[SCM] Samba Shared Repository - branch master updated
Michael Adam
obnox at samba.org
Mon Mar 11 12:47:02 MDT 2013
The branch, master has been updated
via 58e385a Revert "Ensure the masks don't conflict with the ACL checks."
via fc496ef smbd:posix_acls Remove incorrectly added lp_create_mask() and lp_dir_mask() calls
from 287b5f6 param: Remove incorrectly added defaults in AD DC allowing WORLD WRITABLE files
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 58e385a5ac37c072a4eef3baa7926b799a732e94
Author: Andrew Bartlett <abartlet at samba.org>
Date: Sun Mar 10 20:25:53 2013 +1100
Revert "Ensure the masks don't conflict with the ACL checks."
This reverts commit 78594909b8b22bd07978922b1c85dfd6f6456963 which was
needed by 7622aa16adeb00bf161a6dd07664c37125391272.
This change masked bug #9462 which was fixed by
2013bb9b4dbed747921df2591068e2765428f57d. The issue was that the
defaults for the substituted parameters did not match the old
parameter. Changing the values in our test suite hid the issue, but
did not fix the issue.
(Additional change in the revert is to correct the expected ACL value
in posixacl.py due to changed implied inherited permissions).
Andrew Bartlett
Reviewed-by: Michael Adam <obnox at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Michael Adam <obnox at samba.org>
Autobuild-Date(master): Mon Mar 11 19:46:24 CET 2013 on sn-devel-104
commit fc496ef323c908a6b621198d9dc8076f6857385e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 8 16:15:37 2013 +1100
smbd:posix_acls Remove incorrectly added lp_create_mask() and lp_dir_mask() calls
When 6adc7dad96b8c7366da042f0d93b28c1ecb092eb removed the calls to
lp_security_mask/lp_force_security_mode/lp_dir_security_mask/lp_force_dir_security_mode
these calls were replaced with lp_create_mask() and lp_dir_mask()
The issue is that while lp_security_mask() and lp_dir_security_mask defaulted to
0777, the replacement calls did not. This changes behaviour, and incorrectly
prevents a posix mode being specified by the client from being applied to
the disk in the non-ACL enabled case.
Andrew Bartlett
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Michael Adam <obnox at samba.org>
-----------------------------------------------------------------------
Summary of changes:
python/samba/tests/posixacl.py | 2 +-
selftest/target/Samba3.pm | 3 +--
selftest/target/Samba4.pm | 3 +--
source3/smbd/posix_acls.c | 17 -----------------
4 files changed, 3 insertions(+), 22 deletions(-)
Changeset truncated at 500 lines:
diff --git a/python/samba/tests/posixacl.py b/python/samba/tests/posixacl.py
index 7cd22eb..f3a4772 100644
--- a/python/samba/tests/posixacl.py
+++ b/python/samba/tests/posixacl.py
@@ -227,7 +227,7 @@ class PosixAclMappingTests(TestCaseInTempDir):
smbd.chown(self.tempdir, BA_id, SO_id)
smbd.set_simple_acl(self.tempdir, 0750)
facl = getntacl(self.lp, self.tempdir, direct_db_access=False)
- acl = "O:BAG:SOD:(A;;0x001f01ff;;;BA)(A;;0x001200a9;;;SO)(A;;;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001f01ff;;;CG)(A;OICIIO;0x001f01ff;;;WD)"
+ acl = "O:BAG:SOD:(A;;0x001f01ff;;;BA)(A;;0x001200a9;;;SO)(A;;;;;WD)(A;OICIIO;0x001f01ff;;;CO)(A;OICIIO;0x001200a9;;;CG)(A;OICIIO;0x001200a9;;;WD)"
anysid = security.dom_sid(security.SID_NT_SELF)
self.assertEquals(acl, facl.as_sddl(anysid))
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 8d9c4b9..72c1116 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -986,8 +986,7 @@ sub provision($$$$$$)
map system = no
map readonly = no
store dos attributes = yes
- create mask = 0777
- directory mask = 0777
+ create mask = 755
dos filemode = yes
vfs objects = $vfs_modulesdir_abs/acl_xattr.so $vfs_modulesdir_abs/fake_acls.so $vfs_modulesdir_abs/xattr_tdb.so $vfs_modulesdir_abs/streams_depot.so
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 6f69414..495cc23 100644
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -1399,8 +1399,7 @@ sub provision_plugin_s4_dc($$)
smbd:sharedelay = 100000
smbd:writetimeupdatedelay = 500000
- create mask = 0777
- directory mask = 0777
+ create mask = 755
dos filemode = yes
dcerpc endpoint servers = -winreg -srvsvc
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index fbeb662..ee8b4d3 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3084,14 +3084,11 @@ SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl)
static bool convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file_ace_list, mode_t *posix_perms)
{
- int snum = SNUM(fsp->conn);
size_t ace_count = count_canon_ace_list(file_ace_list);
canon_ace *ace_p;
canon_ace *owner_ace = NULL;
canon_ace *group_ace = NULL;
canon_ace *other_ace = NULL;
- mode_t and_bits;
- mode_t or_bits;
if (ace_count != 3) {
DEBUG(3,("convert_canon_ace_to_posix_perms: Too many ACE "
@@ -3131,20 +3128,6 @@ static bool convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file
if (fsp->is_directory)
*posix_perms |= (S_IWUSR|S_IXUSR);
- /* If requested apply the masks. */
-
- /* Get the initial bits to apply. */
-
- if (fsp->is_directory) {
- and_bits = lp_dir_mask(snum);
- or_bits = lp_force_dir_mode(snum);
- } else {
- and_bits = lp_create_mask(snum);
- or_bits = lp_force_create_mode(snum);
- }
-
- *posix_perms = (((*posix_perms) & and_bits)|or_bits);
-
DEBUG(10,("convert_canon_ace_to_posix_perms: converted u=%o,g=%o,w=%o "
"to perm=0%o for file %s.\n", (int)owner_ace->perms,
(int)group_ace->perms, (int)other_ace->perms,
--
Samba Shared Repository
More information about the samba-cvs
mailing list