The branch, v3-3-test has been updated
via adbab86c4c3adb6c0750f081efe4cba242761213 (commit)
from 38234ec8f3665bb867641a4d7a226e4aed6cd124 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit adbab86c4c3adb6c0750f081efe4cba242761213
Author: Jeremy Allison <[EMAIL PROTECTED]>
Date: Mon Nov 3 22:42:58 2008 -0800
Pass all the non-inherited S4 RAW-ACL tests.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/lib/util_seaccess.c | 7 +++++++
source/modules/vfs_acl_xattr.c | 4 ++++
source/smbd/open.c | 18 ++++--------------
3 files changed, 15 insertions(+), 14 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/lib/util_seaccess.c b/source/lib/util_seaccess.c
index d7fdc9a..fdc10f2 100644
--- a/source/lib/util_seaccess.c
+++ b/source/lib/util_seaccess.c
@@ -164,10 +164,17 @@ NTSTATUS se_access_check(const struct security_descriptor
*sd,
/* handle the maximum allowed flag */
if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) {
+ uint32_t orig_access_desired = access_desired;
+
access_desired |= access_check_max_allowed(sd, token);
access_desired &= ~SEC_FLAG_MAXIMUM_ALLOWED;
*access_granted = access_desired;
bits_remaining = access_desired & ~SEC_STD_DELETE;
+
+ DEBUG(10,("se_access_check: MAX desired = 0x%x, granted = 0x%x,
remaining = 0x%x\n",
+ orig_access_desired,
+ *access_granted,
+ bits_remaining));
}
#if 0
diff --git a/source/modules/vfs_acl_xattr.c b/source/modules/vfs_acl_xattr.c
index 79cf464..d62d4a6 100644
--- a/source/modules/vfs_acl_xattr.c
+++ b/source/modules/vfs_acl_xattr.c
@@ -442,6 +442,10 @@ static int open_acl_xattr(vfs_handle_struct *handle,
fsp->access_mask,
&access_granted);
if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("open_acl_xattr: file %s open "
+ "refused with error %s\n",
+ fname,
+ nt_errstr(status) ));
errno = map_errno_from_nt_status(status);
return -1;
}
diff --git a/source/smbd/open.c b/source/smbd/open.c
index 19b6b27..eda88fa 100644
--- a/source/smbd/open.c
+++ b/source/smbd/open.c
@@ -1205,15 +1205,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn,
create_disposition, create_options, unx_mode,
oplock_request));
- if ((access_mask & FILE_READ_DATA)||(access_mask & FILE_WRITE_DATA)) {
- DEBUG(10, ("open_file_ntcreate: adding FILE_READ_ATTRIBUTES "
- "to requested access_mask 0x%x, new mask 0x%x",
- access_mask,
- access_mask | FILE_READ_ATTRIBUTES ));
-
- access_mask |= FILE_READ_ATTRIBUTES;
- }
-
if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) {
DEBUG(0, ("No smb request but not an internal only open!\n"));
return NT_STATUS_INTERNAL_ERROR;
@@ -1407,10 +1398,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn,
}
access_mask = access_granted;
- /*
- * According to Samba4, SEC_FILE_READ_ATTRIBUTE is
always granted,
- */
- access_mask |= FILE_READ_ATTRIBUTES;
} else {
access_mask = FILE_GENERIC_ALL;
}
@@ -1855,7 +1842,10 @@ NTSTATUS open_file_ntcreate(connection_struct *conn,
/* Record the options we were opened with. */
fsp->share_access = share_access;
fsp->fh->private_options = create_options;
- fsp->access_mask = access_mask;
+ /*
+ * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
+ */
+ fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
if (file_existed) {
/* stat opens on existing files don't get oplocks. */
--
Samba Shared Repository
