For the vfs_acl_xattr.c module, make sure we map GENERIC file and directory bits

to specific bits every time a security descriptor is set. The S4 torture suite proves
that generic bits are not returned when querying an ACL set using them (ie. only
the specific bits are stored on disk).
Jeremy.

1 files changed, 18 insertions, 0 deletions

diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index 87e70bb95b..cab4261adf 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -176,6 +176,24 @@ void se_map_generic(uint32 *access_mask, const struct generic_mapping *mapping)
 	}
 }
 
+/* Map generic access rights to object specific rights for all the ACE's
+ * in a security_acl.
+ */
+
+void security_acl_map_generic(struct security_acl *sa,
+				const struct generic_mapping *mapping)
+{
+	unsigned int i;
+
+	if (!sa) {
+		return;
+	}
+
+	for (i = 0; i < sa->num_aces; i++) {
+		se_map_generic(&sa->aces[i].access_mask, mapping);
+	}
+}
+
 /* Map standard access rights to object specific rights.  This technique is
    used to give meaning to assigning read, write, execute and all access to
    objects.  Each type of object has its own mapping of standard to object