git.samba.org / idra / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ff3a020)
Fix profile acls in some corner cases
authorSimo Sorce <ssorce@redhat.com>
Wed, 22 Apr 2009 13:12:58 +0000 (09:12 -0400)
committerSimo Sorce <ssorce@redhat.com>
Wed, 22 Apr 2009 13:59:02 +0000 (09:59 -0400)
Always add back the real original owner of the directory in the ACE List after
we steal its ACE for the Administrators group.

source3/smbd/posix_acls.c patch | blob | history

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 39fb32f654c6f34013d0e7f20681e64919bd024f..bc96838a09aa85d052f6c821459da9d1f44fd1cd 100644 (file)
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3036,19 +3036,22 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
        canon_ace *dir_ace = NULL;
        SEC_ACE *nt_ace_list = NULL;
        size_t num_profile_acls = 0;
+       DOM_SID orig_owner_sid;
        SEC_DESC *psd = NULL;
+       int i;
 
        /*
         * Get the owner, group and world SIDs.
         */
 
+       create_file_sids(sbuf, &owner_sid, &group_sid);
+
        if (lp_profile_acls(SNUM(conn))) {
                /* For WXP SP1 the owner must be administrators. */
+               sid_copy(&orig_owner_sid, &owner_sid);
                sid_copy(&owner_sid, &global_sid_Builtin_Administrators);
                sid_copy(&group_sid, &global_sid_Builtin_Users);
-               num_profile_acls = 2;
-       } else {
-               create_file_sids(sbuf, &owner_sid, &group_sid);
+               num_profile_acls = 3;
        }
 
        if ((security_info & DACL_SECURITY_INFORMATION) && !(security_info & PROTECTED_DACL_SECURITY_INFORMATION)) {
@@ -3210,6 +3213,18 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn,
 
                        num_aces = merge_default_aces(nt_ace_list, num_aces);
 
+                       if (lp_profile_acls(SNUM(conn))) {
+                               for (i = 0; i < num_aces; i++) {
+                                       if (sid_equal(&nt_ace_list[i].trustee, &owner_sid)) {
+                                               add_or_replace_ace(nt_ace_list, &num_aces,
+                                                                  &orig_owner_sid,
+                                                                  nt_ace_list[i].type,
+                                                                  nt_ace_list[i].access_mask,
+                                                                  nt_ace_list[i].flags);
+                                               break;
+                                       }
+                               }
+                       }
                }
 
                if (num_aces) {
Work In Progress