Patches bug #10773 (SECINFO_PROTECTED_DACL is not ignored)
Jeremy Allison
jra at samba.org
Thu Aug 21 17:34:22 MDT 2014
On Wed, Aug 20, 2014 at 04:35:47PM +0200, Stefan (metze) Metzmacher wrote:
> Hi,
>
> here're some patches for
> https://bugzilla.samba.org/show_bug.cgi?id=10773
>
> It seems we need to ignore flags like SECINFO_PROTECTED_DACL.
>
> Otherwise we get unexpected behaviours from the Windows
> MoveSecurityAttributes() function.
>
> Please review.
>
> Jeremy, do you think we should keep the SECINFO_PROTECTED_DACL
> logic in posix_get_nt_acl_common()?
Great catch - thanks ! Pushed. The interaction between
get_sd() and the code in smbd/posix_acls.c was really
toxic and hadn't been noticed at all :-(.
It was added in commit 9251afe35bc402bbab816d7c33673d4ef3fb0351
when I added the parameter "map acl inheritance" and I know I
*certainly* didn't understand the relationship between
SECINFO_PROTECTED_DACL flag sent in the incoming set_sd
request and the SEC_DESC_DACL_PROTECTED flags in the sd
itself.
So I think the following additional patch would certainly clean
up this code.
Review welcome !
Thanks,
Jeremy.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-s3-smbd-POSIX-ACLs.-Remove-incorrect-check-for-SECIN.patch
Type: text/x-diff
Size: 1188 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20140821/2ce035e0/attachment.patch>
More information about the samba-technical
mailing list