mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Add make_default_filesystem_acl() function to be used in following change to acl_xattr and acl_tdb module.
This commit is contained in:
parent
1904c44ec8
commit
cf45581cdf
@ -5123,6 +5123,10 @@ bool set_unix_posix_default_acl(connection_struct *conn, const char *fname,
|
||||
uint16 num_def_acls, const char *pdata);
|
||||
bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16 num_acls, const char *pdata);
|
||||
struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname);
|
||||
NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
|
||||
const char *name,
|
||||
SMB_STRUCT_STAT *psbuf,
|
||||
struct security_descriptor **ppdesc);
|
||||
|
||||
/* The following definitions come from smbd/process.c */
|
||||
|
||||
|
@ -4821,3 +4821,113 @@ struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fna
|
||||
|
||||
return ret_sd;
|
||||
}
|
||||
|
||||
/* Stolen shamelessly from pvfs_default_acl() in source4 :-). */
|
||||
|
||||
NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
|
||||
const char *name,
|
||||
SMB_STRUCT_STAT *psbuf,
|
||||
struct security_descriptor **ppdesc)
|
||||
{
|
||||
struct dom_sid owner_sid, group_sid;
|
||||
size_t size = 0;
|
||||
struct security_ace aces[4];
|
||||
uint32_t access_mask = 0;
|
||||
mode_t mode = psbuf->st_ex_mode;
|
||||
struct security_acl *new_dacl = NULL;
|
||||
int idx = 0;
|
||||
|
||||
DEBUG(10,("make_default_filesystem_acl: file %s mode = 0%o\n",
|
||||
name, (int)mode ));
|
||||
|
||||
uid_to_sid(&owner_sid, psbuf->st_ex_uid);
|
||||
gid_to_sid(&group_sid, psbuf->st_ex_gid);
|
||||
|
||||
/*
|
||||
We provide up to 4 ACEs
|
||||
- Owner
|
||||
- Group
|
||||
- Everyone
|
||||
- NT System
|
||||
*/
|
||||
|
||||
if (mode & S_IRUSR) {
|
||||
if (mode & S_IWUSR) {
|
||||
access_mask |= SEC_RIGHTS_FILE_ALL;
|
||||
} else {
|
||||
access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
|
||||
}
|
||||
}
|
||||
if (mode & S_IWUSR) {
|
||||
access_mask |= SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE;
|
||||
}
|
||||
|
||||
init_sec_ace(&aces[idx],
|
||||
&owner_sid,
|
||||
SEC_ACE_TYPE_ACCESS_ALLOWED,
|
||||
access_mask,
|
||||
0);
|
||||
idx++;
|
||||
|
||||
access_mask = 0;
|
||||
if (mode & S_IRGRP) {
|
||||
access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
|
||||
}
|
||||
if (mode & S_IWGRP) {
|
||||
/* note that delete is not granted - this matches posix behaviour */
|
||||
access_mask |= SEC_RIGHTS_FILE_WRITE;
|
||||
}
|
||||
if (access_mask) {
|
||||
init_sec_ace(&aces[idx],
|
||||
&group_sid,
|
||||
SEC_ACE_TYPE_ACCESS_ALLOWED,
|
||||
access_mask,
|
||||
0);
|
||||
idx++;
|
||||
}
|
||||
|
||||
access_mask = 0;
|
||||
if (mode & S_IROTH) {
|
||||
access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
|
||||
}
|
||||
if (mode & S_IWOTH) {
|
||||
access_mask |= SEC_RIGHTS_FILE_WRITE;
|
||||
}
|
||||
if (access_mask) {
|
||||
init_sec_ace(&aces[idx],
|
||||
&global_sid_World,
|
||||
SEC_ACE_TYPE_ACCESS_ALLOWED,
|
||||
access_mask,
|
||||
0);
|
||||
idx++;
|
||||
}
|
||||
|
||||
init_sec_ace(&aces[idx],
|
||||
&global_sid_System,
|
||||
SEC_ACE_TYPE_ACCESS_ALLOWED,
|
||||
SEC_RIGHTS_FILE_ALL,
|
||||
0);
|
||||
idx++;
|
||||
|
||||
new_dacl = make_sec_acl(ctx,
|
||||
NT4_ACL_REVISION,
|
||||
idx,
|
||||
aces);
|
||||
|
||||
if (!new_dacl) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
*ppdesc = make_sec_desc(ctx,
|
||||
SECURITY_DESCRIPTOR_REVISION_1,
|
||||
SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
|
||||
&owner_sid,
|
||||
&group_sid,
|
||||
NULL,
|
||||
new_dacl,
|
||||
&size);
|
||||
if (!*ppdesc) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user