Add FILE_OPEN_NO_RECALL to NtOpenFile calls trying to fetch
or write file security descriptors so as not to recall them
from offline storage inadvertently.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
When creating the POSIX ACL rewrite, the code merging permissions from
everyone/group to group/user ACEs was accidentally called for newly
generated files as well.
This could result in broken permissions, if umask used unusual values
like "0100", granted permissions to everyone/group not granted to
group/user.
Make sure to skip permission merging if the file got just created and
we only want to set correct permissions for the first time.
Fixes: bc444e5aa4 ("Reapply POSIX ACL changes.")
Reported-by: Jon Turney <jon.turney@dronecode.org.uk>
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Avoid the mistake fixed in the preceeding commit by passing
the mode_t argument by reference. This also affects a couple
other functions calling get_posix_access in turn.
Fixes: bc444e5aa4 ("Reapply POSIX ACL changes.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Older coreutils created directories with mode bits filtered through
umask. Newer coreutils creates directories with full permissions,
0777 by default.
This new coreutils behaviour uncovered the fact that default ACEs for
newly created directories were not filtered by umask starting with
commit bc444e5aa4.
Fix it by applying umask on the default ACEs.
Fixes: bc444e5aa4 ("Reapply POSIX ACL change.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
So far we use a single muto to guard three different datastructures
inside class authz_ctx: the authz HANDLE, the user context HANDLE
and the context cache list. Split the single muto into three
independent SRWLOCKs and guard all datastrcutures as necessary to
avoid thread contention.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Corinna Vinschen