[SCM] Samba Shared Repository - branch v4-3-test updated
Karolin Seeger
kseeger at samba.org
Tue Sep 20 11:39:03 UTC 2016
The branch, v4-3-test has been updated
via 0b0574e lib: poll_funcs : poll_funcs_context_slot_find can select the wrong slot to replace.
via 5eeeeff lib/poll_funcs: free contexts in poll_funcs_state_destructor()
via 5992c18 vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes
via e124785 docs: document vfs_acl_xattr|tdb enforced settings
via 26a2321 vfs_shadow_copy: handle non-existant files and wildcards
via 2a4de13 selftest: test listing directories inside snapshots
via dcf7d85 selftest: check file readability in shadow_copy2 test
via d835679 selftest: add content to files created during shadow_copy2 test
from 6a8400e smbd: Reset O_NONBLOCK on open files
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-3-test
- Log -----------------------------------------------------------------
commit 0b0574e31aa2aed76b25b891dc87f50bf117660f
Author: Jeremy Allison <jra at samba.org>
Date: Mon Sep 19 11:47:22 2016 -0700
lib: poll_funcs : poll_funcs_context_slot_find can select the wrong slot to replace.
Look for an exact match first, before a free slot.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12272
Back-port from 085542fc93b3c603e8cda6e481e94d5fe2dfc669
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(v4-3-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-3-test): Tue Sep 20 13:38:44 CEST 2016 on sn-devel-104
commit 5eeeeff10b7d1054d9e955f09ca504cd2b6e6be4
Author: Jeremy Allison <jra at samba.org>
Date: Mon Sep 19 11:42:05 2016 -0700
lib/poll_funcs: free contexts in poll_funcs_state_destructor()
This ensures the destructors get called in the proper order.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12272
Back-port from c132b78c484c14d255a98567e90b934b73ebf8c2
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5992c18963f3ed677fa5b92cb7322107e9990344
Author: Ralph Boehme <slow at samba.org>
Date: Fri Aug 26 10:04:53 2016 +0200
vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes
When "ignore system acls" is set to "yes, we need to ensure filesystem
permission always grant access so that when doing our own access checks
we don't run into situations where we grant access but the filesystem
doesn't.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12181
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Aug 31 18:41:20 CEST 2016 on sn-devel-144
(cherry picked from commit b72287514cc78c9019db7385af4c9b9d94f60894)
commit e124785536a284f183d1affc73ee4cf64a968bc8
Author: Ralph Boehme <slow at samba.org>
Date: Fri Aug 26 10:22:37 2016 +0200
docs: document vfs_acl_xattr|tdb enforced settings
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12181
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit cbe8f0d63b90e4380da35e9f9f5a05d8ccc2058b)
commit 26a23214a93e0bbacc77f8f5947632a4e5fd3b66
Author: Uri Simchoni <uri at samba.org>
Date: Wed Aug 24 14:42:23 2016 +0300
vfs_shadow_copy: handle non-existant files and wildcards
During path checking, the vfs connectpath_fn is called to
determine the share's root, relative to the file being
queried (for example, in snapshot file this may be other
than the share's "usual" root directory). connectpath_fn
must be able to answer this question even if the path does
not exist and its parent does exist. The convention in this
case is that this refers to a yet-uncreated file under the parent
and all queries are relative to the parent.
This also serves as a workaround for the case where connectpath_fn
has to handle wildcards, as with the case of SMB1 trans2 findfirst.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Aug 25 05:35:29 CEST 2016 on sn-devel-144
(cherry picked from commit f41f439335efb352d03a842c370212a0af77262a)
commit 2a4de134c8753cf10626faa121848f3709198b3d
Author: Uri Simchoni <uri at samba.org>
Date: Tue Aug 23 14:29:39 2016 +0300
selftest: test listing directories inside snapshots
Verify that directories are also listable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 22c3982100a1d6bf67979a0659604942ef6f11f0)
commit dcf7d8585aa7510a31a47545d410ec2a4dd58791
Author: Uri Simchoni <uri at samba.org>
Date: Tue Aug 23 14:03:30 2016 +0300
selftest: check file readability in shadow_copy2 test
Add tests which verify that a snapshot file is readable
if and only if it its metadata can be retrieved. Also
verify (in most tests) that file is retrieved from the
correct snapshot.
Together with the existing test for number of previous
versions we can stat, this test checks that we can read
those files, and also that we cannot break out of a snapshot
if wide links are not allowed.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 495b8177363bf1930f3afb373ad73caac022f353)
commit d83567942aa35e22d96dd126c4d8d5b1d5e88160
Author: Uri Simchoni <uri at samba.org>
Date: Tue Aug 23 11:33:52 2016 +0300
selftest: add content to files created during shadow_copy2 test
This will allow reading them and verifying we got the right version
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172
Signed-off-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 523046080dd65607eacb901d58ee3b6e54de865e)
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/vfs_acl_tdb.8.xml | 24 ++++++++
docs-xml/manpages/vfs_acl_xattr.8.xml | 24 ++++++++
source3/lib/poll_funcs/poll_funcs_tevent.c | 17 +++++-
source3/modules/vfs_acl_tdb.c | 21 +++++++
source3/modules/vfs_acl_xattr.c | 21 +++++++
source3/modules/vfs_shadow_copy2.c | 31 +++++++++-
source3/script/tests/test_shadow_copy.sh | 96 ++++++++++++++++++++++++------
source4/torture/vfs/acl_xattr.c | 4 +-
8 files changed, 216 insertions(+), 22 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/vfs_acl_tdb.8.xml b/docs-xml/manpages/vfs_acl_tdb.8.xml
index 9ef3962..d62f2e1 100644
--- a/docs-xml/manpages/vfs_acl_tdb.8.xml
+++ b/docs-xml/manpages/vfs_acl_tdb.8.xml
@@ -40,6 +40,15 @@
<filename>$LOCKDIR/file_ntacls.tdb</filename>.
</para>
+ <para>
+ This module forces the following parameters:
+ <itemizedlist>
+ <listitem><para>inherit acls = true</para></listitem>
+ <listitem><para>dos filemode = true</para></listitem>
+ <listitem><para>force unknown acl user = true</para></listitem>
+ </itemizedlist>
+ </para>
+
<para>This module is stackable.</para>
</refsect1>
@@ -61,6 +70,21 @@
access the data via Samba you might set this to yes to achieve
better NT ACL compatibility.
</para>
+
+ <para>
+ If <emphasis>acl_tdb:ignore system acls</emphasis>
+ is set to <emphasis>yes</emphasis>, the following
+ additional settings will be enforced:
+ <itemizedlist>
+ <listitem><para>create mask = 0666</para></listitem>
+ <listitem><para>directory mask = 0777</para></listitem>
+ <listitem><para>map archive = no</para></listitem>
+ <listitem><para>map hidden = no</para></listitem>
+ <listitem><para>map readonly = no</para></listitem>
+ <listitem><para>map system = no</para></listitem>
+ <listitem><para>store dos attributes = yes</para></listitem>
+ </itemizedlist>
+ </para>
</listitem>
</varlistentry>
diff --git a/docs-xml/manpages/vfs_acl_xattr.8.xml b/docs-xml/manpages/vfs_acl_xattr.8.xml
index 17cb3d3..4c609cb 100644
--- a/docs-xml/manpages/vfs_acl_xattr.8.xml
+++ b/docs-xml/manpages/vfs_acl_xattr.8.xml
@@ -44,6 +44,15 @@
</command>).
</para>
+ <para>
+ This module forces the following parameters:
+ <itemizedlist>
+ <listitem><para>inherit acls = true</para></listitem>
+ <listitem><para>dos filemode = true</para></listitem>
+ <listitem><para>force unknown acl user = true</para></listitem>
+ </itemizedlist>
+ </para>
+
<para>This module is stackable.</para>
</refsect1>
@@ -65,6 +74,21 @@
access the data via Samba you might set this to yes to achieve
better NT ACL compatibility.
</para>
+
+ <para>
+ If <emphasis>acl_xattr:ignore system acls</emphasis>
+ is set to <emphasis>yes</emphasis>, the following
+ additional settings will be enforced:
+ <itemizedlist>
+ <listitem><para>create mask = 0666</para></listitem>
+ <listitem><para>directory mask = 0777</para></listitem>
+ <listitem><para>map archive = no</para></listitem>
+ <listitem><para>map hidden = no</para></listitem>
+ <listitem><para>map readonly = no</para></listitem>
+ <listitem><para>map system = no</para></listitem>
+ <listitem><para>store dos attributes = yes</para></listitem>
+ </itemizedlist>
+ </para>
</listitem>
</varlistentry>
diff --git a/source3/lib/poll_funcs/poll_funcs_tevent.c b/source3/lib/poll_funcs/poll_funcs_tevent.c
index 565cdaf..a18cb23 100644
--- a/source3/lib/poll_funcs/poll_funcs_tevent.c
+++ b/source3/lib/poll_funcs/poll_funcs_tevent.c
@@ -302,6 +302,9 @@ static int poll_funcs_state_destructor(struct poll_funcs_state *state)
for (i=0; i<state->num_watches; i++) {
TALLOC_FREE(state->watches[i]);
}
+ for (i=0; i<state->num_contexts; i++) {
+ TALLOC_FREE(state->contexts[i]);
+ }
return 0;
}
@@ -315,15 +318,27 @@ static bool poll_funcs_context_slot_find(struct poll_funcs_state *state,
struct poll_funcs_tevent_context **contexts;
unsigned i;
+ /* Look for an existing match first. */
for (i=0; i<state->num_contexts; i++) {
struct poll_funcs_tevent_context *ctx = state->contexts[i];
- if ((ctx == NULL) || (ctx->ev == ev)) {
+ if (ctx != NULL && ctx->ev == ev) {
*slot = i;
return true;
}
}
+ /* Now look for a free slot. */
+ for (i=0; i<state->num_contexts; i++) {
+ struct poll_funcs_tevent_context *ctx = state->contexts[i];
+
+ if (ctx == NULL) {
+ *slot = i;
+ return true;
+ }
+ }
+
+
contexts = talloc_realloc(state, state->contexts,
struct poll_funcs_tevent_context *,
state->num_contexts + 1);
diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
index d2417d7..7983a89 100644
--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -306,6 +306,7 @@ static int connect_acl_tdb(struct vfs_handle_struct *handle,
{
int ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
bool ok;
+ struct acl_common_config *config = NULL;
if (ret < 0) {
return ret;
@@ -333,6 +334,26 @@ static int connect_acl_tdb(struct vfs_handle_struct *handle,
lp_do_parameter(SNUM(handle->conn), "dos filemode", "true");
lp_do_parameter(SNUM(handle->conn), "force unknown acl user", "true");
+ SMB_VFS_HANDLE_GET_DATA(handle, config,
+ struct acl_common_config,
+ return -1);
+
+ if (config->ignore_system_acls) {
+ DBG_NOTICE("setting 'create mask = 0666', "
+ "'directory mask = 0777', "
+ "'store dos attributes = yes' and all "
+ "'map ...' options to 'no'\n");
+
+ lp_do_parameter(SNUM(handle->conn), "create mask", "0666");
+ lp_do_parameter(SNUM(handle->conn), "directory mask", "0777");
+ lp_do_parameter(SNUM(handle->conn), "map archive", "no");
+ lp_do_parameter(SNUM(handle->conn), "map hidden", "no");
+ lp_do_parameter(SNUM(handle->conn), "map readonly", "no");
+ lp_do_parameter(SNUM(handle->conn), "map system", "no");
+ lp_do_parameter(SNUM(handle->conn), "store dos attributes",
+ "yes");
+ }
+
return 0;
}
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index ae032c8..e710899 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -181,6 +181,7 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle,
{
int ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
bool ok;
+ struct acl_common_config *config = NULL;
if (ret < 0) {
return ret;
@@ -203,6 +204,26 @@ static int connect_acl_xattr(struct vfs_handle_struct *handle,
lp_do_parameter(SNUM(handle->conn), "dos filemode", "true");
lp_do_parameter(SNUM(handle->conn), "force unknown acl user", "true");
+ SMB_VFS_HANDLE_GET_DATA(handle, config,
+ struct acl_common_config,
+ return -1);
+
+ if (config->ignore_system_acls) {
+ DBG_NOTICE("setting 'create mask = 0666', "
+ "'directory mask = 0777', "
+ "'store dos attributes = yes' and all "
+ "'map ...' options to 'no'\n");
+
+ lp_do_parameter(SNUM(handle->conn), "create mask", "0666");
+ lp_do_parameter(SNUM(handle->conn), "directory mask", "0777");
+ lp_do_parameter(SNUM(handle->conn), "map archive", "no");
+ lp_do_parameter(SNUM(handle->conn), "map hidden", "no");
+ lp_do_parameter(SNUM(handle->conn), "map readonly", "no");
+ lp_do_parameter(SNUM(handle->conn), "map system", "no");
+ lp_do_parameter(SNUM(handle->conn), "store dos attributes",
+ "yes");
+ }
+
return 0;
}
diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c
index 7ecdda5..1f38b85 100644
--- a/source3/modules/vfs_shadow_copy2.c
+++ b/source3/modules/vfs_shadow_copy2.c
@@ -1793,6 +1793,7 @@ static const char *shadow_copy2_connectpath(struct vfs_handle_struct *handle,
char *stripped = NULL;
char *tmp = NULL;
char *result = NULL;
+ char *parent_dir = NULL;
int saved_errno;
size_t rootpath_len = 0;
@@ -1809,7 +1810,34 @@ static const char *shadow_copy2_connectpath(struct vfs_handle_struct *handle,
tmp = shadow_copy2_do_convert(talloc_tos(), handle, stripped, timestamp,
&rootpath_len);
if (tmp == NULL) {
- goto done;
+ if (errno != ENOENT) {
+ goto done;
+ }
+
+ /*
+ * If the converted path does not exist, and converting
+ * the parent yields something that does exist, then
+ * this path refers to something that has not been
+ * created yet, relative to the parent path.
+ * The snapshot finding is relative to the parent.
+ * (usually snapshots are read/only but this is not
+ * necessarily true).
+ * This code also covers getting a wildcard in the
+ * last component, because this function is called
+ * prior to sanitizing the path, and in SMB1 we may
+ * get wildcards in path names.
+ */
+ if (!parent_dirname(talloc_tos(), stripped, &parent_dir,
+ NULL)) {
+ errno = ENOMEM;
+ goto done;
+ }
+
+ tmp = shadow_copy2_do_convert(talloc_tos(), handle, parent_dir,
+ timestamp, &rootpath_len);
+ if (tmp == NULL) {
+ goto done;
+ }
}
DBG_DEBUG("converted path is [%s] root path is [%.*s]\n", tmp,
@@ -1827,6 +1855,7 @@ done:
saved_errno = errno;
TALLOC_FREE(tmp);
TALLOC_FREE(stripped);
+ TALLOC_FREE(parent_dir);
errno = saved_errno;
return result;
}
diff --git a/source3/script/tests/test_shadow_copy.sh b/source3/script/tests/test_shadow_copy.sh
index eecd5b8..6760ba3 100755
--- a/source3/script/tests/test_shadow_copy.sh
+++ b/source3/script/tests/test_shadow_copy.sh
@@ -42,9 +42,11 @@ build_files()
local prefix
local version
local destdir
+ local content
rootdir=$1
prefix=$2
version=$3
+ content=$4
if [ -n "$prefix" ] ; then
destdir=$rootdir/$prefix
else
@@ -56,27 +58,27 @@ build_files()
#non-snapshot files
# for non-snapshot version, create legit files
# so that wide-link checks focus on snapshot files
- touch $destdir/foo
+ echo "$content" > $destdir/foo
mkdir -p $destdir/bar
- touch $destdir/bar/baz
- touch $destdir/bar/lfoo
- touch $destdir/bar/letcpasswd
- touch $destdir/bar/loutside
+ echo "$content" > $destdir/bar/baz
+ echo "$content" > $destdir/bar/lfoo
+ echo "$content" > $destdir/bar/letcpasswd
+ echo "$content" > $destdir/bar/loutside
elif [ "$version" = "fullsnap" ] ; then
#snapshot files
- touch $destdir/foo
+ echo "$content" > $destdir/foo
mkdir -p $destdir/bar
- touch $destdir/bar/baz
+ echo "$content" > $destdir/bar/baz
ln -fs ../foo $destdir/bar/lfoo
ln -fs /etc/passwd $destdir/bar/letcpasswd
ln -fs ../../outside $destdir/bar/loutside
- touch `dirname $destdir`/outside
+ echo "$content" > `dirname $destdir`/outside
else #subshare snapshot - at bar
- touch $destdir/baz
+ echo "$content" > $destdir/baz
ln -fs ../foo $destdir/lfoo
ln -fs /etc/passwd $destdir/letcpasswd
ln -fs ../../outside $destdir/loutside
- touch `dirname $destdir`/../outside
+ echo "$content" > `dirname $destdir`/../outside
fi
}
@@ -117,7 +119,7 @@ build_snapshots()
for i in `seq $start $end` ; do
snapname=${SNAPSHOTS[$i]}
mkdir $snapdir/$snapname
- build_files $snapdir/$snapname "$prefix" $version
+ build_files $snapdir/$snapname "$prefix" $version "$snapname"
done
}
@@ -127,18 +129,72 @@ test_count_versions()
local share
local path
local expected_count
+ local skip_content
local versions
+ local tstamps
+ local tstamp
+ local content
+ local is_dir
share=$1
path=$2
expected_count=$3
+ skip_content=$4
versions=`$SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "allinfo $path" | grep "^create_time:" | wc -l`
- if [ "$versions" = "$expected_count" ] ; then
- true
- else
+ if [ "$versions" != "$expected_count" ] ; then
echo "expected $expected_count versions of $path, got $versions"
- false
+ return 1
+ fi
+
+ is_dir=0
+ $SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "allinfo $path" | grep "^attributes:.*D" && is_dir=1
+ if [ $is_dir = 1 ] ; then
+ skip_content=1
fi
+
+ #readable snapshots
+ tstamps=`$SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "allinfo $path" | awk '/^@GMT-/ {snapshot=$1} /^create_time:/ {printf "%s\n", snapshot}'`
+ for tstamp in $tstamps ; do
+ if [ $is_dir = 0 ] ;
+ then
+ if ! $SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "get $tstamp\\$path $WORKDIR/foo" ; then
+ echo "Failed getting \\\\$SERVER\\$share\\$tstamp\\$path"
+ return 1
+ fi
+ else
+ if ! $SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "ls $tstamp\\$path\\*" ; then
+ echo "Failed listing \\\\$SERVER\\$share\\$tstamp\\$path"
+ return 1
+ fi
+ fi
+
+ #also check the content, but not for wide links
+ if [ "x$skip_content" != "x1" ] ; then
+ content=`cat $WORKDIR/foo`
+ if [ "$content" != "$tstamp" ] ; then
+ echo "incorrect content of \\\\$SERVER\\$share\\$tstamp\\$path expected [$tstamp] got [$content]"
+ return 1
+ fi
+ fi
+ done
+
+ #non-readable snapshots
+ tstamps=`$SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "allinfo $path" | \
+ awk '/^@GMT-/ {if (snapshot!=""){printf "%s\n", snapshot} ; snapshot=$1} /^create_time:/ {snapshot=""} END {if (snapshot!=""){printf "%s\n", snapshot}}'`
+ for tstamp in $tstamps ; do
+ if [ $is_dir = 0 ] ;
+ then
+ if $SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "get $tstamp\\$path $WORKDIR/foo" ; then
+ echo "Unexpected success getting \\\\$SERVER\\$share\\$tstamp\\$path"
+ return 1
+ fi
+ else
+ if $SMBCLIENT -U$USERNAME%$PASSWORD "//$SERVER/$share" -I $SERVER_IP -c "ls $tstamp\\$path\\*" ; then
+ echo "Unexpected success listing \\\\$SERVER\\$share\\$tstamp\\$path"
+ return 1
+ fi
+ fi
+ done
}
# Test fetching a previous version of a file
@@ -194,11 +250,15 @@ test_shadow_copy_fixed()
failed=`expr $failed + 1`
testit "$msg - abs symlink outside" \
- test_count_versions $share bar/letcpasswd $ncopies_blocked || \
+ test_count_versions $share bar/letcpasswd $ncopies_blocked 1 || \
failed=`expr $failed + 1`
testit "$msg - rel symlink outside" \
- test_count_versions $share bar/loutside $ncopies_blocked || \
+ test_count_versions $share bar/loutside $ncopies_blocked 1 || \
+ failed=`expr $failed + 1`
+
+ testit "$msg - list directory" \
+ test_count_versions $share bar $ncopies_allowed || \
failed=`expr $failed + 1`
}
@@ -262,7 +322,7 @@ test_shadow_copy_everywhere()
}
#build "latest" files
-build_files $WORKDIR/mount base/share "latest"
+build_files $WORKDIR/mount base/share "latest" "latest"
failed=0
diff --git a/source4/torture/vfs/acl_xattr.c b/source4/torture/vfs/acl_xattr.c
index 7fd10d0..df4dd29 100644
--- a/source4/torture/vfs/acl_xattr.c
+++ b/source4/torture/vfs/acl_xattr.c
@@ -169,8 +169,8 @@ static bool test_default_acl_posix(struct torture_context *tctx,
exp_sd = security_descriptor_dacl_create(
tctx, 0, owner_sid, group_sid,
owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_ALL, 0,
- group_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE, 0,
- SID_WORLD, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_READ | SEC_FILE_EXECUTE, 0,
+ group_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, FILE_GENERIC_READ|FILE_GENERIC_WRITE|FILE_GENERIC_EXECUTE, 0,
+ SID_WORLD, SEC_ACE_TYPE_ACCESS_ALLOWED, FILE_GENERIC_READ|FILE_GENERIC_WRITE|FILE_GENERIC_EXECUTE, 0,
SID_NT_SYSTEM, SEC_ACE_TYPE_ACCESS_ALLOWED, SEC_RIGHTS_FILE_ALL, 0,
NULL);
--
Samba Shared Repository
More information about the samba-cvs
mailing list