X-Git-Url: http://git.samba.org/?a=blobdiff_plain;f=source3%2Fmodules%2Fvfs_acl_common.c;h=e01ac4ec5f38c28d824f584e0d0731a3837ecb35;hb=HEAD;hp=61f45011a928105ecc4ad32198692a100065db01;hpb=a28a686714e2d0e09d050d8df1df328d6fa581d0;p=samba.git diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 61f45011a92..e04b672cf9a 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -259,9 +259,6 @@ static NTSTATUS create_sys_acl_blob(const struct security_descriptor *psd, struct security_descriptor_hash_v4 sd_hs4; enum ndr_err_code ndr_err; TALLOC_CTX *ctx = talloc_tos(); - NTTIME nttime_now; - struct timeval now = timeval_current(); - nttime_now = timeval_to_nttime(&now); ZERO_STRUCT(xacl); ZERO_STRUCT(sd_hs4); @@ -272,7 +269,6 @@ static NTSTATUS create_sys_acl_blob(const struct security_descriptor *psd, xacl.info.sd_hs4->hash_type = hash_type; memcpy(&xacl.info.sd_hs4->hash[0], hash, XATTR_SD_HASH_SIZE); xacl.info.sd_hs4->description = description; - xacl.info.sd_hs4->time = nttime_now; memcpy(&xacl.info.sd_hs4->sys_acl_hash[0], sys_acl_hash, XATTR_SD_HASH_SIZE); ndr_err = ndr_push_struct_blob( @@ -315,7 +311,7 @@ static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle, } else { /* * make_sec_acl() at the bottom of this function - * dupliates new_ace_list + * duplicates new_ace_list */ new_ace_list = talloc_zero_array(talloc_tos(), struct security_ace, @@ -404,14 +400,13 @@ static NTSTATUS add_directory_inheritable_components(vfs_handle_struct *handle, * and psd_from_fs set to false. * * Returning the underlying filesystem ACL in case no. 2 is really just an - * optimisation, because some validations have to fetch the filesytem ACL as + * optimisation, because some validations have to fetch the filesystem ACL as * part of the validation, so we already have it available and callers might * need it as well. **/ static NTSTATUS validate_nt_acl_blob(TALLOC_CTX *mem_ctx, vfs_handle_struct *handle, struct files_struct *fsp, - struct files_struct *dirfsp, const struct smb_filename *smb_fname, const DATA_BLOB *blob, struct security_descriptor **ppsd, @@ -454,7 +449,7 @@ static NTSTATUS validate_nt_acl_blob(TALLOC_CTX *mem_ctx, switch (xattr_version) { case 1: case 2: - /* These xattr types are unilatteral, they do not + /* These xattr types are unilateral, they do not * require confirmation of the hash. In particular, * the NTVFS file server uses version 1, but * 'samba-tool ntacl' can set these as well */ @@ -610,7 +605,6 @@ NTSTATUS fget_nt_acl_common( status = validate_nt_acl_blob(mem_ctx, handle, fsp, - NULL, smb_fname, &blob, &psd, @@ -744,10 +738,13 @@ static NTSTATUS set_underlying_acl(vfs_handle_struct *handle, files_struct *fsp, /* We got access denied here. If we're already root, or we didn't need to do a chown, or the fsp isn't open with WRITE_OWNER access, just return. */ - if (get_current_uid(handle->conn) == 0 || chown_needed == false || - !(fsp->access_mask & SEC_STD_WRITE_OWNER)) { + if (get_current_uid(handle->conn) == 0 || !chown_needed) { return NT_STATUS_ACCESS_DENIED; } + status = check_any_access_fsp(fsp, SEC_STD_WRITE_OWNER); + if (!NT_STATUS_IS_OK(status)) { + return status; + } /* * Only allow take-ownership, not give-ownership. That's the way Windows @@ -979,8 +976,8 @@ NTSTATUS fset_nt_acl_common( } /* We store hashes of both the sys ACL blob and the NT - * security desciptor mapped from that ACL so as to improve - * our chances against some inadvertant change breaking the + * security descriptor mapped from that ACL so as to improve + * our chances against some inadvertent change breaking the * hash used */ status = create_sys_acl_blob(psd, &blob, XATTR_SD_HASH_TYPE_SHA256, hash, sys_acl_description, sys_acl_hash);