[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Thu Apr 14 15:40:02 MDT 2011 

The branch, master has been updated
       via  4389bf4 Ensure change_dir_owner_to_parent() can't be raced.
       via  182eea9 Fix bug #8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module.
       via  9c2ba94 Optimization for change_file_owner_to_parent() and change_dir_owner_to_parent()
      from  d9c1d1f s3: Fix Coverity ID 2471: UNINIT

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 4389bf4bc94eefe034e7551371e6e43cca8d8bdb
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Apr 14 13:56:05 2011 -0700

    Ensure change_dir_owner_to_parent() can't be raced.
    
    Autobuild-User: Jeremy Allison <jra at samba.org>
    Autobuild-Date: Thu Apr 14 23:39:55 CEST 2011 on sn-devel-104

commit 182eea9ae26804d7f4eedcfa09eef0342ec3db5a
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Apr 14 13:20:08 2011 -0700

    Fix bug #8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module.
    
    If "inherit owner = yes", pass in the directory owner and group
    owner as the target for CREATOR_OWNER and CREATOR_GROUP substitutions,
    and also as the owner and primary group of the new security descriptor
    being applied to the object.
    
    Jeremy.

commit 9c2ba9436d1abe66c493a512702101f631946cdf
Author: Jeremy Allison <jra at samba.org>
Date:   Thu Apr 14 12:49:58 2011 -0700

    Optimization for change_file_owner_to_parent() and change_dir_owner_to_parent()
    
    Don't do the chown if the owner is already correct.

-----------------------------------------------------------------------

Summary of changes:
 source3/modules/vfs_acl_common.c |   30 +++++++++++++++++++++++++++---
 source3/smbd/open.c              |   23 ++++++++++++++++++++++-
 2 files changed, 49 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 5edcb4b..6c57acb 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -446,6 +446,9 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
 	TALLOC_CTX *ctx = talloc_tos();
 	NTSTATUS status = NT_STATUS_OK;
 	struct security_descriptor *psd = NULL;
+	struct dom_sid *owner_sid = NULL;
+	struct dom_sid *group_sid = NULL;
+	bool inherit_owner = lp_inherit_owner(SNUM(handle->conn));
 	size_t size;
 
 	if (!sd_has_inheritable_components(parent_desc, is_directory)) {
@@ -460,12 +463,25 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
 		NDR_PRINT_DEBUG(security_descriptor, parent_desc);
 	}
 
+	/* Inherit from parent descriptor if "inherit owner" set. */
+	if (inherit_owner) {
+		owner_sid = parent_desc->owner_sid;
+		group_sid = parent_desc->group_sid;
+	}
+
+	if (owner_sid == NULL) {
+		owner_sid = &handle->conn->session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+	}
+	if (group_sid == NULL) {
+		group_sid = &handle->conn->session_info->security_token->sids[PRIMARY_GROUP_SID_INDEX];
+	}
+
 	status = se_create_child_secdesc(ctx,
 			&psd,
 			&size,
 			parent_desc,
-			&handle->conn->session_info->security_token->sids[PRIMARY_USER_SID_INDEX],
-			&handle->conn->session_info->security_token->sids[PRIMARY_GROUP_SID_INDEX],
+			owner_sid,
+			group_sid,
 			is_directory);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
@@ -477,11 +493,19 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
 		NDR_PRINT_DEBUG(security_descriptor, psd);
 	}
 
-	return SMB_VFS_FSET_NT_ACL(fsp,
+	if (inherit_owner) {
+		/* We need to be root to force this. */
+		become_root();
+	}
+	status = SMB_VFS_FSET_NT_ACL(fsp,
 				(SECINFO_OWNER |
 				 SECINFO_GROUP |
 				 SECINFO_DACL),
 				psd);
+	if (inherit_owner) {
+		unbecome_root();
+	}
+	return status;
 }
 
 static NTSTATUS get_parent_acl_common(vfs_handle_struct *handle,
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 66b14ff..b7c8540 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -214,6 +214,17 @@ void change_file_owner_to_parent(connection_struct *conn,
 			 "directory %s. Error was %s\n",
 			 smb_fname_str_dbg(smb_fname_parent),
 			 strerror(errno)));
+		TALLOC_FREE(smb_fname_parent);
+		return;
+	}
+
+	if (smb_fname_parent->st.st_ex_uid == fsp->fsp_name->st.st_ex_uid) {
+		/* Already this uid - no need to change. */
+		DEBUG(10,("change_file_owner_to_parent: file %s "
+			"is already owned by uid %d\n",
+			fsp_str_dbg(fsp),
+			(int)fsp->fsp_name->st.st_ex_uid ));
+		TALLOC_FREE(smb_fname_parent);
 		return;
 	}
 
@@ -314,8 +325,18 @@ NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
 		goto chdir;
 	}
 
+	if (smb_fname_parent->st.st_ex_uid == smb_fname_cwd->st.st_ex_uid) {
+		/* Already this uid - no need to change. */
+		DEBUG(10,("change_dir_owner_to_parent: directory %s "
+			"is already owned by uid %d\n",
+			fname,
+			(int)smb_fname_cwd->st.st_ex_uid ));
+		status = NT_STATUS_OK;
+		goto chdir;
+	}
+
 	become_root();
-	ret = SMB_VFS_CHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
+	ret = SMB_VFS_LCHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
 			    (gid_t)-1);
 	unbecome_root();
 	if (ret == -1) {


-- 
Samba Shared Repository

More information about the samba-cvs mailing list