git.ipfire.org Git - thirdparty/samba.git/commit

author	Ralph Boehme <slow@samba.org>
	Fri, 5 Jul 2024 14:22:18 +0000 (16:22 +0200)
committer	Volker Lendecke <vl@samba.org>
	Mon, 2 Sep 2024 08:55:28 +0000 (08:55 +0000)
commit	ecb8a99a2c7ba36f9adc50ef13cd8465a0c49b19
tree	732607f9b34b8d1ef0773d0dad974808e6de510e	tree
parent	09835608307ff2580f1aada84d44feddae17c80f	commit \| diff

smbd: use metadata_fsp(fsp) in copy_access_posix_acl() for SMB_VFS_SYS_ACL_SET_FD

When inherting permissions on the created stream, we call into the VFS to fetch
the streams security descriptor via inherit_access_posix_acl() ->
copy_access_posix_acl() -> SMB_VFS_SYS_ACL_SET_FD() passing the stream fsp which
triggers the assert SMB_ASSERT(!fsp_is_alternate_stream(fsp)) in
vfswrap_sys_acl_set_fd() in vfs_default.

Just passing the base fsp to the VFS fixes this.

vfs_streams_depot which *does use* distinct backend filesystem files for the
streams, currently does not apply permissions to the stream files at all, so the
incomplete behaviour of vfs_streams_depot is not affected by this change.

If in the future someone want to fix this defficiency in vfs_streams_depot, the
module code can use fsp->stream_fsp to base decisions in VFS ops whether the
module should carry out some action.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15695

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 2 08:55:28 UTC 2024 on atb-devel-224

selftest/knownfail.d/samba3.smb2.stream-inherit-perms	[deleted file]	blob \| blame \| history
source3/smbd/posix_acls.c		diff \| blob \| blame \| history