The branch, v3-6-test has been updated
via faafade Bugfix for #8857 - Setting traverse rights fails to enable
directory traversal when acl_xattr in use.
via bed05b8 Fix incorrect debug - parent_name is never set !
from 815ba9d Fix bug #8831 - Inconsistent (with manpage) command-line
switch for "help" in smbtree
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit faafade5dd948918a27284b82384340995d1bf55
Author: Jeremy Allison <[email protected]>
Date: Mon Apr 16 18:17:25 2012 -0700
Bugfix for #8857 - Setting traverse rights fails to enable directory
traversal when acl_xattr in use.
We were incorrectly checking the parent directory ACL, instead
of the ACL of the directory we're trying to open.
commit bed05b8d6b10c77a98a73318ba483bafcccb8a34
Author: Jeremy Allison <[email protected]>
Date: Mon Apr 16 18:04:51 2012 -0700
Fix incorrect debug - parent_name is never set !
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_acl_common.c | 39 +++++++++++++++++++++++++++++++++----
1 files changed, 34 insertions(+), 5 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 016bb9f..097fd20 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -559,7 +559,6 @@ static NTSTATUS check_parent_acl_common(vfs_handle_struct
*handle,
uint32_t access_mask,
struct security_descriptor **pp_parent_desc)
{
- char *parent_name = NULL;
struct security_descriptor *parent_desc = NULL;
uint32_t access_granted = 0;
NTSTATUS status;
@@ -578,9 +577,8 @@ static NTSTATUS check_parent_acl_common(vfs_handle_struct
*handle,
&access_granted);
if(!NT_STATUS_IS_OK(status)) {
DEBUG(10,("check_parent_acl_common: access check "
- "on directory %s for "
+ "on parent directory of "
"path %s for mask 0x%x returned %s\n",
- parent_name,
path,
access_mask,
nt_errstr(status) ));
@@ -815,13 +813,44 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct
*handle, files_struct *fsp,
static SMB_STRUCT_DIR *opendir_acl_common(vfs_handle_struct *handle,
const char *fname, const char *mask, uint32 attr)
{
- NTSTATUS status = check_parent_acl_common(handle, fname,
- SEC_DIR_LIST, NULL);
+ NTSTATUS status;
+ uint32_t access_granted = 0;
+ struct security_descriptor *sd = NULL;
+ status = get_nt_acl_internal(handle,
+ NULL,
+ fname,
+ (SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL |
+ SECINFO_SACL),
+ &sd);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("opendir_acl_common: "
+ "get_nt_acl_internal for dir %s "
+ "failed with error %s\n",
+ fname,
+ nt_errstr(status) ));
+ errno = map_errno_from_nt_status(status);
+ return NULL;
+ }
+
+ /* See if we can access it. */
+ status = smb1_file_se_access_check(handle->conn,
+ sd,
+ get_current_nttok(handle->conn),
+ SEC_DIR_LIST,
+ &access_granted);
if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("opendir_acl_common: %s open "
+ "for access SEC_DIR_LIST "
+ "refused with error %s\n",
+ fname,
+ nt_errstr(status) ));
errno = map_errno_from_nt_status(status);
return NULL;
}
+
return SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
}
--
Samba Shared Repository
