From 5172abafb9cdd63e40f1a80c7a50d996c6602cf5 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 29 Nov 2011 16:31:18 -0800 Subject: [PATCH 1/2] Fix bug 8636 - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field. Autobuild-User: Jeremy Allison Autobuild-Date: Wed Nov 30 04:59:07 CET 2011 on sn-devel-104 (cherry picked from commit da992be64f39364fbb8bca26e9421c7a36c49ac6) --- source3/modules/vfs_acl_common.c | 2 ++ source3/smbd/nttrans.c | 2 ++ 2 files changed, 4 insertions(+), 0 deletions(-) diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 4554dc8..75917b7 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -413,9 +413,11 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct *handle, psd->group_sid = NULL; } if (!(security_info & SECINFO_DACL)) { + psd->type &= ~SEC_DESC_DACL_PRESENT; psd->dacl = NULL; } if (!(security_info & SECINFO_SACL)) { + psd->type &= ~SEC_DESC_SACL_PRESENT; psd->sacl = NULL; } diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 81e850c..de508eb 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1901,9 +1901,11 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn, psd->group_sid = NULL; } if (!(security_info_wanted & SECINFO_DACL)) { + psd->type &= ~SEC_DESC_DACL_PRESENT; psd->dacl = NULL; } if (!(security_info_wanted & SECINFO_SACL)) { + psd->type &= ~SEC_DESC_SACL_PRESENT; psd->sacl = NULL; } -- 1.7.7.3 From d60b390cf50d1153f4cfdbfe162cb96e0b2ac74b Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 23 Jan 2012 11:20:52 -0800 Subject: [PATCH 2/2] Second part of fix for 8636 - When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field. Ensure we always ask for the set: OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION when getting an ACL inside the module. --- source3/modules/vfs_acl_common.c | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 75917b7..016bb9f 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -539,7 +539,8 @@ static NTSTATUS get_parent_acl_common(vfs_handle_struct *handle, parent_name, (SECINFO_OWNER | SECINFO_GROUP | - SECINFO_DACL), + SECINFO_DACL | + SECINFO_SACL), pp_parent_desc); if (!NT_STATUS_IS_OK(status)) { @@ -622,7 +623,8 @@ static int open_acl_common(vfs_handle_struct *handle, fname, (SECINFO_OWNER | SECINFO_GROUP | - SECINFO_DACL), + SECINFO_DACL | + SECINFO_SACL), &pdesc); if (NT_STATUS_IS_OK(status)) { /* See if we can access it. */ -- 1.7.7.3