diff options
author | Jeremy Allison <jra@samba.org> | 2010-10-11 17:07:54 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2010-10-11 17:07:54 -0700 |
commit | 71d9f51b4eaedbecaf4b9e7a7fffae33dba6ba2e (patch) | |
tree | 1c0d5594379e98279afeddb28f6bcef17e883db1 /source3 | |
parent | 44a4b677fe5d0ea2a4a889cc2bb5421f372ca769 (diff) | |
download | samba-71d9f51b4eaedbecaf4b9e7a7fffae33dba6ba2e.tar.gz samba-71d9f51b4eaedbecaf4b9e7a7fffae33dba6ba2e.tar.bz2 samba-71d9f51b4eaedbecaf4b9e7a7fffae33dba6ba2e.zip |
Make the posix ACL module cope with a NULL incoming DACL and a
missing owner/group.
Jeremy.
Diffstat (limited to 'source3')
-rw-r--r-- | source3/smbd/posix_acls.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 4ceb0f0452..9713ec0b30 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3862,6 +3862,29 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s return NT_STATUS_NO_MEMORY; } + if((security_info_sent & SECINFO_DACL) && + (psd->type & SEC_DESC_DACL_PRESENT) && + (psd->dacl == NULL)) { + struct security_ace ace; + + /* We can't have NULL DACL in POSIX. + Use Everyone -> full access. */ + + init_sec_ace(&ace, + &global_sid_World, + SEC_ACE_TYPE_ACCESS_ALLOWED, + GENERIC_ALL_ACCESS, + 0); + psd->dacl = make_sec_acl(talloc_tos(), + NT4_ACL_REVISION, + 1, + &ace); + if (psd->dacl == NULL) { + return NT_STATUS_NO_MEMORY; + } + security_acl_map_generic(psd->dacl, &file_generic_mapping); + } + /* * Get the current state of the file. */ @@ -3878,6 +3901,14 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s * Unpack the user/group/world id's. */ + /* POSIX can't cope with missing owner/group. */ + if ((security_info_sent & SECINFO_OWNER) && (psd->owner_sid == NULL)) { + security_info_sent &= ~SECINFO_OWNER; + } + if ((security_info_sent & SECINFO_GROUP) && (psd->group_sid == NULL)) { + security_info_sent &= ~SECINFO_GROUP; + } + status = unpack_nt_owners( conn, &user, &grp, security_info_sent, psd); if (!NT_STATUS_IS_OK(status)) { return status; |