From 7d6ebe0de7d99c20854cafb8af50fe8f30ed778a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 5 May 2011 16:19:49 -0700 Subject: More const fixes. Remove CONST_DISCARD. --- source3/modules/vfs_acl_common.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/modules/vfs_acl_common.c') diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index 6c57acb13d..a1771464fa 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -144,7 +144,7 @@ static NTSTATUS create_acl_blob(const struct security_descriptor *psd, xacl.version = 3; xacl.info.sd_hs3 = &sd_hs3; - xacl.info.sd_hs3->sd = CONST_DISCARD(struct security_descriptor *, psd); + xacl.info.sd_hs3->sd = discard_const_p(struct security_descriptor, psd); xacl.info.sd_hs3->hash_type = hash_type; memcpy(&xacl.info.sd_hs3->hash[0], hash, XATTR_SD_HASH_SIZE); @@ -190,7 +190,7 @@ static void add_directory_inheritable_components(vfs_handle_struct *handle, /* Fake a quick smb_filename. */ ZERO_STRUCT(smb_fname); smb_fname.st = *psbuf; - smb_fname.base_name = CONST_DISCARD(char *, name); + smb_fname.base_name = discard_const_p(char, name); dir_mode = unix_mode(conn, FILE_ATTRIBUTE_DIRECTORY, &smb_fname, NULL); @@ -729,7 +729,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n", fsp_str_dbg(fsp))); NDR_PRINT_DEBUG(security_descriptor, - CONST_DISCARD(struct security_descriptor *,orig_psd)); + discard_const_p(struct security_descriptor, orig_psd)); } status = get_nt_acl_internal(handle, fsp, @@ -784,7 +784,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp, DEBUG(10,("fset_nt_acl_xattr: storing xattr sd for file %s\n", fsp_str_dbg(fsp))); NDR_PRINT_DEBUG(security_descriptor, - CONST_DISCARD(struct security_descriptor *,psd)); + discard_const_p(struct security_descriptor, psd)); } create_acl_blob(psd, &blob, XATTR_SD_HASH_TYPE_SHA256, hash); store_acl_blob_fsp(handle, fsp, &blob); @@ -836,7 +836,7 @@ static int acl_common_remove_object(vfs_handle_struct *handle, } ZERO_STRUCT(local_fname); - local_fname.base_name = CONST_DISCARD(char *,final_component); + local_fname.base_name = discard_const_p(char, final_component); /* Must use lstat here. */ ret = SMB_VFS_LSTAT(conn, &local_fname); -- cgit From aff6c52370f853d447fc089796b0e4aa29c24d75 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 7 Jun 2011 11:54:35 -0700 Subject: Fix re-opened bug 8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fix incorrect interaction when all of "inherit permissions = yes" "inherit acls = yes" "inherit owner = yes" are set. Found by Björn Jacke. Thanks Björn ! Autobuild-User: Jeremy Allison Autobuild-Date: Tue Jun 7 22:32:18 CEST 2011 on sn-devel-104 --- source3/modules/vfs_acl_common.c | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) (limited to 'source3/modules/vfs_acl_common.c') diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index a1771464fa..fc9c3cd2d4 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -448,10 +448,14 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, struct security_descriptor *psd = NULL; struct dom_sid *owner_sid = NULL; struct dom_sid *group_sid = NULL; + uint32_t security_info_sent = (SECINFO_OWNER | SECINFO_GROUP | SECINFO_DACL); bool inherit_owner = lp_inherit_owner(SNUM(handle->conn)); + bool inheritable_components = sd_has_inheritable_components(parent_desc, + is_directory); size_t size; - if (!sd_has_inheritable_components(parent_desc, is_directory)) { + if (!inheritable_components && !inherit_owner) { + /* Nothing to inherit and not setting owner. */ return NT_STATUS_OK; } @@ -487,6 +491,17 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, return status; } + /* If inheritable_components == false, + se_create_child_secdesc() + creates a security desriptor with a NULL dacl + entry, but with SEC_DESC_DACL_PRESENT. We need + to remove that flag. */ + + if (!inheritable_components) { + security_info_sent &= ~SECINFO_DACL; + psd->type &= ~SEC_DESC_DACL_PRESENT; + } + if (DEBUGLEVEL >= 10) { DEBUG(10,("inherit_new_acl: child acl for %s is:\n", fsp_str_dbg(fsp) )); @@ -498,9 +513,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, become_root(); } status = SMB_VFS_FSET_NT_ACL(fsp, - (SECINFO_OWNER | - SECINFO_GROUP | - SECINFO_DACL), + security_info_sent, psd); if (inherit_owner) { unbecome_root(); -- cgit From 5e26e94092b56ee47e7ec7837f7cd0feb3fb0119 Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Tue, 7 Jun 2011 11:58:39 +1000 Subject: s3-talloc Change TALLOC_ZERO_ARRAY() to talloc_zero_array() Using the standard macro makes it easier to move code into common, as TALLOC_ZERO_ARRAY isn't standard talloc. --- source3/modules/vfs_acl_common.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'source3/modules/vfs_acl_common.c') diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index fc9c3cd2d4..bee7966dfc 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -179,7 +179,7 @@ static void add_directory_inheritable_components(vfs_handle_struct *handle, mode_t dir_mode; mode_t file_mode; mode_t mode; - struct security_ace *new_ace_list = TALLOC_ZERO_ARRAY(talloc_tos(), + struct security_ace *new_ace_list = talloc_zero_array(talloc_tos(), struct security_ace, num_aces + 3); -- cgit