[SCM] Samba Shared Repository - branch v3-6-test updated
Karolin Seeger
kseeger at samba.org
Thu Nov 15 01:03:59 MST 2012
The branch, v3-6-test has been updated
via e2eb914 Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs.
from ffdd0a8 s3-kerberos: also try with AES keys, when decrypting tickets.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit e2eb914cb986e28e412863553010795bff8ac3e1
Author: Jeremy Allison <jra at samba.org>
Date: Thu Nov 8 13:45:19 2012 -0800
Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs.
Not caught by make test as it's an extreme edge case for strange
incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which
isn't tested in make test).
An incoming inheritable ACE entry containing only one permission,
WRITE_DATA maps into a POSIX owner perm of "-w-", which violates
the principle that the owner of a file/directory can always read.
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/posix_acls.c | 14 ++++++++++----
1 files changed, 10 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 22ad40f..8d6e7ec 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1372,7 +1372,11 @@ static bool ensure_canon_entry_valid(connection_struct *conn,
for (pace = *pp_ace; pace; pace = pace->next) {
if (pace->type == SMB_ACL_USER_OBJ) {
- if (setting_acl && !is_default_acl) {
+ if (setting_acl) {
+ /*
+ * Ensure we have default parameters for the
+ * user (owner) even on default ACLs.
+ */
apply_default_perms(params, is_directory, pace, S_IRUSR);
}
got_user = True;
@@ -1452,9 +1456,11 @@ static bool ensure_canon_entry_valid(connection_struct *conn,
pace->perms = pace_other->perms;
}
- if (!is_default_acl) {
- apply_default_perms(params, is_directory, pace, S_IRUSR);
- }
+ /*
+ * Ensure we have default parameters for the
+ * user (owner) even on default ACLs.
+ */
+ apply_default_perms(params, is_directory, pace, S_IRUSR);
} else {
pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR);
}
--
Samba Shared Repository
More information about the samba-cvs
mailing list