summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2010-10-11 17:07:54 -0700
committerJeremy Allison <jra@samba.org>2010-10-11 17:07:54 -0700
commit71d9f51b4eaedbecaf4b9e7a7fffae33dba6ba2e (patch)
tree1c0d5594379e98279afeddb28f6bcef17e883db1 /source3
parent44a4b677fe5d0ea2a4a889cc2bb5421f372ca769 (diff)
downloadsamba-71d9f51b4eaedbecaf4b9e7a7fffae33dba6ba2e.tar.gz
samba-71d9f51b4eaedbecaf4b9e7a7fffae33dba6ba2e.tar.bz2
samba-71d9f51b4eaedbecaf4b9e7a7fffae33dba6ba2e.zip
Make the posix ACL module cope with a NULL incoming DACL and a
missing owner/group. Jeremy.
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/posix_acls.c31
1 files changed, 31 insertions, 0 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 4ceb0f0452..9713ec0b30 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3862,6 +3862,29 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s
return NT_STATUS_NO_MEMORY;
}
+ if((security_info_sent & SECINFO_DACL) &&
+ (psd->type & SEC_DESC_DACL_PRESENT) &&
+ (psd->dacl == NULL)) {
+ struct security_ace ace;
+
+ /* We can't have NULL DACL in POSIX.
+ Use Everyone -> full access. */
+
+ init_sec_ace(&ace,
+ &global_sid_World,
+ SEC_ACE_TYPE_ACCESS_ALLOWED,
+ GENERIC_ALL_ACCESS,
+ 0);
+ psd->dacl = make_sec_acl(talloc_tos(),
+ NT4_ACL_REVISION,
+ 1,
+ &ace);
+ if (psd->dacl == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ security_acl_map_generic(psd->dacl, &file_generic_mapping);
+ }
+
/*
* Get the current state of the file.
*/
@@ -3878,6 +3901,14 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s
* Unpack the user/group/world id's.
*/
+ /* POSIX can't cope with missing owner/group. */
+ if ((security_info_sent & SECINFO_OWNER) && (psd->owner_sid == NULL)) {
+ security_info_sent &= ~SECINFO_OWNER;
+ }
+ if ((security_info_sent & SECINFO_GROUP) && (psd->group_sid == NULL)) {
+ security_info_sent &= ~SECINFO_GROUP;
+ }
+
status = unpack_nt_owners( conn, &user, &grp, security_info_sent, psd);
if (!NT_STATUS_IS_OK(status)) {
return status;