* fhandler_disk_file.cc (fhandler_disk_file::fchown): Catch an

error when changing the user account on a standalone Samba server.
	Explain why.
	* sec_acl.cc (setacl): Accommodate additional parameter to set_file_sd.
	* sec_helper.cc (SECURITY_SAMBA_UNIX_AUTHORITY): Define.
	(well_known_samba_unix_user_fake_sid): Define.
	* security.cc (set_file_sd): Take additional parameter if ownership
	should be changed.  Restrict requested permissions accordingly.
	(set_file_attribute): Accommodate additional parameter to set_file_sd.
	* security.h (well_known_samba_unix_user_fake_sid): Declare.
	(set_file_sd): Align declaration to above change.
This commit is contained in:
Corinna Vinschen
2009-04-09 09:19:03 +00:00
parent 9b26525ec3
commit 2d647173bb
6 changed files with 56 additions and 8 deletions

View File

@@ -83,7 +83,7 @@ get_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd)
}
LONG
set_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd)
set_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd, bool is_chown)
{
NTSTATUS status = STATUS_SUCCESS;
int retry = 0;
@@ -93,7 +93,10 @@ set_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd)
{
if (fh)
{
status = NtSetSecurityObject (fh, ALL_SECURITY_INFORMATION, sd);
status = NtSetSecurityObject (fh,
is_chown ? ALL_SECURITY_INFORMATION
: DACL_SECURITY_INFORMATION,
sd);
if (NT_SUCCESS (status))
{
res = 0;
@@ -104,8 +107,7 @@ set_file_sd (HANDLE fh, path_conv &pc, security_descriptor &sd)
{
OBJECT_ATTRIBUTES attr;
IO_STATUS_BLOCK io;
status = NtOpenFile (&fh, WRITE_OWNER | WRITE_DAC,
status = NtOpenFile (&fh, (is_chown ? WRITE_OWNER : 0) | WRITE_DAC,
pc.get_object_attr (attr, sec_none_nih),
&io, FILE_SHARE_VALID_FLAGS,
FILE_OPEN_FOR_BACKUP_INTENT
@@ -712,7 +714,8 @@ set_file_attribute (HANDLE handle, path_conv &pc,
if (!get_file_sd (handle, pc, sd)
&& alloc_sd (pc, uid, gid, attribute, sd))
ret = set_file_sd (handle, pc, sd);
ret = set_file_sd (handle, pc, sd,
uid != ILLEGAL_UID || gid != ILLEGAL_GID);
}
else
ret = 0;