[SCM] Samba Shared Repository - branch v3-5-test updated

Thu, 15 Nov 2012 00:07:56 -0800 

The branch, v3-5-test has been updated
       via  92292ac Another fix needed for bug #9236 - ACL masks incorrectly 
applied when setting ACLs.
      from  9a8d7ab docs-xml: fix use of <smbconfoption> tag (fix bug #9345)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -----------------------------------------------------------------
commit 92292ac55144521824610a5d4b09f8dc1ff19a8a
Author: Jeremy Allison <j...@samba.org>
Date:   Thu Nov 8 13:45:19 2012 -0800

    Another fix needed for bug #9236 - ACL masks incorrectly applied when 
setting ACLs.
    
    Not caught by make test as it's an extreme edge case for strange
    incoming ACLs. I only found this as I'm making raw.acls and smb2.acls
    pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which
    isn't tested in make test).
    
    An incoming inheritable ACE entry containing only one permission,
    WRITE_DATA maps into a POSIX owner perm of "-w-", which violates
    the principle that the owner of a file/directory can always read.

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/posix_acls.c |   14 ++++++++++----
 1 files changed, 10 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 646efa4..65a77d4 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1359,7 +1359,11 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
        for (pace = *pp_ace; pace; pace = pace->next) {
                if (pace->type == SMB_ACL_USER_OBJ) {
 
-                       if (setting_acl && !is_default_acl) {
+                       if (setting_acl) {
+                               /*
+                                * Ensure we have default parameters for the
+                                * user (owner) even on default ACLs.
+                                */
                                apply_default_perms(params, is_directory, pace, 
S_IRUSR);
                        }
                        got_user = True;
@@ -1439,9 +1443,11 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace,
                                        pace->perms = pace_other->perms;
                        }
 
-                       if (!is_default_acl) {
-                               apply_default_perms(params, is_directory, pace, 
S_IRUSR);
-                       }
+                       /*
+                        * Ensure we have default parameters for the
+                        * user (owner) even on default ACLs.
+                        */
+                       apply_default_perms(params, is_directory, pace, 
S_IRUSR);
                } else {
                        pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, 
S_IRUSR, S_IWUSR, S_IXUSR);
                }


-- 
Samba Shared Repository

Reply via email to