The branch, v3-3-test has been updated via adbab86c4c3adb6c0750f081efe4cba242761213 (commit) from 38234ec8f3665bb867641a4d7a226e4aed6cd124 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test - Log ----------------------------------------------------------------- commit adbab86c4c3adb6c0750f081efe4cba242761213 Author: Jeremy Allison <[EMAIL PROTECTED]> Date: Mon Nov 3 22:42:58 2008 -0800 Pass all the non-inherited S4 RAW-ACL tests. Jeremy. ----------------------------------------------------------------------- Summary of changes: source/lib/util_seaccess.c | 7 +++++++ source/modules/vfs_acl_xattr.c | 4 ++++ source/smbd/open.c | 18 ++++-------------- 3 files changed, 15 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/source/lib/util_seaccess.c b/source/lib/util_seaccess.c index d7fdc9a..fdc10f2 100644 --- a/source/lib/util_seaccess.c +++ b/source/lib/util_seaccess.c @@ -164,10 +164,17 @@ NTSTATUS se_access_check(const struct security_descriptor *sd, /* handle the maximum allowed flag */ if (access_desired & SEC_FLAG_MAXIMUM_ALLOWED) { + uint32_t orig_access_desired = access_desired; + access_desired |= access_check_max_allowed(sd, token); access_desired &= ~SEC_FLAG_MAXIMUM_ALLOWED; *access_granted = access_desired; bits_remaining = access_desired & ~SEC_STD_DELETE; + + DEBUG(10,("se_access_check: MAX desired = 0x%x, granted = 0x%x, remaining = 0x%x\n", + orig_access_desired, + *access_granted, + bits_remaining)); } #if 0 diff --git a/source/modules/vfs_acl_xattr.c b/source/modules/vfs_acl_xattr.c index 79cf464..d62d4a6 100644 --- a/source/modules/vfs_acl_xattr.c +++ b/source/modules/vfs_acl_xattr.c @@ -442,6 +442,10 @@ static int open_acl_xattr(vfs_handle_struct *handle, fsp->access_mask, &access_granted); if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,("open_acl_xattr: file %s open " + "refused with error %s\n", + fname, + nt_errstr(status) )); errno = map_errno_from_nt_status(status); return -1; } diff --git a/source/smbd/open.c b/source/smbd/open.c index 19b6b27..eda88fa 100644 --- a/source/smbd/open.c +++ b/source/smbd/open.c @@ -1205,15 +1205,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, create_disposition, create_options, unx_mode, oplock_request)); - if ((access_mask & FILE_READ_DATA)||(access_mask & FILE_WRITE_DATA)) { - DEBUG(10, ("open_file_ntcreate: adding FILE_READ_ATTRIBUTES " - "to requested access_mask 0x%x, new mask 0x%x", - access_mask, - access_mask | FILE_READ_ATTRIBUTES )); - - access_mask |= FILE_READ_ATTRIBUTES; - } - if ((req == NULL) && ((oplock_request & INTERNAL_OPEN_ONLY) == 0)) { DEBUG(0, ("No smb request but not an internal only open!\n")); return NT_STATUS_INTERNAL_ERROR; @@ -1407,10 +1398,6 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, } access_mask = access_granted; - /* - * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted, - */ - access_mask |= FILE_READ_ATTRIBUTES; } else { access_mask = FILE_GENERIC_ALL; } @@ -1855,7 +1842,10 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, /* Record the options we were opened with. */ fsp->share_access = share_access; fsp->fh->private_options = create_options; - fsp->access_mask = access_mask; + /* + * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted, + */ + fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES; if (file_existed) { /* stat opens on existing files don't get oplocks. */ -- Samba Shared Repository