[Samba] 3.2.4 CreateDirectory panic
Peter Rindfuss
rindfuss at wzb.eu
Mon Oct 20 12:34:23 GMT 2008
On 2008-10-20 13:55, Volker Lendecke wrote:
> On Mon, Oct 20, 2008 at 01:18:11PM +0200, Peter Rindfuss wrote:
>> Hi,
>>
>> I have just set up a new 64bit server as PDC with opensuse 11 and samba
>> 3.2.4. The configuration was taken over from suse 10 with samba 3.0.24.
>>
>> So far, everything on the new server works fine but this:
>>
>> I have a C++ utility program running under win xp which creates users
>> and home directories usind win32 api calls. It worked fine with samba
>> 3.0.24 and before, but causes a samba panic when it executes the
>> CreateDirectory win32 api call for the home directory. A log file
>> snippet is attached.
>>
>> My own testing shows that the panic only happens when CreateDirectory is
>> called with a SECURITY_ATTRIBUTES structure in order to set the correct
>> acls for the new directory:
>>
>> CreateDirectory(HomePath, &security_attributes); -> panic
>>
>> whereas
>> CreateDirectory(HomePath, NULL); -> ok
>>
>> I tried some variants like
>> CreateDirectory ( HomePath, NULL ) ; -> ok
>> SetFileSecurity(Homepath, ..., security_descriptor); -> panic
>>
>> and finally came up with this solution
>> CreateDirectory(HomePath, NULL); -> ok
>> SetNamedSecurityInfo( .... ); -> ok
>>
>> Strange thing is that in all variants I start out with the same
>> SECURITY_DESCRIPTOR structure.
>
> Can you send me that utility or a sniff?
>
> Volker
Hi Volker,
attached is the subroutine that I used for testing.
The part enclosed in #ifdef createdir_alt worked with 3.0.24, but not
with 3.2.4. The #else part works with 3.2.4. Both versions are based
upon the same security descriptor structure.
Peter
-------------- next part --------------
bool SeleneConnection::TestDACL ( void )
{
bool ok ;
int needed ;
int status ;
int i, n ;
char *sddl ;
volatile DWORD error ;
static char path[] = "\\\\selene\\wzbadmin\\samba\\user\\aaa" ;
static char sidnewstring[] = "S-1-5-21-3308023661-3915791984-1724325443-61014" ; // some user
static char groupsidstring[] = "S-1-5-21-3308023661-3915791984-1724325443-513" ; // "Domain Users" (unix group 'users')
// sddlfmt was obtained by means of the utility 'subinacl'
static const char sddlfmt[] =
"O:%sG:%sD:(A;OICI;FA;;;%s)(A;OICI;;;;WD)(A;;;;;%s)(A;OICIIO;FA;;;CO)(A;OICIIO;;;;CG)" ;
PSECURITY_DESCRIPTOR secdes ;
#ifdef createdir_alt
SECURITY_ATTRIBUTES secattr ;
#else
PACL dacl ;
PSID owner, group ;
BOOL present, def ;
#endif
ok = false ;
needed = (sizeof(sddlfmt) - 1) +
((lstrlen(sidnewstring) - 2) +
(lstrlen(groupsidstring) - 2)) * 2 + 1 ;
sddl = new char[needed] ;
wsprintf ( sddl, sddlfmt,
sidnewstring, groupsidstring, sidnewstring, groupsidstring ) ;
ok = ConvertStringSecurityDescriptorToSecurityDescriptor
( sddl, SDDL_REVISION_1, &secdes, NULL ) ;
delete[] sddl ;
if ( ! ok ) goto exit0 ;
#ifdef createdir_alt
// this does work in 3.0.24, but not in 3.2.4
secattr.nLength = sizeof ( SECURITY_ATTRIBUTES ) ;
secattr.lpSecurityDescriptor = secdes ;
secattr.bInheritHandle = false ;
ok = CreateDirectory ( HomePath, &secattr ) ; // --> panic
error = GetLastError () ;
#else
// this does work in 3.2.4
ok = CreateDirectory ( path, NULL ) ;
ok = ok && GetSecurityDescriptorDacl ( secdes, &present, &dacl, &def ) ;
ok = ok && GetSecurityDescriptorOwner ( secdes, &owner, &def ) ;
ok = ok && GetSecurityDescriptorGroup ( secdes, &group, &def ) ;
if ( ok )
{
ok = (SetNamedSecurityInfo ( path, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION, owner, group, dacl, NULL ) == ERROR_SUCCESS) ;
error = GetLastError () ;
}
#endif
LocalFree ( secdes ) ;
if ( ! ok ) goto exit0 ;
ok = true ;
exit0:
return ( ok ) ;
}
More information about the samba
mailing list