[SCM] SAMBA-CTDB repository - branch v3-2-ctdb updated - 3.2.11-ctdb-64-2-gf9a8a67
Michael Adam
obnox at samba.org
Mon Sep 7 04:44:08 MDT 2009
The branch, v3-2-ctdb has been updated
via f9a8a677279e3c9f8783604b4c551c7463c64b94 (commit)
from 450d48035ed8fb52123386ff88f80d008434685b (commit)
http://gitweb.samba.org/?p=obnox/samba-ctdb.git;a=shortlog;h=v3-2-ctdb
- Log -----------------------------------------------------------------
commit f9a8a677279e3c9f8783604b4c551c7463c64b94
Author: Christian Ambach <christian.ambach at de.ibm.com>
Date: Sun Jul 5 16:03:15 2009 +0200
do not merge ACEs with different SMB_ACE4_INHERIT_ONLY_ACE flag, this leads to wrong inheritance flags in the ACL e.g. (on GPFS) user:10000036:rwxc:allow (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly
(X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED
(X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
group:10000005:rwxc:allow
(X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED
(X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly
(X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED
(X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
would be merged to
user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly
(X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED
(X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly
(X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED
(X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
so the explicit right for the user on the parent directory will be gone (the InheritOnly flag only accounts to subdirectories)
thus leaving the user without access to the directory itself
Signed-off-by: Christian Ambach <christian.ambach at de.ibm.com>
(cherry picked from commit 5e7da42f6ea768a1e2eeeb15b8b2c41cdfcac94f)
Signed-off-by: Michael Adam <obnox at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source/modules/nfs4_acls.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/modules/nfs4_acls.c b/source/modules/nfs4_acls.c
index 515272c..318f3dc 100644
--- a/source/modules/nfs4_acls.c
+++ b/source/modules/nfs4_acls.c
@@ -451,8 +451,15 @@ static SMB_ACE4PROP_T *smbacl4_find_equal_special(
for(aceint = aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) {
SMB_ACE4PROP_T *ace = &aceint->prop;
+ DEBUG(10,("ace type:0x%x flags:0x%x aceFlags:0x%x "
+ "new type:0x%x flags:0x%x aceFlags:0x%x\n",
+ ace->aceType, ace->flags, ace->aceFlags,
+ aceNew->aceType, aceNew->flags,aceNew->aceFlags));
+
if (ace->flags == aceNew->flags &&
ace->aceType==aceNew->aceType &&
+ ((ace->aceFlags&SMB_ACE4_INHERIT_ONLY_ACE)==
+ (aceNew->aceFlags&SMB_ACE4_INHERIT_ONLY_ACE)) &&
(ace->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)==
(aceNew->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)
) {
--
SAMBA-CTDB repository
More information about the samba-cvs
mailing list