svn commit: samba r15069 - in
branches/SAMBA_4_0/source/ntvfs/posix: .
metze at samba.org
metze at samba.org
Thu Apr 13 11:34:39 GMT 2006
Author: metze
Date: 2006-04-13 11:34:39 +0000 (Thu, 13 Apr 2006)
New Revision: 15069
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=15069
Log:
- don't crash on a NULL acl
- add the correct access checks for changing sd->group and sd->dacl
metze
Modified:
branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c
Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c 2006-04-13 10:14:07 UTC (rev 15068)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c 2006-04-13 11:34:39 UTC (rev 15069)
@@ -52,6 +52,8 @@
{
unsigned i;
+ if (!acl) return;
+
for (i=0;i<acl->num_aces;i++) {
struct security_ace *ace = &acl->aces[i];
ace->access_mask = pvfs_translate_mask(ace->access_mask);
@@ -236,6 +238,9 @@
}
if ((secinfo_flags & SECINFO_GROUP) &&
!dom_sid_equal(sd->group_sid, new_sd->group_sid)) {
+ if (!(access_mask & SEC_STD_WRITE_OWNER)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
sd->group_sid = new_sd->group_sid;
status = sidmap_sid_to_unixgid(pvfs->sidmap, sd->owner_sid, &gid);
if (!NT_STATUS_IS_OK(status)) {
@@ -243,14 +248,17 @@
}
}
if (secinfo_flags & SECINFO_DACL) {
+ if (!(access_mask & SEC_STD_WRITE_DAC)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
sd->dacl = new_sd->dacl;
pvfs_translate_generic_bits(sd->dacl);
}
if (secinfo_flags & SECINFO_SACL) {
- sd->sacl = new_sd->sacl;
if (!(access_mask & SEC_FLAG_SYSTEM_SECURITY)) {
return NT_STATUS_ACCESS_DENIED;
}
+ sd->sacl = new_sd->sacl;
pvfs_translate_generic_bits(sd->sacl);
}
More information about the samba-cvs
mailing list