diff options
author | Jeremy Allison <jra@samba.org> | 2010-10-07 16:56:36 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2010-10-08 00:37:53 +0000 |
commit | cd04af78d51121cc16453fcd52e0d4c3516bc3c5 (patch) | |
tree | 5c928dbd4b16aa4af2d5b7958bbedf869aab5024 | |
parent | fd9effce2bb981207a0662707c30e50100059c06 (diff) | |
download | samba-cd04af78d51121cc16453fcd52e0d4c3516bc3c5.tar.gz samba-cd04af78d51121cc16453fcd52e0d4c3516bc3c5.tar.bz2 samba-cd04af78d51121cc16453fcd52e0d4c3516bc3c5.zip |
Fix bug 7716 - acl_xattr and acl_tdb modules don't store unmodified copies of security descriptors.
As pointed out by an OEM, the code within smbd/posix_acl.c, even though passed
a const pointer to a security descriptor, still modifies the ACE entries within
it (which are not const pointers).
This means ACLs stored in the extended attribute by the acl_xattr module have
already been modified by the POSIX acl layer, and are not the original intent
of storing the "unmodified" ACL from the client.
Use dup_sec_desc to make a copy of the incoming ACL on talloc_tos() - that
is what is then modified inside smbd/posix_acl.c, leaving the original ACL
to be correctly stored in the xattr.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct 8 00:37:53 UTC 2010 on sn-devel-104
-rw-r--r-- | source3/smbd/posix_acls.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index dc3585d81b..4ceb0f0452 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3824,9 +3824,11 @@ NTSTATUS append_parent_acl(files_struct *fsp, Reply to set a security descriptor on an fsp. security_info_sent is the description of the following NT ACL. This should be the only external function needed for the UNIX style set ACL. + We make a copy of psd_orig as internal functions modify the elements inside + it, even though it's a const pointer. ****************************************************************************/ -NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd) +NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct security_descriptor *psd_orig) { connection_struct *conn = fsp->conn; uid_t user = (uid_t)-1; @@ -3841,6 +3843,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s bool set_acl_as_root = false; bool acl_set_support = false; bool ret = false; + struct security_descriptor *psd = NULL; DEBUG(10,("set_nt_acl: called for file %s\n", fsp_str_dbg(fsp))); @@ -3850,6 +3853,15 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s return NT_STATUS_MEDIA_WRITE_PROTECTED; } + if (!psd_orig) { + return NT_STATUS_INVALID_PARAMETER; + } + + psd = dup_sec_desc(talloc_tos(), psd_orig); + if (!psd) { + return NT_STATUS_NO_MEMORY; + } + /* * Get the current state of the file. */ |