From 812dcab195504301faea7443f1cb900dea57a823 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 12 Oct 2001 22:00:38 +0000
Subject: Made nt acl support a local parameter for w2ksp2 profile fix. Jeremy.
 (This used to be commit ebba334c15619610475a5c8242a55ed4fcdedf7c)

---
 source3/smbd/nttrans.c | 80 ++++++++++++++++++++++++++++++++++----------------
 1 file changed, 54 insertions(+), 26 deletions(-)

(limited to 'source3/smbd/nttrans.c')

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 2618a96913..1d8d2bae3e 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1463,6 +1463,23 @@ static int call_nt_transact_rename(connection_struct *conn,
 	return -1;
 }
 
+/******************************************************************************
+ Fake up a completely empty SD.
+*******************************************************************************/
+
+static size_t get_null_nt_acl(TALLOC_CTX *mem_ctx, SEC_DESC **ppsd)
+{
+	extern DOM_SID global_sid_World;
+	size_t sd_size;
+
+	*ppsd = make_standard_sec_desc( mem_ctx, &global_sid_World, &global_sid_World, NULL, &sd_size);
+	if(!*ppsd) {
+		DEBUG(0,("get_null_nt_acl: Unable to malloc space for security descriptor.\n"));
+		sd_size = 0;
+	}
+
+	return sd_size;
+}
 
 /****************************************************************************
  Reply to query a security descriptor - currently this is not implemented (it
@@ -1496,12 +1513,24 @@ static int call_nt_transact_query_security_desc(connection_struct *conn,
 
   *ppparams = params;
 
+  if ((mem_ctx = talloc_init()) == NULL) {
+    DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
+    return ERROR_DOS(ERRDOS,ERRnomem);
+  }
+
   /*
    * Get the permissions to return.
    */
 
-  if((sd_size = conn->vfs_ops.fget_nt_acl(fsp, fsp->fd, &psd)) == 0)
+  if (!lp_nt_acl_support(SNUM(conn)))
+    sd_size = get_null_nt_acl(mem_ctx, &psd);
+  else
+    sd_size = conn->vfs_ops.fget_nt_acl(fsp, fsp->fd, &psd);
+
+  if (sd_size == 0) {
+    talloc_destroy(mem_ctx);
     return(UNIXERROR(ERRDOS,ERRnoaccess));
+  }
 
   DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %d.\n",(int)sd_size));
 
@@ -1511,6 +1540,7 @@ static int call_nt_transact_query_security_desc(connection_struct *conn,
 
     send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_BUFFER_TOO_SMALL,
                     params, 4, *ppdata, 0);
+    talloc_destroy(mem_ctx);
     return -1;
   }
 
@@ -1520,6 +1550,7 @@ static int call_nt_transact_query_security_desc(connection_struct *conn,
 
   data = Realloc(*ppdata, sd_size);
   if(data == NULL) {
+    talloc_destroy(mem_ctx);
     return ERROR_DOS(ERRDOS,ERRnomem);
   }
 
@@ -1531,11 +1562,6 @@ static int call_nt_transact_query_security_desc(connection_struct *conn,
    * Init the parse struct we will marshall into.
    */
 
-  if ((mem_ctx = talloc_init()) == NULL) {
-    DEBUG(0,("call_nt_transact_query_security_desc: talloc_init failed.\n"));
-    return ERROR_DOS(ERRDOS,ERRnomem);
-  }
-
   prs_init(&pd, 0, mem_ctx, MARSHALL);
 
   /*
@@ -1578,34 +1604,36 @@ static int call_nt_transact_set_security_desc(connection_struct *conn,
 									int bufsize, char **ppsetup, 
 									char **ppparams, char **ppdata)
 {
-  uint32 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
-  char *params= *ppparams;
-  char *data = *ppdata;
-  uint32 total_data_count = (uint32)IVAL(inbuf, smb_nts_TotalDataCount);
-  files_struct *fsp = NULL;
-  uint32 security_info_sent = 0;
-  int error_class;
-  uint32 error_code;
+	uint32 total_parameter_count = IVAL(inbuf, smb_nts_TotalParameterCount);
+	char *params= *ppparams;
+	char *data = *ppdata;
+	uint32 total_data_count = (uint32)IVAL(inbuf, smb_nts_TotalDataCount);
+	files_struct *fsp = NULL;
+	uint32 security_info_sent = 0;
+	int error_class;
+	uint32 error_code;
 
-  if(!lp_nt_acl_support())
-    return(UNIXERROR(ERRDOS,ERRnoaccess));
+	if(total_parameter_count < 8)
+		return ERROR_DOS(ERRDOS,ERRbadfunc);
 
-  if(total_parameter_count < 8)
-    return ERROR_DOS(ERRDOS,ERRbadfunc);
+	if((fsp = file_fsp(params,0)) == NULL)
+		return ERROR_DOS(ERRDOS,ERRbadfid);
 
-  if((fsp = file_fsp(params,0)) == NULL)
-    return ERROR_DOS(ERRDOS,ERRbadfid);
+	if(!lp_nt_acl_support(SNUM(conn)))
+		goto done;
 
-  security_info_sent = IVAL(params,4);
+	security_info_sent = IVAL(params,4);
 
-  DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name,
-       (unsigned int)security_info_sent ));
+	DEBUG(3,("call_nt_transact_set_security_desc: file = %s, sent 0x%x\n", fsp->fsp_name,
+		(unsigned int)security_info_sent ));
 
-  if (!set_sd( fsp, data, total_data_count, security_info_sent, &error_class, &error_code))
+	if (!set_sd( fsp, data, total_data_count, security_info_sent, &error_class, &error_code))
 		return ERROR_DOS(error_class, error_code);
 
-  send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0);
-  return -1;
+  done:
+
+	send_nt_replies(inbuf, outbuf, bufsize, NT_STATUS_OK, NULL, 0, NULL, 0);
+	return -1;
 }
    
 /****************************************************************************
-- 
cgit