[PATCH] Follow-up patch for bug in dealing with "Owner Rights" ACEs when calculating maximum access

Ralph Böhme slow at samba.org
Fri Mar 1 12:12:08 UTC 2019

Hi Jeremy,

> Am 01.03.2019 um 00:12 schrieb Jeremy Allison <jra at samba.org>:
> On Thu, Feb 28, 2019 at 02:11:27PM -0800, Jeremy Allison via samba-technical wrote:
>> On Thu, Feb 28, 2019 at 11:04:54PM +0100, David Disseldorp wrote:
>>>> Is there a MS-DTYP reference for this that I'm missing ?
>>> Hmm, yeah I think you're right, considering owner_rights_allowed in the
>>> TYPE_ACCESS_DENIED path looks wrong here. I'd guess it's a cut'n'paste
>>> error from se_access_check()->bits_remaining. You can have a RB+ from
>>> me for your follow up fix, but let's wait for Ralph's response :)
>> It's more complex than that - I've been doing lots of Windows
>> testing :-).
>> Additional patchset incoming that should get us to match
>> Windows (bizarre:-) behaviour here, once I've got us passing
>> my new tests..
> And here it is. Only remaining query I have is for the
> second patch. I'm adding a test that currently can
> only pass against Windows as it creates a pathological
> 3-element ACL with 2 ALLOWS followed by a DENY that
> Samba can't map as we're going to the POSIX backend.

That's not the problem, we're using vfs_acl_xattr in selftest... The algo is simply still wrong. I'm looking into it.


More information about the samba-technical mailing list