r24580: Grab last changes for 3.0.25c (in synjc with 3.0.25 branch svn r24571)samba-3.0.25c

4 files changed, 92 insertions, 26 deletions

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index def995a842a..6ce4e1be518 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -3,7 +3,7 @@
                              Aug 20, 2007
                    ===============================
 
-This is the fourth production release of the Samba 3.0.25 code 
+This is the latest production release of the Samba 3.0.25 code 
 base and is the version that servers should be run for for all 
 current bug fixes.  
 
@@ -59,11 +59,20 @@ o   Jeremy Allison <jra@samba.org>
       error codes in reply_opeNXXX() calls.
 
 
+o   Ofir Azoulay <Ofir.Azoulay@expand.com>
+    * Only look at errno set by SMB_VFS_CLOSE() if the call actually 
+      failed.
+
+
 o   Alexander Bokovoy <ab@samba.org>
     * Fix vfs_readahead: transparent modules should always pass 
       through.
 
 
+o   David S. Collier-Brown <davecb@spamcop.net>
+    * BUG 4897: Fix Solaris xattr misdeclarations.
+
+
 o   Guenther Deschner <gd@samba.org>
     * Remove redundant pointer checks when freeing memory in winbindd.
     * BUG 4408: Remove last traces of Heimdal KCM support.
diff --git a/source/lib/system.c b/source/lib/system.c
index 1094cd20d61..ac1add8fc19 100644
--- a/source/lib/system.c
+++ b/source/lib/system.c
@@ -1565,12 +1565,12 @@ int sys_dup2(int oldfd, int newfd)
 /******** Solaris EA helper function prototypes ********/
 #ifdef HAVE_ATTROPEN
 #define SOLARIS_ATTRMODE S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP
-int solaris_write_xattr(int attrfd, const char *value, size_t size);
-ssize_t solaris_read_xattr(int attrfd, void *value, size_t size);
-ssize_t solaris_list_xattr(int attrdirfd, char *list, size_t size);
-int solaris_unlinkat(int attrdirfd, const char *name);
-int solaris_attropen(const char *path, const char *attrpath, int oflag, mode_t mode);
-int solaris_openat(int fildes, const char *path, int oflag, mode_t mode);
+static int solaris_write_xattr(int attrfd, const char *value, size_t size);
+static ssize_t solaris_read_xattr(int attrfd, void *value, size_t size);
+static ssize_t solaris_list_xattr(int attrdirfd, char *list, size_t size);
+static int solaris_unlinkat(int attrdirfd, const char *name);
+static int solaris_attropen(const char *path, const char *attrpath, int oflag, mode_t mode);
+static int solaris_openat(int fildes, const char *path, int oflag, mode_t mode);
 #endif
 
 /**************************************************************************
diff --git a/source/libsmb/libsmbclient.c b/source/libsmb/libsmbclient.c
index e13b21f1115..2e00a3ca898 100644
--- a/source/libsmb/libsmbclient.c
+++ b/source/libsmb/libsmbclient.c
@@ -3748,32 +3748,94 @@ smbc_utimes_ctx(SMBCCTX *context,
 }
 
 
-/* The MSDN is contradictory over the ordering of ACE entries in an ACL.
-   However NT4 gives a "The information may have been modified by a
-   computer running Windows NT 5.0" if denied ACEs do not appear before
-   allowed ACEs. */
+/*
+ * Sort ACEs according to the documentation at
+ * http://support.microsoft.com/kb/269175, at least as far as it defines the
+ * order.
+ */
 
 static int
 ace_compare(SEC_ACE *ace1,
             SEC_ACE *ace2)
 {
-	if (sec_ace_equal(ace1, ace2)) 
+        BOOL b1;
+        BOOL b2;
+
+        /* If the ACEs are equal, we have nothing more to do. */
+        if (sec_ace_equal(ace1, ace2)) {
 		return 0;
+        }
 
-	if (ace1->type != ace2->type) 
+        /* Inherited follow non-inherited */
+        b1 = ((ace1->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
+        b2 = ((ace2->flags & SEC_ACE_FLAG_INHERITED_ACE) != 0);
+        if (b1 != b2) {
+                return (b1 ? 1 : -1);
+        }
+
+        /*
+         * What shall we do with AUDITs and ALARMs?  It's undefined.  We'll
+         * sort them after DENY and ALLOW.
+         */
+        b1 = (ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
+              ace1->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
+              ace1->type != SEC_ACE_TYPE_ACCESS_DENIED &&
+              ace1->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
+        b2 = (ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED &&
+              ace2->type != SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT &&
+              ace2->type != SEC_ACE_TYPE_ACCESS_DENIED &&
+              ace2->type != SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
+        if (b1 != b2) {
+                return (b1 ? 1 : -1);
+        }
+
+        /* Allowed ACEs follow denied ACEs */
+        b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
+              ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
+        b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED ||
+              ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT);
+        if (b1 != b2) {
+                return (b1 ? 1 : -1);
+        }
+
+        /*
+         * ACEs applying to an entity's object follow those applying to the
+         * entity itself
+         */
+        b1 = (ace1->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
+              ace1->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
+        b2 = (ace2->type == SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT ||
+              ace2->type == SEC_ACE_TYPE_ACCESS_DENIED_OBJECT);
+        if (b1 != b2) {
+                return (b1 ? 1 : -1);
+        }
+
+        /*
+         * If we get this far, the ACEs are similar as far as the
+         * characteristics we typically care about (those defined by the
+         * referenced MS document).  We'll now sort by characteristics that
+         * just seems reasonable.
+         */
+        
+	if (ace1->type != ace2->type) {
 		return ace2->type - ace1->type;
+        }
 
-	if (sid_compare(&ace1->trustee, &ace2->trustee)) 
+	if (sid_compare(&ace1->trustee, &ace2->trustee)) {
 		return sid_compare(&ace1->trustee, &ace2->trustee);
+        }
 
-	if (ace1->flags != ace2->flags) 
+	if (ace1->flags != ace2->flags) {
 		return ace1->flags - ace2->flags;
+        }
 
-	if (ace1->access_mask != ace2->access_mask) 
+	if (ace1->access_mask != ace2->access_mask) {
 		return ace1->access_mask - ace2->access_mask;
+        }
 
-	if (ace1->size != ace2->size) 
+	if (ace1->size != ace2->size) {
 		return ace1->size - ace2->size;
+        }
 
 	return memcmp(ace1, ace2, sizeof(SEC_ACE));
 }
@@ -5158,9 +5220,6 @@ cacl_set(TALLOC_CTX *ctx,
 	switch (mode) {
 	case SMBC_XATTR_MODE_REMOVE_ALL:
                 old->dacl->num_aces = 0;
-                prs_mem_free(old->dacl->aces);
-                prs_mem_free(&old->dacl);
-                old->dacl = NULL;
                 dacl = old->dacl;
                 break;
 
@@ -5177,11 +5236,6 @@ cacl_set(TALLOC_CTX *ctx,
                                                         old->dacl->aces[k+1];
 					}
 					old->dacl->num_aces--;
-					if (old->dacl->num_aces == 0) {
-                                                prs_mem_free(&old->dacl->aces);
-                                                prs_mem_free(&old->dacl);
-						old->dacl = NULL;
-					}
 					found = True;
                                         dacl = old->dacl;
 					break;
diff --git a/source/locking/posix.c b/source/locking/posix.c
index 62804eb8e34..dc54a341941 100644
--- a/source/locking/posix.c
+++ b/source/locking/posix.c
@@ -651,7 +651,10 @@ NTSTATUS fd_close_posix(struct connection_struct *conn, files_struct *fsp)
 		 */
 		ret = SMB_VFS_CLOSE(fsp,fsp->fh->fd);
 		fsp->fh->fd = -1;
-		return map_nt_error_from_unix(errno);
+		if (ret == -1) {
+			return map_nt_error_from_unix(errno);
+		}
+		return NT_STATUS_OK;
 	}
 
 	if (get_windows_lock_ref_count(fsp)) {