2025-01-22 22:04:08 +03:00 · 2010-04-26 17:38:56 +02:00 · 2010-04-26 17:38:56 +02:00 · 6683b0d4b6
commit 6683b0d4b6
parent efb1aea909
4 changed files with 46 additions and 4 deletions
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@ -693,7 +693,8 @@ ssize_t drain_socket(int sockfd, size_t count);
 /* The following definitions come from lib/secdesc.c  */

 uint32_t get_sec_info(const SEC_DESC *sd);
-SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb);
+SEC_DESC *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC *new_sdb, SEC_DESC *old_sdb);
+SEC_DESC_BUF *sec_desc_merge_buf(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb);
 SEC_DESC *make_sec_desc(TALLOC_CTX *ctx,
 			enum security_descriptor_revision revision,
 			uint16 type,
--- a/source3/lib/secdesc.c
+++ b/source3/lib/secdesc.c
@ -63,7 +63,7 @@ uint32_t get_sec_info(const SEC_DESC *sd)
 security descriptor new_sec.
 ********************************************************************/

-SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb)
+SEC_DESC_BUF *sec_desc_merge_buf(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BUF *old_sdb)
 {
 	DOM_SID *owner_sid, *group_sid;
 	SEC_DESC_BUF *return_sdb;
@ -108,6 +108,47 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU
 	return(return_sdb);
 }

+SEC_DESC *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC *new_sdb, SEC_DESC *old_sdb)
+{
+	DOM_SID *owner_sid, *group_sid;
+	SEC_ACL *dacl, *sacl;
+	SEC_DESC *psd = NULL;
+	uint16 secdesc_type;
+	size_t secdesc_size;
+
+	/* Copy over owner and group sids.  There seems to be no flag for
+	   this so just check the pointer values. */
+
+	owner_sid = new_sdb->owner_sid ? new_sdb->owner_sid :
+		old_sdb->owner_sid;
+
+	group_sid = new_sdb->group_sid ? new_sdb->group_sid :
+		old_sdb->group_sid;
+
+	secdesc_type = new_sdb->type;
+
+	/* Ignore changes to the system ACL.  This has the effect of making
+	   changes through the security tab audit button not sticking.
+	   Perhaps in future Samba could implement these settings somehow. */
+
+	sacl = NULL;
+	secdesc_type &= ~SEC_DESC_SACL_PRESENT;
+
+	/* Copy across discretionary ACL */
+
+	if (secdesc_type & SEC_DESC_DACL_PRESENT) {
+		dacl = new_sdb->dacl;
+	} else {
+		dacl = old_sdb->dacl;
+	}
+
+	/* Create new security descriptor from bits */
+	psd = make_sec_desc(ctx, new_sdb->revision, secdesc_type,
+			    owner_sid, group_sid, sacl, dacl, &secdesc_size);
+
+	return psd;
+}
+
 /*******************************************************************
 Creates a SEC_DESC structure
 ********************************************************************/
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@ -402,7 +402,7 @@ static int sec_desc_upg_fn( TDB_CONTEXT *the_tdb, TDB_DATA key,
 		return 0;
 	}

-	if ( !(sd_store = sec_desc_merge( ctx, sd_new, sd_orig )) ) {
+	if ( !(sd_store = sec_desc_merge_buf( ctx, sd_new, sd_orig )) ) {
 		DEBUG(0,("sec_desc_upg_fn: Failed to update sec_desc for %s\n", key.dptr ));
 		return 0;
 	}
--- a/source3/rpc_server/srv_spoolss_nt.c
+++ b/source3/rpc_server/srv_spoolss_nt.c
@ -5465,7 +5465,7 @@ static WERROR update_printer_sec(struct policy_handle *handle,
 		}
 	}

-	new_secdesc_ctr = sec_desc_merge(p->mem_ctx, secdesc_ctr, old_secdesc_ctr);
+	new_secdesc_ctr = sec_desc_merge_buf(p->mem_ctx, secdesc_ctr, old_secdesc_ctr);
 	if (!new_secdesc_ctr) {
 		result = WERR_NOMEM;
 		goto done;