svn commit: samba r15057 - in branches/SAMBA_4_0/source/ntvfs/posix: .

Wed Apr 12 16:27:54 GMT 2006

Author: metze
Date: 2006-04-12 16:27:53 +0000 (Wed, 12 Apr 2006)
New Revision: 15057

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15057

Log:
fix access masks for getting and setting security_descriptors

I'll add some torture tests later...

metze
Modified:
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_qfileinfo.c
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c


Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_qfileinfo.c
===================================================================

--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_qfileinfo.c	2006-04-12 16:19:42 UTC (rev 15056)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_qfileinfo.c	2006-04-12 16:27:53 UTC (rev 15057)
@@ -28,11 +28,11 @@
 /*
   determine what access bits are needed for a call
 */
-static uint32_t pvfs_fileinfo_access(enum smb_fileinfo_level level)
+static uint32_t pvfs_fileinfo_access(union smb_fileinfo *info)
 {
 	uint32_t needed;
 
-	switch (level) {
+	switch (info->generic.level) {
 	case RAW_FILEINFO_EA_LIST:
 	case RAW_FILEINFO_ALL_EAS:
 		needed = SEC_FILE_READ_EA;
@@ -43,14 +43,24 @@
 		break;
 
 	case RAW_FILEINFO_SEC_DESC:
-		needed = SEC_STD_READ_CONTROL;
+		needed = 0;
+		if (info->query_secdesc.in.secinfo_flags & (SECINFO_OWNER|SECINFO_GROUP)) {
+			needed |= SEC_STD_READ_CONTROL;
+		}
+		if (info->query_secdesc.in.secinfo_flags & SECINFO_DACL) {
+			needed |= SEC_STD_READ_CONTROL;
+		}
+		if (info->query_secdesc.in.secinfo_flags & SECINFO_SACL) {
+			needed |= SEC_FLAG_SYSTEM_SECURITY;
+		}
 		break;
 
 	default:
 		needed = SEC_FILE_READ_ATTRIBUTE;
 		break;
 	}
-	return needed;	
+
+	return needed;
 }
 
 /*
@@ -304,7 +314,7 @@
 	}
 
 	status = pvfs_access_check_simple(pvfs, req, name, 
-					  pvfs_fileinfo_access(info->generic.level));
+					  pvfs_fileinfo_access(info));
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -332,7 +342,7 @@
 	}
 	h = f->handle;
 
-	access_needed = pvfs_fileinfo_access(info->generic.level);
+	access_needed = pvfs_fileinfo_access(info);
 	if ((f->access_mask & access_needed) != access_needed) {
 		return NT_STATUS_ACCESS_DENIED;
 	}

Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c	2006-04-12 16:19:42 UTC (rev 15056)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c	2006-04-12 16:27:53 UTC (rev 15057)
@@ -53,16 +53,23 @@
 
 	case RAW_SFILEINFO_SEC_DESC:
 		needed = 0;
-		if (info->set_secdesc.in.secinfo_flags & (SECINFO_DACL|SECINFO_SACL)) {
+		if (info->set_secdesc.in.secinfo_flags & (SECINFO_OWNER|SECINFO_GROUP)) {
+			needed |= SEC_STD_WRITE_OWNER;
+		}
+		if (info->set_secdesc.in.secinfo_flags & SECINFO_DACL) {
 			needed |= SEC_STD_WRITE_DAC;
 		}
+		if (info->set_secdesc.in.secinfo_flags & SECINFO_SACL) {
+			needed |= SEC_FLAG_SYSTEM_SECURITY;
+		}
 		break;
 
 	default:
 		needed = SEC_FILE_WRITE_ATTRIBUTE;
 		break;
 	}
-	return needed;	
+
+	return needed;
 }
 
 /*

