[SCM] Samba Shared Repository - branch v3-0-test updated - release-3-0-32-124-g11fbc11

Thu, 22 Jan 2009 16:30:49 -0800 

The branch, v3-0-test has been updated
       via  11fbc11e396a300aed04a37d44411d287d4c17d3 (commit)
      from  60289187a91e23787be581b824076651230245b2 (commit)

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-0-test


- Log -----------------------------------------------------------------
commit 11fbc11e396a300aed04a37d44411d287d4c17d3
Author: Jeremy Allison <j...@samba.org>
Date:   Thu Jan 22 16:29:46 2009 -0800

    Apply same logic fix for #4308 Excel save operation corrupts file ACLs
    to NFSv4 ACL code as this uses the same flawed logic as posix_acls.c.
    Jeremy.

-----------------------------------------------------------------------

Summary of changes:
 source/modules/nfs4_acls.c |   79 +++++++++++++++++++-------------------------
 1 files changed, 34 insertions(+), 45 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source/modules/nfs4_acls.c b/source/modules/nfs4_acls.c
index 8530a5d..b203828 100644
--- a/source/modules/nfs4_acls.c
+++ b/source/modules/nfs4_acls.c
@@ -587,9 +587,10 @@ BOOL smb_set_nt_acl_nfs4(files_struct *fsp,
        BOOL    result;
 
        SMB_STRUCT_STAT sbuf;
-       BOOL need_chown = False;
+       BOOL set_acl_as_root = False;
        uid_t newUID = (uid_t)-1;
        gid_t newGID = (gid_t)-1;
+       int saved_errno;
 
        DEBUG(10, ("smb_set_nt_acl_nfs4 invoked for %s\n", fsp->fsp_name));
 
@@ -617,56 +618,44 @@ BOOL smb_set_nt_acl_nfs4(files_struct *fsp,
                }
                if (((newUID != (uid_t)-1) && (sbuf.st_uid != newUID)) ||
                        ((newGID != (gid_t)-1) && (sbuf.st_gid != newGID))) {
-                       need_chown = True;
-               }
-               if (need_chown) {
-                       if ((newUID == (uid_t)-1 || newUID == 
current_user.ut.uid)) {
-                               if(try_chown(fsp->conn, fsp->fsp_name, newUID, 
newGID)) {
-                                       DEBUG(3,("chown %s, %u, %u failed. 
Error = %s.\n",
-                                               fsp->fsp_name, (unsigned 
int)newUID, (unsigned int)newGID, strerror(errno) ));
-                                       return False;
-                               }
-                               DEBUG(10,("chown %s, %u, %u succeeded.\n",
-                                       fsp->fsp_name, (unsigned int)newUID, 
(unsigned int)newGID));
-                               if (smbacl4_GetFileOwner(fsp, &sbuf))
-                                       return False;
-                               need_chown = False;
-                       } else { /* chown is needed, but _after_ changing acl */
-                               sbuf.st_uid = newUID; /* OWNER@ in case of 
e_special */
-                               sbuf.st_gid = newGID; /* GROUP@ in case of 
e_special */
+                       if(try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) 
{
+                               DEBUG(3,("chown %s, %u, %u failed. Error = 
%s.\n",
+                                       fsp->fsp_name, (unsigned int)newUID, 
(unsigned int)newGID, strerror(errno) ));
+                               return False;
                        }
+                       DEBUG(10,("chown %s, %u, %u succeeded.\n",
+                               fsp->fsp_name, (unsigned int)newUID, (unsigned 
int)newGID));
+                       if (smbacl4_GetFileOwner(fsp, &sbuf))
+                               return False;
+                       /* If we successfully chowned, we know we must
+                        * be able to set the acl, so do it as root.
+                        */
+                       set_acl_as_root = True;
                }
        }
 
-       if ((security_info_sent & DACL_SECURITY_INFORMATION)!=0 && 
psd->dacl!=NULL)
-       {
-               acl = smbacl4_win2nfs4(psd->dacl, &params, sbuf.st_uid, 
sbuf.st_gid);
-               if (!acl)
-                       return False;
-
-               smbacl4_dump_nfs4acl(10, acl);
-
-               result = set_nfs4_native(fsp, acl);
-               if (result!=True)
-               {
-                       DEBUG(10, ("set_nfs4_native failed with %s\n", 
strerror(errno)));
-                       return False;
-               }
-       } else
+       if (!(security_info_sent & DACL_SECURITY_INFORMATION) || psd->dacl 
==NULL) {
                DEBUG(10, ("no dacl found; security_info_sent = 0x%x\n", 
security_info_sent));
+               return True;
+       }
+       acl = smbacl4_win2nfs4(psd->dacl, &params, sbuf.st_uid, sbuf.st_gid);
+       if (!acl)
+               return False;
 
-       /* Any chown pending? */
-       if (need_chown) {
-               DEBUG(3,("chown#2 %s. uid = %u, gid = %u.\n",
-                       fsp->fsp_name, (unsigned int)newUID, (unsigned 
int)newGID));
-               if (try_chown(fsp->conn, fsp->fsp_name, newUID, newGID)) {
-                       DEBUG(2,("chown#2 %s, %u, %u failed. Error = %s.\n",
-                               fsp->fsp_name, (unsigned int)newUID, (unsigned 
int)newGID,
-                               strerror(errno)));
-                       return False;
-               }
-               DEBUG(10,("chown#2 %s, %u, %u succeeded.\n",
-                       fsp->fsp_name, (unsigned int)newUID, (unsigned 
int)newGID));
+       smbacl4_dump_nfs4acl(10, acl);
+
+       if (set_acl_as_root) {
+               become_root();
+       }
+       result = set_nfs4_native(fsp, acl);
+       saved_errno = errno;
+       if (set_acl_as_root) {
+               unbecome_root();
+       }
+       if (result!=True) {
+               errno = saved_errno;
+               DEBUG(10, ("set_nfs4_native failed with %s\n", 
strerror(errno)));
+               return False;
        }
 
        DEBUG(10, ("smb_set_nt_acl_nfs4 succeeded\n"));


-- 
Samba Shared Repository

Reply via email to