[SCM] Samba Shared Repository - branch v3-3-test updated - release-3-2-0pre2-4349-gf383a51

Sat, 08 Nov 2008 22:59:45 -0800 

The branch, v3-3-test has been updated
       via  f383a518f68568c36edc7f438d903d3636a42d45 (commit)
      from  76f7291b264084d24ea85956b6c98361417cdc71 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test


- Log -----------------------------------------------------------------
commit f383a518f68568c36edc7f438d903d3636a42d45
Author: Jeremy Allison <[EMAIL PROTECTED]>
Date:   Sat Nov 8 22:58:59 2008 -0800

    Fix a subtle logic bug in the adaption of se_create_child_secdesc(), pass 
RAW-ACL inheritance tests. Only access masks for SD get/set left to fix.
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source/lib/secdesc.c           |    3 +++
 source/modules/vfs_acl_xattr.c |   21 ++++++++++++++++++++-
 2 files changed, 23 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/lib/secdesc.c b/source/lib/secdesc.c
index a49ee8d..96806b3 100644
--- a/source/lib/secdesc.c
+++ b/source/lib/secdesc.c
@@ -546,6 +546,9 @@ NTSTATUS se_create_child_secdesc(TALLOC_CTX *ctx,
 
                        ptrustee = creator;
                        new_flags |= SEC_ACE_FLAG_INHERIT_ONLY;
+               } else if (container &&
+                               !(ace->flags & 
SEC_ACE_FLAG_NO_PROPAGATE_INHERIT)) {
+                       ptrustee = &ace->trustee;
                }
 
                init_sec_ace(new_ace, ptrustee, ace->type,
diff --git a/source/modules/vfs_acl_xattr.c b/source/modules/vfs_acl_xattr.c
index ee0c16e..6f1c1a3 100644
--- a/source/modules/vfs_acl_xattr.c
+++ b/source/modules/vfs_acl_xattr.c
@@ -363,10 +363,18 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
        status = get_nt_acl_xattr_internal(handle,
                                        NULL,
                                        parent_name,
-                                       DACL_SECURITY_INFORMATION,
+                                       (OWNER_SECURITY_INFORMATION |
+                                        GROUP_SECURITY_INFORMATION |
+                                        DACL_SECURITY_INFORMATION),
                                        &parent_desc);
         if (NT_STATUS_IS_OK(status)) {
                /* Create an inherited descriptor from the parent. */
+
+               if (DEBUGLEVEL >= 10) {
+                       DEBUG(10,("inherit_new_acl: parent acl is:\n"));
+                       NDR_PRINT_DEBUG(security_descriptor, parent_desc);
+               }
+
                status = se_create_child_secdesc(ctx,
                                &psd,
                                &size,
@@ -377,6 +385,12 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
                if (!NT_STATUS_IS_OK(status)) {
                        return status;
                }
+
+               if (DEBUGLEVEL >= 10) {
+                       DEBUG(10,("inherit_new_acl: child acl is:\n"));
+                       NDR_PRINT_DEBUG(security_descriptor, psd);
+               }
+
        } else {
                DEBUG(10,("inherit_new_acl: directory %s failed "
                        "to get acl %s\n",
@@ -401,6 +415,11 @@ static NTSTATUS inherit_new_acl(vfs_handle_struct *handle,
                if (!psd) {
                        return NT_STATUS_NO_MEMORY;
                }
+
+               if (DEBUGLEVEL >= 10) {
+                       DEBUG(10,("inherit_new_acl: default acl is:\n"));
+                       NDR_PRINT_DEBUG(security_descriptor, psd);
+               }
        }
 
        status = create_acl_blob(psd, &blob);


-- 
Samba Shared Repository

Reply via email to