mirror of
https://github.com/samba-team/samba.git
synced 2025-03-20 22:50:26 +03:00
Ensure that dup_sec_desc copies the 'type' field correctly. This caused
me to expose a type arguement to make_sec_desc(). We weren't copying the SE_DESC_DACL_AUTO_INHERITED flag which could cause errors on auto inherited checks. Jeremy. (This used to be commit 546b2271c08735ac1049a453abac996d794aa364)
This commit is contained in:
Jeremy Allison
parent
389bf06cde
commit
8139c5fcfa
@ -435,7 +435,7 @@ SEC_DESC_BUF *se_create_child_secdesc(TALLOC_CTX *ctx, SEC_DESC *parent_ctr,
|
||||
correct. Perhaps the user and group should be passed in as
|
||||
parameters by the caller? */
|
||||
|
||||
sd = make_sec_desc(ctx, SEC_DESC_REVISION,
|
||||
sd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
|
||||
parent_ctr->owner_sid,
|
||||
parent_ctr->grp_sid,
|
||||
parent_ctr->sacl,
|
||||
@ -479,7 +479,7 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
|
||||
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
|
||||
if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
|
||||
@ -4572,7 +4572,7 @@ WERROR nt_printing_setsec(const char *printername, SEC_DESC_BUF *secdesc_ctr)
|
||||
|
||||
/* Make a deep copy of the security descriptor */
|
||||
|
||||
psd = make_sec_desc(mem_ctx, secdesc_ctr->sec->revision,
|
||||
psd = make_sec_desc(mem_ctx, secdesc_ctr->sec->revision, secdesc_ctr->sec->type,
|
||||
owner_sid, group_sid,
|
||||
sacl,
|
||||
dacl,
|
||||
@ -4665,7 +4665,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
|
||||
NT5 machine. */
|
||||
|
||||
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) != NULL) {
|
||||
psd = make_sec_desc(ctx, SEC_DESC_REVISION,
|
||||
psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
|
||||
&owner_sid, NULL,
|
||||
NULL, psa, &sd_size);
|
||||
}
|
||||
@ -4741,7 +4741,7 @@ BOOL nt_printing_getsec(TALLOC_CTX *ctx, const char *printername, SEC_DESC_BUF *
|
||||
|
||||
sid_append_rid(&owner_sid, DOMAIN_USER_RID_ADMIN);
|
||||
|
||||
psd = make_sec_desc(ctx, (*secdesc_ctr)->sec->revision,
|
||||
psd = make_sec_desc(ctx, (*secdesc_ctr)->sec->revision, (*secdesc_ctr)->sec->type,
|
||||
&owner_sid,
|
||||
(*secdesc_ctr)->sec->grp_sid,
|
||||
(*secdesc_ctr)->sec->sacl,
|
||||
|
||||
@ -276,7 +276,7 @@ BOOL py_to_SECDESC(SEC_DESC **sd, PyObject *dict, TALLOC_CTX *mem_ctx)
|
||||
{
|
||||
size_t sd_size;
|
||||
|
||||
*sd = make_sec_desc(mem_ctx, revision,
|
||||
*sd = make_sec_desc(mem_ctx, revision, SEC_DESC_SELF_RELATIVE,
|
||||
got_owner_sid ? &owner_sid : NULL,
|
||||
got_group_sid ? &group_sid : NULL,
|
||||
got_sacl ? &sacl : NULL,
|
||||
|
||||
@ -561,7 +561,7 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU
|
||||
|
||||
/* Create new security descriptor from bits */
|
||||
|
||||
psd = make_sec_desc(ctx, new_sdb->sec->revision,
|
||||
psd = make_sec_desc(ctx, new_sdb->sec->revision, secdesc_type,
|
||||
owner_sid, group_sid, sacl, dacl, &secdesc_size);
|
||||
|
||||
return_sdb = make_sec_desc_buf(ctx, secdesc_size, psd);
|
||||
@ -573,7 +573,7 @@ SEC_DESC_BUF *sec_desc_merge(TALLOC_CTX *ctx, SEC_DESC_BUF *new_sdb, SEC_DESC_BU
|
||||
Creates a SEC_DESC structure
|
||||
********************************************************************/
|
||||
|
||||
SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision,
|
||||
SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision, uint16 type,
|
||||
DOM_SID *owner_sid, DOM_SID *grp_sid,
|
||||
SEC_ACL *sacl, SEC_ACL *dacl, size_t *sd_size)
|
||||
{
|
||||
@ -586,10 +586,12 @@ SEC_DESC *make_sec_desc(TALLOC_CTX *ctx, uint16 revision,
|
||||
return NULL;
|
||||
|
||||
dst->revision = revision;
|
||||
dst->type = SEC_DESC_SELF_RELATIVE;
|
||||
dst->type = type;
|
||||
|
||||
if (sacl) dst->type |= SEC_DESC_SACL_PRESENT;
|
||||
if (dacl) dst->type |= SEC_DESC_DACL_PRESENT;
|
||||
if (sacl)
|
||||
dst->type |= SEC_DESC_SACL_PRESENT;
|
||||
if (dacl)
|
||||
dst->type |= SEC_DESC_DACL_PRESENT;
|
||||
|
||||
dst->off_owner_sid = 0;
|
||||
dst->off_grp_sid = 0;
|
||||
@ -654,7 +656,7 @@ SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src)
|
||||
if(src == NULL)
|
||||
return NULL;
|
||||
|
||||
return make_sec_desc( ctx, src->revision,
|
||||
return make_sec_desc( ctx, src->revision, src->type,
|
||||
src->owner_sid, src->grp_sid, src->sacl,
|
||||
src->dacl, &dummy);
|
||||
}
|
||||
@ -666,7 +668,7 @@ SEC_DESC *dup_sec_desc( TALLOC_CTX *ctx, SEC_DESC *src)
|
||||
SEC_DESC *make_standard_sec_desc(TALLOC_CTX *ctx, DOM_SID *owner_sid, DOM_SID *grp_sid,
|
||||
SEC_ACL *dacl, size_t *sd_size)
|
||||
{
|
||||
return make_sec_desc(ctx, SEC_DESC_REVISION,
|
||||
return make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE,
|
||||
owner_sid, grp_sid, NULL, dacl, sd_size);
|
||||
}
|
||||
|
||||
@ -924,7 +926,7 @@ NTSTATUS sec_desc_add_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, uint32
|
||||
if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->owner_sid,
|
||||
if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid,
|
||||
psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size)))
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
@ -976,7 +978,7 @@ NTSTATUS sec_desc_del_sid(TALLOC_CTX *ctx, SEC_DESC **psd, DOM_SID *sid, size_t
|
||||
if (!(dacl = make_sec_acl(ctx, psd[0]->dacl->revision, psd[0]->dacl->num_aces, ace)))
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->owner_sid,
|
||||
if (!(sd = make_sec_desc(ctx, psd[0]->revision, psd[0]->type, psd[0]->owner_sid,
|
||||
psd[0]->grp_sid, psd[0]->sacl, dacl, sd_size)))
|
||||
return NT_STATUS_UNSUCCESSFUL;
|
||||
|
||||
|
||||
@ -334,7 +334,7 @@ static NTSTATUS lsa_get_generic_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s
|
||||
if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
if((*sd = make_sec_desc(mem_ctx, SEC_DESC_REVISION, &adm_sid, NULL, NULL, psa, sd_size)) == NULL)
|
||||
if((*sd = make_sec_desc(mem_ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, &adm_sid, NULL, NULL, psa, sd_size)) == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
|
||||
@ -467,7 +467,7 @@ static NTSTATUS samr_make_dom_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
|
||||
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
|
||||
if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
@ -510,7 +510,7 @@ static NTSTATUS samr_make_usr_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
|
||||
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 4, ace)) == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
|
||||
if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
@ -549,7 +549,7 @@ static NTSTATUS samr_make_grp_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
|
||||
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
|
||||
if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
@ -588,7 +588,7 @@ static NTSTATUS samr_make_ali_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
|
||||
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, sd_size)) == NULL)
|
||||
if ((*psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, sd_size)) == NULL)
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
||||
return NT_STATUS_OK;
|
||||
|
||||
@ -184,7 +184,7 @@ static SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, int snum, size_t *
|
||||
init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0);
|
||||
|
||||
if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) {
|
||||
psd = make_sec_desc(ctx, SEC_DESC_REVISION, NULL, NULL, NULL, psa, psize);
|
||||
psd = make_sec_desc(ctx, SEC_DESC_REVISION, SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL, psa, psize);
|
||||
}
|
||||
|
||||
if (!psd) {
|
||||
|
||||
@ -389,7 +389,7 @@ static SEC_DESC *sec_desc_parse(char *str)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ret = make_sec_desc(ctx,revision, owner_sid, grp_sid,
|
||||
ret = make_sec_desc(ctx,revision, SEC_DESC_SELF_RELATIVE, owner_sid, grp_sid,
|
||||
NULL, dacl, &sd_size);
|
||||
|
||||
SAFE_FREE(grp_sid);
|
||||
@ -504,7 +504,7 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
|
||||
return EXIT_FAILED;
|
||||
}
|
||||
|
||||
sd = make_sec_desc(ctx,old->revision,
|
||||
sd = make_sec_desc(ctx,old->revision, old->type,
|
||||
(change_mode == REQUEST_CHOWN) ? &sid : NULL,
|
||||
(change_mode == REQUEST_CHGRP) ? &sid : NULL,
|
||||
NULL, NULL, &sd_size);
|
||||
@ -679,7 +679,7 @@ static int cacl_set(struct cli_state *cli, char *filename,
|
||||
sort_acl(old->dacl);
|
||||
|
||||
/* Create new security descriptor and set it */
|
||||
sd = make_sec_desc(ctx,old->revision, NULL, NULL,
|
||||
sd = make_sec_desc(ctx,old->revision, old->type, NULL, NULL,
|
||||
NULL, old->dacl, &sd_size);
|
||||
|
||||
fnum = cli_nt_create(cli, filename, WRITE_DAC_ACCESS);
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user