The Samba-Bugzilla – Attachment 11822 Details for
Bug 10489
Unable to set permissions through windows on fs with no posix acls (noacl)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for master.
0001-s3-smbd-posix_acls-Fix-check-for-setting-u-g-o-entry.patch (text/plain), 2.54 KB, created by
Jeremy Allison
on 2016-02-09 20:55:05 UTC
(
hide
)
Description:
git-am fix for master.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2016-02-09 20:55:05 UTC
Size:
2.54 KB
patch
obsolete
>From 9d9c6950d059e55a6222b4290912dd472b279dff Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 9 Feb 2016 12:47:43 -0800 >Subject: [PATCH] s3: smbd: posix_acls: Fix check for setting u:g:o entry on a > filesystem with no ACL support. > >Since 4.0.x we add 2 additional ACE entries, one SMB_ACL_USER >and SMB_ACL_GROUP to match the existing SMB_ACL_USER_OBJ and >SMB_ACL_GROUP_OBJ entries. The two additional entries break >the simple "must have 3 entries" check done inside convert_canon_ace_to_posix_perms(). >Replace this with a more complete test. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=10489 > >Problem and initial fix provided by <tcleamy@ucdavis.edu> > >Signed-off-by: Jeremy Allison <jra@samba.org> >--- > source3/smbd/posix_acls.c | 37 ++++++++++++++++++++++++++++++++++++- > 1 file changed, 36 insertions(+), 1 deletion(-) > >diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c >index 660c0e4..b621653 100644 >--- a/source3/smbd/posix_acls.c >+++ b/source3/smbd/posix_acls.c >@@ -3085,7 +3085,7 @@ static bool convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file > canon_ace *group_ace = NULL; > canon_ace *other_ace = NULL; > >- if (ace_count != 3) { >+ if (ace_count > 5) { > DEBUG(3,("convert_canon_ace_to_posix_perms: Too many ACE " > "entries for file %s to convert to posix perms.\n", > fsp_str_dbg(fsp))); >@@ -3107,6 +3107,41 @@ static bool convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file > return False; > } > >+ /* >+ * Ensure all ACE entries are owner, group or other. >+ * We can't set if there are any other SIDs. >+ */ >+ for (ace_p = file_ace_list; ace_p; ace_p = ace_p->next) { >+ if (ace_p == owner_ace || ace_p == group_ace || >+ ace_p == other_ace) { >+ continue; >+ } >+ if (ace_p->owner_type == UID_ACE) { >+ if (ace_p->unix_ug.id != owner_ace->unix_ug.id) { >+ DEBUG(3,("Invalid uid %u in ACE for file %s.\n", >+ (unsigned int)ace_p->unix_ug.id, >+ fsp_str_dbg(fsp))); >+ return false; >+ } >+ } else if (ace_p->owner_type == GID_ACE) { >+ if (ace_p->unix_ug.id != group_ace->unix_ug.id) { >+ DEBUG(3,("Invalid gid %u in ACE for file %s.\n", >+ (unsigned int)ace_p->unix_ug.id, >+ fsp_str_dbg(fsp))); >+ return false; >+ } >+ } >+ /* >+ * There should be no duplicate WORLD_ACE entries. >+ */ >+ >+ DEBUG(3,("Invalid type %u, uid %u in ACE for file %s.\n", >+ (unsigned int)ace_p->owner_type, >+ (unsigned int)ace_p->unix_ug.id, >+ fsp_str_dbg(fsp))); >+ return false; >+ } >+ > *posix_perms = (mode_t)0; > > *posix_perms |= owner_ace->perms; >-- >2.7.0.rc3.207.g0ac5344 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=11822">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 10489
:
9759
|
9760
|
11822
|
11823
|
11835