The branch, v3-5-test has been updated
       via  e692241... Fix bug 6802 - A created folder does not properly 
inherit permissions from parent.
      from  d8d28f7... s4-torture: fixed double free in libnet_group test

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -----------------------------------------------------------------
commit e6922418846b7ffc42d8d6db4c5a08385dd365fe
Author: Barry Sabsevitz <barry_sabsev...@hp.com>
Date:   Fri Oct 23 11:50:29 2009 -0700

    Fix bug 6802 - A created folder does not properly inherit permissions from 
parent.

-----------------------------------------------------------------------

Summary of changes:
 source3/modules/vfs_acl_common.c |   42 ++++++++++++++++++++++++++++++++++---
 1 files changed, 38 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 39fd2ad..a12f105 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -279,7 +279,8 @@ static NTSTATUS get_nt_acl_internal(vfs_handle_struct 
*handle,
 *********************************************************************/
 
 static struct security_descriptor *default_file_sd(TALLOC_CTX *mem_ctx,
-                                               SMB_STRUCT_STAT *psbuf)
+                                               SMB_STRUCT_STAT *psbuf,
+                                               bool force_inherit)
 {
        struct dom_sid owner_sid, group_sid;
        size_t sd_size;
@@ -294,10 +295,22 @@ static struct security_descriptor 
*default_file_sd(TALLOC_CTX *mem_ctx,
                return NULL;
        }
 
+       /* If force_inherit is set, this means we are initializing the ACEs for
+        * a container and we want the ACEs for owner_sid and "SYSTEM" to be
+        * inheritable by their children (See Bug #6802).
+        */
+
        init_sec_ace(&pace[0], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
-                       SEC_RIGHTS_FILE_ALL, 0);
+                       SEC_RIGHTS_FILE_ALL, (force_inherit ?
+                                       (SEC_ACE_FLAG_OBJECT_INHERIT|
+                                       SEC_ACE_FLAG_CONTAINER_INHERIT) :
+                                       0));
+
        init_sec_ace(&pace[1], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED,
-                       SEC_RIGHTS_FILE_ALL, 0);
+                       SEC_RIGHTS_FILE_ALL, (force_inherit ?
+                                       (SEC_ACE_FLAG_OBJECT_INHERIT|
+                                       SEC_ACE_FLAG_CONTAINER_INHERIT) :
+                                       0));
 
        pacl = make_sec_acl(mem_ctx,
                                NT4_ACL_REVISION,
@@ -332,6 +345,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
        DATA_BLOB blob;
        size_t size;
        char *parent_name;
+       bool force_inherit = false;
        uint8_t hash[XATTR_SD_HASH_SIZE];
 
        if (!parent_dirname(ctx, smb_fname->base_name, &parent_name, NULL)) {
@@ -400,7 +414,27 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
                        return status;
                }
 
-               psd = default_file_sd(ctx, &smb_fname->st);
+               /* If we get here, we could have the following possibilities:
+                *      1. No ACLs exist on the parent container.
+                *      2. ACLs exist on the parent container but they were
+                *      not inheritable.
+                *
+                *      Check to see if case #1 occurred.
+                *
+                */
+               if (container &&
+                       (parent_desc == NULL || parent_desc->dacl == NULL)) {
+
+                       /* If no parent descriptor exists, then there were
+                        * no ACLs on the parent and then we must create
+                        * the ACLs on this newly created folder so that they
+                        * will be inherited by their children (See Bug #6802).
+                        */
+
+                       force_inherit = true;
+               }
+
+               psd = default_file_sd(ctx, &smb_fname->st, force_inherit);
                if (!psd) {
                        return NT_STATUS_NO_MEMORY;
                }


-- 
Samba Shared Repository

Reply via email to