The branch, master has been updated
via 5172bf0 s3: smbd: posix_acls: Fix check for setting u:g:o entry on
a filesystem with no ACL support.
from 19a411f ctdb-recovery: Create recovery databases in state dir
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5172bf0c5b0672c1479c2ad776460956aa469bca
Author: Jeremy Allison <j...@samba.org>
Date: Tue Feb 9 12:47:43 2016 -0800
s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem
with no ACL support.
Since 4.0.x we add 2 additional ACE entries, one SMB_ACL_USER
and SMB_ACL_GROUP to match the existing SMB_ACL_USER_OBJ and
SMB_ACL_GROUP_OBJ entries. The two additional entries break
the simple "must have 3 entries" check done inside
convert_canon_ace_to_posix_perms().
Replace this with a more complete test.
Problem and initial fix provided by <tcle...@ucdavis.edu>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=10489
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Uri Simchoni <u...@samba.org>
Autobuild-User(master): Uri Simchoni <u...@samba.org>
Autobuild-Date(master): Thu Feb 11 11:14:53 CET 2016 on sn-devel-144
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/posix_acls.c | 39 ++++++++++++++++++++++++++++++++++++++-
1 file changed, 38 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 660c0e4..0c9c749 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3085,7 +3085,7 @@ static bool convert_canon_ace_to_posix_perms(
files_struct *fsp, canon_ace *file
canon_ace *group_ace = NULL;
canon_ace *other_ace = NULL;
- if (ace_count != 3) {
+ if (ace_count > 5) {
DEBUG(3,("convert_canon_ace_to_posix_perms: Too many ACE "
"entries for file %s to convert to posix perms.\n",
fsp_str_dbg(fsp)));
@@ -3107,6 +3107,43 @@ static bool convert_canon_ace_to_posix_perms(
files_struct *fsp, canon_ace *file
return False;
}
+ /*
+ * Ensure all ACE entries are owner, group or other.
+ * We can't set if there are any other SIDs.
+ */
+ for (ace_p = file_ace_list; ace_p; ace_p = ace_p->next) {
+ if (ace_p == owner_ace || ace_p == group_ace ||
+ ace_p == other_ace) {
+ continue;
+ }
+ if (ace_p->owner_type == UID_ACE) {
+ if (ace_p->unix_ug.id != owner_ace->unix_ug.id) {
+ DEBUG(3,("Invalid uid %u in ACE for file %s.\n",
+ (unsigned int)ace_p->unix_ug.id,
+ fsp_str_dbg(fsp)));
+ return false;
+ }
+ } else if (ace_p->owner_type == GID_ACE) {
+ if (ace_p->unix_ug.id != group_ace->unix_ug.id) {
+ DEBUG(3,("Invalid gid %u in ACE for file %s.\n",
+ (unsigned int)ace_p->unix_ug.id,
+ fsp_str_dbg(fsp)));
+ return false;
+ }
+ } else {
+ /*
+ * There should be no duplicate WORLD_ACE entries.
+ */
+
+ DEBUG(3,("Invalid type %u, uid %u in "
+ "ACE for file %s.\n",
+ (unsigned int)ace_p->owner_type,
+ (unsigned int)ace_p->unix_ug.id,
+ fsp_str_dbg(fsp)));
+ return false;
+ }
+ }
+
*posix_perms = (mode_t)0;
*posix_perms |= owner_ace->perms;
--
Samba Shared Repository
