The Samba-Bugzilla – Attachment 4874 Details for
Bug 6802
acl_xattr.c module: A created folder does not properly inherit permissions from parent
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Possible fix for inheritance problem in acl_xattr module
vfs_acl_xattr.c.patch (text/plain), 2.19 KB, created by
Barry Sabsevitz (mail address dead)
on 2009-10-20 22:58:50 UTC
(
hide
)
Description:
Possible fix for inheritance problem in acl_xattr module
Filename:
MIME Type:
Creator:
Barry Sabsevitz (mail address dead)
Created:
2009-10-20 22:58:50 UTC
Size:
2.19 KB
patch
obsolete
>--- vfs_acl_xattr.c.orig 2009-10-19 14:00:02.000000000 -0700 >+++ vfs_acl_xattr.c 2009-10-19 14:02:09.000000000 -0700 >@@ -275,7 +275,8 @@ > *********************************************************************/ > > static struct security_descriptor *default_file_sd(TALLOC_CTX *mem_ctx, >- SMB_STRUCT_STAT *psbuf) >+ SMB_STRUCT_STAT *psbuf, >+ int force_inherit) > { > struct dom_sid owner_sid, group_sid; > size_t sd_size; >@@ -290,10 +291,21 @@ > return NULL; > } > >+ /* If force_inherit is set, this means we are initializing the ACEs for >+ * a container and we want the ACEs for owner_sid and "SYSTEM" to be >+ * inheritable by their children (See Bug #6802). >+ */ >+ > init_sec_ace(&pace[0], &owner_sid, SEC_ACE_TYPE_ACCESS_ALLOWED, >- SEC_RIGHTS_FILE_ALL, 0); >+ SEC_RIGHTS_FILE_ALL, (force_inherit ? >+ (SEC_ACE_FLAG_OBJECT_INHERIT| >+ SEC_ACE_FLAG_CONTAINER_INHERIT) : >+ 0)); > init_sec_ace(&pace[1], &global_sid_System, SEC_ACE_TYPE_ACCESS_ALLOWED, >- SEC_RIGHTS_FILE_ALL, 0); >+ SEC_RIGHTS_FILE_ALL, (force_inherit ? >+ (SEC_ACE_FLAG_OBJECT_INHERIT| >+ SEC_ACE_FLAG_CONTAINER_INHERIT) : >+ 0)); > > pacl = make_sec_acl(mem_ctx, > NT4_ACL_REVISION, >@@ -327,6 +339,7 @@ > DATA_BLOB blob; > size_t size; > char *parent_name; >+ int force_inherit = 0; > > if (!parent_dirname(ctx, fname, &parent_name, NULL)) { > return NT_STATUS_NO_MEMORY; >@@ -390,7 +403,28 @@ > if (ret == -1) { > return map_nt_error_from_unix(errno); > } >- psd = default_file_sd(ctx, &sbuf); >+ >+ /* If we get here, we could have the following possibilities: >+ * 1. No ACLs exist on the parent container. >+ * 2. ACLs exist on the parent container but they were >+ * not inheritable. >+ * >+ * Check to see if case #1 occurred. >+ * >+ */ >+ if (container && >+ (parent_desc == NULL || parent_desc->dacl == NULL)) { >+ >+ /* If no parent descriptor exists, then there were >+ * no ACLs on the parent and then we must create >+ * the ACLs on this newly created folder so that they >+ * will be inherited by their children (See Bug #6802). >+ */ >+ >+ force_inherit = 1; >+ } >+ >+ psd = default_file_sd(ctx, &sbuf, force_inherit); > if (!psd) { > return NT_STATUS_NO_MEMORY; > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=4874">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 6802
: 4874