[PATCH] smbcacls: no need to fetch the sd when changing ownership
Ralph Böhme
slow at samba.org
Fri Oct 6 14:12:08 UTC 2017
Hi!
Reading the SD may be denied but changing ownership could be allowed. As
we don't really need the server SD for the change ownership request,
don't fetch it.
Please review&push if ok. Thanks!
-slow
-------------- next part --------------
From cd4a9a9a623baec73bccf7a2f3fcf0a6147dccd5 Mon Sep 17 00:00:00 2001
From: Ralph Boehme <slow at samba.org>
Date: Fri, 6 Oct 2017 08:01:46 +0200
Subject: [PATCH] smbcacls: no need to fetch the sd when changing ownership
Reading the SD may be denied but changing ownership could be allowed. As
we don't really need the server SD for the change ownership request,
don't fetch it.
Signed-off-by: Ralph Boehme <slow at samba.org>
---
source3/utils/smbcacls.c | 16 ++++++----------
1 file changed, 6 insertions(+), 10 deletions(-)
diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index c42a1888cff..0a5eeb31d0b 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -397,21 +397,17 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
const char *filename, const char *new_username)
{
struct dom_sid sid;
- struct security_descriptor *sd, *old;
+ struct security_descriptor *sd;
size_t sd_size;
if (!StringToSid(cli, &sid, new_username))
return EXIT_PARSE_ERROR;
- old = get_secdesc(cli, filename);
-
- if (!old) {
- return EXIT_FAILED;
- }
-
- sd = make_sec_desc(talloc_tos(),old->revision, SEC_DESC_SELF_RELATIVE,
- (change_mode == REQUEST_CHOWN) ? &sid : NULL,
- (change_mode == REQUEST_CHGRP) ? &sid : NULL,
+ sd = make_sec_desc(talloc_tos(),
+ SECURITY_DESCRIPTOR_REVISION_1,
+ SEC_DESC_SELF_RELATIVE,
+ (change_mode == REQUEST_CHOWN) ? &sid : NULL,
+ (change_mode == REQUEST_CHGRP) ? &sid : NULL,
NULL, NULL, &sd_size);
if (!set_secdesc(cli, filename, sd)) {
--
2.13.5
More information about the samba-technical
mailing list