summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/rpc_server/srv_lsa_nt.c2
-rw-r--r--source3/smbd/posix_acls.c44
2 files changed, 33 insertions, 13 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index 87aebfa674..f273c7bb4c 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -325,7 +325,7 @@ uint32 _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, LSA_R_ENU
}
/***************************************************************************
- _lsa_query_info
+ _lsa_query_info. See the POLICY_INFOMATION_CLASS docs at msdn.
***************************************************************************/
uint32 _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INFO *r_u)
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 5c0878b9ca..b9d6c7e32f 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -130,7 +130,8 @@ static SEC_ACCESS map_canon_ace_perms(int *pacl_type, DOM_SID *powner_sid, canon
nt_mask = UNIX_ACCESS_NONE;
} else {
/* Not owner, no access. */
- nt_mask = 0;
+ *pacl_type = SEC_ACE_TYPE_ACCESS_DENIED;
+ nt_mask = GENERIC_ALL_ACCESS;
}
} else {
nt_mask |= ((ace->perms & S_IRUSR) ? UNIX_ACCESS_R : 0 );
@@ -941,13 +942,13 @@ static canon_ace *unix_canonicalise_acl(files_struct *fsp, SMB_STRUCT_STAT *psbu
group_ace->type = SMB_ACL_GROUP_OBJ;
group_ace->sid = *pgroup;
- owner_ace->unix_ug.gid = psbuf->st_gid;
- owner_ace->owner_type = GID_ACE;
+ group_ace->unix_ug.gid = psbuf->st_gid;
+ group_ace->owner_type = GID_ACE;
other_ace->type = SMB_ACL_OTHER;
other_ace->sid = global_sid_World;
- owner_ace->unix_ug.world = -1;
- owner_ace->owner_type = WORLD_ACE;
+ other_ace->unix_ug.world = -1;
+ other_ace->owner_type = WORLD_ACE;
if (!fsp->is_directory) {
owner_ace->perms = unix_perms_to_acl_perms(psbuf->st_mode, S_IRUSR, S_IWUSR, S_IXUSR);
@@ -974,6 +975,23 @@ static canon_ace *unix_canonicalise_acl(files_struct *fsp, SMB_STRUCT_STAT *psbu
} else
safe_free(owner_ace);
+ if (list_head == NULL) {
+ /*
+ * Return an "Everyone" NO ACCESS ace.
+ */
+
+ if ((other_ace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL)
+ goto fail;
+
+ other_ace->type = SMB_ACL_OTHER;
+ other_ace->sid = global_sid_World;
+ other_ace->unix_ug.world = -1;
+ other_ace->owner_type = WORLD_ACE;
+ other_ace->perms = (mode_t)0;
+
+ DLIST_ADD(list_head, other_ace);
+ }
+
return list_head;
fail:
@@ -1304,7 +1322,7 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
{
SMB_STRUCT_STAT sbuf;
- SEC_ACE *nt_ace_list;
+ SEC_ACE *nt_ace_list = NULL;
DOM_SID owner_sid;
DOM_SID group_sid;
size_t sd_size = 0;
@@ -1379,13 +1397,15 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
num_dir_acls = count_canon_ace_list(dir_ace);
}
- /* Allocate the ace list. */
- if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_dir_acls)* sizeof(SEC_ACE))) == NULL) {
- DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
- goto done;
- }
+ if ((num_acls + num_dir_acls) != 0) {
+ /* Allocate the ace list. */
+ if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_dir_acls)* sizeof(SEC_ACE))) == NULL) {
+ DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
+ goto done;
+ }
- memset(nt_ace_list, '\0', (num_acls + num_dir_acls) * sizeof(SEC_ACE) );
+ memset(nt_ace_list, '\0', (num_acls + num_dir_acls) * sizeof(SEC_ACE) );
+ }
/*
* Create the NT ACE list from the canonical ace lists.