2024-12-27 03:21:53 +03:00 · 0001-01-01 00:00:00 +00:00 · 0001-01-01 00:00:00 +00:00 · 0d6c7dedd2
commit 0d6c7dedd2
parent 45e96777d0
2 changed files with 33 additions and 13 deletions
--- a/source/rpc_server/srv_lsa_nt.c
+++ b/source/rpc_server/srv_lsa_nt.c
@ -325,7 +325,7 @@ uint32 _lsa_enum_trust_dom(pipes_struct *p, LSA_Q_ENUM_TRUST_DOM *q_u, LSA_R_ENU
 }

 /***************************************************************************
- _lsa_query_info
+ _lsa_query_info. See the POLICY_INFOMATION_CLASS docs at msdn.
 ***************************************************************************/

 uint32 _lsa_query_info(pipes_struct *p, LSA_Q_QUERY_INFO *q_u, LSA_R_QUERY_INFO *r_u)
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@ -130,7 +130,8 @@ static SEC_ACCESS map_canon_ace_perms(int *pacl_type, DOM_SID *powner_sid, canon
 			nt_mask = UNIX_ACCESS_NONE;
 		} else {
 			/* Not owner, no access. */
-			nt_mask = 0;
+			*pacl_type = SEC_ACE_TYPE_ACCESS_DENIED;
+			nt_mask = GENERIC_ALL_ACCESS;
 		}
 	} else {
 		nt_mask |= ((ace->perms & S_IRUSR) ? UNIX_ACCESS_R : 0 );
@ -941,13 +942,13 @@ static canon_ace *unix_canonicalise_acl(files_struct *fsp, SMB_STRUCT_STAT *psbu

 	group_ace->type = SMB_ACL_GROUP_OBJ;
 	group_ace->sid = *pgroup;
-	owner_ace->unix_ug.gid = psbuf->st_gid;
-	owner_ace->owner_type = GID_ACE;
+	group_ace->unix_ug.gid = psbuf->st_gid;
+	group_ace->owner_type = GID_ACE;

 	other_ace->type = SMB_ACL_OTHER;
 	other_ace->sid = global_sid_World;
-	owner_ace->unix_ug.world = -1;
-	owner_ace->owner_type = WORLD_ACE;
+	other_ace->unix_ug.world = -1;
+	other_ace->owner_type = WORLD_ACE;

 	if (!fsp->is_directory) {
 		owner_ace->perms = unix_perms_to_acl_perms(psbuf->st_mode, S_IRUSR, S_IWUSR, S_IXUSR);
@ -974,6 +975,23 @@ static canon_ace *unix_canonicalise_acl(files_struct *fsp, SMB_STRUCT_STAT *psbu
 	} else
 		safe_free(owner_ace);

+	if (list_head == NULL) {
+		/*
+		 * Return an "Everyone" NO ACCESS ace.
+		 */
+
+		if ((other_ace = (canon_ace *)malloc(sizeof(canon_ace))) == NULL)
+			goto fail;
+
+		other_ace->type = SMB_ACL_OTHER;
+		other_ace->sid = global_sid_World;
+		other_ace->unix_ug.world = -1;
+		other_ace->owner_type = WORLD_ACE;
+		other_ace->perms = (mode_t)0;
+		
+		DLIST_ADD(list_head, other_ace);
+	}
+
 	return list_head;

  fail:
@ -1304,7 +1322,7 @@ static BOOL set_canon_ace_list(files_struct *fsp, canon_ace *the_ace, BOOL defau
 size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
 {
 	SMB_STRUCT_STAT sbuf;
-	SEC_ACE *nt_ace_list;
+	SEC_ACE *nt_ace_list = NULL;
 	DOM_SID owner_sid;
 	DOM_SID group_sid;
 	size_t sd_size = 0;
@ -1379,13 +1397,15 @@ size_t get_nt_acl(files_struct *fsp, SEC_DESC **ppdesc)
 		num_dir_acls = count_canon_ace_list(dir_ace);
 	}

-	/* Allocate the ace list. */
-	if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_dir_acls)* sizeof(SEC_ACE))) == NULL) {
-		DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
-		goto done;
-	}
+	if ((num_acls + num_dir_acls) != 0) {
+		/* Allocate the ace list. */
+		if ((nt_ace_list = (SEC_ACE *)malloc((num_acls + num_dir_acls)* sizeof(SEC_ACE))) == NULL) {
+			DEBUG(0,("get_nt_acl: Unable to malloc space for nt_ace_list.\n"));
+			goto done;
+		}

-	memset(nt_ace_list, '\0', (num_acls + num_dir_acls) * sizeof(SEC_ACE) );
+		memset(nt_ace_list, '\0', (num_acls + num_dir_acls) * sizeof(SEC_ACE) );
+	}

 	/*
 	 * Create the NT ACE list from the canonical ace lists.