From 7ce3a0cc305eff5b64d06639fb622aef63317987 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Wed, 22 Apr 2009 09:12:58 -0400 Subject: [PATCH] Fix profile acls in some corner cases Always add back the real original owner of the directory in the ACE List after we steal its ACE for the Administrators group. (cherry picked from commit 8e438431a1447fd482c107fbe0aee3af49afe068) --- source/smbd/posix_acls.c | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index 13bf2ba89d1..b538825b951 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -2878,19 +2878,22 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, canon_ace *dir_ace = NULL; SEC_ACE *nt_ace_list = NULL; size_t num_profile_acls = 0; + DOM_SID orig_owner_sid; SEC_DESC *psd = NULL; + int i; /* * Get the owner, group and world SIDs. */ + create_file_sids(sbuf, &owner_sid, &group_sid); + if (lp_profile_acls(SNUM(conn))) { /* For WXP SP1 the owner must be administrators. */ + sid_copy(&orig_owner_sid, &owner_sid); sid_copy(&owner_sid, &global_sid_Builtin_Administrators); sid_copy(&group_sid, &global_sid_Builtin_Users); - num_profile_acls = 2; - } else { - create_file_sids(sbuf, &owner_sid, &group_sid); + num_profile_acls = 3; } if ((security_info & DACL_SECURITY_INFORMATION) && !(security_info & PROTECTED_DACL_SECURITY_INFORMATION)) { @@ -3058,6 +3061,18 @@ static NTSTATUS posix_get_nt_acl_common(struct connection_struct *conn, num_aces = merge_default_aces(nt_ace_list, num_aces); + if (lp_profile_acls(SNUM(conn))) { + for (i = 0; i < num_aces; i++) { + if (sid_equal(&nt_ace_list[i].trustee, &owner_sid)) { + add_or_replace_ace(nt_ace_list, &num_aces, + &orig_owner_sid, + nt_ace_list[i].type, + nt_ace_list[i].access_mask, + nt_ace_list[i].flags); + break; + } + } + } } if (num_aces) { -- 2.47.2