[PATCH] smbcacls: no need to fetch the sd when changing ownership
Jeremy Allison
jra at samba.org
Fri Oct 6 18:02:12 UTC 2017
On Fri, Oct 06, 2017 at 04:12:08PM +0200, Ralph Böhme via samba-technical wrote:
> Hi!
>
> Reading the SD may be denied but changing ownership could be allowed. As
> we don't really need the server SD for the change ownership request,
> don't fetch it.
>
> Please review&push if ok. Thanks!
LGTM. Pushed ! Thanks.
> From cd4a9a9a623baec73bccf7a2f3fcf0a6147dccd5 Mon Sep 17 00:00:00 2001
> From: Ralph Boehme <slow at samba.org>
> Date: Fri, 6 Oct 2017 08:01:46 +0200
> Subject: [PATCH] smbcacls: no need to fetch the sd when changing ownership
>
> Reading the SD may be denied but changing ownership could be allowed. As
> we don't really need the server SD for the change ownership request,
> don't fetch it.
>
> Signed-off-by: Ralph Boehme <slow at samba.org>
> ---
> source3/utils/smbcacls.c | 16 ++++++----------
> 1 file changed, 6 insertions(+), 10 deletions(-)
>
> diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
> index c42a1888cff..0a5eeb31d0b 100644
> --- a/source3/utils/smbcacls.c
> +++ b/source3/utils/smbcacls.c
> @@ -397,21 +397,17 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
> const char *filename, const char *new_username)
> {
> struct dom_sid sid;
> - struct security_descriptor *sd, *old;
> + struct security_descriptor *sd;
> size_t sd_size;
>
> if (!StringToSid(cli, &sid, new_username))
> return EXIT_PARSE_ERROR;
>
> - old = get_secdesc(cli, filename);
> -
> - if (!old) {
> - return EXIT_FAILED;
> - }
> -
> - sd = make_sec_desc(talloc_tos(),old->revision, SEC_DESC_SELF_RELATIVE,
> - (change_mode == REQUEST_CHOWN) ? &sid : NULL,
> - (change_mode == REQUEST_CHGRP) ? &sid : NULL,
> + sd = make_sec_desc(talloc_tos(),
> + SECURITY_DESCRIPTOR_REVISION_1,
> + SEC_DESC_SELF_RELATIVE,
> + (change_mode == REQUEST_CHOWN) ? &sid : NULL,
> + (change_mode == REQUEST_CHGRP) ? &sid : NULL,
> NULL, NULL, &sd_size);
>
> if (!set_secdesc(cli, filename, sd)) {
> --
> 2.13.5
>
More information about the samba-technical
mailing list