summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Ambach <christian.ambach@de.ibm.com>2009-07-05 16:03:15 +0200
committerVolker Lendecke <vl@samba.org>2009-07-06 12:28:52 +0200
commit5e7da42f6ea768a1e2eeeb15b8b2c41cdfcac94f (patch)
tree0ce62d459cf3a1a0ee795d77db6d7d0e9048777d
parent8f3f62e9d6326936bd39b4e1ca127677b9e09d19 (diff)
downloadsamba-5e7da42f6ea768a1e2eeeb15b8b2c41cdfcac94f.tar.gz
samba-5e7da42f6ea768a1e2eeeb15b8b2c41cdfcac94f.tar.bz2
samba-5e7da42f6ea768a1e2eeeb15b8b2c41cdfcac94f.zip
do not merge ACEs with different SMB_ACE4_INHERIT_ONLY_ACE flag, this leads to wrong inheritance flags in the ACL e.g. (on GPFS) user:10000036:rwxc:allow (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED
user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED group:10000005:rwxc:allow (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED would be merged to user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL (X)READ_ATTR (X)READ_NAMED (X)DELETE (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED so the explicit right for the user on the parent directory will be gone (the InheritOnly flag only accounts to subdirectories) thus leaving the user without access to the directory itself Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
-rw-r--r--source3/modules/nfs4_acls.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/source3/modules/nfs4_acls.c b/source3/modules/nfs4_acls.c
index b213138c80..70bdaa8826 100644
--- a/source3/modules/nfs4_acls.c
+++ b/source3/modules/nfs4_acls.c
@@ -433,8 +433,15 @@ static SMB_ACE4PROP_T *smbacl4_find_equal_special(
for(aceint = aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) {
SMB_ACE4PROP_T *ace = &aceint->prop;
+ DEBUG(10,("ace type:0x%x flags:0x%x aceFlags:0x%x "
+ "new type:0x%x flags:0x%x aceFlags:0x%x\n",
+ ace->aceType, ace->flags, ace->aceFlags,
+ aceNew->aceType, aceNew->flags,aceNew->aceFlags));
+
if (ace->flags == aceNew->flags &&
ace->aceType==aceNew->aceType &&
+ ((ace->aceFlags&SMB_ACE4_INHERIT_ONLY_ACE)==
+ (aceNew->aceFlags&SMB_ACE4_INHERIT_ONLY_ACE)) &&
(ace->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)==
(aceNew->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)
) {