The Samba-Bugzilla – Attachment 6541 Details for
Bug 8083
"inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.5.9.
0001-Fix-re-opened-bug-8083-inherit-owner-yes-doesn-t-int.patch (text/plain), 2.34 KB, created by
Jeremy Allison
on 2011-06-07 19:38:27 UTC
(
hide
)
Description:
git-am fix for 3.5.9.
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-06-07 19:38:27 UTC
Size:
2.34 KB
patch
obsolete
>From 9fa7d31e08c3f7924c8680a4bfe610c06375816d Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Tue, 7 Jun 2011 12:36:24 -0700 >Subject: [PATCH] Fix re-opened bug 8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module. >MIME-Version: 1.0 >Content-Type: text/plain; charset=UTF-8 >Content-Transfer-Encoding: 8bit > >Fix incorrect interaction when all of > >"inherit permissions = yes" >"inherit acls = yes" >"inherit owner = yes" > >are set. Found by Björn Jacke. Thanks Björn ! >--- > source3/modules/vfs_acl_common.c | 21 +++++++++++++++++---- > 1 files changed, 17 insertions(+), 4 deletions(-) > >diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c >index a71bca6..ee33f21 100644 >--- a/source3/modules/vfs_acl_common.c >+++ b/source3/modules/vfs_acl_common.c >@@ -443,10 +443,14 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, > struct security_descriptor *psd = NULL; > struct dom_sid *owner_sid = NULL; > struct dom_sid *group_sid = NULL; >+ uint32_t security_info_sent = (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION); > size_t size; > bool inherit_owner = lp_inherit_owner(SNUM(handle->conn)); >+ bool inheritable_components = sd_has_inheritable_components(parent_desc, >+ is_directory); > >- if (!sd_has_inheritable_components(parent_desc, is_directory)) { >+ if (!inheritable_components && !inherit_owner) { >+ /* Nothing to inherit and not setting owner. */ > return NT_STATUS_OK; > } > >@@ -482,6 +486,17 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, > return status; > } > >+ /* If inheritable_components == false, >+ se_create_child_secdesc() >+ creates a security desriptor with a NULL dacl >+ entry, but with SEC_DESC_DACL_PRESENT. We need >+ to remove that flag. */ >+ >+ if (!inheritable_components) { >+ security_info_sent &= ~SECINFO_DACL; >+ psd->type &= ~SEC_DESC_DACL_PRESENT; >+ } >+ > if (DEBUGLEVEL >= 10) { > DEBUG(10,("inherit_new_acl: child acl for %s is:\n", > fsp_str_dbg(fsp) )); >@@ -493,9 +508,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, > become_root(); > } > status = SMB_VFS_FSET_NT_ACL(fsp, >- (OWNER_SECURITY_INFORMATION | >- GROUP_SECURITY_INFORMATION | >- DACL_SECURITY_INFORMATION), >+ security_info_sent, > psd); > if (inherit_owner) { > unbecome_root(); >-- >1.7.3.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6541">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
bjacke
:
review+
Actions:
View
Attachments on
bug 8083
:
6402
|
6417
|
6540
| 6541