[PATCH] smbcacls: no need to fetch the sd when changing ownership

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH] smbcacls: no need to fetch the sd when changing ownership

Samba - samba-technical mailing list
Hi!

Reading the SD may be denied but changing ownership could be allowed. As
we don't really need the server SD for the change ownership request,
don't fetch it.

Please review&push if ok. Thanks!

-slow

smbcacls.patch (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: [PATCH] smbcacls: no need to fetch the sd when changing ownership

Samba - samba-technical mailing list
On Fri, Oct 06, 2017 at 04:12:08PM +0200, Ralph Böhme via samba-technical wrote:
> Hi!
>
> Reading the SD may be denied but changing ownership could be allowed. As
> we don't really need the server SD for the change ownership request,
> don't fetch it.
>
> Please review&push if ok. Thanks!

LGTM. Pushed ! Thanks.

> From cd4a9a9a623baec73bccf7a2f3fcf0a6147dccd5 Mon Sep 17 00:00:00 2001
> From: Ralph Boehme <[hidden email]>
> Date: Fri, 6 Oct 2017 08:01:46 +0200
> Subject: [PATCH] smbcacls: no need to fetch the sd when changing ownership
>
> Reading the SD may be denied but changing ownership could be allowed. As
> we don't really need the server SD for the change ownership request,
> don't fetch it.
>
> Signed-off-by: Ralph Boehme <[hidden email]>
> ---
>  source3/utils/smbcacls.c | 16 ++++++----------
>  1 file changed, 6 insertions(+), 10 deletions(-)
>
> diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
> index c42a1888cff..0a5eeb31d0b 100644
> --- a/source3/utils/smbcacls.c
> +++ b/source3/utils/smbcacls.c
> @@ -397,21 +397,17 @@ static int owner_set(struct cli_state *cli, enum chown_mode change_mode,
>   const char *filename, const char *new_username)
>  {
>   struct dom_sid sid;
> - struct security_descriptor *sd, *old;
> + struct security_descriptor *sd;
>   size_t sd_size;
>  
>   if (!StringToSid(cli, &sid, new_username))
>   return EXIT_PARSE_ERROR;
>  
> - old = get_secdesc(cli, filename);
> -
> - if (!old) {
> - return EXIT_FAILED;
> - }
> -
> - sd = make_sec_desc(talloc_tos(),old->revision, SEC_DESC_SELF_RELATIVE,
> - (change_mode == REQUEST_CHOWN) ? &sid : NULL,
> - (change_mode == REQUEST_CHGRP) ? &sid : NULL,
> + sd = make_sec_desc(talloc_tos(),
> +   SECURITY_DESCRIPTOR_REVISION_1,
> +   SEC_DESC_SELF_RELATIVE,
> +   (change_mode == REQUEST_CHOWN) ? &sid : NULL,
> +   (change_mode == REQUEST_CHGRP) ? &sid : NULL,
>     NULL, NULL, &sd_size);
>  
>   if (!set_secdesc(cli, filename, sd)) {
> --
> 2.13.5
>