[SCM] Samba Shared Repository - branch v3-5-test updated
Karolin Seeger
kseeger at samba.org
Fri Oct 5 01:52:43 MDT 2012
The branch, v3-5-test has been updated
via 7dcb017 When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries.
via 580f616 Only apply masks on non-default ACL entries when setting the ACL.
via 9647be9 Use is_default_acl variable in canonicalise_acl().
via 4ed5dea Reformat spacing to be even.
from e521734 html docs: Remove link to Using Samba.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -----------------------------------------------------------------
commit 7dcb017fc1d8e8af5878b2b0139686829c0c1594
Author: Jeremy Allison <jra at samba.org>
Date: Tue Oct 2 10:15:54 2012 -0700
When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries.
Fix bug #9236 - ACL masks incorrectly applied when setting ACLs.
commit 580f61622c449aee8420e3519e764706d11c20fc
Author: Jeremy Allison <jra at samba.org>
Date: Tue Oct 2 13:01:59 2012 -0700
Only apply masks on non-default ACL entries when setting the ACL.
commit 9647be9699b464ee5060e8ccc8328adef6d6641d
Author: Jeremy Allison <jra at samba.org>
Date: Tue Oct 2 09:55:09 2012 -0700
Use is_default_acl variable in canonicalise_acl().
commit 4ed5deae7b9e155d4bd085d4a36ae05abe0aa0ef
Author: Jeremy Allison <jra at samba.org>
Date: Tue Oct 2 12:38:16 2012 -0700
Reformat spacing to be even.
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/posix_acls.c | 55 +++++++++++++++++++++++++++++++--------------
1 files changed, 38 insertions(+), 17 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 78b373a..646efa4 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1342,12 +1342,13 @@ static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace )
****************************************************************************/
static bool ensure_canon_entry_valid(canon_ace **pp_ace,
- const struct share_params *params,
- const bool is_directory,
- const DOM_SID *pfile_owner_sid,
- const DOM_SID *pfile_grp_sid,
- const SMB_STRUCT_STAT *pst,
- bool setting_acl)
+ bool is_default_acl,
+ const struct share_params *params,
+ const bool is_directory,
+ const DOM_SID *pfile_owner_sid,
+ const DOM_SID *pfile_grp_sid,
+ const SMB_STRUCT_STAT *pst,
+ bool setting_acl)
{
canon_ace *pace;
bool got_user = False;
@@ -1358,8 +1359,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
for (pace = *pp_ace; pace; pace = pace->next) {
if (pace->type == SMB_ACL_USER_OBJ) {
- if (setting_acl)
+ if (setting_acl && !is_default_acl) {
apply_default_perms(params, is_directory, pace, S_IRUSR);
+ }
got_user = True;
} else if (pace->type == SMB_ACL_GROUP_OBJ) {
@@ -1368,8 +1370,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
* Ensure create mask/force create mode is respected on set.
*/
- if (setting_acl)
+ if (setting_acl && !is_default_acl) {
apply_default_perms(params, is_directory, pace, S_IRGRP);
+ }
got_grp = True;
} else if (pace->type == SMB_ACL_OTHER) {
@@ -1378,10 +1381,21 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
* Ensure create mask/force create mode is respected on set.
*/
- if (setting_acl)
+ if (setting_acl && !is_default_acl) {
apply_default_perms(params, is_directory, pace, S_IROTH);
+ }
got_other = True;
pace_other = pace;
+
+ } else if (pace->type == SMB_ACL_USER || pace->type == SMB_ACL_GROUP) {
+
+ /*
+ * Ensure create mask/force create mode is respected on set.
+ */
+
+ if (setting_acl && !is_default_acl) {
+ apply_default_perms(params, is_directory, pace, S_IRGRP);
+ }
}
}
@@ -1425,7 +1439,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
pace->perms = pace_other->perms;
}
- apply_default_perms(params, is_directory, pace, S_IRUSR);
+ if (!is_default_acl) {
+ apply_default_perms(params, is_directory, pace, S_IRUSR);
+ }
} else {
pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR);
}
@@ -1451,7 +1467,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
pace->perms = pace_other->perms;
else
pace->perms = 0;
- apply_default_perms(params, is_directory, pace, S_IRGRP);
+ if (!is_default_acl) {
+ apply_default_perms(params, is_directory, pace, S_IRGRP);
+ }
} else {
pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRGRP, S_IWGRP, S_IXGRP);
}
@@ -1473,7 +1491,9 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
pace->attr = ALLOW_ACE;
if (setting_acl) {
pace->perms = 0;
- apply_default_perms(params, is_directory, pace, S_IROTH);
+ if (!is_default_acl) {
+ apply_default_perms(params, is_directory, pace, S_IROTH);
+ }
} else
pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IROTH, S_IWOTH, S_IXOTH);
@@ -2318,7 +2338,7 @@ static bool unpack_canon_ace(files_struct *fsp,
print_canon_ace_list( "file ace - before valid", file_ace);
- if (!ensure_canon_entry_valid(&file_ace, fsp->conn->params,
+ if (!ensure_canon_entry_valid(&file_ace, false, fsp->conn->params,
fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
@@ -2327,7 +2347,7 @@ static bool unpack_canon_ace(files_struct *fsp,
print_canon_ace_list( "dir ace - before valid", dir_ace);
- if (dir_ace && !ensure_canon_entry_valid(&dir_ace, fsp->conn->params,
+ if (dir_ace && !ensure_canon_entry_valid(&dir_ace, true, fsp->conn->params,
fsp->is_directory, pfile_owner_sid, pfile_grp_sid, pst, True)) {
free_canon_ace_list(file_ace);
free_canon_ace_list(dir_ace);
@@ -2416,6 +2436,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
canon_ace *ace = NULL;
canon_ace *next_ace = NULL;
int entry_id = SMB_ACL_FIRST_ENTRY;
+ bool is_default_acl = (the_acl_type == SMB_ACL_TYPE_DEFAULT);
SMB_ACL_ENTRY_T entry;
size_t ace_count;
@@ -2503,7 +2524,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
ace->trustee = sid;
ace->unix_ug = unix_ug;
ace->owner_type = owner_type;
- ace->ace_flags = get_pai_flags(pal, ace, (the_acl_type == SMB_ACL_TYPE_DEFAULT));
+ ace->ace_flags = get_pai_flags(pal, ace, is_default_acl);
DLIST_ADD(l_head, ace);
}
@@ -2512,7 +2533,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
* This next call will ensure we have at least a user/group/world set.
*/
- if (!ensure_canon_entry_valid(&l_head, conn->params,
+ if (!ensure_canon_entry_valid(&l_head, is_default_acl, conn->params,
S_ISDIR(psbuf->st_ex_mode), powner, pgroup,
psbuf, False))
goto fail;
@@ -2522,7 +2543,7 @@ static canon_ace *canonicalise_acl(struct connection_struct *conn,
* acl_mask. Ensure all DENY Entries are at the start of the list.
*/
- DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", the_acl_type == SMB_ACL_TYPE_ACCESS ? "Access" : "Default" ));
+ DEBUG(10,("canonicalise_acl: %s ace entries before arrange :\n", is_default_acl ? "Default" : "Access"));
for ( ace_count = 0, ace = l_head; ace; ace = next_ace, ace_count++) {
next_ace = ace->next;
--
Samba Shared Repository
More information about the samba-cvs
mailing list