summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/param/loadparm.c8
-rw-r--r--source3/smbd/nttrans.c80
-rw-r--r--source3/smbd/trans2.c2
3 files changed, 59 insertions, 31 deletions
diff --git a/source3/param/loadparm.c b/source3/param/loadparm.c
index 63bc16e394..e011f47df6 100644
--- a/source3/param/loadparm.c
+++ b/source3/param/loadparm.c
@@ -254,7 +254,6 @@ typedef struct
BOOL bTimestampLogs;
BOOL bNTSmbSupport;
BOOL bNTPipeSupport;
- BOOL bNTAclSupport;
BOOL bStatCache;
BOOL bKernelOplocks;
BOOL bAllowTrustedDomains;
@@ -388,6 +387,7 @@ typedef struct
BOOL bInheritPerms;
BOOL bMSDfsRoot;
BOOL bUseClientDriver;
+ BOOL bNTAclSupport;
char dummy[3]; /* for alignment */
}
@@ -502,6 +502,7 @@ static service sDefault = {
False, /* bInheritPerms */
False, /* bMSDfsRoot */
False, /* bUseClientDriver */
+ True, /* bNTAclSupport */
"" /* dummy */
};
@@ -783,7 +784,7 @@ static struct parm_struct parm_table[] = {
{N_("write raw"), P_BOOL, P_GLOBAL, &Globals.bWriteRaw, NULL, NULL, 0},
{N_("nt pipe support"), P_BOOL, P_GLOBAL, &Globals.bNTPipeSupport, NULL, NULL, 0},
- {N_("nt acl support"), P_BOOL, P_GLOBAL, &Globals.bNTAclSupport, NULL, NULL, 0},
+ {N_("nt acl support"), P_BOOL, P_LOCAL, &sDefault.bNTAclSupport, NULL, NULL, 0},
{N_("announce version"), P_STRING, P_GLOBAL, &Globals.szAnnounceVersion, NULL, NULL, 0},
{N_("announce as"), P_ENUM, P_GLOBAL, &Globals.announce_as, NULL, enum_announce_as, 0},
{N_("max mux"), P_INTEGER, P_GLOBAL, &Globals.max_mux, NULL, NULL, 0},
@@ -1280,7 +1281,6 @@ static void init_globals(void)
Globals.bPasswdChatDebug = False;
Globals.bUnicode = True; /* Do unicode on the wire by default */
Globals.bNTPipeSupport = True; /* Do NT pipes by default. */
- Globals.bNTAclSupport = True; /* Use NT ACLs by default. */
Globals.bStatCache = True; /* use stat cache by default */
Globals.bRestrictAnonymous = False;
Globals.bLanmanAuth = True; /* Do use the LanMan hash if it is available */
@@ -1570,7 +1570,6 @@ FN_GLOBAL_BOOL(lp_unix_password_sync, &Globals.bUnixPasswdSync)
FN_GLOBAL_BOOL(lp_passwd_chat_debug, &Globals.bPasswdChatDebug)
FN_GLOBAL_BOOL(lp_unicode, &Globals.bUnicode)
FN_GLOBAL_BOOL(lp_nt_pipe_support, &Globals.bNTPipeSupport)
-FN_GLOBAL_BOOL(lp_nt_acl_support, &Globals.bNTAclSupport)
FN_GLOBAL_BOOL(lp_stat_cache, &Globals.bStatCache)
FN_GLOBAL_BOOL(lp_allow_trusted_domains, &Globals.bAllowTrustedDomains)
FN_GLOBAL_BOOL(lp_restrict_anonymous, &Globals.bRestrictAnonymous)
@@ -1699,6 +1698,7 @@ FN_LOCAL_BOOL(lp_fake_dir_create_times, bFakeDirCreateTimes)
FN_LOCAL_BOOL(lp_blocking_locks, bBlockingLocks)
FN_LOCAL_BOOL(lp_inherit_perms, bInheritPerms)
FN_LOCAL_BOOL(lp_use_client_driver, bUseClientDriver)
+FN_LOCAL_BOOL(lp_nt_acl_support, bNTAclSupport)
FN_LOCAL_INTEGER(lp_create_mask, iCreate_mask)
FN_LOCAL_INTEGER(lp_force_create_mode, iCreate_force_mode)
FN_LOCAL_INTEGER(lp_security_mask, iSecurity_mask)
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 2618a96913..1d8d2bae3e 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1463,6 +1463,23 @@ static int call_nt_transact_rename(connection_struct *conn,
return -1;
}
+/******************************************************************************
+ Fake up a completely empty SD.
+*******************************************************************************/
+
+static size_t get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
+{
+ extern DOM_SID global_sid_World;
+ size_t sd_size;
+
+ *ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size);
+ if(!*ppsd) {
+ DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
+ sd_size = 0;
+ }
+
+ return sd_size;
+}
/****************************************************************************
Reply to query a security descriptor - currently this is not implemented (it
@@ -1496,12 +1513,24 @@ static int call_nt_transact_query_security_desc(connection_struct *conn,
*ppparams = params;
+ if ((mem_ctx = talloc_init()) == NULL) {
+ DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
+ return ERROR_DOS(ERRDOS,ERRnomem);
+ }
+
/*
* Get the permissions to return.
*/
- if((sd_size = conn->vfs_ops.fget_nt_acl(fsp, fsp->fd, &psd)) == 0)
+ if (!lp_nt_acl_support(SNUM(conn)))
+ sd_size = get_null_nt_acl(mem_ctx, &psd);
+ else
+ sd_size = conn->vfs_ops.fget_nt_acl(fsp, fsp->fd, &psd);
+
+ if (sd_size == 0) {
+ talloc_destroy(mem_ctx);
return(UNIXERROR(ERRDOS,ERRnoaccess));
+ }
DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %d.\n",(int)sd_size));
@@ -1511,6 +1540,7 @@ static int call_nt_transact_query_security_desc(connection_struct *conn,
send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_BUFFER_TOO_SMALL,
params, 4, *ppdata, 0);
+ talloc_destroy(mem_ctx);
return -1;
}
@@ -1520,6 +1550,7 @@ static int call_nt_transact_query_security_desc(connection_struct *conn,
data = Realloc(*ppdata, sd_size);
if(data == NULL) {
+ talloc_destroy(mem_ctx);
return ERROR_DOS(ERRDOS,ERRnomem);
}
@@ -1531,11 +1562,6 @@ static int call_nt_transact_query_security_desc(connection_struct *conn,
* Init the parse struct we will marshall into.
*/
- if ((mem_ctx = talloc_init()) == NULL) {
- DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
- return ERROR_DOS(ERRDOS,ERRnomem);
- }
-
prs_init(&pd, 0, mem_ctx, MARSHALL);
/*
@@ -1578,34 +1604,36 @@ static int call_nt_transact_set_security_desc(connection_struct *conn,
int bufsize, char **ppsetup,
char **ppparams, char **ppdata)
{
- uint32 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
- char *params= *ppparams;
- char *data = *ppdata;
- uint32 total_data_count = (uint32)IVAL(inbuf, smb_nts_TotalDataCount);
- files_struct *fsp = NULL;
- uint32 security_info_sent = 0;
- int error_class;
- uint32 error_code;
+ uint32 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
+ char *params= *ppparams;
+ char *data = *ppdata;
+ uint32 total_data_count = (uint32)IVAL(inbuf, smb_nts_TotalDataCount);
+ files_struct *fsp = NULL;
+ uint32 security_info_sent = 0;
+ int error_class;
+ uint32 error_code;
- if(!lp_nt_acl_support())
- return(UNIXERROR(ERRDOS,ERRnoaccess));
+ if(total_parameter_count < 8)
+ return ERROR_DOS(ERRDOS,ERRbadfunc);
- if(total_parameter_count < 8)
- return ERROR_DOS(ERRDOS,ERRbadfunc);
+ if((fsp = file_fsp(params,0)) == NULL)
+ return ERROR_DOS(ERRDOS,ERRbadfid);
- if((fsp = file_fsp(params,0)) == NULL)
- return ERROR_DOS(ERRDOS,ERRbadfid);
+ if(!lp_nt_acl_support(SNUM(conn)))
+ goto done;
- security_info_sent = IVAL(params,4);
+ security_info_sent = IVAL(params,4);
- DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name,
- (unsigned int)security_info_sent ));
+ DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name,
+ (unsigned int)security_info_sent ));
- if (!set_sd( fsp, data, total_data_count, security_info_sent, &error_class, &error_code))
+ if (!set_sd( fsp, data, total_data_count, security_info_sent, &error_class, &error_code))
return ERROR_DOS(error_class, error_code);
- send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0);
- return -1;
+ done:
+
+ send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0);
+ return -1;
}
/****************************************************************************
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 0941d9f692..9b0fd379cf 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -1159,7 +1159,7 @@ static int call_trans2qfsinfo(connection_struct *conn,
case SMB_QUERY_FS_ATTRIBUTE_INFO:
SIVAL(pdata,0,FILE_CASE_PRESERVED_NAMES|FILE_CASE_SENSITIVE_SEARCH|
FILE_DEVICE_IS_MOUNTED|
- (lp_nt_acl_support() ? FILE_PERSISTENT_ACLS : 0)); /* FS ATTRIBUTES */
+ (lp_nt_acl_support(SNUM(conn)) ? FILE_PERSISTENT_ACLS : 0)); /* FS ATTRIBUTES */
SIVAL(pdata,4,255); /* Max filename component length */
len = srvstr_push(outbuf, pdata+12, fstype, -1, STR_TERMINATE);
SIVAL(pdata,8,len);