diff options
author | Jeremy Allison <jra@samba.org> | 2011-09-21 13:33:38 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2011-09-21 13:34:50 -0700 |
commit | 893497ee169ba5455cd70458a339e60544e171d7 (patch) | |
tree | d81d8fd0236daa433ff5b133f60cdcb3dfade7ea | |
parent | d89bbe9b0a989b8b5b1ecbd43c063a388e122aaf (diff) | |
download | samba-893497ee169ba5455cd70458a339e60544e171d7.tar.gz samba-893497ee169ba5455cd70458a339e60544e171d7.tar.bz2 samba-893497ee169ba5455cd70458a339e60544e171d7.zip |
Fix bug #8458] - IE9 on Windows 7 cannot download files to samba 3.5.11 share
Handle the SECINFO_LABEL flag in the same was as Win2k3.
-rw-r--r-- | librpc/idl/security.idl | 1 | ||||
-rw-r--r-- | source3/smbd/nttrans.c | 25 |
2 files changed, 26 insertions, 0 deletions
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl index 2b6efc5318..5973fc5298 100644 --- a/librpc/idl/security.idl +++ b/librpc/idl/security.idl @@ -600,6 +600,7 @@ interface security SECINFO_GROUP = 0x00000002, SECINFO_DACL = 0x00000004, SECINFO_SACL = 0x00000008, + SECINFO_LABEL = 0x00000010, SECINFO_UNPROTECTED_SACL = 0x10000000, SECINFO_UNPROTECTED_DACL = 0x20000000, SECINFO_PROTECTED_SACL = 0x40000000, diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 8900ec875f..d24dd1ef2d 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -868,6 +868,12 @@ NTSTATUS set_sd(files_struct *fsp, uint8_t *data, uint32_t sd_len, /* Ensure we have at least one thing set. */ if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) { + if (security_info_sent & SECINFO_LABEL) { + /* Only consider SECINFO_LABEL if no other + bits are set. Just like W2K3 we don't + store this. */ + return NT_STATUS_OK; + } return NT_STATUS_INVALID_PARAMETER; } @@ -1868,8 +1874,18 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn, return NT_STATUS_ACCESS_DENIED; } + if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER| + SECINFO_GROUP|SECINFO_SACL)) { + /* Don't return SECINFO_LABEL if anything else was + requested. See bug #8458. */ + security_info_wanted &= ~SECINFO_LABEL; + } + if (!lp_nt_acl_support(SNUM(conn))) { status = get_null_nt_acl(mem_ctx, &psd); + } else if (security_info_wanted & SECINFO_LABEL) { + /* Like W2K3 return a null object. */ + status = get_null_nt_acl(mem_ctx, &psd); } else { status = SMB_VFS_FGET_NT_ACL( fsp, security_info_wanted, &psd); @@ -1900,6 +1916,15 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn, security_info_wanted & SECINFO_DACL) psd->type |= SEC_DESC_DACL_PRESENT; + if (security_info_wanted & SECINFO_LABEL) { + /* Like W2K3 return a null object. */ + psd->owner_sid = NULL; + psd->group_sid = NULL; + psd->dacl = NULL; + psd->sacl = NULL; + psd->type &= ~(SEC_DESC_DACL_PRESENT|SEC_DESC_SACL_PRESENT); + } + *psd_size = ndr_size_security_descriptor(psd, 0); DEBUG(3,("smbd_do_query_security_desc: sd_size = %lu.\n", |