s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snum

I need to get at the owner, group, DACL and SACL when testing correct
ACL storage.

Andrew Bartlett

diff --git a/source3/rpc_server/eventlog/srv_eventlog_nt.c b/source3/rpc_server/eventlog/srv_eventlog_nt.c
index 67ab471444fbf0c37dee080111c5e5fcaf05c7ca..a05ea3fcbe7a87938fa936b0369756b01d3a2f57 100644 (file)
--- a/source3/rpc_server/eventlog/srv_eventlog_nt.c
+++ b/source3/rpc_server/eventlog/srv_eventlog_nt.c
@@ -91,7 +91,7 @@ static bool elog_check_access( EVENTLOG_INFO *info, const struct security_token
 
        /* get the security descriptor for the file */
 
-       sec_desc = get_nt_acl_no_snum( info, tdbname );
+       sec_desc = get_nt_acl_no_snum( info, tdbname, SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL);
        TALLOC_FREE( tdbname );
 
        if ( !sec_desc ) {

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 1394266c4aeff2897f8f73ff60fd308e22624aab..c5dea9c141e32efa492b2aed3c583ff6022ff922 100644 (file)
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -4842,7 +4842,7 @@ bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *
  Assume we are dealing with files (for now)
 ********************************************************************/
 
-struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname)
+struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname, uint32 security_info_wanted)
 {
        struct security_descriptor *psd, *ret_sd;
        connection_struct *conn;
@@ -4890,7 +4890,7 @@ struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fna
                return NULL;
        }
 
-       if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, SECINFO_DACL, &psd))) {
+       if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, security_info_wanted, &psd))) {
                DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n"));
                TALLOC_FREE(finfo.fsp_name);
                conn_free(conn);

diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index aa79688106012e3d4772425307485d970db68362..5a384744a7bf567b0d1479c46b264029c2265414 100644 (file)
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -729,7 +729,7 @@ bool set_unix_posix_default_acl(connection_struct *conn, const char *fname,
                                const SMB_STRUCT_STAT *psbuf,
                                uint16 num_def_acls, const char *pdata);
 bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16 num_acls, const char *pdata);
-struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname);
+struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname, uint32 security_info_wanted);
 NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx,
                                        const char *name,
                                        SMB_STRUCT_STAT *psbuf,

diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c
index 6a0811a9b34b21f1a95656b8557a1dd23fbed0f1..74acc01a3ae7cc4249d55fa0570a703151d64dc2 100644 (file)
--- a/source3/smbd/pysmbd.c
+++ b/source3/smbd/pysmbd.c
@@ -372,15 +372,15 @@ static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args)
 static PyObject *py_smbd_get_nt_acl(PyObject *self, PyObject *args)
 {
        char *fname;
-       int security_info_sent;
+       int security_info_wanted;
        PyObject *py_sd;
        struct security_descriptor *sd;
        TALLOC_CTX *tmp_ctx = talloc_new(NULL);
 
-       if (!PyArg_ParseTuple(args, "si", &fname, &security_info_sent))
+       if (!PyArg_ParseTuple(args, "si", &fname, &security_info_wanted))
                return NULL;
        
-       sd = get_nt_acl_no_snum(tmp_ctx, fname);
+       sd = get_nt_acl_no_snum(tmp_ctx, fname, security_info_wanted);
 
        py_sd = py_return_ndr_struct("samba.dcerpc.security", "descriptor", sd, sd);
 

diff --git a/source4/scripting/python/samba/ntacls.py b/source4/scripting/python/samba/ntacls.py
index 6f8e770bba4d2ebdef605a7bc1d3945a91083cbc..ac4aad0725921351d310a628bb2be25f1c7fc775 100644 (file)
--- a/source4/scripting/python/samba/ntacls.py
+++ b/source4/scripting/python/samba/ntacls.py
@@ -79,7 +79,7 @@ def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True):
         elif ntacl.version == 3:
             return ntacl.info.sd
     else:
-        return smbd.get_nt_acl(file)
+        return smbd.get_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL)
 
 
 def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True):