[SCM] Samba Shared Repository - branch v3-5-test updated

Karolin Seeger Fri, 10 Jun 2011 12:13:14 -0700

The branch, v3-5-test has been updated
       via  b5011e4 Fix re-opened bug 8083 - "inherit owner = yes" doesn't 
interact correctly with vfs_acl_xattr or vfs_acl_tdb module.
      from  f5e238c Part 5 of bugfix for #8211 - "inherit owner = yes" doesn't 
interact correctly with "inherit permissions = yes" and POSIX ACLs


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -----------------------------------------------------------------
commit b5011e4c2cee39d4334c04ce7c8adc43a8ca7e6b
Author: Jeremy Allison <j...@samba.org>
Date:   Tue Jun 7 12:36:24 2011 -0700

    Fix re-opened bug 8083 - "inherit owner = yes" doesn't interact correctly 
with vfs_acl_xattr or vfs_acl_tdb module.
    
    Fix incorrect interaction when all of
    
    "inherit permissions = yes"
    "inherit acls = yes"
    "inherit owner = yes"
    
    are set. Found by Björn Jacke. Thanks Björn !

-----------------------------------------------------------------------

Summary of changes:
 source3/modules/vfs_acl_common.c |   21 +++++++++++++++++----
 1 files changed, 17 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index a71bca6..ee33f21 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -443,10 +443,14 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
        struct security_descriptor *psd = NULL;
        struct dom_sid *owner_sid = NULL;
        struct dom_sid *group_sid = NULL;
+       uint32_t security_info_sent = (OWNER_SECURITY_INFORMATION | 
GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION);
        size_t size;
        bool inherit_owner = lp_inherit_owner(SNUM(handle->conn));
+       bool inheritable_components = sd_has_inheritable_components(parent_desc,
+                                       is_directory);
 
-       if (!sd_has_inheritable_components(parent_desc, is_directory)) {
+       if (!inheritable_components && !inherit_owner) {
+               /* Nothing to inherit and not setting owner. */
                return NT_STATUS_OK;
        }
 
@@ -482,6 +486,17 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
                return status;
        }
 
+       /* If inheritable_components == false,
+          se_create_child_secdesc()
+          creates a security desriptor with a NULL dacl
+          entry, but with SEC_DESC_DACL_PRESENT. We need
+          to remove that flag. */
+
+       if (!inheritable_components) {
+               security_info_sent &= ~SECINFO_DACL;
+               psd->type &= ~SEC_DESC_DACL_PRESENT;
+       }
+
        if (DEBUGLEVEL >= 10) {
                DEBUG(10,("inherit_new_acl: child acl for %s is:\n",
                        fsp_str_dbg(fsp) ));
@@ -493,9 +508,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
                become_root();
        }
        status = SMB_VFS_FSET_NT_ACL(fsp,
-                               (OWNER_SECURITY_INFORMATION |
-                                GROUP_SECURITY_INFORMATION |
-                                DACL_SECURITY_INFORMATION),
+                               security_info_sent,
                                psd);
        if (inherit_owner) {
                unbecome_root();


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-5-test updated

Reply via email to