Change the other two places where we set a security descriptor given by the client...

the canonicalize sd function.

diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
index 7f34ec28e03003d4b5d4afa89d18147b93d4177f..2d34b9b4d1ce901fcd3980852b7662280df876dc 100644 (file)
--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c
@@ -2332,26 +2332,7 @@ WERROR _srvsvc_NetSetFileSecurity(struct pipes_struct *p,
        psd = r->in.sd_buf->sd;
        security_info_sent = r->in.securityinformation;
 
-       if (psd->owner_sid==0) {
-               security_info_sent &= ~SECINFO_OWNER;
-       }
-       if (psd->group_sid==0) {
-               security_info_sent &= ~SECINFO_GROUP;
-       }
-       if (psd->sacl==0) {
-               security_info_sent &= ~SECINFO_SACL;
-       }
-       if (psd->dacl==0) {
-               security_info_sent &= ~SECINFO_DACL;
-       }
-
-       /* Convert all the generic bits. */
-       security_acl_map_generic(psd->dacl, &file_generic_mapping);
-       security_acl_map_generic(psd->sacl, &file_generic_mapping);
-
-       nt_status = SMB_VFS_FSET_NT_ACL(fsp,
-                                       security_info_sent,
-                                       psd);
+       nt_status = set_sd(fsp, psd, security_info_sent);
 
        if (!NT_STATUS_IS_OK(nt_status) ) {
                DEBUG(3,("_srvsvc_NetSetFileSecurity: Unable to set NT ACL "

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index d078638aaee235a450ea0ff713d52f0d82e87467..415f6adf2e2f6706183ef74b1d577202f8c5e39f 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3757,15 +3757,11 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
 
                        fsp->access_mask = FILE_GENERIC_ALL;
 
-                       /* Convert all the generic bits. */
-                       security_acl_map_generic(sd->dacl, &file_generic_mapping);
-                       security_acl_map_generic(sd->sacl, &file_generic_mapping);
-
                        if (sec_info_sent & (SECINFO_OWNER|
                                                SECINFO_GROUP|
                                                SECINFO_DACL|
                                                SECINFO_SACL)) {
-                               status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd);
+                               status = set_sd(fsp, sd, sec_info_sent);
                        }
 
                        fsp->access_mask = saved_access_mask;