summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2006-04-12 16:27:53 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 14:04:04 -0500
commitf347be4c738450e910d8453cef03c273069899a3 (patch)
tree2f81c7950a197b00268349038e90a958f131f19a
parente91394ceccd762a204e3b59d379173fd1090ff41 (diff)
downloadsamba-f347be4c738450e910d8453cef03c273069899a3.tar.gz
samba-f347be4c738450e910d8453cef03c273069899a3.tar.bz2
samba-f347be4c738450e910d8453cef03c273069899a3.zip
r15057: fix access masks for getting and setting security_descriptors
I'll add some torture tests later... metze (This used to be commit ce045f4df37b6740f2bf849fd06ab51c682ea0b7)
-rw-r--r--source4/ntvfs/posix/pvfs_qfileinfo.c22
-rw-r--r--source4/ntvfs/posix/pvfs_setfileinfo.c11
2 files changed, 25 insertions, 8 deletions
diff --git a/source4/ntvfs/posix/pvfs_qfileinfo.c b/source4/ntvfs/posix/pvfs_qfileinfo.c
index fb1b0aa3f9..e4e69a8289 100644
--- a/source4/ntvfs/posix/pvfs_qfileinfo.c
+++ b/source4/ntvfs/posix/pvfs_qfileinfo.c
@@ -28,11 +28,11 @@
/*
determine what access bits are needed for a call
*/
-static uint32_t pvfs_fileinfo_access(enum smb_fileinfo_level level)
+static uint32_t pvfs_fileinfo_access(union smb_fileinfo *info)
{
uint32_t needed;
- switch (level) {
+ switch (info->generic.level) {
case RAW_FILEINFO_EA_LIST:
case RAW_FILEINFO_ALL_EAS:
needed = SEC_FILE_READ_EA;
@@ -43,14 +43,24 @@ static uint32_t pvfs_fileinfo_access(enum smb_fileinfo_level level)
break;
case RAW_FILEINFO_SEC_DESC:
- needed = SEC_STD_READ_CONTROL;
+ needed = 0;
+ if (info->query_secdesc.in.secinfo_flags & (SECINFO_OWNER|SECINFO_GROUP)) {
+ needed |= SEC_STD_READ_CONTROL;
+ }
+ if (info->query_secdesc.in.secinfo_flags & SECINFO_DACL) {
+ needed |= SEC_STD_READ_CONTROL;
+ }
+ if (info->query_secdesc.in.secinfo_flags & SECINFO_SACL) {
+ needed |= SEC_FLAG_SYSTEM_SECURITY;
+ }
break;
default:
needed = SEC_FILE_READ_ATTRIBUTE;
break;
}
- return needed;
+
+ return needed;
}
/*
@@ -304,7 +314,7 @@ NTSTATUS pvfs_qpathinfo(struct ntvfs_module_context *ntvfs,
}
status = pvfs_access_check_simple(pvfs, req, name,
- pvfs_fileinfo_access(info->generic.level));
+ pvfs_fileinfo_access(info));
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -332,7 +342,7 @@ NTSTATUS pvfs_qfileinfo(struct ntvfs_module_context *ntvfs,
}
h = f->handle;
- access_needed = pvfs_fileinfo_access(info->generic.level);
+ access_needed = pvfs_fileinfo_access(info);
if ((f->access_mask & access_needed) != access_needed) {
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source4/ntvfs/posix/pvfs_setfileinfo.c b/source4/ntvfs/posix/pvfs_setfileinfo.c
index 7661d1eb45..e85f52fc2c 100644
--- a/source4/ntvfs/posix/pvfs_setfileinfo.c
+++ b/source4/ntvfs/posix/pvfs_setfileinfo.c
@@ -53,16 +53,23 @@ static uint32_t pvfs_setfileinfo_access(union smb_setfileinfo *info)
case RAW_SFILEINFO_SEC_DESC:
needed = 0;
- if (info->set_secdesc.in.secinfo_flags & (SECINFO_DACL|SECINFO_SACL)) {
+ if (info->set_secdesc.in.secinfo_flags & (SECINFO_OWNER|SECINFO_GROUP)) {
+ needed |= SEC_STD_WRITE_OWNER;
+ }
+ if (info->set_secdesc.in.secinfo_flags & SECINFO_DACL) {
needed |= SEC_STD_WRITE_DAC;
}
+ if (info->set_secdesc.in.secinfo_flags & SECINFO_SACL) {
+ needed |= SEC_FLAG_SYSTEM_SECURITY;
+ }
break;
default:
needed = SEC_FILE_WRITE_ATTRIBUTE;
break;
}
- return needed;
+
+ return needed;
}
/*