The Samba-Bugzilla – Attachment 3119 Details for
Bug 4929
Adding a user to an ACL via Windows XP GUI gives away read access for owning group
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
look (text/plain), 3.12 KB, created by
Jeremy Allison
on 2008-01-24 14:09:01 UTC
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2008-01-24 14:09:01 UTC
Size:
3.12 KB
patch
obsolete
>diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c >index 6cec39f..c83e3ea 100644 >--- a/source/smbd/posix_acls.c >+++ b/source/smbd/posix_acls.c >@@ -3202,6 +3202,7 @@ int try_chown(connection_struct *conn, const char *fname, uid_t uid, gid_t gid) > return ret; > } > >+#if 0 > static NTSTATUS append_ugw_ace(files_struct *fsp, > SMB_STRUCT_STAT *psbuf, > mode_t unx_mode, >@@ -3250,6 +3251,7 @@ static NTSTATUS append_ugw_ace(files_struct *fsp, > 0); > return NT_STATUS_OK; > } >+#endif > > /**************************************************************************** > If this is an >@@ -3270,7 +3272,7 @@ static NTSTATUS append_parent_acl(files_struct *fsp, > NTSTATUS status; > int info; > unsigned int i, j; >- mode_t unx_mode; >+ bool is_dacl_protected = (psd->type & SE_DESC_DACL_PROTECTED); > > ZERO_STRUCT(sbuf); > >@@ -3285,12 +3287,6 @@ static NTSTATUS append_parent_acl(files_struct *fsp, > return NT_STATUS_NO_MEMORY; > } > >- /* Create a default mode for u/g/w. */ >- unx_mode = unix_mode(fsp->conn, >- aARCH | (fsp->is_directory ? aDIR : 0), >- fsp->fsp_name, >- parent_name); >- > status = open_directory(fsp->conn, > NULL, > parent_name, >@@ -3321,17 +3317,13 @@ static NTSTATUS append_parent_acl(files_struct *fsp, > * the parent, plus the user/group/other triple. > */ > >- num_aces += parent_sd->dacl->num_aces + 3; >+ num_aces += parent_sd->dacl->num_aces; > > if((new_ace = TALLOC_ZERO_ARRAY(mem_ctx, SEC_ACE, > num_aces)) == NULL) { > return NT_STATUS_NO_MEMORY; > } > >- DEBUG(10,("append_parent_acl: parent ACL has %u entries. New " >- "ACL has %u entries\n", >- parent_sd->dacl->num_aces, num_aces )); >- > /* Start by copying in all the given ACE entries. */ > for (i = 0; i < psd->dacl->num_aces; i++) { > sec_ace_copy(&new_ace[i], &psd->dacl->aces[i]); >@@ -3342,23 +3334,6 @@ static NTSTATUS append_parent_acl(files_struct *fsp, > * as that really only applies to newly created files. JRA. > */ > >- /* >- * Append u/g/w. >- */ >- >- status = append_ugw_ace(fsp, psbuf, unx_mode, S_IRUSR, &new_ace[i++]); >- if (!NT_STATUS_IS_OK(status)) { >- return status; >- } >- status = append_ugw_ace(fsp, psbuf, unx_mode, S_IRGRP, &new_ace[i++]); >- if (!NT_STATUS_IS_OK(status)) { >- return status; >- } >- status = append_ugw_ace(fsp, psbuf, unx_mode, S_IROTH, &new_ace[i++]); >- if (!NT_STATUS_IS_OK(status)) { >- return status; >- } >- > /* Finally append any inherited ACEs. */ > for (j = 0; j < parent_sd->dacl->num_aces; j++) { > SEC_ACE *se = &parent_sd->dacl->aces[j]; >@@ -3379,6 +3354,24 @@ static NTSTATUS append_parent_acl(files_struct *fsp, > continue; > } > } >+ >+ if (is_dacl_protected) { >+ /* If the DACL is protected it means we must >+ * not overwrite an existing ACE entry with the >+ * same SID. This is order N^2. Ouch :-(. JRA. */ >+ unsigned int k; >+ for (k = 0; k < psd->dacl->num_aces; k++) { >+ if (sid_equal(&psd->dacl->aces[k].trustee, >+ &se->trustee)) { >+ break; >+ } >+ } >+ if (k < psd->dacl->num_aces) { >+ /* SID matched. Ignore. */ >+ continue; >+ } >+ } >+ > sec_ace_copy(&new_ace[i], se); > if (se->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT) { > new_ace[i].flags &= ~(SEC_ACE_FLAG_VALID_INHERIT);
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 4929
:
2900
|
2901
|
2902
|
3118
|
3119
|
3120
|
3121