[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu Feb 2 19:08:02 MST 2012
The branch, master has been updated
via 571ee0b Only ask for specific permissions required when setting an ACL.
via 9fec2c0 Allow a SACL to be sent in cli_set_secdesc().
from fad9727 s3: Test for faulty xattr_tdb listxattr
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 571ee0b1ffcee3b1b0a5793c8bb1146cd69545f5
Author: Jeremy Allison <jra at samba.org>
Date: Thu Feb 2 16:28:39 2012 -0800
Only ask for specific permissions required when setting an ACL.
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Fri Feb 3 03:07:33 CET 2012 on sn-devel-104
commit 9fec2c0ea99b2fe0210765eb657287fce05c631b
Author: Jeremy Allison <jra at samba.org>
Date: Thu Feb 2 16:28:06 2012 -0800
Allow a SACL to be sent in cli_set_secdesc().
-----------------------------------------------------------------------
Summary of changes:
source3/libsmb/clisecdesc.c | 2 ++
source3/utils/smbcacls.c | 15 ++++++++++++---
2 files changed, 14 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/libsmb/clisecdesc.c b/source3/libsmb/clisecdesc.c
index 70596d6..aef3432 100644
--- a/source3/libsmb/clisecdesc.c
+++ b/source3/libsmb/clisecdesc.c
@@ -94,6 +94,8 @@ NTSTATUS cli_set_secdesc(struct cli_state *cli, uint16_t fnum,
if (sd->dacl)
sec_info |= SECINFO_DACL;
+ if (sd->sacl)
+ sec_info |= SECINFO_SACL;
if (sd->owner_sid)
sec_info |= SECINFO_OWNER;
if (sd->group_sid)
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index de68963..714f47b 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -868,12 +868,21 @@ static bool set_secdesc(struct cli_state *cli, const char *filename,
uint16_t fnum = (uint16_t)-1;
bool result=true;
NTSTATUS status;
+ uint32_t desired_access = 0;
- /* The desired access below is the only one I could find that works
- with NT4, W2KP and Samba */
+ /* Make the desired_access more specific. */
+ if (sd->dacl) {
+ desired_access |= WRITE_DAC_ACCESS;
+ }
+ if (sd->sacl) {
+ desired_access |= SEC_FLAG_SYSTEM_SECURITY;
+ }
+ if (sd->owner_sid || sd->group_sid) {
+ desired_access |= WRITE_OWNER_ACCESS;
+ }
status = cli_ntcreate(cli, filename, 0,
- WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS,
+ desired_access,
0, FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN, 0x0, 0x0, &fnum);
if (!NT_STATUS_IS_OK(status)) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list