summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2011-09-21 13:33:38 -0700
committerJeremy Allison <jra@samba.org>2011-09-21 13:34:50 -0700
commit893497ee169ba5455cd70458a339e60544e171d7 (patch)
treed81d8fd0236daa433ff5b133f60cdcb3dfade7ea
parentd89bbe9b0a989b8b5b1ecbd43c063a388e122aaf (diff)
downloadsamba-893497ee169ba5455cd70458a339e60544e171d7.tar.gz
samba-893497ee169ba5455cd70458a339e60544e171d7.tar.bz2
samba-893497ee169ba5455cd70458a339e60544e171d7.zip
Fix bug #8458] - IE9 on Windows 7 cannot download files to samba 3.5.11 share
Handle the SECINFO_LABEL flag in the same was as Win2k3.
-rw-r--r--librpc/idl/security.idl1
-rw-r--r--source3/smbd/nttrans.c25
2 files changed, 26 insertions, 0 deletions
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 2b6efc5318..5973fc5298 100644
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -600,6 +600,7 @@ interface security
SECINFO_GROUP = 0x00000002,
SECINFO_DACL = 0x00000004,
SECINFO_SACL = 0x00000008,
+ SECINFO_LABEL = 0x00000010,
SECINFO_UNPROTECTED_SACL = 0x10000000,
SECINFO_UNPROTECTED_DACL = 0x20000000,
SECINFO_PROTECTED_SACL = 0x40000000,
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 8900ec875f..d24dd1ef2d 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -868,6 +868,12 @@ NTSTATUS set_sd(files_struct *fsp, uint8_t *data, uint32_t sd_len,
/* Ensure we have at least one thing set. */
if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) {
+ if (security_info_sent & SECINFO_LABEL) {
+ /* Only consider SECINFO_LABEL if no other
+ bits are set. Just like W2K3 we don't
+ store this. */
+ return NT_STATUS_OK;
+ }
return NT_STATUS_INVALID_PARAMETER;
}
@@ -1868,8 +1874,18 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
return NT_STATUS_ACCESS_DENIED;
}
+ if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
+ SECINFO_GROUP|SECINFO_SACL)) {
+ /* Don't return SECINFO_LABEL if anything else was
+ requested. See bug #8458. */
+ security_info_wanted &= ~SECINFO_LABEL;
+ }
+
if (!lp_nt_acl_support(SNUM(conn))) {
status = get_null_nt_acl(mem_ctx, &psd);
+ } else if (security_info_wanted & SECINFO_LABEL) {
+ /* Like W2K3 return a null object. */
+ status = get_null_nt_acl(mem_ctx, &psd);
} else {
status = SMB_VFS_FGET_NT_ACL(
fsp, security_info_wanted, &psd);
@@ -1900,6 +1916,15 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
security_info_wanted & SECINFO_DACL)
psd->type |= SEC_DESC_DACL_PRESENT;
+ if (security_info_wanted & SECINFO_LABEL) {
+ /* Like W2K3 return a null object. */
+ psd->owner_sid = NULL;
+ psd->group_sid = NULL;
+ psd->dacl = NULL;
+ psd->sacl = NULL;
+ psd->type &= ~(SEC_DESC_DACL_PRESENT|SEC_DESC_SACL_PRESENT);
+ }
+
*psd_size = ndr_size_security_descriptor(psd, 0);
DEBUG(3,("smbd_do_query_security_desc: sd_size = %lu.\n",