diff options
-rw-r--r-- | source3/rpc_server/srv_lsa_nt.c | 2 | ||||
-rw-r--r-- | source3/smbd/posix_acls.c | 44 |
2 files changed, 33 insertions, 13 deletions
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c index 87aebfa674..f273c7bb4c 100644 --- a/source3/rpc_server/srv_lsa_nt.c +++ b/source3/rpc_server/srv_lsa_nt.c @@ -325,7 +325,7 @@ uint32 _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, LSA_R_ENU } /*************************************************************************** - _lsa_query_info + _lsa_query_info. See the POLICY_INFOMATION_CLASS docs at msdn. ***************************************************************************/ uint32 _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INFO *r_u) diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 5c0878b9ca..b9d6c7e32f 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -130,7 +130,8 @@ static SEC_ACCESS map_canon_ace_perms(int *pacl_type, DOM_SID *powner_sid, canon nt_mask = UNIX_ACCESS_NONE; } else { /* Not owner, no access. */ - nt_mask = 0; + *pacl_type = SEC_ACE_TYPE_ACCESS_DENIED; + nt_mask = GENERIC_ALL_ACCESS; } } else { nt_mask |= ((ace->perms & S_IRUSR) ? UNIX_ACCESS_R : 0 ); @@ -941,13 +942,13 @@ static canon_ace *unix_canonicalise_acl(files_struct *fsp, SMB_STRUCT_STAT *psbu group_ace->type = SMB_ACL_GROUP_OBJ; group_ace->sid = *pgroup; - owner_ace->unix_ug.gid = psbuf->st_gid; - owner_ace->owner_type = GID_ACE; + group_ace->unix_ug.gid = psbuf->st_gid; + group_ace->owner_type = GID_ACE; other_ace->type = SMB_ACL_OTHER; other_ace->sid = global_sid_World; - owner_ace->unix_ug.world = -1; - owner_ace->owner_type = WORLD_ACE; + other_ace->unix_ug.world = -1; + other_ace->owner_type = WORLD_ACE; if (!fsp->is_directory) { owner_ace->perms = unix_perms_to_acl_perms(psbuf->st_mode, S_IRUSR, S_IWUSR, S_IXUSR); @@ -974,6 +975,23 @@ static canon_ace *unix_canonicalise_acl(files_struct *fsp, SMB_STRUCT_STAT *psbu } else safe_free(owner_ace); + if (list_head == NULL) { + /* + * Return an "Everyone" NO ACCESS ace. + */ + + if ((other_ace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL) + goto fail; + + other_ace->type = SMB_ACL_OTHER; + other_ace->sid = global_sid_World; + other_ace->unix_ug.world = -1; + other_ace->owner_type = WORLD_ACE; + other_ace->perms = (mode_t)0; + + DLIST_ADD(list_head, other_ace); + } + return list_head; fail: @@ -1304,7 +1322,7 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc) { SMB_STRUCT_STAT sbuf; - SEC_ACE *nt_ace_list; + SEC_ACE *nt_ace_list = NULL; DOM_SID owner_sid; DOM_SID group_sid; size_t sd_size = 0; @@ -1379,13 +1397,15 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc) num_dir_acls = count_canon_ace_list(dir_ace); } - /* Allocate the ace list. */ - if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_dir_acls)* sizeof(SEC_ACE))) == NULL) { - DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n")); - goto done; - } + if ((num_acls + num_dir_acls) != 0) { + /* Allocate the ace list. */ + if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_dir_acls)* sizeof(SEC_ACE))) == NULL) { + DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n")); + goto done; + } - memset(nt_ace_list, '\0', (num_acls + num_dir_acls) * sizeof(SEC_ACE) ); + memset(nt_ace_list, '\0', (num_acls + num_dir_acls) * sizeof(SEC_ACE) ); + } /* * Create the NT ACE list from the canonical ace lists. |