Changeset 739 for branches/samba-3.5.x/source3/smbd/posix_acls.c

Timestamp:

Nov 12, 2012, 7:37:04 PM (13 years ago)

Author:

Silvan Scherrer

Message:

Samba Server 3.5: update branche to 3.5.19

File:

• branches/samba-3.5.x/source3/smbd/posix_acls.c (modified) (13 diffs)

branches/samba-3.5.x/source3/smbd/posix_acls.c

@@ -1343 +1343 @@
 
 static bool ensure_canon_entry_valid(canon_ace **pp_ace,
-                                     const struct share_params *params,
-                                     const bool is_directory,
-                                                        const DOM_SID *pfile_owner_sid,
-                                                        const DOM_SID *pfile_grp_sid,
-                                                        const SMB_STRUCT_STAT *pst,
-                                                        bool setting_acl)
+                                bool is_default_acl,
+                                const struct share_params *params,
+                                const bool is_directory,
+                                const DOM_SID *pfile_owner_sid,
+                                const DOM_SID *pfile_grp_sid,
+                                const SMB_STRUCT_STAT *pst,
+                                bool setting_acl)
 {
         canon_ace *pace;
@@ -1359 +1360 @@
                 if (pace->type == SMB_ACL_USER_OBJ) {
 
-                        if (setting_acl)
+                        if (setting_acl && !is_default_acl) {
                                 apply_default_perms(params, is_directory, pace, S_IRUSR);
+                        }
                         got_user = True;
 
@@ -1369 +1371 @@
                          */
 
-                        if (setting_acl)
+                        if (setting_acl && !is_default_acl) {
                                 apply_default_perms(params, is_directory, pace, S_IRGRP);
+                        }
                         got_grp = True;
 
@@ -1379 +1382 @@
                          */
 
-                        if (setting_acl)
+                        if (setting_acl && !is_default_acl) {
                                 apply_default_perms(params, is_directory, pace, S_IROTH);
+                        }
                         got_other = True;
                         pace_other = pace;
+
+                } else if (pace->type == SMB_ACL_USER || pace->type == SMB_ACL_GROUP) {
+
+                        /*
+                         * Ensure create mask/force create mode is respected on set.
+                         */
+
+                        if (setting_acl && !is_default_acl) {
+                                apply_default_perms(params, is_directory, pace, S_IRGRP);
+                        }
                 }
         }
@@ -1426 +1440 @@
                         }
 
-                        apply_default_perms(params, is_directory, pace, S_IRUSR);
+                        if (!is_default_acl) {
+                                apply_default_perms(params, is_directory, pace, S_IRUSR);
+                        }
                 } else {
                         pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR);
@@ -1452 +1468 @@
                         else
                                 pace->perms = 0;
-                        apply_default_perms(params, is_directory, pace, S_IRGRP);
+                        if (!is_default_acl) {
+                                apply_default_perms(params, is_directory, pace, S_IRGRP);
+                        }
                 } else {
                         pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRGRP, S_IWGRP, S_IXGRP);
@@ -1474 +1492 @@
                 if (setting_acl) {
                         pace->perms = 0;
-                        apply_default_perms(params, is_directory, pace, S_IROTH);
+                        if (!is_default_acl) {
+                                apply_default_perms(params, is_directory, pace, S_IROTH);
+                        }
                 } else
                         pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IROTH, S_IWOTH, S_IXOTH);
@@ -2319 +2339 @@
         print_canon_ace_list( "file ace - before valid", file_ace);
 
-        if (!ensure_canon_entry_valid(&file_ace, fsp->conn->params,
+        if (!ensure_canon_entry_valid(&file_ace, false, fsp->conn->params,
                         fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
                 free_canon_ace_list(file_ace);
@@ -2328 +2348 @@
         print_canon_ace_list( "dir ace - before valid", dir_ace);
 
-        if (dir_ace && !ensure_canon_entry_valid(&dir_ace, fsp->conn->params,
+        if (dir_ace && !ensure_canon_entry_valid(&dir_ace, true, fsp->conn->params,
                         fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
                 free_canon_ace_list(file_ace);
@@ -2417 +2437 @@
         canon_ace *next_ace = NULL;
         int entry_id = SMB_ACL_FIRST_ENTRY;
+        bool is_default_acl = (the_acl_type == SMB_ACL_TYPE_DEFAULT);
         SMB_ACL_ENTRY_T entry;
         size_t ace_count;
@@ -2504 +2525 @@
                 ace->unix_ug = unix_ug;
                 ace->owner_type = owner_type;
-                ace->ace_flags = get_pai_flags(pal, ace, (the_acl_type == SMB_ACL_TYPE_DEFAULT));
+                ace->ace_flags = get_pai_flags(pal, ace, is_default_acl);
 
                 DLIST_ADD(l_head, ace);
@@ -2513 +2534 @@
          */
 
-        if (!ensure_canon_entry_valid(&l_head, conn->params,
+        if (!ensure_canon_entry_valid(&l_head, is_default_acl, conn->params,
                                       S_ISDIR(psbuf->st_ex_mode), powner, pgroup,
                                       psbuf, False))
@@ -2523 +2544 @@
          */
 
-        DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", the_acl_type == SMB_ACL_TYPE_ACCESS ? "Access" : "Default" ));
+        DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", is_default_acl ?  "Default" : "Access"));
 
         for ( ace_count = 0, ace = l_head; ace; ace = next_ace, ace_count++) {