sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-03-11 16:58:40 +03:00
Code

Ensure 'blank' entries show up in both default and normal entries to

Browse Source 
allow them to be changed. Works well with W2K and above.
Jeremy.
This commit is contained in:
Jeremy Allison -
parent 10f1da3f4a
commit 685e4e5182
2 changed files with 17 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
source/include/rpc_secdes.h
View File

@ -94,9 +94,18 @@
#define GROUP_SECURITY_INFORMATION 0x00000002
#define DACL_SECURITY_INFORMATION 0x00000004
#define SACL_SECURITY_INFORMATION 0x00000008
/* Extra W2K flags. */
#define UNPROTECTED_SACL_SECURITY_INFORMATION 0x10000000
#define UNPROTECTED_DACL_SECURITY_INFORMATION 0x20000000
#define PROTECTED_SACL_SECURITY_INFORMATION 0x40000000
#define PROTECTED_DACL_SECURITY_INFORMATION 0x80000000
#define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\
DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION)
DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION\
UNPROTECTED_SACL_SECURITY_INFORMATION|\
UNPROTECTED_DACL_SECURITY_INFORMATION|\
PROTECTED_SACL_SECURITY_INFORMATION|\
PROTECTED_DACL_SECURITY_INFORMATION)
/* Globally Unique ID */
#define GUID_SIZE 16

20
source/smbd/posix_acls.c
View File

@ -2324,20 +2324,8 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
DLIST_REMOVE(file_ace, ace);
SAFE_FREE(ace);
}
} else {
ace = canon_ace_entry_for(dir_ace, SMB_ACL_OTHER, NULL);
if (ace && !ace->perms) {
DLIST_REMOVE(dir_ace, ace);
SAFE_FREE(ace);
}
ace = canon_ace_entry_for(dir_ace, SMB_ACL_GROUP_OBJ, NULL);
if (ace && !ace->perms) {
DLIST_REMOVE(dir_ace, ace);
SAFE_FREE(ace);
}
}
num_acls = count_canon_ace_list(file_ace);
num_dir_acls = count_canon_ace_list(dir_ace);
@ -2424,6 +2412,11 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
DEBUG(0,("get_nt_acl: Unable to malloc space for security descriptor.\n"));
sd_size = 0;
} else {
#if 1
/*
* JRA. Setting this flag causes W2K clients not to
* propagate ACL sets down a directory tree correctly.
*/
/*
* Windows 2000: The DACL_PROTECTED flag in the security
* descriptor marks the ACL as non-inheriting, i.e., no
@ -2434,6 +2427,7 @@ size_t get_nt_acl(files_struct *fsp, uint32 security_info, SEC_DESC **ppdesc)
* flag doesn't seem to bother Windows NT.
*/
(*ppdesc)->type |= SE_DESC_DACL_PROTECTED;
#endif
}
done: