The branch, v3-5-test has been updated via f5e238c Part 5 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs via 0c1b1b7 Part 4 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs via d18d6df Part 3 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs via 59e7781 Part 2 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs via f3900b0 Part 1 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs from d9ea6a1 s3:lib/access: normalize IPv4 mapped IPv6 addresses in both directions (bug #7383)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test - Log ----------------------------------------------------------------- commit f5e238cbd97d63e107b64268691dff67cce8fe94 Author: Jeremy Allison <j...@samba.org> Date: Wed Jun 8 14:37:25 2011 -0700 Part 5 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs Ensure when creating a directory, if we make any changes due to inheritance parameters, we update the stat returned. commit 0c1b1b73870bd477c83c130cab297b7f2615fe55 Author: Jeremy Allison <j...@samba.org> Date: Wed Jun 8 14:21:52 2011 -0700 Part 4 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs We don't need to check mode bits as well as dev/ino to ensure we're in the same place. commit d18d6df840d3a47fa1d7b877e07f804f025811ee Author: Jeremy Allison <j...@samba.org> Date: Wed Jun 8 10:25:33 2011 -0700 Part 3 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs When changing ownership on a new file make sure we must have a valid stat struct before making the inheritance calls (as they may look at it), and if we make changes we must have a valid stat struct after them. commit 59e77811b7774ad76e082ee9fd840a277df75c4c Author: Jeremy Allison <j...@samba.org> Date: Wed Jun 8 10:17:42 2011 -0700 Part 2 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs When changing ownership on a new file make sure we also change the returned stat struct to have the correct uid. commit f3900b0a96f98cc65d957cda5f92963f636d6ec1 Author: Jeremy Allison <j...@samba.org> Date: Wed Jun 8 10:24:02 2011 -0700 Part 1 of bugfix for #8211 - "inherit owner = yes" doesn't interact correctly with "inherit permissions = yes" and POSIX ACLs When changing ownership on a new directory make sure we also change the returned stat struct to have the correct uid. ----------------------------------------------------------------------- Summary of changes: source3/smbd/open.c | 71 ++++++++++++++++++++++++++++++++++---------------- 1 files changed, 48 insertions(+), 23 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 0d585cf..aac6e9c 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -232,12 +232,15 @@ void change_file_owner_to_parent(connection_struct *conn, "was %s\n", fsp_str_dbg(fsp), (unsigned int)smb_fname_parent->st.st_ex_uid, strerror(errno) )); - } - - DEBUG(10,("change_file_owner_to_parent: changed new file %s to " + } else { + DEBUG(10,("change_file_owner_to_parent: changed new file %s to " "parent directory uid %u.\n", fsp_str_dbg(fsp), (unsigned int)smb_fname_parent->st.st_ex_uid)); + /* Ensure the uid entry is updated. */ + fsp->fsp_name->st.st_ex_uid = smb_fname_parent->st.st_ex_uid; + } + TALLOC_FREE(smb_fname_parent); } @@ -311,10 +314,9 @@ NTSTATUS change_dir_owner_to_parent(connection_struct *conn, /* Ensure we're pointing at the same place. */ if (smb_fname_cwd->st.st_ex_dev != psbuf->st_ex_dev || - smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino || - smb_fname_cwd->st.st_ex_mode != psbuf->st_ex_mode ) { + smb_fname_cwd->st.st_ex_ino != psbuf->st_ex_ino) { DEBUG(0,("change_dir_owner_to_parent: " - "device/inode/mode on directory %s changed. " + "device/inode on directory %s changed. " "Refusing to chown !\n", fname )); status = NT_STATUS_ACCESS_DENIED; goto chdir; @@ -338,6 +340,9 @@ NTSTATUS change_dir_owner_to_parent(connection_struct *conn, "directory %s to parent directory uid %u.\n", fname, (unsigned int)smb_fname_parent->st.st_ex_uid )); + /* Ensure the uid entry is updated. */ + psbuf->st_ex_uid = smb_fname_parent->st.st_ex_uid; + chdir: vfs_ChDir(conn,saved_dir); out: @@ -364,6 +369,7 @@ static NTSTATUS open_file(files_struct *fsp, int accmode = (flags & O_ACCMODE); int local_flags = flags; bool file_existed = VALID_STAT(fsp->fsp_name->st); + bool file_created = false; fsp->fh->fd = -1; errno = EPERM; @@ -463,23 +469,7 @@ static NTSTATUS open_file(files_struct *fsp, } if ((local_flags & O_CREAT) && !file_existed) { - - /* Inherit the ACL if required */ - if (lp_inherit_perms(SNUM(conn))) { - inherit_access_posix_acl(conn, parent_dir, - smb_fname->base_name, - unx_mode); - } - - /* Change the owner if required. */ - if (lp_inherit_owner(SNUM(conn))) { - change_file_owner_to_parent(conn, parent_dir, - fsp); - } - - notify_fname(conn, NOTIFY_ACTION_ADDED, - FILE_NOTIFY_CHANGE_FILE_NAME, - smb_fname->base_name); + file_created = true; } } else { @@ -589,6 +579,29 @@ static NTSTATUS open_file(files_struct *fsp, fd_close(fsp); return status; } + + if (file_created) { + /* Do all inheritance work after we've + done a successful stat call and filled + in the stat struct in fsp->fsp_name. */ + + /* Inherit the ACL if required */ + if (lp_inherit_perms(SNUM(conn))) { + inherit_access_posix_acl(conn, parent_dir, + smb_fname->base_name, + unx_mode); + } + + /* Change the owner if required. */ + if (lp_inherit_owner(SNUM(conn))) { + change_file_owner_to_parent(conn, parent_dir, + fsp); + } + + notify_fname(conn, NOTIFY_ACTION_ADDED, + FILE_NOTIFY_CHANGE_FILE_NAME, + smb_fname->base_name); + } } /* @@ -2306,6 +2319,7 @@ static NTSTATUS mkdir_internal(connection_struct *conn, char *parent_dir; NTSTATUS status; bool posix_open = false; + bool need_re_stat = false; if(!CAN_WRITE(conn)) { DEBUG(5,("mkdir_internal: failing create on read-only share " @@ -2360,6 +2374,7 @@ static NTSTATUS mkdir_internal(connection_struct *conn, if (lp_inherit_perms(SNUM(conn))) { inherit_access_posix_acl(conn, parent_dir, smb_dname->base_name, mode); + need_re_stat = true; } if (!posix_open) { @@ -2374,6 +2389,7 @@ static NTSTATUS mkdir_internal(connection_struct *conn, SMB_VFS_CHMOD(conn, smb_dname->base_name, (smb_dname->st.st_ex_mode | (mode & ~smb_dname->st.st_ex_mode))); + need_re_stat = true; } } @@ -2382,6 +2398,15 @@ static NTSTATUS mkdir_internal(connection_struct *conn, change_dir_owner_to_parent(conn, parent_dir, smb_dname->base_name, &smb_dname->st); + need_re_stat = true; + } + + if (need_re_stat) { + if (SMB_VFS_LSTAT(conn, smb_dname) == -1) { + DEBUG(2, ("Could not stat directory '%s' just created: %s\n", + smb_fname_str_dbg(smb_dname), strerror(errno))); + return map_nt_error_from_unix(errno); + } } notify_fname(conn, NOTIFY_ACTION_ADDED, FILE_NOTIFY_CHANGE_DIR_NAME, -- Samba Shared Repository