diff options
-rw-r--r-- | source3/smbd/posix_acls.c | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 4ceb0f0452..9713ec0b30 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3862,6 +3862,29 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s return NT_STATUS_NO_MEMORY; } + if((security_info_sent & SECINFO_DACL) && + (psd->type & SEC_DESC_DACL_PRESENT) && + (psd->dacl == NULL)) { + struct security_ace ace; + + /* We can't have NULL DACL in POSIX. + Use Everyone -> full access. */ + + init_sec_ace(&ace, + &global_sid_World, + SEC_ACE_TYPE_ACCESS_ALLOWED, + GENERIC_ALL_ACCESS, + 0); + psd->dacl = make_sec_acl(talloc_tos(), + NT4_ACL_REVISION, + 1, + &ace); + if (psd->dacl == NULL) { + return NT_STATUS_NO_MEMORY; + } + security_acl_map_generic(psd->dacl, &file_generic_mapping); + } + /* * Get the current state of the file. */ @@ -3878,6 +3901,14 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s * Unpack the user/group/world id's. */ + /* POSIX can't cope with missing owner/group. */ + if ((security_info_sent & SECINFO_OWNER) && (psd->owner_sid == NULL)) { + security_info_sent &= ~SECINFO_OWNER; + } + if ((security_info_sent & SECINFO_GROUP) && (psd->group_sid == NULL)) { + security_info_sent &= ~SECINFO_GROUP; + } + status = unpack_nt_owners( conn, &user, &grp, security_info_sent, psd); if (!NT_STATUS_IS_OK(status)) { return status; |