Fix bug 7716 - acl_xattr and acl_tdb modules don't store unmodified copies of security descriptors.

As pointed out by an OEM, the code within smbd/posix_acl.c, even though passed
a const pointer to a security descriptor, still modifies the ACE entries within
it (which are not const pointers).

This means ACLs stored in the extended attribute by the acl_xattr module have
already been modified by the POSIX acl layer, and are not the original intent
of storing the "unmodified" ACL from the client.

Use dup_sec_desc to make a copy of the incoming ACL on talloc_tos() - that
is what is then modified inside smbd/posix_acl.c, leaving the original ACL
to be correctly stored in the xattr.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Fri Oct  8 00:37:53 UTC 2010 on sn-devel-104

0 files changed, 0 insertions, 0 deletions