diff options
| author | Jeremy Allison <jra@samba.org> | 2010-10-15 15:42:44 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2010-10-15 17:38:22 -0700 |
| commit | 1904c44ec84fe5d706a4e07f73bad17d0948535a (patch) | |
| tree | 8a7ab42b9b5e5c7ba45b82ff6b3a1a3e12e8f716 /source3/smbd | |
| parent | e031f8ae6aee266c0ebf0b53465906e215ac9561 (diff) | |
| download | samba-1904c44ec84fe5d706a4e07f73bad17d0948535a.tar.gz samba-1904c44ec84fe5d706a4e07f73bad17d0948535a.tar.bz2 samba-1904c44ec84fe5d706a4e07f73bad17d0948535a.zip | |
Fix handling of "NULL" DACL. Map to u/g/w - rwx.
Jeremy.
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/posix_acls.c | 56 |
1 files changed, 33 insertions, 23 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 05f6439957..b02a0b1eb5 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3870,29 +3870,6 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s return NT_STATUS_NO_MEMORY; } - if((security_info_sent & SECINFO_DACL) && - (psd->type & SEC_DESC_DACL_PRESENT) && - (psd->dacl == NULL)) { - struct security_ace ace; - - /* We can't have NULL DACL in POSIX. - Use Everyone -> full access. */ - - init_sec_ace(&ace, - &global_sid_World, - SEC_ACE_TYPE_ACCESS_ALLOWED, - GENERIC_ALL_ACCESS, - 0); - psd->dacl = make_sec_acl(talloc_tos(), - NT4_ACL_REVISION, - 1, - &ace); - if (psd->dacl == NULL) { - return NT_STATUS_NO_MEMORY; - } - security_acl_map_generic(psd->dacl, &file_generic_mapping); - } - /* * Get the current state of the file. */ @@ -3967,6 +3944,39 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s create_file_sids(&fsp->fsp_name->st, &file_owner_sid, &file_grp_sid); + if((security_info_sent & SECINFO_DACL) && + (psd->type & SEC_DESC_DACL_PRESENT) && + (psd->dacl == NULL)) { + struct security_ace ace[3]; + + /* We can't have NULL DACL in POSIX. + Use owner/group/Everyone -> full access. */ + + init_sec_ace(&ace[0], + &file_owner_sid, + SEC_ACE_TYPE_ACCESS_ALLOWED, + GENERIC_ALL_ACCESS, + 0); + init_sec_ace(&ace[1], + &file_grp_sid, + SEC_ACE_TYPE_ACCESS_ALLOWED, + GENERIC_ALL_ACCESS, + 0); + init_sec_ace(&ace[2], + &global_sid_World, + SEC_ACE_TYPE_ACCESS_ALLOWED, + GENERIC_ALL_ACCESS, + 0); + psd->dacl = make_sec_acl(talloc_tos(), + NT4_ACL_REVISION, + 3, + ace); + if (psd->dacl == NULL) { + return NT_STATUS_NO_MEMORY; + } + security_acl_map_generic(psd->dacl, &file_generic_mapping); + } + acl_perms = unpack_canon_ace(fsp, &fsp->fsp_name->st, &file_owner_sid, &file_grp_sid, &file_ace_list, &dir_ace_list, security_info_sent, psd); |