The Samba-Bugzilla – Attachment 4130 Details for
Bug 2346
saving excel files when using ACLs gives problems with permissions
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for v3-3-test and v3-2-test
bug-2346-fix-01.patch.txt (text/plain), 2.10 KB, created by
Stefan Metzmacher
on 2009-05-08 10:30:53 UTC
(
hide
)
Description:
Patch for v3-3-test and v3-2-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2009-05-08 10:30:53 UTC
Size:
2.10 KB
patch
obsolete
>From 369c52cc8c3042dab5b60c25c03218a761ffd3ef Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Fri, 8 May 2009 14:33:49 +0200 >Subject: [PATCH] s3:smbd: fix posix acls when setting an ACL without explicit ACE for the owner (bug#2346) > >The problem of bug #2346 remains for users exported by >winbindd, because create_token_from_username() just fakes >the token when the user is not in the local sam domain. This causes >user_in_group_sid() to give totally wrong results. >In uid_entry_in_group() we need to check if we already >have the full unix token in the current_user struct. >If so we should use the current_user unix token, >instead of doing a very complex user_in_group_sid() >which doesn't give reliable results anyway. > >metze >(cherry picked from commit b79eff843be392f3065e912edca1434081d93c44) >--- > source/smbd/posix_acls.c | 21 ++++++++++++++++++--- > 1 files changed, 18 insertions(+), 3 deletions(-) > >diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c >index bc96838..abfb00c 100644 >--- a/source/smbd/posix_acls.c >+++ b/source/smbd/posix_acls.c >@@ -1273,16 +1273,31 @@ static bool uid_entry_in_group( canon_ace *uid_ace, canon_ace *group_ace ) > if (sid_equal(&group_ace->trustee, &global_sid_World)) > return True; > >- /* Assume that the current user is in the current group (force group) */ >+ /* >+ * if it's the current user, we already have the unix token >+ * and don't need to do the complex user_in_group_sid() call >+ */ >+ if (uid_ace->unix_ug.uid == current_user.ut.uid) { >+ size_t i; > >- if (uid_ace->unix_ug.uid == current_user.ut.uid && group_ace->unix_ug.gid == current_user.ut.gid) >- return True; >+ if (group_ace->unix_ug.gid == current_user.ut.gid) { >+ return True; >+ } >+ >+ for (i=0; i < current_user.ut.ngroups; i++) { >+ if (group_ace->unix_ug.gid == current_user.ut.groups[i]) { >+ return True; >+ } >+ } >+ } > > /* u_name talloc'ed off tos. */ > u_name = uidtoname(uid_ace->unix_ug.uid); > if (!u_name) { > return False; > } >+ >+ /* notice that this is not reliable for users exported by winbindd! */ > return user_in_group_sid(u_name, &group_ace->trustee); > } > >-- >1.5.4.3 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review?
(
jra
)
Actions:
View
Attachments on
bug 2346
:
1087
|
1119
|
1203
|
1213
| 4130