From e83b9249fefe17803407461bac3370c13ab637d8 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 7 Oct 2010 14:26:13 -0700 Subject: [PATCH] Fix bug 7716 - acl_xattr and acl_tdb modules don't store unmodified copies of security descriptors. As pointed out by an OEM, the code within smbd/posix_acl.c, even though passed a const pointer to a security descriptor, still modifies the ACE entries within it (which are not const pointers). This means ACLs stored in the extended attribute by the acl_xattr module have already been modified by the POSIX acl layer, and are not the original intent of storing the "unmodified" ACL from the client. Use dup_sec_desc to make a copy of the incoming ACL on talloc_tos() - that is what is then modified inside smbd/posix_acl.c, leaving the original ACL to be correctly stored in the xattr. Jeremy. --- source3/smbd/posix_acls.c | 12 +++++++++++- 1 files changed, 11 insertions(+), 1 deletions(-) diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index eac20d2..0e25ed5 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3822,7 +3822,7 @@ NTSTATUS append_parent_acl(files_struct *fsp, This should be the only external function needed for the UNIX style set ACL. ****************************************************************************/ -NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd) +NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC *psd_orig) { connection_struct *conn = fsp->conn; uid_t user = (uid_t)-1; @@ -3837,6 +3837,7 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC bool set_acl_as_root = false; bool acl_set_support = false; bool ret = false; + SEC_DESC *psd = NULL; DEBUG(10,("set_nt_acl: called for file %s\n", fsp_str_dbg(fsp))); @@ -3846,6 +3847,15 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC return NT_STATUS_MEDIA_WRITE_PROTECTED; } + if (!psd_orig) { + return NT_STATUS_INVALID_PARAMETER; + } + + psd = dup_sec_desc(talloc_tos(), psd_orig); + if (!psd) { + return NT_STATUS_NO_MEMORY; + } + /* * Get the current state of the file. */ -- 1.7.0.4