git.samba.org / ira / tdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5679f81)
Fix bug #8458 - IE9 on Windows 7 cannot download files to samba 3.5.11 share
authorJeremy Allison <jra@samba.org>
Fri, 7 Oct 2011 15:56:59 +0000 (08:56 -0700)
committerKarolin Seeger <kseeger@samba.org>
Mon, 24 Oct 2011 17:16:34 +0000 (19:16 +0200)
Handle the SECINFO_LABEL flag in the same way as Win2k3.
(cherry picked from commit 4b26ffd1ea430b2cc612884c8ba194498a64932b)

librpc/gen_ndr/ndr_security.c patch | blob | history
librpc/gen_ndr/security.h patch | blob | history
librpc/idl/security.idl patch | blob | history
source3/smbd/nttrans.c patch | blob | history

diff --git a/librpc/gen_ndr/ndr_security.c b/librpc/gen_ndr/ndr_security.c
index ceeba76eee2da274424fc27603c90040cda93916..b59eb1996c8b6708470eaee33136f9e6212897e1 100644 (file)
--- a/librpc/gen_ndr/ndr_security.c
+++ b/librpc/gen_ndr/ndr_security.c
@@ -1042,6 +1042,7 @@ _PUBLIC_ void ndr_print_security_secinfo(struct ndr_print *ndr, const char *name
        ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_GROUP", SECINFO_GROUP, r);
        ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_DACL", SECINFO_DACL, r);
        ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_SACL", SECINFO_SACL, r);
+       ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_LABEL", SECINFO_LABEL, r);
        ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_UNPROTECTED_SACL", SECINFO_UNPROTECTED_SACL, r);
        ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_UNPROTECTED_DACL", SECINFO_UNPROTECTED_DACL, r);
        ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_PROTECTED_SACL", SECINFO_PROTECTED_SACL, r);
diff --git a/librpc/gen_ndr/security.h b/librpc/gen_ndr/security.h
index 297ba18d7f03c49384214527330974b57c5fb104..9bf01b9e05872f70e0a947b9e611f09dd1250396 100644 (file)
--- a/librpc/gen_ndr/security.h
+++ b/librpc/gen_ndr/security.h
@@ -358,6 +358,7 @@ struct security_token {
 #define SECINFO_GROUP ( 0x00000002 )
 #define SECINFO_DACL ( 0x00000004 )
 #define SECINFO_SACL ( 0x00000008 )
+#define SECINFO_LABEL ( 0x00000010 )
 #define SECINFO_UNPROTECTED_SACL ( 0x10000000 )
 #define SECINFO_UNPROTECTED_DACL ( 0x20000000 )
 #define SECINFO_PROTECTED_SACL ( 0x40000000 )
diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
index 44a1712118097d032a179d36ea1b8794ec9e87a5..fa8f6ec8c9615d9dde2a08950987a0d84884de19 100644 (file)
--- a/librpc/idl/security.idl
+++ b/librpc/idl/security.idl
@@ -448,6 +448,7 @@ interface security
                SECINFO_GROUP                = 0x00000002,
                SECINFO_DACL                 = 0x00000004,
                SECINFO_SACL                 = 0x00000008,
+               SECINFO_LABEL                = 0x00000010,
                SECINFO_UNPROTECTED_SACL     = 0x10000000,
                SECINFO_UNPROTECTED_DACL     = 0x20000000,
                SECINFO_PROTECTED_SACL       = 0x40000000,
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index f82820c71bf53e0f33ef48e280637953fcb693ad..decb07cfb29de3844010d88f1ed8b0ed97381d62 100644 (file)
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -860,6 +860,12 @@ static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len,
 
        /* Ensure we have at least one thing set. */
        if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) {
+               if (security_info_sent & SECINFO_LABEL) {
+                       /* Only consider SECINFO_LABEL if no other
+                          bits are set. Just like W2K3 we don't
+                          store this. */
+                       return NT_STATUS_OK;
+               }
                return NT_STATUS_INVALID_PARAMETER;
        }
 
@@ -1849,8 +1855,18 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
                return;
        }
 
+       if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
+                       SECINFO_GROUP|SECINFO_SACL)) {
+               /* Don't return SECINFO_LABEL if anything else was
+                  requested. See bug #8458. */
+               security_info_wanted &= ~SECINFO_LABEL;
+       }
+
        if (!lp_nt_acl_support(SNUM(conn))) {
                status = get_null_nt_acl(talloc_tos(), &psd);
+       } else if (security_info_wanted & SECINFO_LABEL) {
+               /* Like W2K3 return a null object. */
+               status = get_null_nt_acl(talloc_tos(), &psd);
        } else {
                status = SMB_VFS_FGET_NT_ACL(
                        fsp, security_info_wanted, &psd);
@@ -1882,6 +1898,15 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
            security_info_wanted & DACL_SECURITY_INFORMATION)
                psd->type |= SEC_DESC_DACL_PRESENT;
 
+       if (security_info_wanted & SECINFO_LABEL) {
+               /* Like W2K3 return a null object. */
+               psd->owner_sid = NULL;
+               psd->group_sid = NULL;
+               psd->dacl = NULL;
+               psd->sacl = NULL;
+               psd->type &= ~(SEC_DESC_DACL_PRESENT|SEC_DESC_SACL_PRESENT);
+       }
+
        sd_size = ndr_size_security_descriptor(psd, NULL, 0);
 
        DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size));
TDB1 wip.