[SCM] Samba Shared Repository - branch v3-6-test updated
Jeremy Allison
jra at samba.org
Thu Apr 14 15:52:24 MDT 2011
The branch, v3-6-test has been updated
via 72c9b37 Ensure change_dir_owner_to_parent() can't be raced.
via 8636467 Fix bug #8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module.
via 232e35b Optimization for change_file_owner_to_parent() and change_dir_owner_to_parent()
from f8607bd s3: Fix Coverity ID 2471: UNINIT
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 72c9b37d4c882838734aa48ad44eedbe32f6c606
Author: Jeremy Allison <jra at samba.org>
Date: Thu Apr 14 13:56:05 2011 -0700
Ensure change_dir_owner_to_parent() can't be raced.
Autobuild-User: Jeremy Allison <jra at samba.org>
Autobuild-Date: Thu Apr 14 23:39:55 CEST 2011 on sn-devel-104
(cherry picked from commit 4389bf4bc94eefe034e7551371e6e43cca8d8bdb)
commit 86364679519c225eb262945f6fb5aa73fa382bd8
Author: Jeremy Allison <jra at samba.org>
Date: Thu Apr 14 13:20:08 2011 -0700
Fix bug #8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module.
If "inherit owner = yes", pass in the directory owner and group
owner as the target for CREATOR_OWNER and CREATOR_GROUP substitutions,
and also as the owner and primary group of the new security descriptor
being applied to the object.
Jeremy.
(cherry picked from commit 182eea9ae26804d7f4eedcfa09eef0342ec3db5a)
commit 232e35b48cce6619e409ed07cd367cedd34624c3
Author: Jeremy Allison <jra at samba.org>
Date: Thu Apr 14 12:49:58 2011 -0700
Optimization for change_file_owner_to_parent() and change_dir_owner_to_parent()
Don't do the chown if the owner is already correct.
(cherry picked from commit 9c2ba9436d1abe66c493a512702101f631946cdf)
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_acl_common.c | 30 +++++++++++++++++++++++++++---
source3/smbd/open.c | 23 ++++++++++++++++++++++-
2 files changed, 49 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 99edbda..84d666a 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -446,6 +446,9 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
TALLOC_CTX *ctx = talloc_tos();
NTSTATUS status = NT_STATUS_OK;
struct security_descriptor *psd = NULL;
+ struct dom_sid *owner_sid = NULL;
+ struct dom_sid *group_sid = NULL;
+ bool inherit_owner = lp_inherit_owner(SNUM(handle->conn));
size_t size;
if (!sd_has_inheritable_components(parent_desc, is_directory)) {
@@ -460,12 +463,25 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
NDR_PRINT_DEBUG(security_descriptor, parent_desc);
}
+ /* Inherit from parent descriptor if "inherit owner" set. */
+ if (inherit_owner) {
+ owner_sid = parent_desc->owner_sid;
+ group_sid = parent_desc->group_sid;
+ }
+
+ if (owner_sid == NULL) {
+ owner_sid = &handle->conn->session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
+ }
+ if (group_sid == NULL) {
+ group_sid = &handle->conn->session_info->security_token->sids[PRIMARY_GROUP_SID_INDEX];
+ }
+
status = se_create_child_secdesc(ctx,
&psd,
&size,
parent_desc,
- &handle->conn->session_info->security_token->sids[PRIMARY_USER_SID_INDEX],
- &handle->conn->session_info->security_token->sids[PRIMARY_GROUP_SID_INDEX],
+ owner_sid,
+ group_sid,
is_directory);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -477,11 +493,19 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
NDR_PRINT_DEBUG(security_descriptor, psd);
}
- return SMB_VFS_FSET_NT_ACL(fsp,
+ if (inherit_owner) {
+ /* We need to be root to force this. */
+ become_root();
+ }
+ status = SMB_VFS_FSET_NT_ACL(fsp,
(SECINFO_OWNER |
SECINFO_GROUP |
SECINFO_DACL),
psd);
+ if (inherit_owner) {
+ unbecome_root();
+ }
+ return status;
}
static NTSTATUS get_parent_acl_common(vfs_handle_struct *handle,
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 5c449fc..b35d481 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -214,6 +214,17 @@ void change_file_owner_to_parent(connection_struct *conn,
"directory %s. Error was %s\n",
smb_fname_str_dbg(smb_fname_parent),
strerror(errno)));
+ TALLOC_FREE(smb_fname_parent);
+ return;
+ }
+
+ if (smb_fname_parent->st.st_ex_uid == fsp->fsp_name->st.st_ex_uid) {
+ /* Already this uid - no need to change. */
+ DEBUG(10,("change_file_owner_to_parent: file %s "
+ "is already owned by uid %d\n",
+ fsp_str_dbg(fsp),
+ (int)fsp->fsp_name->st.st_ex_uid ));
+ TALLOC_FREE(smb_fname_parent);
return;
}
@@ -314,8 +325,18 @@ NTSTATUS change_dir_owner_to_parent(connection_struct *conn,
goto chdir;
}
+ if (smb_fname_parent->st.st_ex_uid == smb_fname_cwd->st.st_ex_uid) {
+ /* Already this uid - no need to change. */
+ DEBUG(10,("change_dir_owner_to_parent: directory %s "
+ "is already owned by uid %d\n",
+ fname,
+ (int)smb_fname_cwd->st.st_ex_uid ));
+ status = NT_STATUS_OK;
+ goto chdir;
+ }
+
become_root();
- ret = SMB_VFS_CHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
+ ret = SMB_VFS_LCHOWN(conn, ".", smb_fname_parent->st.st_ex_uid,
(gid_t)-1);
unbecome_root();
if (ret == -1) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list