1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

Fix handling of "NULL" DACL. Map to u/g/w - rwx.

Jeremy.
This commit is contained in:
Jeremy Allison 2010-10-15 15:42:44 -07:00
parent e031f8ae6a
commit 1904c44ec8

View File

@ -3870,29 +3870,6 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s
return NT_STATUS_NO_MEMORY;
}
if((security_info_sent & SECINFO_DACL) &&
(psd->type & SEC_DESC_DACL_PRESENT) &&
(psd->dacl == NULL)) {
struct security_ace ace;
/* We can't have NULL DACL in POSIX.
Use Everyone -> full access. */
init_sec_ace(&ace,
&global_sid_World,
SEC_ACE_TYPE_ACCESS_ALLOWED,
GENERIC_ALL_ACCESS,
0);
psd->dacl = make_sec_acl(talloc_tos(),
NT4_ACL_REVISION,
1,
&ace);
if (psd->dacl == NULL) {
return NT_STATUS_NO_MEMORY;
}
security_acl_map_generic(psd->dacl, &file_generic_mapping);
}
/*
* Get the current state of the file.
*/
@ -3967,6 +3944,39 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s
create_file_sids(&fsp->fsp_name->st, &file_owner_sid, &file_grp_sid);
if((security_info_sent & SECINFO_DACL) &&
(psd->type & SEC_DESC_DACL_PRESENT) &&
(psd->dacl == NULL)) {
struct security_ace ace[3];
/* We can't have NULL DACL in POSIX.
Use owner/group/Everyone -> full access. */
init_sec_ace(&ace[0],
&file_owner_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
GENERIC_ALL_ACCESS,
0);
init_sec_ace(&ace[1],
&file_grp_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED,
GENERIC_ALL_ACCESS,
0);
init_sec_ace(&ace[2],
&global_sid_World,
SEC_ACE_TYPE_ACCESS_ALLOWED,
GENERIC_ALL_ACCESS,
0);
psd->dacl = make_sec_acl(talloc_tos(),
NT4_ACL_REVISION,
3,
ace);
if (psd->dacl == NULL) {
return NT_STATUS_NO_MEMORY;
}
security_acl_map_generic(psd->dacl, &file_generic_mapping);
}
acl_perms = unpack_canon_ace(fsp, &fsp->fsp_name->st, &file_owner_sid,
&file_grp_sid, &file_ace_list,
&dir_ace_list, security_info_sent, psd);