diff options
author | Stefan Metzmacher <metze@samba.org> | 2006-04-12 16:27:53 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:04:04 -0500 |
commit | f347be4c738450e910d8453cef03c273069899a3 (patch) | |
tree | 2f81c7950a197b00268349038e90a958f131f19a | |
parent | e91394ceccd762a204e3b59d379173fd1090ff41 (diff) | |
download | samba-f347be4c738450e910d8453cef03c273069899a3.tar.gz samba-f347be4c738450e910d8453cef03c273069899a3.tar.bz2 samba-f347be4c738450e910d8453cef03c273069899a3.zip |
r15057: fix access masks for getting and setting security_descriptors
I'll add some torture tests later...
metze
(This used to be commit ce045f4df37b6740f2bf849fd06ab51c682ea0b7)
-rw-r--r-- | source4/ntvfs/posix/pvfs_qfileinfo.c | 22 | ||||
-rw-r--r-- | source4/ntvfs/posix/pvfs_setfileinfo.c | 11 |
2 files changed, 25 insertions, 8 deletions
diff --git a/source4/ntvfs/posix/pvfs_qfileinfo.c b/source4/ntvfs/posix/pvfs_qfileinfo.c index fb1b0aa3f9..e4e69a8289 100644 --- a/source4/ntvfs/posix/pvfs_qfileinfo.c +++ b/source4/ntvfs/posix/pvfs_qfileinfo.c @@ -28,11 +28,11 @@ /* determine what access bits are needed for a call */ -static uint32_t pvfs_fileinfo_access(enum smb_fileinfo_level level) +static uint32_t pvfs_fileinfo_access(union smb_fileinfo *info) { uint32_t needed; - switch (level) { + switch (info->generic.level) { case RAW_FILEINFO_EA_LIST: case RAW_FILEINFO_ALL_EAS: needed = SEC_FILE_READ_EA; @@ -43,14 +43,24 @@ static uint32_t pvfs_fileinfo_access(enum smb_fileinfo_level level) break; case RAW_FILEINFO_SEC_DESC: - needed = SEC_STD_READ_CONTROL; + needed = 0; + if (info->query_secdesc.in.secinfo_flags & (SECINFO_OWNER|SECINFO_GROUP)) { + needed |= SEC_STD_READ_CONTROL; + } + if (info->query_secdesc.in.secinfo_flags & SECINFO_DACL) { + needed |= SEC_STD_READ_CONTROL; + } + if (info->query_secdesc.in.secinfo_flags & SECINFO_SACL) { + needed |= SEC_FLAG_SYSTEM_SECURITY; + } break; default: needed = SEC_FILE_READ_ATTRIBUTE; break; } - return needed; + + return needed; } /* @@ -304,7 +314,7 @@ NTSTATUS pvfs_qpathinfo(struct ntvfs_module_context *ntvfs, } status = pvfs_access_check_simple(pvfs, req, name, - pvfs_fileinfo_access(info->generic.level)); + pvfs_fileinfo_access(info)); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -332,7 +342,7 @@ NTSTATUS pvfs_qfileinfo(struct ntvfs_module_context *ntvfs, } h = f->handle; - access_needed = pvfs_fileinfo_access(info->generic.level); + access_needed = pvfs_fileinfo_access(info); if ((f->access_mask & access_needed) != access_needed) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source4/ntvfs/posix/pvfs_setfileinfo.c b/source4/ntvfs/posix/pvfs_setfileinfo.c index 7661d1eb45..e85f52fc2c 100644 --- a/source4/ntvfs/posix/pvfs_setfileinfo.c +++ b/source4/ntvfs/posix/pvfs_setfileinfo.c @@ -53,16 +53,23 @@ static uint32_t pvfs_setfileinfo_access(union smb_setfileinfo *info) case RAW_SFILEINFO_SEC_DESC: needed = 0; - if (info->set_secdesc.in.secinfo_flags & (SECINFO_DACL|SECINFO_SACL)) { + if (info->set_secdesc.in.secinfo_flags & (SECINFO_OWNER|SECINFO_GROUP)) { + needed |= SEC_STD_WRITE_OWNER; + } + if (info->set_secdesc.in.secinfo_flags & SECINFO_DACL) { needed |= SEC_STD_WRITE_DAC; } + if (info->set_secdesc.in.secinfo_flags & SECINFO_SACL) { + needed |= SEC_FLAG_SYSTEM_SECURITY; + } break; default: needed = SEC_FILE_WRITE_ATTRIBUTE; break; } - return needed; + + return needed; } /* |