The branch, v3-0-test has been updated via 11fbc11e396a300aed04a37d44411d287d4c17d3 (commit) from 60289187a91e23787be581b824076651230245b2 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test - Log ----------------------------------------------------------------- commit 11fbc11e396a300aed04a37d44411d287d4c17d3 Author: Jeremy Allison <j...@samba.org> Date: Thu Jan 22 16:29:46 2009 -0800 Apply same logic fix for #4308 Excel save operation corrupts file ACLs to NFSv4 ACL code as this uses the same flawed logic as posix_acls.c. Jeremy. ----------------------------------------------------------------------- Summary of changes: source/modules/nfs4_acls.c | 79 +++++++++++++++++++------------------------- 1 files changed, 34 insertions(+), 45 deletions(-) Changeset truncated at 500 lines: diff --git a/source/modules/nfs4_acls.c b/source/modules/nfs4_acls.c index 8530a5d..b203828 100644 --- a/source/modules/nfs4_acls.c +++ b/source/modules/nfs4_acls.c @@ -587,9 +587,10 @@ BOOL smb_set_nt_acl_nfs4(files_struct *fsp, BOOL result; SMB_STRUCT_STAT sbuf; - BOOL need_chown = False; + BOOL set_acl_as_root = False; uid_t newUID = (uid_t)-1; gid_t newGID = (gid_t)-1; + int saved_errno; DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp->fsp_name)); @@ -617,56 +618,44 @@ BOOL smb_set_nt_acl_nfs4(files_struct *fsp, } if (((newUID != (uid_t)-1) && (sbuf.st_uid != newUID)) || ((newGID != (gid_t)-1) && (sbuf.st_gid != newGID))) { - need_chown = True; - } - if (need_chown) { - if ((newUID == (uid_t)-1 || newUID == current_user.ut.uid)) { - if(try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) { - DEBUG(3,("chown %s, %u, %u failed. Error = %s.\n", - fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID, strerror(errno) )); - return False; - } - DEBUG(10,("chown %s, %u, %u succeeded.\n", - fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID)); - if (smbacl4_GetFileOwner(fsp, &sbuf)) - return False; - need_chown = False; - } else { /* chown is needed, but _after_ changing acl */ - sbuf.st_uid = newUID; /* OWNER@ in case of e_special */ - sbuf.st_gid = newGID; /* GROUP@ in case of e_special */ + if(try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) { + DEBUG(3,("chown %s, %u, %u failed. Error = %s.\n", + fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID, strerror(errno) )); + return False; } + DEBUG(10,("chown %s, %u, %u succeeded.\n", + fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID)); + if (smbacl4_GetFileOwner(fsp, &sbuf)) + return False; + /* If we successfully chowned, we know we must + * be able to set the acl, so do it as root. + */ + set_acl_as_root = True; } } - if ((security_info_sent & DACL_SECURITY_INFORMATION)!=0 && psd->dacl!=NULL) - { - acl = smbacl4_win2nfs4(psd->dacl, ¶ms, sbuf.st_uid, sbuf.st_gid); - if (!acl) - return False; - - smbacl4_dump_nfs4acl(10, acl); - - result = set_nfs4_native(fsp, acl); - if (result!=True) - { - DEBUG(10, ("set_nfs4_native failed with %s\n", strerror(errno))); - return False; - } - } else + if (!(security_info_sent & DACL_SECURITY_INFORMATION) || psd->dacl ==NULL) { DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n", security_info_sent)); + return True; + } + acl = smbacl4_win2nfs4(psd->dacl, ¶ms, sbuf.st_uid, sbuf.st_gid); + if (!acl) + return False; - /* Any chown pending? */ - if (need_chown) { - DEBUG(3,("chown#2 %s. uid = %u, gid = %u.\n", - fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID)); - if (try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) { - DEBUG(2,("chown#2 %s, %u, %u failed. Error = %s.\n", - fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID, - strerror(errno))); - return False; - } - DEBUG(10,("chown#2 %s, %u, %u succeeded.\n", - fsp->fsp_name, (unsigned int)newUID, (unsigned int)newGID)); + smbacl4_dump_nfs4acl(10, acl); + + if (set_acl_as_root) { + become_root(); + } + result = set_nfs4_native(fsp, acl); + saved_errno = errno; + if (set_acl_as_root) { + unbecome_root(); + } + if (result!=True) { + errno = saved_errno; + DEBUG(10, ("set_nfs4_native failed with %s\n", strerror(errno))); + return False; } DEBUG(10, ("smb_set_nt_acl_nfs4 succeeded\n")); -- Samba Shared Repository