| commit | 02dd1fc3c777a49e4fa51982956dcdcc8761e0c9 | |
| author | Jeremy Allison <jra@samba.org> | |
| Thu, 7 Oct 2010 21:26:13 +0000 (7 14:26 -0700) | ||
| committer | Karolin Seeger <kseeger@samba.org> | |
| Thu, 11 Nov 2010 11:07:39 +0000 (11 12:07 +0100) | ||
| tree | da4c3fa06d22986cae2559a18c04624d2ca3c0af | treesnapshot (tar.gz zip) |
| parent | c4421a287c7e613c0c8da188a6ae8db37e90c8fc | commitdiff |
Fix bug 7716 - acl_xattr and acl_tdb modules don't store unmodified copies of security descriptors.
As pointed out by an OEM, the code within smbd/posix_acl.c, even though passed
a const pointer to a security descriptor, still modifies the ACE entries within
it (which are not const pointers).
This means ACLs stored in the extended attribute by the acl_xattr module have
already been modified by the POSIX acl layer, and are not the original intent
of storing the "unmodified" ACL from the client.
Use dup_sec_desc to make a copy of the incoming ACL on talloc_tos() - that
is what is then modified inside smbd/posix_acl.c, leaving the original ACL
to be correctly stored in the xattr.
Jeremy.
As pointed out by an OEM, the code within smbd/posix_acl.c, even though passed
a const pointer to a security descriptor, still modifies the ACE entries within
it (which are not const pointers).
This means ACLs stored in the extended attribute by the acl_xattr module have
already been modified by the POSIX acl layer, and are not the original intent
of storing the "unmodified" ACL from the client.
Use dup_sec_desc to make a copy of the incoming ACL on talloc_tos() - that
is what is then modified inside smbd/posix_acl.c, leaving the original ACL
to be correctly stored in the xattr.
Jeremy.
| source3/smbd/posix_acls.c | diffblobblamehistory |