[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Tue Jun 7 14:33:03 MDT 2011 

The branch, master has been updated
       via  aff6c52 Fix re-opened bug 8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module.
      from  c3ac298 s3:libsmb/cli_np_tstream: use larger buffers to avoid a bug NT4 servers (bug #8195)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit aff6c52370f853d447fc089796b0e4aa29c24d75
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Jun 7 11:54:35 2011 -0700

    Fix re-opened bug 8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module.
    
    Fix incorrect interaction when all of
    
    "inherit permissions = yes"
    "inherit acls = yes"
    "inherit owner = yes"
    
    are set. Found by Björn Jacke. Thanks Björn !
    
    Autobuild-User: Jeremy Allison <jra at samba.org>
    Autobuild-Date: Tue Jun  7 22:32:18 CEST 2011 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/modules/vfs_acl_common.c |   21 +++++++++++++++++----
 1 files changed, 17 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index a177146..fc9c3cd 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -448,10 +448,14 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
 	struct security_descriptor *psd = NULL;
 	struct dom_sid *owner_sid = NULL;
 	struct dom_sid *group_sid = NULL;
+	uint32_t security_info_sent = (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL);
 	bool inherit_owner = lp_inherit_owner(SNUM(handle->conn));
+	bool inheritable_components = sd_has_inheritable_components(parent_desc,
+					is_directory);
 	size_t size;
 
-	if (!sd_has_inheritable_components(parent_desc, is_directory)) {
+	if (!inheritable_components && !inherit_owner) {
+		/* Nothing to inherit and not setting owner. */
 		return NT_STATUS_OK;
 	}
 
@@ -487,6 +491,17 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
 		return status;
 	}
 
+	/* If inheritable_components == false,
+	   se_create_child_secdesc()
+	   creates a security desriptor with a NULL dacl
+	   entry, but with SEC_DESC_DACL_PRESENT. We need
+	   to remove that flag. */
+
+	if (!inheritable_components) {
+		security_info_sent &= ~SECINFO_DACL;
+		psd->type &= ~SEC_DESC_DACL_PRESENT;
+	}
+
 	if (DEBUGLEVEL >= 10) {
 		DEBUG(10,("inherit_new_acl: child acl for %s is:\n",
 			fsp_str_dbg(fsp) ));
@@ -498,9 +513,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
 		become_root();
 	}
 	status = SMB_VFS_FSET_NT_ACL(fsp,
-				(SECINFO_OWNER |
-				 SECINFO_GROUP |
-				 SECINFO_DACL),
+				security_info_sent,
 				psd);
 	if (inherit_owner) {
 		unbecome_root();


-- 
Samba Shared Repository

More information about the samba-cvs mailing list