From 0aed29105e9d8ddcd27a70d7af820da8813ca47b Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Thu, 23 Aug 2012 09:45:07 +1000 Subject: [PATCH] s3-smbd: Add security_info_wanted argument to get_nt_acl_no_snum I need to get at the owner, group, DACL and SACL when testing correct ACL storage. Andrew Bartlett --- source3/rpc_server/eventlog/srv_eventlog_nt.c | 2 +- source3/smbd/posix_acls.c | 4 ++-- source3/smbd/proto.h | 2 +- source3/smbd/pysmbd.c | 6 +++--- source4/scripting/python/samba/ntacls.py | 2 +- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/source3/rpc_server/eventlog/srv_eventlog_nt.c b/source3/rpc_server/eventlog/srv_eventlog_nt.c index 67ab471444f..a05ea3fcbe7 100644 --- a/source3/rpc_server/eventlog/srv_eventlog_nt.c +++ b/source3/rpc_server/eventlog/srv_eventlog_nt.c @@ -91,7 +91,7 @@ static bool elog_check_access( EVENTLOG_INFO *info, const struct security_token /* get the security descriptor for the file */ - sec_desc = get_nt_acl_no_snum( info, tdbname ); + sec_desc = get_nt_acl_no_snum( info, tdbname, SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL); TALLOC_FREE( tdbname ); if ( !sec_desc ) { diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 1394266c4ae..c5dea9c141e 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -4842,7 +4842,7 @@ bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char * Assume we are dealing with files (for now) ********************************************************************/ -struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname) +struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname, uint32 security_info_wanted) { struct security_descriptor *psd, *ret_sd; connection_struct *conn; @@ -4890,7 +4890,7 @@ struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fna return NULL; } - if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, SECINFO_DACL, &psd))) { + if (!NT_STATUS_IS_OK(SMB_VFS_FGET_NT_ACL( &finfo, security_info_wanted, &psd))) { DEBUG(0,("get_nt_acl_no_snum: get_nt_acl returned zero.\n")); TALLOC_FREE(finfo.fsp_name); conn_free(conn); diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index aa796881060..5a384744a7b 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -729,7 +729,7 @@ bool set_unix_posix_default_acl(connection_struct *conn, const char *fname, const SMB_STRUCT_STAT *psbuf, uint16 num_def_acls, const char *pdata); bool set_unix_posix_acl(connection_struct *conn, files_struct *fsp, const char *fname, uint16 num_acls, const char *pdata); -struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname); +struct security_descriptor *get_nt_acl_no_snum( TALLOC_CTX *ctx, const char *fname, uint32 security_info_wanted); NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx, const char *name, SMB_STRUCT_STAT *psbuf, diff --git a/source3/smbd/pysmbd.c b/source3/smbd/pysmbd.c index 6a0811a9b34..74acc01a3ae 100644 --- a/source3/smbd/pysmbd.c +++ b/source3/smbd/pysmbd.c @@ -372,15 +372,15 @@ static PyObject *py_smbd_set_nt_acl(PyObject *self, PyObject *args) static PyObject *py_smbd_get_nt_acl(PyObject *self, PyObject *args) { char *fname; - int security_info_sent; + int security_info_wanted; PyObject *py_sd; struct security_descriptor *sd; TALLOC_CTX *tmp_ctx = talloc_new(NULL); - if (!PyArg_ParseTuple(args, "si", &fname, &security_info_sent)) + if (!PyArg_ParseTuple(args, "si", &fname, &security_info_wanted)) return NULL; - sd = get_nt_acl_no_snum(tmp_ctx, fname); + sd = get_nt_acl_no_snum(tmp_ctx, fname, security_info_wanted); py_sd = py_return_ndr_struct("samba.dcerpc.security", "descriptor", sd, sd); diff --git a/source4/scripting/python/samba/ntacls.py b/source4/scripting/python/samba/ntacls.py index 6f8e770bba4..ac4aad07259 100644 --- a/source4/scripting/python/samba/ntacls.py +++ b/source4/scripting/python/samba/ntacls.py @@ -79,7 +79,7 @@ def getntacl(lp, file, backend=None, eadbfile=None, direct_db_access=True): elif ntacl.version == 3: return ntacl.info.sd else: - return smbd.get_nt_acl(file) + return smbd.get_nt_acl(file, security.SECINFO_OWNER | security.SECINFO_GROUP | security.SECINFO_DACL | security.SECINFO_SACL) def setntacl(lp, file, sddl, domsid, backend=None, eadbfile=None, use_ntvfs=True): -- 2.34.1