From 9fa7d31e08c3f7924c8680a4bfe610c06375816d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Jun 2011 12:36:24 -0700 Subject: [PATCH] Fix re-opened bug 8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix incorrect interaction when all of "inherit permissions = yes" "inherit acls = yes" "inherit owner = yes" are set. Found by Björn Jacke. Thanks Björn ! --- source3/modules/vfs_acl_common.c | 21 +++++++++++++++++---- 1 files changed, 17 insertions(+), 4 deletions(-) diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index a71bca6..ee33f21 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -443,10 +443,14 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, struct security_descriptor *psd = NULL; struct dom_sid *owner_sid = NULL; struct dom_sid *group_sid = NULL; + uint32_t security_info_sent = (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION); size_t size; bool inherit_owner = lp_inherit_owner(SNUM(handle->conn)); + bool inheritable_components = sd_has_inheritable_components(parent_desc, + is_directory); - if (!sd_has_inheritable_components(parent_desc, is_directory)) { + if (!inheritable_components && !inherit_owner) { + /* Nothing to inherit and not setting owner. */ return NT_STATUS_OK; } @@ -482,6 +486,17 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, return status; } + /* If inheritable_components == false, + se_create_child_secdesc() + creates a security desriptor with a NULL dacl + entry, but with SEC_DESC_DACL_PRESENT. We need + to remove that flag. */ + + if (!inheritable_components) { + security_info_sent &= ~SECINFO_DACL; + psd->type &= ~SEC_DESC_DACL_PRESENT; + } + if (DEBUGLEVEL >= 10) { DEBUG(10,("inherit_new_acl: child acl for %s is:\n", fsp_str_dbg(fsp) )); @@ -493,9 +508,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, become_root(); } status = SMB_VFS_FSET_NT_ACL(fsp, - (OWNER_SECURITY_INFORMATION | - GROUP_SECURITY_INFORMATION | - DACL_SECURITY_INFORMATION), + security_info_sent, psd); if (inherit_owner) { unbecome_root(); -- 1.7.3.1