The Samba-Bugzilla – Attachment 6402 Details for
Bug 8083
"inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.5.next
0001-Fix-bug-8083-inherit-owner-yes-doesn-t-interact-corr.patch (text/plain), 2.64 KB, created by
Jeremy Allison
on 2011-04-13 00:38:43 UTC
(
hide
)
Description:
git-am fix for 3.5.next
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-04-13 00:38:43 UTC
Size:
2.64 KB
patch
obsolete
>From a68caba928f0e6687fe2116412d80feb4660861a Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 12 Apr 2011 17:29:34 -0700 >Subject: [PATCH] Fix bug #8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module. > >If "inherit owner = yes", pass in the directory owner and group >owner as the target for CREATOR_OWNER and CREATOR_GROUP substitutions, >and also as the owner and primary group of the new security descriptor >being applied to the object. > >Metze please review. > >Jeremy. >--- > source3/modules/vfs_acl_common.c | 30 +++++++++++++++++++++++++++--- > 1 files changed, 27 insertions(+), 3 deletions(-) > >diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c >index 0798ae8..f77bfa0 100644 >--- a/source3/modules/vfs_acl_common.c >+++ b/source3/modules/vfs_acl_common.c >@@ -441,7 +441,10 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, > TALLOC_CTX *ctx = talloc_tos(); > NTSTATUS status = NT_STATUS_OK; > struct security_descriptor *psd = NULL; >+ struct dom_sid *owner_sid = NULL; >+ struct dom_sid *group_sid = NULL; > size_t size; >+ bool inherit_owner = lp_inherit_owner(SNUM(handle->conn)); > > if (!sd_has_inheritable_components(parent_desc, is_directory)) { > return NT_STATUS_OK; >@@ -455,12 +458,25 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, > NDR_PRINT_DEBUG(security_descriptor, parent_desc); > } > >+ /* Inherit from parent descriptor if "inherit owner" set. */ >+ if (inherit_owner) { >+ owner_sid = parent_desc->owner_sid; >+ group_sid = parent_desc->group_sid; >+ } >+ >+ if (owner_sid == NULL) { >+ owner_sid = &handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX]; >+ } >+ if (group_sid == NULL) { >+ group_sid = &handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX]; >+ } >+ > status = se_create_child_secdesc(ctx, > &psd, > &size, > parent_desc, >- &handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX], >- &handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX], >+ owner_sid, >+ group_sid, > is_directory); > if (!NT_STATUS_IS_OK(status)) { > return status; >@@ -472,11 +488,19 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, > NDR_PRINT_DEBUG(security_descriptor, psd); > } > >- return SMB_VFS_FSET_NT_ACL(fsp, >+ if (inherit_owner) { >+ /* We need to be root to force this. */ >+ become_root(); >+ } >+ status = SMB_VFS_FSET_NT_ACL(fsp, > (OWNER_SECURITY_INFORMATION | > GROUP_SECURITY_INFORMATION | > DACL_SECURITY_INFORMATION), > psd); >+ if (inherit_owner) { >+ unbecome_root(); >+ } >+ return status; > } > > static NTSTATUS get_parent_acl_common(vfs_handle_struct *handle, >-- >1.7.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
metze
:
review+
Actions:
View
Attachments on
bug 8083
:
6402
|
6417
|
6540
|
6541