From: Ralph Boehme Date: Wed, 24 Aug 2016 08:04:24 +0000 (+0200) Subject: Revert "vfs_acl_xattr: objects without NT ACL xattr" X-Git-Tag: samba-4.3.12~43 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2a8582638e1dae41ae118df8ae59b3120a001f30;p=thirdparty%2Fsamba.git Revert "vfs_acl_xattr: objects without NT ACL xattr" This reverts commit 961c4b591bb102751079d9cc92d7aa1c37f1958c. Subsequent commits will add the same functionality as an optional feature. Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 590b80490c00587b5a4035856891e10defb654f6) --- diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index f5af666ced5..85f6c650df9 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -379,10 +379,12 @@ static NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx, gid_to_sid(&group_sid, psbuf->st_ex_gid); /* - * We provide 2 ACEs: - * - Owner - * - NT System - */ + We provide up to 4 ACEs + - Owner + - Group + - Everyone + - NT System + */ if (mode & S_IRUSR) { if (mode & S_IWUSR) { @@ -402,6 +404,39 @@ static NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx, 0); idx++; + access_mask = 0; + if (mode & S_IRGRP) { + access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; + } + if (mode & S_IWGRP) { + /* note that delete is not granted - this matches posix behaviour */ + access_mask |= SEC_RIGHTS_FILE_WRITE; + } + if (access_mask) { + init_sec_ace(&aces[idx], + &group_sid, + SEC_ACE_TYPE_ACCESS_ALLOWED, + access_mask, + 0); + idx++; + } + + access_mask = 0; + if (mode & S_IROTH) { + access_mask |= SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE; + } + if (mode & S_IWOTH) { + access_mask |= SEC_RIGHTS_FILE_WRITE; + } + if (access_mask) { + init_sec_ace(&aces[idx], + &global_sid_World, + SEC_ACE_TYPE_ACCESS_ALLOWED, + access_mask, + 0); + idx++; + } + init_sec_ace(&aces[idx], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,