summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2009-04-22 09:12:58 -0400
committerSimo Sorce <ssorce@redhat.com>2009-04-22 09:59:02 -0400
commit40793e776332664ab16f3eb642deaf040fe5591d (patch)
treecc76c32d0ff20abd729b889947ad32fe9518325e
parentff3a020a5fab1aaabe0d19c4b12978860a2ac3ba (diff)
downloadsamba-40793e776332664ab16f3eb642deaf040fe5591d.tar.gz
samba-40793e776332664ab16f3eb642deaf040fe5591d.tar.bz2
samba-40793e776332664ab16f3eb642deaf040fe5591d.zip
Fix profile acls in some corner cases
Always add back the real original owner of the directory in the ACE List after we steal its ACE for the Administrators group.
-rw-r--r--source3/smbd/posix_acls.c21
1 files changed, 18 insertions, 3 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 39fb32f654..bc96838a09 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3036,19 +3036,22 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
canon_ace *dir_ace = NULL;
SEC_ACE *nt_ace_list = NULL;
size_t num_profile_acls = 0;
+ DOM_SID orig_owner_sid;
SEC_DESC *psd = NULL;
+ int i;
/*
* Get the owner, group and world SIDs.
*/
+ create_file_sids(sbuf, &owner_sid, &group_sid);
+
if (lp_profile_acls(SNUM(conn))) {
/* For WXP SP1 the owner must be administrators. */
+ sid_copy(&orig_owner_sid, &owner_sid);
sid_copy(&owner_sid, &global_sid_Builtin_Administrators);
sid_copy(&group_sid, &global_sid_Builtin_Users);
- num_profile_acls = 2;
- } else {
- create_file_sids(sbuf, &owner_sid, &group_sid);
+ num_profile_acls = 3;
}
if ((security_info & DACL_SECURITY_INFORMATION) && !(security_info & PROTECTED_DACL_SECURITY_INFORMATION)) {
@@ -3210,6 +3213,18 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
num_aces = merge_default_aces(nt_ace_list, num_aces);
+ if (lp_profile_acls(SNUM(conn))) {
+ for (i = 0; i < num_aces; i++) {
+ if (sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
+ add_or_replace_ace(nt_ace_list, &num_aces,
+ &orig_owner_sid,
+ nt_ace_list[i].type,
+ nt_ace_list[i].access_mask,
+ nt_ace_list[i].flags);
+ break;
+ }
+ }
+ }
}
if (num_aces) {