diff options
| author | Jeremy Allison <jra@samba.org> | 2011-06-07 11:54:35 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2011-06-07 22:32:18 +0200 |
| commit | aff6c52370f853d447fc089796b0e4aa29c24d75 (patch) | |
| tree | dfa54273cbdb3434d30b29c573838c48f61cd432 /source3/modules/vfs_acl_common.c | |
| parent | c3ac298a1fe4f5cada6d09376e2d4a3df271a093 (diff) | |
| download | samba-aff6c52370f853d447fc089796b0e4aa29c24d75.tar.gz samba-aff6c52370f853d447fc089796b0e4aa29c24d75.tar.bz2 samba-aff6c52370f853d447fc089796b0e4aa29c24d75.zip | |
Fix re-opened bug 8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module.
Fix incorrect interaction when all of
"inherit permissions = yes"
"inherit acls = yes"
"inherit owner = yes"
are set. Found by Björn Jacke. Thanks Björn !
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Jun 7 22:32:18 CEST 2011 on sn-devel-104
Diffstat (limited to 'source3/modules/vfs_acl_common.c')
| -rw-r--r-- | source3/modules/vfs_acl_common.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index a1771464fa..fc9c3cd2d4 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -448,10 +448,14 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, struct security_descriptor *psd = NULL; struct dom_sid *owner_sid = NULL; struct dom_sid *group_sid = NULL; + uint32_t security_info_sent = (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL); bool inherit_owner = lp_inherit_owner(SNUM(handle->conn)); + bool inheritable_components = sd_has_inheritable_components(parent_desc, + is_directory); size_t size; - if (!sd_has_inheritable_components(parent_desc, is_directory)) { + if (!inheritable_components && !inherit_owner) { + /* Nothing to inherit and not setting owner. */ return NT_STATUS_OK; } @@ -487,6 +491,17 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, return status; } + /* If inheritable_components == false, + se_create_child_secdesc() + creates a security desriptor with a NULL dacl + entry, but with SEC_DESC_DACL_PRESENT. We need + to remove that flag. */ + + if (!inheritable_components) { + security_info_sent &= ~SECINFO_DACL; + psd->type &= ~SEC_DESC_DACL_PRESENT; + } + if (DEBUGLEVEL >= 10) { DEBUG(10,("inherit_new_acl: child acl for %s is:\n", fsp_str_dbg(fsp) )); @@ -498,9 +513,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, become_root(); } status = SMB_VFS_FSET_NT_ACL(fsp, - (SECINFO_OWNER | - SECINFO_GROUP | - SECINFO_DACL), + security_info_sent, psd); if (inherit_owner) { unbecome_root(); |