamp:
- May 24, 2009, 7:55:48 AM (16 years ago)
- File:
-
- 1 edited
-
branches/samba-3.3.x/source/smbd/posix_acls.c (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/samba-3.3.x/source/smbd/posix_acls.c
r221 r224 4 4 Copyright (C) Jeremy Allison 1994-2000. 5 5 Copyright (C) Andreas Gruenbacher 2002. 6 Copyright (C) Simo Sorce <idra@samba.org> 2009. 6 7 7 8 This program is free software; you can redistribute it and/or modify … … 2815 2816 } 2816 2817 2818 /* 2819 * Add or Replace ACE entry. 2820 * In some cases we need to add a specific ACE for compatibility reasons. 2821 * When doing that we must make sure we are not actually creating a duplicate 2822 * entry. So we need to search whether an ACE entry already exist and eventually 2823 * replacce the access mask, or add a completely new entry if none was found. 2824 * 2825 * This function assumes the array has enough space to add a new entry without 2826 * any reallocation of memory. 2827 */ 2828 2829 static void add_or_replace_ace(SEC_ACE *nt_ace_list, size_t *num_aces, 2830 const DOM_SID *sid, enum security_ace_type type, 2831 uint32_t mask, uint8_t flags) 2832 { 2833 int i; 2834 2835 /* first search for a duplicate */ 2836 for (i = 0; i < *num_aces; i++) { 2837 if (sid_equal(&nt_ace_list[i].trustee, sid) && 2838 (nt_ace_list[i].flags == flags)) break; 2839 } 2840 2841 if (i < *num_aces) { /* found */ 2842 nt_ace_list[i].type = type; 2843 nt_ace_list[i].access_mask = mask; 2844 DEBUG(10, ("Replacing ACE %d with SID %s and flags %02x\n", 2845 i, sid_string_dbg(sid), flags)); 2846 return; 2847 } 2848 2849 /* not found, append it */ 2850 init_sec_ace(&nt_ace_list[(*num_aces)++], sid, type, mask, flags); 2851 } 2852 2853 2817 2854 /**************************************************************************** 2818 2855 Reply to query a security descriptor from an fsp. If it succeeds it allocates … … 2842 2879 SEC_ACE *nt_ace_list = NULL; 2843 2880 size_t num_profile_acls = 0; 2881 DOM_SID orig_owner_sid; 2844 2882 SEC_DESC *psd = NULL; 2883 int i; 2845 2884 2846 2885 /* … … 2848 2887 */ 2849 2888 2889 create_file_sids(sbuf, &owner_sid, &group_sid); 2890 2850 2891 if (lp_profile_acls(SNUM(conn))) { 2851 2892 /* For WXP SP1 the owner must be administrators. */ 2893 sid_copy(&orig_owner_sid, &owner_sid); 2852 2894 sid_copy(&owner_sid, &global_sid_Builtin_Administrators); 2853 2895 sid_copy(&group_sid, &global_sid_Builtin_Users); 2854 num_profile_acls = 2; 2855 } else { 2856 create_file_sids(sbuf, &owner_sid, &group_sid); 2896 num_profile_acls = 3; 2857 2897 } 2858 2898 … … 2976 3016 * if we can't map the SID. */ 2977 3017 if (lp_profile_acls(SNUM(conn))) { 2978 init_sec_ace(&nt_ace_list[num_aces++],2979 &global_sid_Builtin_Users,2980 SEC_ACE_TYPE_ACCESS_ALLOWED,2981 FILE_GENERIC_ALL, 0);3018 add_or_replace_ace(nt_ace_list, &num_aces, 3019 &global_sid_Builtin_Users, 3020 SEC_ACE_TYPE_ACCESS_ALLOWED, 3021 FILE_GENERIC_ALL, 0); 2982 3022 } 2983 3023 … … 3001 3041 * if we can't map the SID. */ 3002 3042 if (lp_profile_acls(SNUM(conn))) { 3003 init_sec_ace(&nt_ace_list[num_aces++], &global_sid_Builtin_Users, SEC_ACE_TYPE_ACCESS_ALLOWED, FILE_GENERIC_ALL, 3004 SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT| 3005 SEC_ACE_FLAG_INHERIT_ONLY|0); 3043 add_or_replace_ace(nt_ace_list, &num_aces, 3044 &global_sid_Builtin_Users, 3045 SEC_ACE_TYPE_ACCESS_ALLOWED, 3046 FILE_GENERIC_ALL, 3047 SEC_ACE_FLAG_OBJECT_INHERIT | 3048 SEC_ACE_FLAG_CONTAINER_INHERIT | 3049 SEC_ACE_FLAG_INHERIT_ONLY); 3006 3050 } 3007 3051 … … 3014 3058 num_aces = merge_default_aces(nt_ace_list, num_aces); 3015 3059 3060 if (lp_profile_acls(SNUM(conn))) { 3061 for (i = 0; i < num_aces; i++) { 3062 if (sid_equal(&nt_ace_list[i].trustee, &owner_sid)) { 3063 add_or_replace_ace(nt_ace_list, &num_aces, 3064 &orig_owner_sid, 3065 nt_ace_list[i].type, 3066 nt_ace_list[i].access_mask, 3067 nt_ace_list[i].flags); 3068 break; 3069 } 3070 } 3071 } 3016 3072 } 3017 3073
Note:
See TracChangeset
for help on using the changeset viewer.
