From 40793e776332664ab16f3eb642deaf040fe5591d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 22 Apr 2009 09:12:58 -0400 Subject: Fix profile acls in some corner cases Always add back the real original owner of the directory in the ACE List after we steal its ACE for the Administrators group. --- source3/smbd/posix_acls.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 39fb32f654..bc96838a09 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3036,19 +3036,22 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, canon_ace *dir_ace = NULL; SEC_ACE *nt_ace_list = NULL; size_t num_profile_acls = 0; + DOM_SID orig_owner_sid; SEC_DESC *psd = NULL; + int i; /* * Get the owner, group and world SIDs. */ + create_file_sids(sbuf, &owner_sid, &group_sid); + if (lp_profile_acls(SNUM(conn))) { /* For WXP SP1 the owner must be administrators. */ + sid_copy(&orig_owner_sid, &owner_sid); sid_copy(&owner_sid, &global_sid_Builtin_Administrators); sid_copy(&group_sid, &global_sid_Builtin_Users); - num_profile_acls = 2; - } else { - create_file_sids(sbuf, &owner_sid, &group_sid); + num_profile_acls = 3; } if ((security_info & DACL_SECURITY_INFORMATION) && !(security_info & PROTECTED_DACL_SECURITY_INFORMATION)) { @@ -3210,6 +3213,18 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, num_aces = merge_default_aces(nt_ace_list, num_aces); + if (lp_profile_acls(SNUM(conn))) { + for (i = 0; i < num_aces; i++) { + if (sid_equal(&nt_ace_list[i].trustee, &owner_sid)) { + add_or_replace_ace(nt_ace_list, &num_aces, + &orig_owner_sid, + nt_ace_list[i].type, + nt_ace_list[i].access_mask, + nt_ace_list[i].flags); + break; + } + } + } } if (num_aces) { -- cgit