diff options
author | Andrew Tridgell <tridge@samba.org> | 2009-09-24 16:53:06 -0700 |
---|---|---|
committer | Andrew Tridgell <tridge@samba.org> | 2009-09-28 10:21:33 +1000 |
commit | 5acd8bc01b23d6fc3d83eea9c3307feb7210879f (patch) | |
tree | 6dbe790c7e7660f649cccc322f5bc7c3af0b6e0b /source4/libcli/security | |
parent | 9cef5f0a53ce2bddce644303659859743ea89398 (diff) | |
download | samba-5acd8bc01b23d6fc3d83eea9c3307feb7210879f.tar.gz samba-5acd8bc01b23d6fc3d83eea9c3307feb7210879f.tar.bz2 samba-5acd8bc01b23d6fc3d83eea9c3307feb7210879f.zip |
s4-acl: fixed SD creation
Thanks for Nadya and Metze for this. The SDs were being created with
invalid fields (noticed by w2k8-r2 client when joining our domain)
Diffstat (limited to 'source4/libcli/security')
-rw-r--r-- | source4/libcli/security/create_descriptor.c | 34 |
1 files changed, 22 insertions, 12 deletions
diff --git a/source4/libcli/security/create_descriptor.c b/source4/libcli/security/create_descriptor.c index ebf07ac0fd..a7f5f41966 100644 --- a/source4/libcli/security/create_descriptor.c +++ b/source4/libcli/security/create_descriptor.c @@ -265,6 +265,9 @@ static struct security_acl *calculate_inherited_from_creator(TALLOC_CTX *mem_ctx if (!tmp_acl) return NULL; + tmp_acl->revision = acl->revision; + DEBUG(6,(__location__ ": acl revision %u\n", acl->revision)); + co = dom_sid_parse_talloc(tmp_ctx, SID_CREATOR_OWNER); cg = dom_sid_parse_talloc(tmp_ctx, SID_CREATOR_GROUP); @@ -411,28 +414,35 @@ struct security_descriptor *create_security_descriptor(TALLOC_CTX *mem_ctx, struct dom_sid *new_group = NULL; new_sd = security_descriptor_initialise(mem_ctx); - if (!new_sd) + if (!new_sd) { return NULL; - if (!creator_sd || !creator_sd->owner_sid){ - if (inherit_flags & SEC_OWNER_FROM_PARENT) + } + + if (!creator_sd || !creator_sd->owner_sid) { + if ((inherit_flags & SEC_OWNER_FROM_PARENT) && parent_sd) { new_owner = parent_sd->owner_sid; - else if (!default_owner) + } else if (!default_owner) { new_owner = token->user_sid; - else + } else { new_owner = default_owner; - } - else + new_sd->type |= SEC_DESC_OWNER_DEFAULTED; + } + } else { new_owner = creator_sd->owner_sid; + } if (!creator_sd || !creator_sd->group_sid){ - if (inherit_flags & SEC_GROUP_FROM_PARENT && parent_sd) + if ((inherit_flags & SEC_GROUP_FROM_PARENT) && parent_sd) { new_group = parent_sd->group_sid; - else if (!default_group) + } else if (!default_group) { new_group = token->group_sid; - else new_group = default_group; - } - else + } else { + new_group = default_group; + new_sd->type |= SEC_DESC_GROUP_DEFAULTED; + } + } else { new_group = creator_sd->group_sid; + } new_sd->owner_sid = talloc_memdup(new_sd, new_owner, sizeof(struct dom_sid)); new_sd->group_sid = talloc_memdup(new_sd, new_group, sizeof(struct dom_sid)); |