diff options
| author | Jeremy Allison <jra@samba.org> | 2008-11-08 22:57:57 -0800 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2008-11-08 22:57:57 -0800 |
| commit | 813bf8b4f463199b7c2d3cddab7056b8a68a0b70 (patch) | |
| tree | 885592519c4e174f744e0dba3d9c4c9a1340c74e /source3 | |
| parent | 5a33e906f651ea84ec909fd6453e13a9489bd391 (diff) | |
| download | samba-813bf8b4f463199b7c2d3cddab7056b8a68a0b70.tar.gz samba-813bf8b4f463199b7c2d3cddab7056b8a68a0b70.tar.bz2 samba-813bf8b4f463199b7c2d3cddab7056b8a68a0b70.zip | |
Fix a subtle logic bug in the adaption of se_create_child_secdesc(), pass RAW-ACL inheritance tests. Only access masks for SD get/set left to fix.
Jeremy.
Diffstat (limited to 'source3')
| -rw-r--r-- | source3/lib/secdesc.c | 3 | ||||
| -rw-r--r-- | source3/modules/vfs_acl_xattr.c | 21 |
2 files changed, 23 insertions, 1 deletions
diff --git a/source3/lib/secdesc.c b/source3/lib/secdesc.c index de547d815f..df85336603 100644 --- a/source3/lib/secdesc.c +++ b/source3/lib/secdesc.c @@ -546,6 +546,9 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx, ptrustee = creator; new_flags |= SEC_ACE_FLAG_INHERIT_ONLY; + } else if (container && + !(ace->flags & SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) { + ptrustee = &ace->trustee; } init_sec_ace(new_ace, ptrustee, ace->type, diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c index 209209d287..a5d93950f6 100644 --- a/source3/modules/vfs_acl_xattr.c +++ b/source3/modules/vfs_acl_xattr.c @@ -363,10 +363,18 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, status = get_nt_acl_xattr_internal(handle, NULL, parent_name, - DACL_SECURITY_INFORMATION, + (OWNER_SECURITY_INFORMATION | + GROUP_SECURITY_INFORMATION | + DACL_SECURITY_INFORMATION), &parent_desc); if (NT_STATUS_IS_OK(status)) { /* Create an inherited descriptor from the parent. */ + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("inherit_new_acl: parent acl is:\n")); + NDR_PRINT_DEBUG(security_descriptor, parent_desc); + } + status = se_create_child_secdesc(ctx, &psd, &size, @@ -377,6 +385,12 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, if (!NT_STATUS_IS_OK(status)) { return status; } + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("inherit_new_acl: child acl is:\n")); + NDR_PRINT_DEBUG(security_descriptor, psd); + } + } else { DEBUG(10,("inherit_new_acl: directory %s failed " "to get acl %s\n", @@ -401,6 +415,11 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, if (!psd) { return NT_STATUS_NO_MEMORY; } + + if (DEBUGLEVEL >= 10) { + DEBUG(10,("inherit_new_acl: default acl is:\n")); + NDR_PRINT_DEBUG(security_descriptor, psd); + } } status = create_acl_blob(psd, &blob); |