summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/utils/smbcacls.c42
1 files changed, 35 insertions, 7 deletions
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index f68a2c2c6b..0aa2c4399d 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -31,6 +31,9 @@ static fstring server;
static int got_pass;
static int test_args;
+#define CREATE_ACCESS_READ READ_CONTROL_ACCESS
+#define CREATE_ACCESS_WRITE (WRITE_DAC_ACCESS | WRITE_OWNER_ACCESS)
+
/* numeric is set when the user wants numeric SIDs and ACEs rather
than going via LSA calls to resolve them */
static int numeric;
@@ -451,7 +454,7 @@ static int cacl_dump(struct cli_state *cli, char *filename)
if (test_args) return EXIT_OK;
- fnum = cli_nt_create(cli, filename, 0x20000);
+ fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ);
if (fnum == -1) {
printf("Failed to open %s: %s\n", filename, cli_errstr(cli));
return EXIT_FAILED;
@@ -486,9 +489,7 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
SEC_DESC *sd, *old;
size_t sd_size;
- fnum = cli_nt_create(cli, filename,
- READ_CONTROL_ACCESS | WRITE_DAC_ACCESS
- | WRITE_OWNER_ACCESS);
+ fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ);
if (fnum == -1) {
printf("Failed to open %s: %s\n", filename, cli_errstr(cli));
@@ -500,11 +501,25 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
old = cli_query_secdesc(cli, fnum);
+ cli_close(cli, fnum);
+
+ if (!old) {
+ printf("owner_set: Failed to query old descriptor\n");
+ return EXIT_FAILED;
+ }
+
sd = make_sec_desc(old->revision,
(change_mode == REQUEST_CHOWN) ? &sid : old->owner_sid,
(change_mode == REQUEST_CHGRP) ? &sid : old->grp_sid,
NULL, old->dacl, &sd_size);
+ fnum = cli_nt_create(cli, filename, CREATE_ACCESS_WRITE);
+
+ if (fnum == -1) {
+ printf("Failed to open %s: %s\n", filename, cli_errstr(cli));
+ return EXIT_FAILED;
+ }
+
if (!cli_set_secdesc(cli, fnum, sd)) {
printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli));
}
@@ -582,16 +597,22 @@ static int cacl_set(struct cli_state *cli, char *filename,
/* The desired access below is the only one I could find that works
with NT4, W2KP and Samba */
- fnum = cli_nt_create(cli, filename,
- MAXIMUM_ALLOWED_ACCESS | 0x60000);
+ fnum = cli_nt_create(cli, filename, CREATE_ACCESS_READ);
if (fnum == -1) {
- printf("Failed to open %s: %s\n", filename, cli_errstr(cli));
+ printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli));
return EXIT_FAILED;
}
old = cli_query_secdesc(cli, fnum);
+ if (!old) {
+ printf("calc_set: Failed to query old descriptor\n");
+ return EXIT_FAILED;
+ }
+
+ cli_close(cli, fnum);
+
/* the logic here is rather more complex than I would like */
switch (mode) {
case ACL_DELETE:
@@ -673,6 +694,13 @@ static int cacl_set(struct cli_state *cli, char *filename,
sd = make_sec_desc(old->revision, old->owner_sid, old->grp_sid,
NULL, old->dacl, &sd_size);
+ fnum = cli_nt_create(cli, filename, CREATE_ACCESS_WRITE);
+
+ if (fnum == -1) {
+ printf("cacl_set failed to open %s: %s\n", filename, cli_errstr(cli));
+ return EXIT_FAILED;
+ }
+
if (!cli_set_secdesc(cli, fnum, sd)) {
printf("ERROR: secdesc set failed: %s\n", cli_errstr(cli));
result = EXIT_FAILED;