[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Thu Feb 2 19:08:02 MST 2012 

The branch, master has been updated
       via  571ee0b Only ask for specific permissions required when setting an ACL.
       via  9fec2c0 Allow a SACL to be sent in cli_set_secdesc().
      from  fad9727 s3: Test for faulty xattr_tdb listxattr

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 571ee0b1ffcee3b1b0a5793c8bb1146cd69545f5
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Feb 2 16:28:39 2012 -0800

    Only ask for specific permissions required when setting an ACL.
    
    Autobuild-User: Jeremy Allison <jra at samba.org>
    Autobuild-Date: Fri Feb  3 03:07:33 CET 2012 on sn-devel-104

commit 9fec2c0ea99b2fe0210765eb657287fce05c631b
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Feb 2 16:28:06 2012 -0800

    Allow a SACL to be sent in cli_set_secdesc().

-----------------------------------------------------------------------

Summary of changes:
 source3/libsmb/clisecdesc.c |    2 ++
 source3/utils/smbcacls.c    |   15 ++++++++++++---
 2 files changed, 14 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c
index 70596d6..aef3432 100644
--- a/source3/libsmb/clisecdesc.c
+++ b/source3/libsmb/clisecdesc.c
@@ -94,6 +94,8 @@ NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
 
 	if (sd->dacl)
 		sec_info |= SECINFO_DACL;
+	if (sd->sacl)
+		sec_info |= SECINFO_SACL;
 	if (sd->owner_sid)
 		sec_info |= SECINFO_OWNER;
 	if (sd->group_sid)
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index de68963..714f47b 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -868,12 +868,21 @@ static bool set_secdesc(struct cli_state *cli, const char *filename,
 	uint16_t fnum = (uint16_t)-1;
         bool result=true;
 	NTSTATUS status;
+	uint32_t desired_access = 0;
 
-	/* The desired access below is the only one I could find that works
-	   with NT4, W2KP and Samba */
+	/* Make the desired_access more specific. */
+	if (sd->dacl) {
+		desired_access |= WRITE_DAC_ACCESS;
+	}
+	if (sd->sacl) {
+		desired_access |= SEC_FLAG_SYSTEM_SECURITY;
+	}
+	if (sd->owner_sid || sd->group_sid) {
+		desired_access |= WRITE_OWNER_ACCESS;
+	}
 
 	status = cli_ntcreate(cli, filename, 0,
-			      WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS,
+			      desired_access,
 			      0, FILE_SHARE_READ|FILE_SHARE_WRITE,
 			      FILE_OPEN, 0x0, 0x0, &fnum);
 	if (!NT_STATUS_IS_OK(status)) {


-- 
Samba Shared Repository

More information about the samba-cvs mailing list