summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Metzmacher <metze@samba.org>2012-11-30 13:33:59 +0100
committerMichael Adam <obnox@samba.org>2012-12-02 18:32:36 +0100
commit8fbe39d5134e136101425f9fc8d3d5080cbe25ba (patch)
treeffc388cac24d93d2bd08c023a4cd3e1ab70826b4
parent139232656a5de5f1c4694bbea8554a01c677081a (diff)
downloadsamba-8fbe39d5134e136101425f9fc8d3d5080cbe25ba.tar.gz
samba-8fbe39d5134e136101425f9fc8d3d5080cbe25ba.tar.bz2
samba-8fbe39d5134e136101425f9fc8d3d5080cbe25ba.zip
s3:smbd/open: fall back to Builtin_Administrators if SYSTEM doesn't map to a group
Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Michael Adam <obnox@samba.org>
-rw-r--r--source3/smbd/open.c54
1 files changed, 54 insertions, 0 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 03e8feb302..be8d31b13b 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3462,6 +3462,10 @@ static NTSTATUS inherit_new_acl(files_struct *fsp)
bool inheritable_components = false;
bool try_builtin_administrators = false;
const struct dom_sid *BA_U_sid = NULL;
+ const struct dom_sid *BA_G_sid = NULL;
+ bool try_system = false;
+ const struct dom_sid *SY_U_sid = NULL;
+ const struct dom_sid *SY_G_sid = NULL;
size_t size = 0;
if (!parent_dirname(frame, fsp->fsp_name->base_name, &parent_name, NULL)) {
@@ -3507,6 +3511,16 @@ static NTSTATUS inherit_new_acl(files_struct *fsp)
try_builtin_administrators = true;
} else if (security_token_is_system(token)) {
try_builtin_administrators = true;
+ try_system = true;
+ }
+ }
+
+ if (group_sid == NULL &&
+ token->num_sids == PRIMARY_GROUP_SID_INDEX)
+ {
+ if (security_token_is_system(token)) {
+ try_builtin_administrators = true;
+ try_system = true;
}
}
@@ -3520,10 +3534,38 @@ static NTSTATUS inherit_new_acl(files_struct *fsp)
switch (ids.type) {
case ID_TYPE_BOTH:
BA_U_sid = &global_sid_Builtin_Administrators;
+ BA_G_sid = &global_sid_Builtin_Administrators;
break;
case ID_TYPE_UID:
BA_U_sid = &global_sid_Builtin_Administrators;
break;
+ case ID_TYPE_GID:
+ BA_G_sid = &global_sid_Builtin_Administrators;
+ break;
+ default:
+ break;
+ }
+ }
+ }
+
+ if (try_system) {
+ struct unixid ids;
+ bool ok;
+
+ ZERO_STRUCT(ids);
+ ok = sids_to_unixids(&global_sid_System, 1, &ids);
+ if (ok) {
+ switch (ids.type) {
+ case ID_TYPE_BOTH:
+ SY_U_sid = &global_sid_System;
+ SY_G_sid = &global_sid_System;
+ break;
+ case ID_TYPE_UID:
+ SY_U_sid = &global_sid_System;
+ break;
+ case ID_TYPE_GID:
+ SY_G_sid = &global_sid_System;
+ break;
default:
break;
}
@@ -3535,6 +3577,18 @@ static NTSTATUS inherit_new_acl(files_struct *fsp)
}
if (owner_sid == NULL) {
+ owner_sid = SY_U_sid;
+ }
+
+ if (group_sid == NULL) {
+ group_sid = SY_G_sid;
+ }
+
+ if (try_system && group_sid == NULL) {
+ group_sid = BA_G_sid;
+ }
+
+ if (owner_sid == NULL) {
owner_sid = &token->sids[PRIMARY_USER_SID_INDEX];
}
if (group_sid == NULL) {