[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4349-gf383a51

Jeremy Allison jra at samba.org
Sun Nov 9 06:59:22 GMT 2008 

The branch, v3-3-test has been updated
       via  f383a518f68568c36edc7f438d903d3636a42d45 (commit)
      from  76f7291b264084d24ea85956b6c98361417cdc71 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit f383a518f68568c36edc7f438d903d3636a42d45
Author: Jeremy Allison <jra at samba.org>
Date:   Sat Nov 8 22:58:59 2008 -0800

    Fix a subtle logic bug in the adaption of se_create_child_secdesc(), pass RAW-ACL inheritance tests. Only access masks for SD get/set left to fix.
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source/lib/secdesc.c           |    3 +++
 source/modules/vfs_acl_xattr.c |   21 ++++++++++++++++++++-
 2 files changed, 23 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/secdesc.c b/source/lib/secdesc.c
index a49ee8d..96806b3 100644
--- a/source/lib/secdesc.c
+++ b/source/lib/secdesc.c
@@ -546,6 +546,9 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 
 			ptrustee = creator;
 			new_flags |= SEC_ACE_FLAG_INHERIT_ONLY;
+		} else if (container &&
+				!(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) {
+			ptrustee = &ace->trustee;
 		}
 
 		init_sec_ace(new_ace, ptrustee, ace->type,
diff --git a/source/modules/vfs_acl_xattr.c b/source/modules/vfs_acl_xattr.c
index ee0c16e..6f1c1a3 100644
--- a/source/modules/vfs_acl_xattr.c
+++ b/source/modules/vfs_acl_xattr.c
@@ -363,10 +363,18 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
 	status = get_nt_acl_xattr_internal(handle,
 					NULL,
 					parent_name,
-					DACL_SECURITY_INFORMATION,
+					(OWNER_SECURITY_INFORMATION |
+					 GROUP_SECURITY_INFORMATION |
+					 DACL_SECURITY_INFORMATION),
 					&parent_desc);
         if (NT_STATUS_IS_OK(status)) {
 		/* Create an inherited descriptor from the parent. */
+
+		if (DEBUGLEVEL >= 10) {
+			DEBUG(10,("inherit_new_acl: parent acl is:\n"));
+			NDR_PRINT_DEBUG(security_descriptor, parent_desc);
+		}
+
 		status = se_create_child_secdesc(ctx,
 				&psd,
 				&size,
@@ -377,6 +385,12 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
+
+		if (DEBUGLEVEL >= 10) {
+			DEBUG(10,("inherit_new_acl: child acl is:\n"));
+			NDR_PRINT_DEBUG(security_descriptor, psd);
+		}
+
 	} else {
 		DEBUG(10,("inherit_new_acl: directory %s failed "
 			"to get acl %s\n",
@@ -401,6 +415,11 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
 		if (!psd) {
 			return NT_STATUS_NO_MEMORY;
 		}
+
+		if (DEBUGLEVEL >= 10) {
+			DEBUG(10,("inherit_new_acl: default acl is:\n"));
+			NDR_PRINT_DEBUG(security_descriptor, psd);
+		}
 	}
 
 	status = create_acl_blob(psd, &blob);


-- 
Samba Shared Repository

More information about the samba-cvs mailing list