[SCM] Samba Shared Repository - branch master updated

Michael Adam obnox at samba.org
Thu Nov 15 11:53:02 MST 2012


The branch, master has been updated
       via  cf1540b Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs.
      from  4ed7803 popt_common: Fix typos.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit cf1540b73714fac6b25de5942cbd821e5f4f6ffc
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Nov 13 11:22:15 2012 -0800

    Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs.
    
    Not caught by make test as it's an extreme edge case for strange
    incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
    pass against 3.6.x and 4.0.0 with acl_xattr mapped onto a POSIX backend.
    
    An incoming inheritable ACE entry containing only one permission,
    WRITE_DATA maps into a POSIX owner perm of "-w-", which violates
    the principle that the owner of a file/directory can always read.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Michael Adam <obnox at samba.org>
    
    Autobuild-User(master): Michael Adam <obnox at samba.org>
    Autobuild-Date(master): Thu Nov 15 19:52:52 CET 2012 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/posix_acls.c |   17 ++++++++++-------
 1 files changed, 10 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index b8e0d4a..bca5304 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1431,10 +1431,11 @@ static bool ensure_canon_entry_valid_on_set(connection_struct *conn,
 
 	for (pace = *pp_ace; pace; pace = pace->next) {
 		if (pace->type == SMB_ACL_USER_OBJ) {
-
-			if (!is_default_acl) {
-				apply_default_perms(params, is_directory, pace, S_IRUSR);
-			}
+			/*
+			 * Ensure we have default parameters for the
+			 * user (owner) even on default ACLs.
+			 */
+			apply_default_perms(params, is_directory, pace, S_IRUSR);
 			pace_user = pace;
 
 		} else if (pace->type == SMB_ACL_GROUP_OBJ) {
@@ -1515,9 +1516,11 @@ static bool ensure_canon_entry_valid_on_set(connection_struct *conn,
 				pace->perms = pace_other->perms;
 		}
 
-		if (!is_default_acl) {
-			apply_default_perms(params, is_directory, pace, S_IRUSR);
-		}
+		/*
+		 * Ensure we have default parameters for the
+		 * user (owner) even on default ACLs.
+		 */
+		apply_default_perms(params, is_directory, pace, S_IRUSR);
 
 		DLIST_ADD(*pp_ace, pace);
 		pace_user = pace;


-- 
Samba Shared Repository


More information about the samba-cvs mailing list