The Samba-Bugzilla – Attachment 8800 Details for
Bug 9821
Inheritance of Object ACEs is broken in Master, 4.0, 3.6 and 3.5
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
A possible fix for this problem
fix-obj-ace-inherit-3.5.x.patch (text/plain), 18.89 KB, created by
Richard Sharpe
on 2013-04-21 16:00:33 UTC
(
hide
)
Description:
A possible fix for this problem
Filename:
MIME Type:
Creator:
Richard Sharpe
Created:
2013-04-21 16:00:33 UTC
Size:
18.89 KB
patch
obsolete
>diff --git a/libcli/security/secace.c b/libcli/security/secace.c >index 7d87b1c..6329d68 100644 >--- a/libcli/security/secace.c >+++ b/libcli/security/secace.c >@@ -58,7 +58,8 @@ void sec_ace_copy(struct security_ace *ace_dest, struct security_ace *ace_src) > ********************************************************************/ > > void init_sec_ace(struct security_ace *t, const struct dom_sid *sid, enum security_ace_type type, >- uint32_t mask, uint8_t flag) >+ uint32_t mask, uint8_t flag, >+ const union security_ace_object_ctr *obj_ctr) > { > t->type = type; > t->flags = flag; >@@ -66,6 +67,11 @@ void init_sec_ace(struct security_ace *t, const struct dom_sid *sid, enum securi > t->access_mask = mask; > > t->trustee = *sid; >+ >+ if ((type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT || >+ type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT) && obj_ctr) { >+ t->object = *obj_ctr; >+ } > } > > /******************************************************************* >diff --git a/libcli/security/secace.h b/libcli/security/secace.h >index 8b6625d..7827f48 100644 >--- a/libcli/security/secace.h >+++ b/libcli/security/secace.h >@@ -26,7 +26,8 @@ > bool sec_ace_object(uint8_t type); > void sec_ace_copy(struct security_ace *ace_dest, struct security_ace *ace_src); > void init_sec_ace(struct security_ace *t, const struct dom_sid *sid, enum security_ace_type type, >- uint32_t mask, uint8_t flag); >+ uint32_t mask, uint8_t flag, >+ const union security_ace_object_ctr *obj_ctr); > NTSTATUS sec_ace_add_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, unsigned *num, struct dom_sid *sid, uint32_t mask); > NTSTATUS sec_ace_mod_sid(struct security_ace *ace, size_t num, struct dom_sid *sid, uint32_t mask); > NTSTATUS sec_ace_del_sid(TALLOC_CTX *ctx, struct security_ace **pp_new, struct security_ace *old, uint32_t *num, struct dom_sid *sid); >diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c >index d45be00..50800df 100644 >--- a/source3/lib/secdesc.c >+++ b/source3/lib/secdesc.c >@@ -571,7 +571,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, > > /* First add the regular ACE entry. */ > init_sec_ace(new_ace, ptrustee, ace->type, >- ace->access_mask, 0); >+ ace->access_mask, 0, NULL); > > DEBUG(5,("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x" > " inherited as %s:%d/0x%02x/0x%08x\n", >@@ -594,7 +594,7 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, > } > > init_sec_ace(new_ace, ptrustee, ace->type, >- ace->access_mask, new_flags); >+ ace->access_mask, new_flags, &ace->object); > > DEBUG(5, ("se_create_child_secdesc(): %s:%d/0x%02x/0x%08x " > " inherited as %s:%d/0x%02x/0x%08x\n", >diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c >index 799d983..75defa5 100644 >--- a/source3/lib/sharesec.c >+++ b/source3/lib/sharesec.c >@@ -133,7 +133,7 @@ SEC_DESC *get_share_security_default( TALLOC_CTX *ctx, size_t *psize, uint32 def > se_map_generic(&spec_access, &file_generic_mapping); > > sa = (def_access | spec_access ); >- init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0); >+ init_sec_ace(&ace, &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, sa, 0, NULL); > > if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 1, &ace)) != NULL) { > psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1, >@@ -384,7 +384,7 @@ bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, SEC_DESC **ppsd) > > se_map_generic(&s_access, &file_generic_mapping); > sa = (g_access | s_access); >- init_sec_ace(&ace_list[i], &sid, type, sa, 0); >+ init_sec_ace(&ace_list[i], &sid, type, sa, 0, NULL); > } > > if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, num_aces, ace_list)) != NULL) { >diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c >index 058bf32..06e2fbe 100644 >--- a/source3/lib/util_seaccess.c >+++ b/source3/lib/util_seaccess.c >@@ -262,13 +262,15 @@ NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size) > > /*basic access for every one*/ > init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, >- GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0); >+ GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0, NULL); > > /*full access for builtin aliases Administrators and Account Operators*/ > init_sec_ace(&ace[1], &adm_sid, >- SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0); >+ SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0, >+ NULL); > init_sec_ace(&ace[2], &act_sid, >- SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0); >+ SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0, >+ NULL); > > if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL) > return NT_STATUS_NO_MEMORY; >diff --git a/source3/libgpo/gpo_reg.c b/source3/libgpo/gpo_reg.c >index 9367bca..4bd6edb 100644 >--- a/source3/libgpo/gpo_reg.c >+++ b/source3/libgpo/gpo_reg.c >@@ -699,19 +699,19 @@ static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx, > init_sec_ace(&ace[0], > &global_sid_System, > SEC_ACE_TYPE_ACCESS_ALLOWED, >- mask, 0); >+ mask, 0, NULL); > > mask = REG_KEY_ALL; > init_sec_ace(&ace[1], > &global_sid_Builtin_Administrators, > SEC_ACE_TYPE_ACCESS_ALLOWED, >- mask, 0); >+ mask, 0, NULL); > > mask = REG_KEY_READ; > init_sec_ace(&ace[2], > sid ? sid : &global_sid_Authenticated_Users, > SEC_ACE_TYPE_ACCESS_ALLOWED, >- mask, 0); >+ mask, 0, NULL); > > inherit_flags = SEC_ACE_FLAG_OBJECT_INHERIT | > SEC_ACE_FLAG_CONTAINER_INHERIT | >@@ -721,19 +721,19 @@ static WERROR gp_reg_generate_sd(TALLOC_CTX *mem_ctx, > init_sec_ace(&ace[3], > &global_sid_System, > SEC_ACE_TYPE_ACCESS_ALLOWED, >- mask, inherit_flags); >+ mask, inherit_flags, NULL); > > mask = REG_KEY_ALL; > init_sec_ace(&ace[4], > &global_sid_Builtin_Administrators, > SEC_ACE_TYPE_ACCESS_ALLOWED, >- mask, inherit_flags); >+ mask, inherit_flags, NULL); > > mask = REG_KEY_READ; > init_sec_ace(&ace[5], > sid ? sid : &global_sid_Authenticated_Users, > SEC_ACE_TYPE_ACCESS_ALLOWED, >- mask, inherit_flags); >+ mask, inherit_flags, NULL); > > theacl = make_sec_acl(mem_ctx, NT4_ACL_REVISION, 6, ace); > W_ERROR_HAVE_NO_MEMORY(theacl); >diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c >index 0e2ffda..a530264 100644 >--- a/source3/libsmb/libsmb_xattr.c >+++ b/source3/libsmb/libsmb_xattr.c >@@ -385,7 +385,7 @@ parse_ace(struct cli_state *ipc_cli, > > done: > mask = amask; >- init_sec_ace(ace, &sid, atype, mask, aflags); >+ init_sec_ace(ace, &sid, atype, mask, aflags, NULL); > TALLOC_FREE(frame); > return true; > } >diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c >index ecc889a..ba1a606 100644 >--- a/source3/modules/vfs_acl_common.c >+++ b/source3/modules/vfs_acl_common.c >@@ -212,7 +212,8 @@ static void add_directory_inheritable_components(vfs_handle_struct *handle, > access_mask, > SEC_ACE_FLAG_CONTAINER_INHERIT| > SEC_ACE_FLAG_OBJECT_INHERIT| >- SEC_ACE_FLAG_INHERIT_ONLY); >+ SEC_ACE_FLAG_INHERIT_ONLY, >+ NULL); > access_mask = map_canon_ace_perms(SNUM(conn), &acltype, > (mode << 3) & 0700, false); > init_sec_ace(&new_ace_list[num_aces+1], >@@ -221,7 +222,8 @@ static void add_directory_inheritable_components(vfs_handle_struct *handle, > access_mask, > SEC_ACE_FLAG_CONTAINER_INHERIT| > SEC_ACE_FLAG_OBJECT_INHERIT| >- SEC_ACE_FLAG_INHERIT_ONLY); >+ SEC_ACE_FLAG_INHERIT_ONLY, >+ NULL); > access_mask = map_canon_ace_perms(SNUM(conn), &acltype, > (mode << 6) & 0700, false); > init_sec_ace(&new_ace_list[num_aces+2], >@@ -230,7 +232,8 @@ static void add_directory_inheritable_components(vfs_handle_struct *handle, > access_mask, > SEC_ACE_FLAG_CONTAINER_INHERIT| > SEC_ACE_FLAG_OBJECT_INHERIT| >- SEC_ACE_FLAG_INHERIT_ONLY); >+ SEC_ACE_FLAG_INHERIT_ONLY, >+ NULL); > psd->dacl->aces = new_ace_list; > psd->dacl->num_aces += 3; > } >diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c >index beaa9e5..7723654 100644 >--- a/source3/printing/nt_printing.c >+++ b/source3/printing/nt_printing.c >@@ -5403,7 +5403,7 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) > > sa = PRINTER_ACE_PRINT; > init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, >- sa, SEC_ACE_FLAG_CONTAINER_INHERIT); >+ sa, SEC_ACE_FLAG_CONTAINER_INHERIT, NULL); > > /* Add the domain admins group if we are a DC */ > >@@ -5416,9 +5416,11 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) > sa = PRINTER_ACE_FULL_CONTROL; > init_sec_ace(&ace[i++], &domadmins_sid, > SEC_ACE_TYPE_ACCESS_ALLOWED, sa, >- SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY); >+ SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY, >+ NULL); > init_sec_ace(&ace[i++], &domadmins_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, >- sa, SEC_ACE_FLAG_CONTAINER_INHERIT); >+ sa, SEC_ACE_FLAG_CONTAINER_INHERIT, >+ NULL); > } > else if (secrets_fetch_domain_sid(lp_workgroup(), &adm_sid)) { > sid_append_rid(&adm_sid, DOMAIN_USER_RID_ADMIN); >@@ -5426,9 +5428,10 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) > sa = PRINTER_ACE_FULL_CONTROL; > init_sec_ace(&ace[i++], &adm_sid, > SEC_ACE_TYPE_ACCESS_ALLOWED, sa, >- SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY); >+ SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY, >+ NULL); > init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, >- sa, SEC_ACE_FLAG_CONTAINER_INHERIT); >+ sa, SEC_ACE_FLAG_CONTAINER_INHERIT, NULL); > } > > /* add BUILTIN\Administrators as FULL CONTROL */ >@@ -5436,10 +5439,10 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx) > sa = PRINTER_ACE_FULL_CONTROL; > init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, > SEC_ACE_TYPE_ACCESS_ALLOWED, sa, >- SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY); >+ SEC_ACE_FLAG_OBJECT_INHERIT | SEC_ACE_FLAG_INHERIT_ONLY, NULL); > init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, > SEC_ACE_TYPE_ACCESS_ALLOWED, >- sa, SEC_ACE_FLAG_CONTAINER_INHERIT); >+ sa, SEC_ACE_FLAG_CONTAINER_INHERIT, NULL); > > /* Make the security descriptor owned by the BUILTIN\Administrators */ > >diff --git a/source3/registry/reg_dispatcher.c b/source3/registry/reg_dispatcher.c >index cc6d95f..b4f311b 100644 >--- a/source3/registry/reg_dispatcher.c >+++ b/source3/registry/reg_dispatcher.c >@@ -45,17 +45,17 @@ static WERROR construct_registry_sd(TALLOC_CTX *ctx, SEC_DESC **psd) > /* basic access for Everyone */ > > init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, >- REG_KEY_READ, 0); >+ REG_KEY_READ, 0, NULL); > > /* Full Access 'BUILTIN\Administrators' */ > > init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, >- SEC_ACE_TYPE_ACCESS_ALLOWED, REG_KEY_ALL, 0); >+ SEC_ACE_TYPE_ACCESS_ALLOWED, REG_KEY_ALL, 0, NULL); > > /* Full Access 'NT Authority\System' */ > > init_sec_ace(&ace[i++], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, >- REG_KEY_ALL, 0); >+ REG_KEY_ALL, 0, NULL); > > /* create the security descriptor */ > >diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c >index e903f0e..f5e5fb5 100644 >--- a/source3/rpc_server/srv_lsa_nt.c >+++ b/source3/rpc_server/srv_lsa_nt.c >@@ -325,26 +325,26 @@ static NTSTATUS make_lsa_object_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s > /* READ|EXECUTE access for Everyone */ > > init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, >- map->generic_execute | map->generic_read, 0); >+ map->generic_execute | map->generic_read, 0, NULL); > > /* Add Full Access 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */ > > init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, >- SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); >+ SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0, NULL); > init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators, >- SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); >+ SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0, NULL); > > /* Add Full Access for Domain Admins */ > sid_copy(&adm_sid, get_global_sam_sid()); > sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS); > init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, >- map->generic_all, 0); >+ map->generic_all, 0, NULL); > > /* If we have a sid, give it some special access */ > > if (sid) { > init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, >- sid_access, 0); >+ sid_access, 0, NULL); > } > > if((psa = make_sec_acl(mem_ctx, NT4_ACL_REVISION, i, ace)) == NULL) >diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c >index 487fb3d..870a9ab 100644 >--- a/source3/rpc_server/srv_samr_nt.c >+++ b/source3/rpc_server/srv_samr_nt.c >@@ -133,14 +133,14 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd > /* basic access for Everyone */ > > init_sec_ace(&ace[i++], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED, >- map->generic_execute | map->generic_read, 0); >+ map->generic_execute | map->generic_read, 0, NULL); > > /* add Full Access 'BUILTIN\Administrators' and 'BUILTIN\Account Operators */ > > init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, >- SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); >+ SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0, NULL); > init_sec_ace(&ace[i++], &global_sid_Builtin_Account_Operators, >- SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); >+ SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0, NULL); > > /* Add Full Access for Domain Admins if we are a DC */ > >@@ -148,13 +148,13 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd > sid_copy( &domadmin_sid, get_global_sam_sid() ); > sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS ); > init_sec_ace(&ace[i++], &domadmin_sid, >- SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0); >+ SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0, NULL); > } > > /* if we have a sid, give it some special access */ > > if ( sid ) { >- init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sid_access, 0); >+ init_sec_ace(&ace[i++], sid, SEC_ACE_TYPE_ACCESS_ALLOWED, sid_access, 0, NULL); > } > > /* create the security descriptor */ >diff --git a/source3/rpc_server/srv_svcctl_nt.c b/source3/rpc_server/srv_svcctl_nt.c >index 26dc09e..5f66483 100644 >--- a/source3/rpc_server/srv_svcctl_nt.c >+++ b/source3/rpc_server/srv_svcctl_nt.c >@@ -144,12 +144,12 @@ static SEC_DESC* construct_scm_sd( TALLOC_CTX *ctx ) > /* basic access for Everyone */ > > init_sec_ace(&ace[i++], &global_sid_World, >- SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_READ_ACCESS, 0); >+ SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_READ_ACCESS, 0, NULL); > > /* Full Access 'BUILTIN\Administrators' */ > > init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, >- SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_ALL_ACCESS, 0); >+ SEC_ACE_TYPE_ACCESS_ALLOWED, SC_MANAGER_ALL_ACCESS, 0, NULL); > > > /* create the security descriptor */ >diff --git a/source3/services/services_db.c b/source3/services/services_db.c >index b610c92..967ba6f 100644 >--- a/source3/services/services_db.c >+++ b/source3/services/services_db.c >@@ -97,15 +97,16 @@ static SEC_DESC* construct_service_sd( TALLOC_CTX *ctx ) > /* basic access for Everyone */ > > init_sec_ace(&ace[i++], &global_sid_World, >- SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_READ_ACCESS, 0); >+ SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_READ_ACCESS, 0, NULL); > > init_sec_ace(&ace[i++], &global_sid_Builtin_Power_Users, >- SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_EXECUTE_ACCESS, 0); >+ SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_EXECUTE_ACCESS, 0, >+ NULL); > > init_sec_ace(&ace[i++], &global_sid_Builtin_Server_Operators, >- SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0); >+ SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0, NULL); > init_sec_ace(&ace[i++], &global_sid_Builtin_Administrators, >- SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0); >+ SEC_ACE_TYPE_ACCESS_ALLOWED, SERVICE_ALL_ACCESS, 0, NULL); > > /* create the security descriptor */ > >diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c >index 555f9c0..0f28ff7 100644 >--- a/source3/smbd/posix_acls.c >+++ b/source3/smbd/posix_acls.c >@@ -3072,7 +3072,7 @@ static void add_or_replace_ace(SEC_ACE *nt_ace_list, size_t *num_aces, > } > > /* not found, append it */ >- init_sec_ace(&nt_ace_list[(*num_aces)++], sid, type, mask, flags); >+ init_sec_ace(&nt_ace_list[(*num_aces)++], sid, type, mask, flags, NULL); > } > > >@@ -3233,7 +3233,8 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, > &ace->trustee, > nt_acl_type, > acc, >- ace->ace_flags); >+ ace->ace_flags, >+ NULL); > } > > /* The User must have access to a profile share - even >@@ -3257,7 +3258,8 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, > ace->ace_flags | > SEC_ACE_FLAG_OBJECT_INHERIT| > SEC_ACE_FLAG_CONTAINER_INHERIT| >- SEC_ACE_FLAG_INHERIT_ONLY); >+ SEC_ACE_FLAG_INHERIT_ONLY, >+ NULL); > } > > /* The User must have access to a profile share - even >@@ -3862,17 +3864,20 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC > &file_owner_sid, > SEC_ACE_TYPE_ACCESS_ALLOWED, > GENERIC_ALL_ACCESS, >- 0); >+ 0, >+ NULL); > init_sec_ace(&ace[1], > &file_grp_sid, > SEC_ACE_TYPE_ACCESS_ALLOWED, > GENERIC_ALL_ACCESS, >- 0); >+ 0, >+ NULL); > init_sec_ace(&ace[2], > &global_sid_World, > SEC_ACE_TYPE_ACCESS_ALLOWED, > GENERIC_ALL_ACCESS, >- 0); >+ 0, >+ NULL); > psd->dacl = make_sec_acl(talloc_tos(), > NT4_ACL_REVISION, > 3, >@@ -4772,7 +4777,8 @@ NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx, > &owner_sid, > SEC_ACE_TYPE_ACCESS_ALLOWED, > access_mask, >- 0); >+ 0, >+ NULL); > idx++; > > access_mask = 0; >@@ -4788,7 +4794,8 @@ NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx, > &group_sid, > SEC_ACE_TYPE_ACCESS_ALLOWED, > access_mask, >- 0); >+ 0, >+ NULL); > idx++; > } > >@@ -4804,7 +4811,8 @@ NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx, > &global_sid_World, > SEC_ACE_TYPE_ACCESS_ALLOWED, > access_mask, >- 0); >+ 0, >+ NULL); > idx++; > } > >@@ -4812,7 +4820,8 @@ NTSTATUS make_default_filesystem_acl(TALLOC_CTX *ctx, > &global_sid_System, > SEC_ACE_TYPE_ACCESS_ALLOWED, > SEC_RIGHTS_FILE_ALL, >- 0); >+ 0, >+ NULL); > idx++; > > new_dacl = make_sec_acl(ctx, >diff --git a/source3/utils/sharesec.c b/source3/utils/sharesec.c >index 4be77ec..756ab28 100644 >--- a/source3/utils/sharesec.c >+++ b/source3/utils/sharesec.c >@@ -284,7 +284,7 @@ static bool parse_ace(SEC_ACE *ace, const char *orig_str) > > done: > mask = amask; >- init_sec_ace(ace, &sid, atype, mask, aflags); >+ init_sec_ace(ace, &sid, atype, mask, aflags, NULL); > SAFE_FREE(str); > TALLOC_FREE(frame); > return True; >diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c >index eefe4fe..b09d5d8 100644 >--- a/source3/utils/smbcacls.c >+++ b/source3/utils/smbcacls.c >@@ -520,7 +520,7 @@ static bool parse_ace(struct cli_state *cli, SEC_ACE *ace, > > done: > mask = amask; >- init_sec_ace(ace, &sid, atype, mask, aflags); >+ init_sec_ace(ace, &sid, atype, mask, aflags, NULL); > TALLOC_FREE(frame); > SAFE_FREE(str); > return True;
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 9821
:
8798
|
8799
| 8800 |
8808