The Samba-Bugzilla – Attachment 6977 Details for
Bug 8458
IE9 on Windows 7 cannot download files to samba 3.5.11 share
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.5.next
0001-Fix-bug-8458-IE9-on-Windows-7-cannot-download-files-.patch (text/plain), 4.79 KB, created by
Jeremy Allison
on 2011-10-06 22:42:15 UTC
(
hide
)
Description:
git-am fix for 3.5.next
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-10-06 22:42:15 UTC
Size:
4.79 KB
patch
obsolete
>From 6ec99f225e5579a4fbf7faa39856be3898228a9b Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 6 Oct 2011 15:40:59 -0700 >Subject: [PATCH] Fix bug #8458 - IE9 on Windows 7 cannot download files to samba 3.5.11 share > >Handle the SECINFO_LABEL flag in the same way as Win2k3. >--- > librpc/gen_ndr/ndr_security.c | 1 + > librpc/gen_ndr/security.h | 1 + > librpc/idl/security.idl | 1 + > source3/rpc_server/srv_samr_nt.c | 2 +- > source3/smbd/nttrans.c | 25 +++++++++++++++++++++++++ > 5 files changed, 29 insertions(+), 1 deletions(-) > >diff --git a/librpc/gen_ndr/ndr_security.c b/librpc/gen_ndr/ndr_security.c >index ceeba76..b59eb19 100644 >--- a/librpc/gen_ndr/ndr_security.c >+++ b/librpc/gen_ndr/ndr_security.c >@@ -1042,6 +1042,7 @@ _PUBLIC_ void ndr_print_security_secinfo(struct ndr_print *ndr, const char *name > ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_GROUP", SECINFO_GROUP, r); > ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_DACL", SECINFO_DACL, r); > ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_SACL", SECINFO_SACL, r); >+ ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_LABEL", SECINFO_LABEL, r); > ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_UNPROTECTED_SACL", SECINFO_UNPROTECTED_SACL, r); > ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_UNPROTECTED_DACL", SECINFO_UNPROTECTED_DACL, r); > ndr_print_bitmap_flag(ndr, sizeof(uint32_t), "SECINFO_PROTECTED_SACL", SECINFO_PROTECTED_SACL, r); >diff --git a/librpc/gen_ndr/security.h b/librpc/gen_ndr/security.h >index 297ba18..9bf01b9 100644 >--- a/librpc/gen_ndr/security.h >+++ b/librpc/gen_ndr/security.h >@@ -358,6 +358,7 @@ struct security_token { > #define SECINFO_GROUP ( 0x00000002 ) > #define SECINFO_DACL ( 0x00000004 ) > #define SECINFO_SACL ( 0x00000008 ) >+#define SECINFO_LABEL ( 0x00000010 ) > #define SECINFO_UNPROTECTED_SACL ( 0x10000000 ) > #define SECINFO_UNPROTECTED_DACL ( 0x20000000 ) > #define SECINFO_PROTECTED_SACL ( 0x40000000 ) >diff --git a/librpc/idl/security.idl b/librpc/idl/security.idl >index 44a1712..fa8f6ec 100644 >--- a/librpc/idl/security.idl >+++ b/librpc/idl/security.idl >@@ -448,6 +448,7 @@ interface security > SECINFO_GROUP = 0x00000002, > SECINFO_DACL = 0x00000004, > SECINFO_SACL = 0x00000008, >+ SECINFO_LABEL = 0x00000010, > SECINFO_UNPROTECTED_SACL = 0x10000000, > SECINFO_UNPROTECTED_DACL = 0x20000000, > SECINFO_PROTECTED_SACL = 0x40000000, >diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c >index e98e4aa..8553e7d 100644 >--- a/source3/rpc_server/srv_samr_nt.c >+++ b/source3/rpc_server/srv_samr_nt.c >@@ -223,7 +223,7 @@ done: > /* add in any bits saved during the privilege check (only > matters is status is ok) */ > >- *acc_granted |= rights_mask; >+ *acc_granted |= saved_mask; > > DEBUG(4,("%s: access %s (requested: 0x%08x, granted: 0x%08x)\n", > debug, NT_STATUS_IS_OK(status) ? "GRANTED" : "DENIED", >diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c >index f82820c..decb07c 100644 >--- a/source3/smbd/nttrans.c >+++ b/source3/smbd/nttrans.c >@@ -860,6 +860,12 @@ static NTSTATUS set_sd(files_struct *fsp, uint8 *data, uint32 sd_len, > > /* Ensure we have at least one thing set. */ > if ((security_info_sent & (SECINFO_OWNER|SECINFO_GROUP|SECINFO_DACL|SECINFO_SACL)) == 0) { >+ if (security_info_sent & SECINFO_LABEL) { >+ /* Only consider SECINFO_LABEL if no other >+ bits are set. Just like W2K3 we don't >+ store this. */ >+ return NT_STATUS_OK; >+ } > return NT_STATUS_INVALID_PARAMETER; > } > >@@ -1849,8 +1855,18 @@ static void call_nt_transact_query_security_desc(connection_struct *conn, > return; > } > >+ if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER| >+ SECINFO_GROUP|SECINFO_SACL)) { >+ /* Don't return SECINFO_LABEL if anything else was >+ requested. See bug #8458. */ >+ security_info_wanted &= ~SECINFO_LABEL; >+ } >+ > if (!lp_nt_acl_support(SNUM(conn))) { > status = get_null_nt_acl(talloc_tos(), &psd); >+ } else if (security_info_wanted & SECINFO_LABEL) { >+ /* Like W2K3 return a null object. */ >+ status = get_null_nt_acl(talloc_tos(), &psd); > } else { > status = SMB_VFS_FGET_NT_ACL( > fsp, security_info_wanted, &psd); >@@ -1882,6 +1898,15 @@ static void call_nt_transact_query_security_desc(connection_struct *conn, > security_info_wanted & DACL_SECURITY_INFORMATION) > psd->type |= SEC_DESC_DACL_PRESENT; > >+ if (security_info_wanted & SECINFO_LABEL) { >+ /* Like W2K3 return a null object. */ >+ psd->owner_sid = NULL; >+ psd->group_sid = NULL; >+ psd->dacl = NULL; >+ psd->sacl = NULL; >+ psd->type &= ~(SEC_DESC_DACL_PRESENT|SEC_DESC_SACL_PRESENT); >+ } >+ > sd_size = ndr_size_security_descriptor(psd, NULL, 0); > > DEBUG(3,("call_nt_transact_query_security_desc: sd_size = %lu.\n",(unsigned long)sd_size)); >-- >1.7.3.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review-
Actions:
View
Attachments on
bug 8458
:
6891
|
6893
|
6894
|
6895
|
6909
|
6910
|
6911
|
6914
|
6915
|
6919
|
6930
|
6977
|
6980