mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
9559c00d06
When inherting permissions on the created stream, we call into the VFS to fetch
the streams security descriptor via inherit_access_posix_acl() ->
copy_access_posix_acl() -> SMB_VFS_SYS_ACL_SET_FD() passing the stream fsp which
triggers the assert SMB_ASSERT(!fsp_is_alternate_stream(fsp)) in
vfswrap_sys_acl_set_fd() in vfs_default.
Just passing the base fsp to the VFS fixes this.
vfs_streams_depot which *does use* distinct backend filesystem files for the
streams, currently does not apply permissions to the stream files at all, so the
incomplete behaviour of vfs_streams_depot is not affected by this change.
If in the future someone want to fix this defficiency in vfs_streams_depot, the
module code can use fsp->stream_fsp to base decisions in VFS ops whether the
module should carry out some action.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15695
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 2 08:55:28 UTC 2024 on atb-devel-224
(cherry picked from commit
|
||
---|---|---|
.. | ||
bug-14810 | ||
claims-client-tool | ||
complex_expressions | ||
conditional_ace_claims | ||
dfs_paths | ||
dirsync | ||
dns | ||
dns-aging | ||
durable-v2-delay | ||
empty-domain-name | ||
getncchanges | ||
gkdi | ||
initshutdown | ||
kdc-salt | ||
kinit_trust | ||
krb5-no-preauth | ||
ldap | ||
ldap_spn | ||
lm-hash-support-gone | ||
modify-order | ||
multichannel | ||
netlogon | ||
nt-hash-support-gone | ||
ntlmv2-restrictions | ||
oneway | ||
priv_attr | ||
protected_users | ||
python-segfaults | ||
quota1 | ||
README | ||
replica_sync | ||
rpc-dfs | ||
rpc-netlogon-zerologon | ||
rw-invalid | ||
s3-logging | ||
s3-lsa-server | ||
samba3.rpc.samr | ||
samba3.vfs.fruit | ||
samba4.ldap.confidential_attr | ||
samba4.rpc.netlogon-s3 | ||
samba4.rpc.samr | ||
samba-tool-user-get-kerberos-ticket | ||
security-descriptors | ||
sid-strings | ||
silo-client-tool | ||
smb1-tests | ||
smb2.replay | ||
smb2.session | ||
smbclient_machine_auth.plain | ||
smbclient-smb3 | ||
source3-epmapper | ||
srvsvc | ||
symlink | ||
uac_objectclass_restrict | ||
upn_handling | ||
usage | ||
user_getpassword_gmsa | ||
vlv | ||
wkssvc |
# Files in this directory contain lists of regular expressions # matching the names of tests that are temporarily expected to fail. # # Tests that are intended to *always* fail (e.g. to prove that the # test can't succeed under certain conditions) should be added under # selftest/expectedfail.d instead. # # "make test" will not report failures for tests listed here and will consider # a successful run for any of these tests an error. # # Empty lines and lines beginning with '#' are ignored. # Please don't add tests to this README!