1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

Add make_default_filesystem_acl() function to be used in following change to acl_xattr and acl_tdb module.

This commit is contained in:
Jeremy Allison 2010-10-15 15:53:51 -07:00
parent 1904c44ec8
commit cf45581cdf
2 changed files with 114 additions and 0 deletions

View File

@ -5123,6 +5123,10 @@ bool set_unix_posix_default_acl(connection_struct *conn, const char *fname,
uint16 num_def_acls, const char *pdata);
bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16 num_acls, const char *pdata);
struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname);
NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
const char *name,
SMB_STRUCT_STAT *psbuf,
struct security_descriptor **ppdesc);
/* The following definitions come from smbd/process.c */

View File

@ -4821,3 +4821,113 @@ struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fna
return ret_sd;
}
/* Stolen shamelessly from pvfs_default_acl() in source4 :-). */
NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
const char *name,
SMB_STRUCT_STAT *psbuf,
struct security_descriptor **ppdesc)
{
struct dom_sid owner_sid, group_sid;
size_t size = 0;
struct security_ace aces[4];
uint32_t access_mask = 0;
mode_t mode = psbuf->st_ex_mode;
struct security_acl *new_dacl = NULL;
int idx = 0;
DEBUG(10,("make_default_filesystem_acl: file %s mode = 0%o\n",
name, (int)mode ));
uid_to_sid(&owner_sid, psbuf->st_ex_uid);
gid_to_sid(&group_sid, psbuf->st_ex_gid);
/*
We provide up to 4 ACEs
- Owner
- Group
- Everyone
- NT System
*/
if (mode & S_IRUSR) {
if (mode & S_IWUSR) {
access_mask |= SEC_RIGHTS_FILE_ALL;
} else {
access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
}
}
if (mode & S_IWUSR) {
access_mask |= SEC_RIGHTS_FILE_WRITE | SEC_STD_DELETE;
}
init_sec_ace(&aces[idx],
&owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
access_mask,
0);
idx++;
access_mask = 0;
if (mode & S_IRGRP) {
access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
}
if (mode & S_IWGRP) {
/* note that delete is not granted - this matches posix behaviour */
access_mask |= SEC_RIGHTS_FILE_WRITE;
}
if (access_mask) {
init_sec_ace(&aces[idx],
&group_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
access_mask,
0);
idx++;
}
access_mask = 0;
if (mode & S_IROTH) {
access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE;
}
if (mode & S_IWOTH) {
access_mask |= SEC_RIGHTS_FILE_WRITE;
}
if (access_mask) {
init_sec_ace(&aces[idx],
&global_sid_World,
SEC_ACE_TYPE_ACCESS_ALLOWED,
access_mask,
0);
idx++;
}
init_sec_ace(&aces[idx],
&global_sid_System,
SEC_ACE_TYPE_ACCESS_ALLOWED,
SEC_RIGHTS_FILE_ALL,
0);
idx++;
new_dacl = make_sec_acl(ctx,
NT4_ACL_REVISION,
idx,
aces);
if (!new_dacl) {
return NT_STATUS_NO_MEMORY;
}
*ppdesc = make_sec_desc(ctx,
SECURITY_DESCRIPTOR_REVISION_1,
SEC_DESC_SELF_RELATIVE|SEC_DESC_DACL_PRESENT,
&owner_sid,
&group_sid,
NULL,
new_dacl,
&size);
if (!*ppdesc) {
return NT_STATUS_NO_MEMORY;
}
return NT_STATUS_OK;
}