[SCM] Samba Shared Repository - branch v3-6-test updated
Karolin Seeger
kseeger at samba.org
Thu Jun 9 12:03:26 MDT 2011
The branch, v3-6-test has been updated
via 4d47e12 Fix re-opened bug 8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module.
from 9994cca Part 5 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 4d47e12865ec5bb117e3d992522900a4c6fc84d3
Author: Jeremy Allison <jra at samba.org>
Date: Tue Jun 7 11:54:35 2011 -0700
Fix re-opened bug 8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module.
Fix incorrect interaction when all of
"inherit permissions = yes"
"inherit acls = yes"
"inherit owner = yes"
are set. Found by Björn Jacke. Thanks Björn !
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_acl_common.c | 21 +++++++++++++++++----
1 files changed, 17 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 84d666a..0dd2fc3 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -448,10 +448,14 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
struct security_descriptor *psd = NULL;
struct dom_sid *owner_sid = NULL;
struct dom_sid *group_sid = NULL;
+ uint32_t security_info_sent = (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL);
bool inherit_owner = lp_inherit_owner(SNUM(handle->conn));
+ bool inheritable_components = sd_has_inheritable_components(parent_desc,
+ is_directory);
size_t size;
- if (!sd_has_inheritable_components(parent_desc, is_directory)) {
+ if (!inheritable_components && !inherit_owner) {
+ /* Nothing to inherit and not setting owner. */
return NT_STATUS_OK;
}
@@ -487,6 +491,17 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
return status;
}
+ /* If inheritable_components == false,
+ se_create_child_secdesc()
+ creates a security desriptor with a NULL dacl
+ entry, but with SEC_DESC_DACL_PRESENT. We need
+ to remove that flag. */
+
+ if (!inheritable_components) {
+ security_info_sent &= ~SECINFO_DACL;
+ psd->type &= ~SEC_DESC_DACL_PRESENT;
+ }
+
if (DEBUGLEVEL >= 10) {
DEBUG(10,("inherit_new_acl: child acl for %s is:\n",
fsp_str_dbg(fsp) ));
@@ -498,9 +513,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
become_root();
}
status = SMB_VFS_FSET_NT_ACL(fsp,
- (SECINFO_OWNER |
- SECINFO_GROUP |
- SECINFO_DACL),
+ security_info_sent,
psd);
if (inherit_owner) {
unbecome_root();
--
Samba Shared Repository
More information about the samba-cvs
mailing list