Fix to allow setting of NULL DACL/SACL

This is a modification of Jeremy's 7522ef15aca2429ef57c75d8297dd8121e79c9da
commit.

If no DACL/SACL is present in the packet, the SEC_INFO field should still be
passed down as is to the VFS layer to signal the creation of a NULL DACL/SACL.

As seen in metze RAW-ACL test_nttrans_create_null_dacl(), a NULL DACL is set
regardless of the SEC_DESC_DACL_PRESENT bit being set.

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 52c16e2ac6d4504aefa978beb02de80a4b34f6e7..8a18c87903728961ff3c5bd0119e3979ef9d4e5c 100644 (file)
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -721,21 +721,12 @@ static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len,
                return status;
        }
 
-       if (psd->owner_sid==0) {
+       if (psd->owner_sid == NULL) {
                security_info_sent &= ~OWNER_SECURITY_INFORMATION;
        }
-       if (psd->group_sid==0) {
+       if (psd->group_sid == NULL) {
                security_info_sent &= ~GROUP_SECURITY_INFORMATION;
        }
-       if (psd->sacl==0) {
-               security_info_sent &= ~SACL_SECURITY_INFORMATION;
-       }
-       if (security_info_sent & DACL_SECURITY_INFORMATION) {
-               psd->type |= SEC_DESC_DACL_PRESENT;
-       }
-       if (psd->dacl==0) {
-               security_info_sent &= ~DACL_SECURITY_INFORMATION;
-       }
 
        /* Convert all the generic bits. */
        security_acl_map_generic(psd->dacl, &file_generic_mapping);