summaryrefslogtreecommitdiff
path: root/source4/libcli/security
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2009-09-24 16:53:06 -0700
committerAndrew Tridgell <tridge@samba.org>2009-09-28 10:21:33 +1000
commit5acd8bc01b23d6fc3d83eea9c3307feb7210879f (patch)
tree6dbe790c7e7660f649cccc322f5bc7c3af0b6e0b /source4/libcli/security
parent9cef5f0a53ce2bddce644303659859743ea89398 (diff)
downloadsamba-5acd8bc01b23d6fc3d83eea9c3307feb7210879f.tar.gz
samba-5acd8bc01b23d6fc3d83eea9c3307feb7210879f.tar.bz2
samba-5acd8bc01b23d6fc3d83eea9c3307feb7210879f.zip
s4-acl: fixed SD creation
Thanks for Nadya and Metze for this. The SDs were being created with invalid fields (noticed by w2k8-r2 client when joining our domain)
Diffstat (limited to 'source4/libcli/security')
-rw-r--r--source4/libcli/security/create_descriptor.c34
1 files changed, 22 insertions, 12 deletions
diff --git a/source4/libcli/security/create_descriptor.c b/source4/libcli/security/create_descriptor.c
index ebf07ac0fd..a7f5f41966 100644
--- a/source4/libcli/security/create_descriptor.c
+++ b/source4/libcli/security/create_descriptor.c
@@ -265,6 +265,9 @@ static struct security_acl *calculate_inherited_from_creator(TALLOC_CTX *mem_ctx
if (!tmp_acl)
return NULL;
+ tmp_acl->revision = acl->revision;
+ DEBUG(6,(__location__ ": acl revision %u\n", acl->revision));
+
co = dom_sid_parse_talloc(tmp_ctx, SID_CREATOR_OWNER);
cg = dom_sid_parse_talloc(tmp_ctx, SID_CREATOR_GROUP);
@@ -411,28 +414,35 @@ struct security_descriptor *create_security_descriptor(TALLOC_CTX *mem_ctx,
struct dom_sid *new_group = NULL;
new_sd = security_descriptor_initialise(mem_ctx);
- if (!new_sd)
+ if (!new_sd) {
return NULL;
- if (!creator_sd || !creator_sd->owner_sid){
- if (inherit_flags & SEC_OWNER_FROM_PARENT)
+ }
+
+ if (!creator_sd || !creator_sd->owner_sid) {
+ if ((inherit_flags & SEC_OWNER_FROM_PARENT) && parent_sd) {
new_owner = parent_sd->owner_sid;
- else if (!default_owner)
+ } else if (!default_owner) {
new_owner = token->user_sid;
- else
+ } else {
new_owner = default_owner;
- }
- else
+ new_sd->type |= SEC_DESC_OWNER_DEFAULTED;
+ }
+ } else {
new_owner = creator_sd->owner_sid;
+ }
if (!creator_sd || !creator_sd->group_sid){
- if (inherit_flags & SEC_GROUP_FROM_PARENT && parent_sd)
+ if ((inherit_flags & SEC_GROUP_FROM_PARENT) && parent_sd) {
new_group = parent_sd->group_sid;
- else if (!default_group)
+ } else if (!default_group) {
new_group = token->group_sid;
- else new_group = default_group;
- }
- else
+ } else {
+ new_group = default_group;
+ new_sd->type |= SEC_DESC_GROUP_DEFAULTED;
+ }
+ } else {
new_group = creator_sd->group_sid;
+ }
new_sd->owner_sid = talloc_memdup(new_sd, new_owner, sizeof(struct dom_sid));
new_sd->group_sid = talloc_memdup(new_sd, new_group, sizeof(struct dom_sid));