summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source3/include/proto.h1
-rw-r--r--source3/lib/secdesc.c27
-rw-r--r--source3/smbd/open.c15
3 files changed, 30 insertions, 13 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 9de64d018c..26d131e393 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -723,6 +723,7 @@ bool sec_acl_equal(SEC_ACL *s1, SEC_ACL *s2);
/* The following definitions come from lib/secdesc.c */
bool sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2);
+uint32_t get_sec_info(const SEC_DESC *sd);
SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb);
SEC_DESC *make_sec_desc(TALLOC_CTX *ctx,
enum security_descriptor_revision revision,
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c
index df85336603..400f5f31b0 100644
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@@ -100,6 +100,33 @@ bool sec_desc_equal(SEC_DESC *s1, SEC_DESC *s2)
}
/*******************************************************************
+ Given a security_descriptor return the sec_info.
+********************************************************************/
+
+uint32_t get_sec_info(const SEC_DESC *sd)
+{
+ uint32_t sec_info = ALL_SECURITY_INFORMATION;
+
+ SMB_ASSERT(sd);
+
+ if (sd->owner_sid == NULL) {
+ sec_info &= ~OWNER_SECURITY_INFORMATION;
+ }
+ if (sd->group_sid == NULL) {
+ sec_info &= ~GROUP_SECURITY_INFORMATION;
+ }
+ if (sd->sacl == NULL) {
+ sec_info &= ~SACL_SECURITY_INFORMATION;
+ }
+ if (sd->dacl == NULL) {
+ sec_info &= ~DACL_SECURITY_INFORMATION;
+ }
+
+ return sec_info;
+}
+
+
+/*******************************************************************
Merge part of security descriptor old_sec in to the empty sections of
security descriptor new_sec.
********************************************************************/
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 5bd28862e1..d59f018cfb 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -2963,21 +2963,10 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
if ((sd != NULL) && (info == FILE_WAS_CREATED)
&& lp_nt_acl_support(SNUM(conn))) {
- uint32_t sec_info_sent = ALL_SECURITY_INFORMATION;
+ uint32_t sec_info_sent;
uint32_t saved_access_mask = fsp->access_mask;
- if (sd->owner_sid == NULL) {
- sec_info_sent &= ~OWNER_SECURITY_INFORMATION;
- }
- if (sd->group_sid == NULL) {
- sec_info_sent &= ~GROUP_SECURITY_INFORMATION;
- }
- if (sd->sacl == NULL) {
- sec_info_sent &= ~SACL_SECURITY_INFORMATION;
- }
- if (sd->dacl == NULL) {
- sec_info_sent &= ~DACL_SECURITY_INFORMATION;
- }
+ sec_info_sent = get_sec_info(sd);
fsp->access_mask = FILE_GENERIC_ALL;