git.samba.org / obnox / samba-ctdb.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 450d480)
do not merge ACEs with different SMB_ACE4_INHERIT_ONLY_ACE flag, this leads to wrong...
authorChristian Ambach <christian.ambach@de.ibm.com>
Sun, 5 Jul 2009 14:03:15 +0000 (16:03 +0200)
committerMichael Adam <obnox@samba.org>
Mon, 7 Sep 2009 10:42:27 +0000 (12:42 +0200)
user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly
 (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (X)DELETE    (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

group:10000005:rwxc:allow
 (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (X)DELETE    (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly
 (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (X)DELETE    (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

would be merged to

user:10000036:rwxc:allow:FileInherit:DirInherit:InheritOnly
 (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (X)DELETE    (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

group:10000005:rwxc:allow:FileInherit:DirInherit:InheritOnly
 (X)READ/LIST (X)WRITE/CREATE (X)MKDIR (X)SYNCHRONIZE (X)READ_ACL  (X)READ_ATTR  (X)READ_NAMED
 (X)DELETE    (X)DELETE_CHILD (X)CHOWN (X)EXEC/SEARCH (X)WRITE_ACL (X)WRITE_ATTR (X)WRITE_NAMED

so the explicit right for the user on the parent directory will be gone (the InheritOnly flag only accounts to subdirectories)
thus leaving the user without access to the directory itself

Signed-off-by: Christian Ambach <christian.ambach@de.ibm.com>
(cherry picked from commit 5e7da42f6ea768a1e2eeeb15b8b2c41cdfcac94f)

Signed-off-by: Michael Adam <obnox@samba.org>
source/modules/nfs4_acls.c patch | blob | history

diff --git a/source/modules/nfs4_acls.c b/source/modules/nfs4_acls.c
index 515272c3a4d492207900794052b49136a0ce71b1..318f3dca99c0a572b2c3d3b4d74fe2bfd5191384 100644 (file)
--- a/source/modules/nfs4_acls.c
+++ b/source/modules/nfs4_acls.c
@@ -451,8 +451,15 @@ static SMB_ACE4PROP_T *smbacl4_find_equal_special(
        for(aceint = aclint->first; aceint!=NULL; aceint=(SMB_ACE4_INT_T *)aceint->next) {
                SMB_ACE4PROP_T *ace = &aceint->prop;
 
+                DEBUG(10,("ace type:0x%x flags:0x%x aceFlags:0x%x "
+                         "new type:0x%x flags:0x%x aceFlags:0x%x\n",
+                         ace->aceType, ace->flags, ace->aceFlags,
+                         aceNew->aceType, aceNew->flags,aceNew->aceFlags));
+
                if (ace->flags == aceNew->flags &&
                        ace->aceType==aceNew->aceType &&
+                       ((ace->aceFlags&SMB_ACE4_INHERIT_ONLY_ACE)==
+                        (aceNew->aceFlags&SMB_ACE4_INHERIT_ONLY_ACE)) &&
                        (ace->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)==
                        (aceNew->aceFlags&SMB_ACE4_IDENTIFIER_GROUP)
                ) {
SAMBA-CTDB repository