The Samba-Bugzilla – Attachment 7608 Details for
Bug 8963
vfa_acl_common.c does the wrong thing when there are no inheritable ACEs in parent ACL on creating a new file/folder
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
A patch that addresses this issue
vfs_acl_common_default_acl_no_inherit.patch (text/plain), 1.82 KB, created by
Richard Sharpe
on 2012-05-30 18:09:31 UTC
(
hide
)
Description:
A patch that addresses this issue
Filename:
MIME Type:
Creator:
Richard Sharpe
Created:
2012-05-30 18:09:31 UTC
Size:
1.82 KB
patch
obsolete
>--- modules/vfs_acl_common.c.orig 2012-05-29 11:06:31.696878464 -0700 >+++ modules/vfs_acl_common.c 2012-05-29 12:07:02.485802955 -0700 >@@ -453,7 +453,56 @@ > > if (!inheritable_components && !inherit_owner) { > /* Nothing to inherit and not setting owner. */ >- return NT_STATUS_OK; >+ /* >+ * So, we mimic the Windows behavior. That is, we create >+ * AN SD with the user as the owner, group as group owner >+ * and two ACEs with full access allowed as below >+ */ >+ size_t sd_size = 0; >+ SEC_ACL *dacl = NULL; >+ SEC_ACE aces[2]; >+ >+ DEBUG(10, ("Creating default ACL because no inheritable ACEs available\n")); >+ /* First an ACE giving creator all access */ >+ init_sec_ace(&aces[0], >+ &handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX], >+ SEC_ACE_TYPE_ACCESS_ALLOWED, >+ GENERIC_RIGHTS_FILE_ALL_ACCESS, >+ 0x0); >+ >+ init_sec_ace(&aces[1], >+ &global_sid_System, >+ SEC_ACE_TYPE_ACCESS_ALLOWED, >+ GENERIC_RIGHTS_FILE_ALL_ACCESS, >+ 0x0); >+ >+ dacl = make_sec_acl(ctx, NT4_ACL_REVISION, 2, aces); >+ if (!dacl) { >+ DEBUG(10, ("Failed to make default DACL, out of memory!\n")); >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ psd = make_sec_desc(ctx, >+ SEC_DESC_REVISION, >+ SEC_DESC_SELF_RELATIVE, >+ &handle->conn->server_info->ptok->user_sids[PRIMARY_USER_SID_INDEX], >+ &handle->conn->server_info->ptok->user_sids[PRIMARY_GROUP_SID_INDEX], >+ NULL, /* Empty SACL */ >+ dacl, /* DACL with above entries */ >+ &sd_size); >+ >+ if (!psd) { >+ DEBUG(10, ("Failed to create SD, out of memory!\n")); >+ return NT_STATUS_NO_MEMORY; >+ } >+ >+ /* Now, store it ... */ >+ >+ status = SMB_VFS_FSET_NT_ACL(fsp, >+ security_info_sent, >+ psd); >+ >+ return status; > } > > /* Create an inherited descriptor from the parent. */
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=7608">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 8963
: 7608