Attachment 6977 Details for Bug 8458 – git-am fix for 3.5.next

[patch] git-am fix for 3.5.next

0001-Fix-bug-8458-IE9-on-Windows-7-cannot-download-files-.patch (text/plain), 4.79 KB, created by Jeremy Allison on 2011-10-06 22:42:15 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeremy Allison

Created: 2011-10-06 22:42:15 UTC

Size: 4.79 KB

patch

obsolete

>From 6ec99f225e5579a4fbf7faa39856be3898228a9b Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Thu, 6 Oct 2011 15:40:59 -0700
>Subject: [PATCH] Fix bug #8458 - IE9 on Windows 7 cannot download files to samba 3.5.11 share
>
>Handle the SECINFO_LABEL flag in the same way as Win2k3.
>---
> librpc/gen_ndr/ndr_security.c    |    1 +
> librpc/gen_ndr/security.h        |    1 +
> librpc/idl/security.idl          |    1 +
> source3/rpc_server/srv_samr_nt.c |    2 +-
> source3/smbd/nttrans.c           |   25 +++++++++++++++++++++++++
> 5 files changed, 29 insertions(+), 1 deletions(-)
>
>diff --git a/librpc/gen_ndr/ndr_security.c b/librpc/gen_ndr/ndr_security.c
>index ceeba76..b59eb19 100644
>--- a/librpc/gen_ndr/ndr_security.c
>+++ b/librpc/gen_ndr/ndr_security.c
>@@ -1042,6 +1042,7 @@ _PUBLIC_ void ndr_print_security_secinfo(struct ndr_print *ndr, const char *name
> 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_GROUP", SECINFO_GROUP, r);
> 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_DACL", SECINFO_DACL, r);
> 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_SACL", SECINFO_SACL, r);
>+	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_LABEL", SECINFO_LABEL, r);
> 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_UNPROTECTED_SACL", SECINFO_UNPROTECTED_SACL, r);
> 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_UNPROTECTED_DACL", SECINFO_UNPROTECTED_DACL, r);
> 	ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_PROTECTED_SACL", SECINFO_PROTECTED_SACL, r);
>diff --git a/librpc/gen_ndr/security.h b/librpc/gen_ndr/security.h
>index 297ba18..9bf01b9 100644
>--- a/librpc/gen_ndr/security.h
>+++ b/librpc/gen_ndr/security.h
>@@ -358,6 +358,7 @@ struct security_token {
> #define SECINFO_GROUP ( 0x00000002 )
> #define SECINFO_DACL ( 0x00000004 )
> #define SECINFO_SACL ( 0x00000008 )
>+#define SECINFO_LABEL ( 0x00000010 )
> #define SECINFO_UNPROTECTED_SACL ( 0x10000000 )
> #define SECINFO_UNPROTECTED_DACL ( 0x20000000 )
> #define SECINFO_PROTECTED_SACL ( 0x40000000 )
>diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl
>index 44a1712..fa8f6ec 100644
>--- a/librpc/idl/security.idl
>+++ b/librpc/idl/security.idl
>@@ -448,6 +448,7 @@ interface security
> 		SECINFO_GROUP                = 0x00000002,
> 		SECINFO_DACL                 = 0x00000004,
> 		SECINFO_SACL                 = 0x00000008,
>+		SECINFO_LABEL                = 0x00000010,
> 		SECINFO_UNPROTECTED_SACL     = 0x10000000,
> 		SECINFO_UNPROTECTED_DACL     = 0x20000000,
> 		SECINFO_PROTECTED_SACL	     = 0x40000000,
>diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
>index e98e4aa..8553e7d 100644
>--- a/source3/rpc_server/srv_samr_nt.c
>+++ b/source3/rpc_server/srv_samr_nt.c
>@@ -223,7 +223,7 @@ done:
> 	/* add in any bits saved during the privilege check (only
> 	   matters is status is ok) */
> 
>-	*acc_granted |= rights_mask;
>+	*acc_granted |= saved_mask;
> 
> 	DEBUG(4,("%s: access %s (requested: 0x%08x, granted: 0x%08x)\n",
> 		debug, NT_STATUS_IS_OK(status) ? "GRANTED" : "DENIED",
>diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
>index f82820c..decb07c 100644
>--- a/source3/smbd/nttrans.c
>+++ b/source3/smbd/nttrans.c
>@@ -860,6 +860,12 @@ static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len,
> 
> 	/* Ensure we have at least one thing set. */
> 	if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) {
>+		if (security_info_sent & SECINFO_LABEL) {
>+			/* Only consider SECINFO_LABEL if no other
>+			   bits are set. Just like W2K3 we don't
>+			   store this. */
>+			return NT_STATUS_OK;
>+		}
> 		return NT_STATUS_INVALID_PARAMETER;
> 	}
> 
>@@ -1849,8 +1855,18 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
> 		return;
> 	}
> 
>+	if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
>+			SECINFO_GROUP|SECINFO_SACL)) {
>+		/* Don't return SECINFO_LABEL if anything else was
>+		   requested. See bug #8458. */
>+		security_info_wanted &= ~SECINFO_LABEL;
>+	}
>+
> 	if (!lp_nt_acl_support(SNUM(conn))) {
> 		status = get_null_nt_acl(talloc_tos(), &psd);
>+	} else if (security_info_wanted & SECINFO_LABEL) {
>+		/* Like W2K3 return a null object. */
>+		status = get_null_nt_acl(talloc_tos(), &psd);
> 	} else {
> 		status = SMB_VFS_FGET_NT_ACL(
> 			fsp, security_info_wanted, &psd);
>@@ -1882,6 +1898,15 @@ static void call_nt_transact_query_security_desc(connection_struct *conn,
> 	    security_info_wanted & DACL_SECURITY_INFORMATION)
> 		psd->type |= SEC_DESC_DACL_PRESENT;
> 
>+	if (security_info_wanted & SECINFO_LABEL) {
>+		/* Like W2K3 return a null object. */
>+		psd->owner_sid = NULL;
>+		psd->group_sid = NULL;
>+		psd->dacl = NULL;
>+		psd->sacl = NULL;
>+		psd->type &= ~(SEC_DESC_DACL_PRESENT|SEC_DESC_SACL_PRESENT);
>+	}
>+
> 	sd_size = ndr_size_security_descriptor(psd, NULL, 0);
> 
> 	DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size));
>-- 
>1.7.3.1
>

Flags:

metze: review-

Actions: View

Attachments on bug 8458: 6891 | 6893 | 6894 | 6895 | 6909 | 6910 | 6911 | 6914 | 6915 | 6919 | 6930 | 6977 | 6980