[SCM] Samba Shared Repository - branch v3-5-test updated

Karolin Seeger kseeger at samba.org
Fri Oct 5 01:52:43 MDT 2012 

The branch, v3-5-test has been updated
       via  7dcb017 When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries.
       via  580f616 Only apply masks on non-default ACL entries when setting the ACL.
       via  9647be9 Use is_default_acl variable in canonicalise_acl().
       via  4ed5dea Reformat spacing to be even.
      from  e521734 html docs: Remove link to Using Samba.

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -----------------------------------------------------------------
commit 7dcb017fc1d8e8af5878b2b0139686829c0c1594
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Oct 2 10:15:54 2012 -0700

    When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries.
    
    Fix bug #9236 - ACL masks incorrectly applied when setting ACLs.

commit 580f61622c449aee8420e3519e764706d11c20fc
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Oct 2 13:01:59 2012 -0700

    Only apply masks on non-default ACL entries when setting the ACL.

commit 9647be9699b464ee5060e8ccc8328adef6d6641d
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Oct 2 09:55:09 2012 -0700

    Use is_default_acl variable in canonicalise_acl().

commit 4ed5deae7b9e155d4bd085d4a36ae05abe0aa0ef
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Oct 2 12:38:16 2012 -0700

    Reformat spacing to be even.

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/posix_acls.c |   55 +++++++++++++++++++++++++++++++--------------
 1 files changed, 38 insertions(+), 17 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 78b373a..646efa4 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1342,12 +1342,13 @@ static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
 ****************************************************************************/
 
 static bool ensure_canon_entry_valid(canon_ace **pp_ace,
-				     const struct share_params *params,
-				     const bool is_directory,
-							const DOM_SID *pfile_owner_sid,
-							const DOM_SID *pfile_grp_sid,
-							const SMB_STRUCT_STAT *pst,
-							bool setting_acl)
+				bool is_default_acl,
+				const struct share_params *params,
+				const bool is_directory,
+				const DOM_SID *pfile_owner_sid,
+				const DOM_SID *pfile_grp_sid,
+				const SMB_STRUCT_STAT *pst,
+				bool setting_acl)
 {
 	canon_ace *pace;
 	bool got_user = False;
@@ -1358,8 +1359,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
 	for (pace = *pp_ace; pace; pace = pace->next) {
 		if (pace->type == SMB_ACL_USER_OBJ) {
 
-			if (setting_acl)
+			if (setting_acl && !is_default_acl) {
 				apply_default_perms(params, is_directory, pace, S_IRUSR);
+			}
 			got_user = True;
 
 		} else if (pace->type == SMB_ACL_GROUP_OBJ) {
@@ -1368,8 +1370,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
 			 * Ensure create mask/force create mode is respected on set.
 			 */
 
-			if (setting_acl)
+			if (setting_acl && !is_default_acl) {
 				apply_default_perms(params, is_directory, pace, S_IRGRP);
+			}
 			got_grp = True;
 
 		} else if (pace->type == SMB_ACL_OTHER) {
@@ -1378,10 +1381,21 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
 			 * Ensure create mask/force create mode is respected on set.
 			 */
 
-			if (setting_acl)
+			if (setting_acl && !is_default_acl) {
 				apply_default_perms(params, is_directory, pace, S_IROTH);
+			}
 			got_other = True;
 			pace_other = pace;
+
+		} else if (pace->type == SMB_ACL_USER || pace->type == SMB_ACL_GROUP) {
+
+			/*
+			 * Ensure create mask/force create mode is respected on set.
+			 */
+
+			if (setting_acl && !is_default_acl) {
+				apply_default_perms(params, is_directory, pace, S_IRGRP);
+			}
 		}
 	}
 
@@ -1425,7 +1439,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
 					pace->perms = pace_other->perms;
 			}
 
-			apply_default_perms(params, is_directory, pace, S_IRUSR);
+			if (!is_default_acl) {
+				apply_default_perms(params, is_directory, pace, S_IRUSR);
+			}
 		} else {
 			pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR);
 		}
@@ -1451,7 +1467,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
 				pace->perms = pace_other->perms;
 			else
 				pace->perms = 0;
-			apply_default_perms(params, is_directory, pace, S_IRGRP);
+			if (!is_default_acl) {
+				apply_default_perms(params, is_directory, pace, S_IRGRP);
+			}
 		} else {
 			pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRGRP, S_IWGRP, S_IXGRP);
 		}
@@ -1473,7 +1491,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
 		pace->attr = ALLOW_ACE;
 		if (setting_acl) {
 			pace->perms = 0;
-			apply_default_perms(params, is_directory, pace, S_IROTH);
+			if (!is_default_acl) {
+				apply_default_perms(params, is_directory, pace, S_IROTH);
+			}
 		} else
 			pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IROTH, S_IWOTH, S_IXOTH);
 
@@ -2318,7 +2338,7 @@ static bool unpack_canon_ace(files_struct *fsp,
 
 	print_canon_ace_list( "file ace - before valid", file_ace);
 
-	if (!ensure_canon_entry_valid(&file_ace, fsp->conn->params,
+	if (!ensure_canon_entry_valid(&file_ace, false, fsp->conn->params,
 			fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
 		free_canon_ace_list(file_ace);
 		free_canon_ace_list(dir_ace);
@@ -2327,7 +2347,7 @@ static bool unpack_canon_ace(files_struct *fsp,
 
 	print_canon_ace_list( "dir ace - before valid", dir_ace);
 
-	if (dir_ace && !ensure_canon_entry_valid(&dir_ace, fsp->conn->params,
+	if (dir_ace && !ensure_canon_entry_valid(&dir_ace, true, fsp->conn->params,
 			fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
 		free_canon_ace_list(file_ace);
 		free_canon_ace_list(dir_ace);
@@ -2416,6 +2436,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
 	canon_ace *ace = NULL;
 	canon_ace *next_ace = NULL;
 	int entry_id = SMB_ACL_FIRST_ENTRY;
+	bool is_default_acl = (the_acl_type == SMB_ACL_TYPE_DEFAULT);
 	SMB_ACL_ENTRY_T entry;
 	size_t ace_count;
 
@@ -2503,7 +2524,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
 		ace->trustee = sid;
 		ace->unix_ug = unix_ug;
 		ace->owner_type = owner_type;
-		ace->ace_flags = get_pai_flags(pal, ace, (the_acl_type == SMB_ACL_TYPE_DEFAULT));
+		ace->ace_flags = get_pai_flags(pal, ace, is_default_acl);
 
 		DLIST_ADD(l_head, ace);
 	}
@@ -2512,7 +2533,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
 	 * This next call will ensure we have at least a user/group/world set.
 	 */
 
-	if (!ensure_canon_entry_valid(&l_head, conn->params,
+	if (!ensure_canon_entry_valid(&l_head, is_default_acl, conn->params,
 				      S_ISDIR(psbuf->st_ex_mode), powner, pgroup,
 				      psbuf, False))
 		goto fail;
@@ -2522,7 +2543,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
 	 * acl_mask. Ensure all DENY Entries are at the start of the list.
 	 */
 
-	DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", the_acl_type == SMB_ACL_TYPE_ACCESS ? "Access" : "Default" ));
+	DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", is_default_acl ?  "Default" : "Access"));
 
 	for ( ace_count = 0, ace = l_head; ace; ace = next_ace, ace_count++) {
 		next_ace = ace->next;


-- 
Samba Shared Repository

More information about the samba-cvs mailing list