vfs: Support NFS control flags in nfs4_acls.c.

The ACL control flags stores in particular the dacl protected bit
which is responsible for the "Include inherited permissions from
this object's parent" checkbox. This stores the information in the
ACL struct passed to and from file system specific vfs modules.

Signed-off-by: Alexander Werth <alexander.werth@de.ibm.com>
Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index 774c40e2691a1f91b00526eb37cc18185ab45a3d..cf61af90c5f0d05492997dd25fe756cbc7fd057d 100644 (file)
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -49,6 +49,7 @@ typedef struct _SMB_ACE4_INT_T
 typedef struct _SMB_ACL4_INT_T
 {
        uint32  magic;
+       uint16_t controlflags;
        uint32  naces;
        SMB_ACE4_INT_T  *first;
        SMB_ACE4_INT_T  *last;
@@ -218,6 +219,7 @@ SMB4ACL_T *smb_create_smb4acl(TALLOC_CTX *mem_ctx)
                return NULL;
        }
        theacl->magic = SMB_ACL4_INT_MAGIC;
+       theacl->controlflags = SEC_DESC_SELF_RELATIVE;
        /* theacl->first, last = NULL not needed */
        return (SMB4ACL_T *)theacl;
 }
@@ -288,6 +290,25 @@ uint32 smb_get_naces(SMB4ACL_T *theacl)
        return aclint->naces;
 }
 
+uint16_t smbacl4_get_controlflags(SMB4ACL_T *theacl)
+{
+       SMB_ACL4_INT_T *aclint = get_validated_aclint(theacl);
+       if (aclint==NULL)
+               return 0;
+
+       return aclint->controlflags;
+}
+
+bool smbacl4_set_controlflags(SMB4ACL_T *theacl, uint16_t controlflags)
+{
+       SMB_ACL4_INT_T *aclint = get_validated_aclint(theacl);
+       if (aclint==NULL)
+               return false;
+
+       aclint->controlflags = controlflags;
+       return true;
+}
+
 static int smbacl4_GetFileOwner(struct connection_struct *conn,
                                const char *filename,
                                SMB_STRUCT_STAT *psbuf)
@@ -543,7 +564,7 @@ static NTSTATUS smb_get_nt_acl_nfs4_common(const SMB_STRUCT_STAT *sbuf,
 
        DEBUG(10,("after make sec_acl\n"));
        *ppdesc = make_sec_desc(
-               mem_ctx, SD_REVISION, SEC_DESC_SELF_RELATIVE,
+               mem_ctx, SD_REVISION, smbacl4_get_controlflags(theacl),
                (security_info & SECINFO_OWNER) ? &sid_owner : NULL,
                (security_info & SECINFO_GROUP) ? &sid_group : NULL,
                NULL, psa, &sd_size);
@@ -1028,6 +1049,7 @@ NTSTATUS smb_set_nt_acl_nfs4(vfs_handle_struct *handle, files_struct *fsp,
                return map_nt_error_from_unix(errno);
        }
 
+       smbacl4_set_controlflags(theacl, psd->type);
        smbacl4_dump_nfs4acl(10, theacl);
 
        if (set_acl_as_root) {

diff --git a/source3/modules/nfs4_acls.h b/source3/modules/nfs4_acls.h
index 1bde81baf0dada5105fd4c25b47a842ae04f45df..68abebf8e4881af2a3c37c399020aeac4c5c8e95 100644 (file)
--- a/source3/modules/nfs4_acls.h
+++ b/source3/modules/nfs4_acls.h
@@ -130,6 +130,10 @@ SMB4ACE_T *smb_next_ace4(SMB4ACE_T *ace);
 
 uint32 smb_get_naces(SMB4ACL_T *theacl);
 
+uint16_t smbacl4_get_controlflags(SMB4ACL_T *theacl);
+
+bool smbacl4_set_controlflags(SMB4ACL_T *theacl, uint16_t controlflags);
+
 NTSTATUS smb_fget_nt_acl_nfs4(files_struct *fsp,
        uint32 security_info,
        TALLOC_CTX *mem_ctx,