diff options
| author | Jeremy Allison <jra@samba.org> | 2012-08-29 13:40:29 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2012-08-30 10:08:50 -0700 |
| commit | 3d34406c7bd70576b1705e98b4b3901ac75537c9 (patch) | |
| tree | 428824f17ad9e29f45390abd69b5152d25f234c2 | |
| parent | 795920cf4a25ab4ea061d5620b19ba27884921dd (diff) | |
| download | samba-3d34406c7bd70576b1705e98b4b3901ac75537c9.tar.gz samba-3d34406c7bd70576b1705e98b4b3901ac75537c9.tar.xz samba-3d34406c7bd70576b1705e98b4b3901ac75537c9.zip | |
Windows does canonicalization of inheritance bits. Do the same.
We need to filter out the
SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ
bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED
as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set
when an ACE is inherited. Otherwise we zero these bits out.
See:
http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531
for details.
| -rw-r--r-- | source3/smbd/nttrans.c | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 1e28482fc9..997f72161a 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -830,6 +830,39 @@ static void do_nt_transact_create_pipe(connection_struct *conn, return; } +/********************************************************************* + Windows seems to do canonicalization of inheritance bits. Do the + same. +*********************************************************************/ + +static void canonicalize_inheritance_bits(struct security_descriptor *psd) +{ + bool set_auto_inherited = false; + + /* + * We need to filter out the + * SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ + * bits. If both are set we store SEC_DESC_DACL_AUTO_INHERITED + * as this alters whether SEC_ACE_FLAG_INHERITED_ACE is set + * when an ACE is inherited. Otherwise we zero these bits out. + * See: + * + * http://social.msdn.microsoft.com/Forums/eu/os_fileservices/thread/11f77b68-731e-407d-b1b3-064750716531 + * + * for details. + */ + + if ((psd->type & (SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ)) + == (SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ)) { + set_auto_inherited = true; + } + + psd->type &= ~(SEC_DESC_DACL_AUTO_INHERITED|SEC_DESC_DACL_AUTO_INHERIT_REQ); + if (set_auto_inherited) { + psd->type |= SEC_DESC_DACL_AUTO_INHERITED; + } +} + /**************************************************************************** Internal fn to set security descriptors. ****************************************************************************/ @@ -898,6 +931,8 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd, } } + canonicalize_inheritance_bits(psd); + if (DEBUGLEVEL >= 10) { DEBUG(10,("set_sd for file %s\n", fsp_str_dbg(fsp))); NDR_PRINT_DEBUG(security_descriptor, psd); |