mirror of
https://github.com/samba-team/samba.git
synced 2024-12-23 17:34:34 +03:00
Fix handling of "NULL" DACL. Map to u/g/w - rwx.
Jeremy.
This commit is contained in:
parent
e031f8ae6a
commit
1904c44ec8
@ -3870,29 +3870,6 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
|
||||
if((security_info_sent & SECINFO_DACL) &&
|
||||
(psd->type & SEC_DESC_DACL_PRESENT) &&
|
||||
(psd->dacl == NULL)) {
|
||||
struct security_ace ace;
|
||||
|
||||
/* We can't have NULL DACL in POSIX.
|
||||
Use Everyone -> full access. */
|
||||
|
||||
init_sec_ace(&ace,
|
||||
&global_sid_World,
|
||||
SEC_ACE_TYPE_ACCESS_ALLOWED,
|
||||
GENERIC_ALL_ACCESS,
|
||||
0);
|
||||
psd->dacl = make_sec_acl(talloc_tos(),
|
||||
NT4_ACL_REVISION,
|
||||
1,
|
||||
&ace);
|
||||
if (psd->dacl == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
security_acl_map_generic(psd->dacl, &file_generic_mapping);
|
||||
}
|
||||
|
||||
/*
|
||||
* Get the current state of the file.
|
||||
*/
|
||||
@ -3967,6 +3944,39 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const struct s
|
||||
|
||||
create_file_sids(&fsp->fsp_name->st, &file_owner_sid, &file_grp_sid);
|
||||
|
||||
if((security_info_sent & SECINFO_DACL) &&
|
||||
(psd->type & SEC_DESC_DACL_PRESENT) &&
|
||||
(psd->dacl == NULL)) {
|
||||
struct security_ace ace[3];
|
||||
|
||||
/* We can't have NULL DACL in POSIX.
|
||||
Use owner/group/Everyone -> full access. */
|
||||
|
||||
init_sec_ace(&ace[0],
|
||||
&file_owner_sid,
|
||||
SEC_ACE_TYPE_ACCESS_ALLOWED,
|
||||
GENERIC_ALL_ACCESS,
|
||||
0);
|
||||
init_sec_ace(&ace[1],
|
||||
&file_grp_sid,
|
||||
SEC_ACE_TYPE_ACCESS_ALLOWED,
|
||||
GENERIC_ALL_ACCESS,
|
||||
0);
|
||||
init_sec_ace(&ace[2],
|
||||
&global_sid_World,
|
||||
SEC_ACE_TYPE_ACCESS_ALLOWED,
|
||||
GENERIC_ALL_ACCESS,
|
||||
0);
|
||||
psd->dacl = make_sec_acl(talloc_tos(),
|
||||
NT4_ACL_REVISION,
|
||||
3,
|
||||
ace);
|
||||
if (psd->dacl == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
}
|
||||
security_acl_map_generic(psd->dacl, &file_generic_mapping);
|
||||
}
|
||||
|
||||
acl_perms = unpack_canon_ace(fsp, &fsp->fsp_name->st, &file_owner_sid,
|
||||
&file_grp_sid, &file_ace_list,
|
||||
&dir_ace_list, security_info_sent, psd);
|
||||
|
Loading…
Reference in New Issue
Block a user