diff options
author | Jeremy Allison <jra@samba.org> | 2011-06-07 12:36:24 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2011-06-14 12:59:18 +0200 |
commit | aa1fbfa3056dc59262603d7bca73307643b916be (patch) | |
tree | 34ada82ed5aad59a64698c33b0c79f1830ba3b9a | |
parent | ee677cf7f807716d3169fe7ce9aea66ac887fd23 (diff) | |
download | samba-aa1fbfa3056dc59262603d7bca73307643b916be.tar.gz |
Fix re-opened bug 8083 - "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module.
Fix incorrect interaction when all of
"inherit permissions = yes"
"inherit acls = yes"
"inherit owner = yes"
are set. Found by Björn Jacke. Thanks Björn !
(cherry picked from commit b5011e4c2cee39d4334c04ce7c8adc43a8ca7e6b)
-rw-r--r-- | source3/modules/vfs_acl_common.c | 21 |
1 files changed, 17 insertions, 4 deletions
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index a71bca66d67..ee33f21d44f 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -443,10 +443,14 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, struct security_descriptor *psd = NULL; struct dom_sid *owner_sid = NULL; struct dom_sid *group_sid = NULL; + uint32_t security_info_sent = (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION); size_t size; bool inherit_owner = lp_inherit_owner(SNUM(handle->conn)); + bool inheritable_components = sd_has_inheritable_components(parent_desc, + is_directory); - if (!sd_has_inheritable_components(parent_desc, is_directory)) { + if (!inheritable_components && !inherit_owner) { + /* Nothing to inherit and not setting owner. */ return NT_STATUS_OK; } @@ -482,6 +486,17 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, return status; } + /* If inheritable_components == false, + se_create_child_secdesc() + creates a security desriptor with a NULL dacl + entry, but with SEC_DESC_DACL_PRESENT. We need + to remove that flag. */ + + if (!inheritable_components) { + security_info_sent &= ~SECINFO_DACL; + psd->type &= ~SEC_DESC_DACL_PRESENT; + } + if (DEBUGLEVEL >= 10) { DEBUG(10,("inherit_new_acl: child acl for %s is:\n", fsp_str_dbg(fsp) )); @@ -493,9 +508,7 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle, become_root(); } status = SMB_VFS_FSET_NT_ACL(fsp, - (OWNER_SECURITY_INFORMATION | - GROUP_SECURITY_INFORMATION | - DACL_SECURITY_INFORMATION), + security_info_sent, psd); if (inherit_owner) { unbecome_root(); |