mirror of
https://github.com/samba-team/samba.git
synced 2025-01-11 05:18:09 +03:00
Only ask for specific permissions required when setting an ACL.
Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Feb 3 03:07:33 CET 2012 on sn-devel-104
This commit is contained in:
parent
9fec2c0ea9
commit
571ee0b1ff
@ -868,12 +868,21 @@ static bool set_secdesc(struct cli_state *cli, const char *filename,
|
||||
uint16_t fnum = (uint16_t)-1;
|
||||
bool result=true;
|
||||
NTSTATUS status;
|
||||
uint32_t desired_access = 0;
|
||||
|
||||
/* The desired access below is the only one I could find that works
|
||||
with NT4, W2KP and Samba */
|
||||
/* Make the desired_access more specific. */
|
||||
if (sd->dacl) {
|
||||
desired_access |= WRITE_DAC_ACCESS;
|
||||
}
|
||||
if (sd->sacl) {
|
||||
desired_access |= SEC_FLAG_SYSTEM_SECURITY;
|
||||
}
|
||||
if (sd->owner_sid || sd->group_sid) {
|
||||
desired_access |= WRITE_OWNER_ACCESS;
|
||||
}
|
||||
|
||||
status = cli_ntcreate(cli, filename, 0,
|
||||
WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS,
|
||||
desired_access,
|
||||
0, FILE_SHARE_READ|FILE_SHARE_WRITE,
|
||||
FILE_OPEN, 0x0, 0x0, &fnum);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
|
Loading…
Reference in New Issue
Block a user