summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2011-09-02 11:21:08 -0700
committerJeremy Allison <jra@samba.org>2011-09-02 11:21:08 -0700
commit2b935b49f3d975759eb1cbcf2b11bf7c9d982804 (patch)
treeb84de03234e3acc18401e74577da007810fb03a5 /source3/smbd
parentdfbffac9777afb021997fb082601181cb516dc13 (diff)
downloadsamba-2b935b49f3d975759eb1cbcf2b11bf7c9d982804.tar.gz
samba-2b935b49f3d975759eb1cbcf2b11bf7c9d982804.tar.bz2
samba-2b935b49f3d975759eb1cbcf2b11bf7c9d982804.zip
Part 1 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)
Remove the code I added for bug "6878 - Cannot change ACL's inherit flag". It is incorrect and causes the POSIX ACL ACL_USER_OBJ duplication.
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/posix_acls.c72
1 files changed, 0 insertions, 72 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index da25a52b8d..57704f397b 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1538,50 +1538,6 @@ static void check_owning_objs(canon_ace *ace, struct dom_sid *pfile_owner_sid, s
}
/****************************************************************************
- If an ACE entry is SMB_ACL_USER_OBJ and not CREATOR_OWNER, map to SMB_ACL_USER.
- If an ACE entry is SMB_ACL_GROUP_OBJ and not CREATOR_GROUP, map to SMB_ACL_GROUP
-****************************************************************************/
-
-static bool dup_owning_ace(canon_ace *dir_ace, canon_ace *ace)
-{
- /* dir ace must be followings.
- SMB_ACL_USER_OBJ : trustee(CREATOR_OWNER) -> Posix ACL d:u::perm
- SMB_ACL_USER : not trustee -> Posix ACL u:user:perm
- SMB_ACL_USER_OBJ : trustee -> convert to SMB_ACL_USER : trustee
- Posix ACL u:trustee:perm
-
- SMB_ACL_GROUP_OBJ: trustee(CREATOR_GROUP) -> Posix ACL d:g::perm
- SMB_ACL_GROUP : not trustee -> Posix ACL g:group:perm
- SMB_ACL_GROUP_OBJ: trustee -> convert to SMB_ACL_GROUP : trustee
- Posix ACL g:trustee:perm
- */
-
- if (ace->type == SMB_ACL_USER_OBJ &&
- !(dom_sid_equal(&ace->trustee, &global_sid_Creator_Owner))) {
- canon_ace *dup_ace = dup_canon_ace(ace);
-
- if (dup_ace == NULL) {
- return false;
- }
- dup_ace->type = SMB_ACL_USER;
- DLIST_ADD_END(dir_ace, dup_ace, canon_ace *);
- }
-
- if (ace->type == SMB_ACL_GROUP_OBJ &&
- !(dom_sid_equal(&ace->trustee, &global_sid_Creator_Group))) {
- canon_ace *dup_ace = dup_canon_ace(ace);
-
- if (dup_ace == NULL) {
- return false;
- }
- dup_ace->type = SMB_ACL_GROUP;
- DLIST_ADD_END(dir_ace, dup_ace, canon_ace *);
- }
-
- return true;
-}
-
-/****************************************************************************
Unpack a struct security_descriptor into two canonical ace lists.
****************************************************************************/
@@ -1832,34 +1788,6 @@ static bool create_canon_ace_lists(files_struct *fsp,
}
/*
- * We have a lossy mapping: directory ACE entries
- * CREATOR_OWNER ------\
- * (map to) +---> SMB_ACL_USER_OBJ
- * owning sid ------/
- *
- * CREATOR_GROUP ------\
- * (map to) +---> SMB_ACL_GROUP_OBJ
- * primary group sid --/
- *
- * on set. And on read of a directory ACL
- *
- * SMB_ACL_USER_OBJ ----> CREATOR_OWNER
- * SMB_ACL_GROUP_OBJ ---> CREATOR_GROUP.
- *
- * Deal with this on set by duplicating
- * owning sid and primary group sid ACE
- * entries into the directory ACL.
- * Fix from Tsukasa Hamano <hamano@osstech.co.jp>.
- */
-
- if (!dup_owning_ace(dir_ace, current_ace)) {
- DEBUG(0,("create_canon_ace_lists: malloc fail !\n"));
- free_canon_ace_list(file_ace);
- free_canon_ace_list(dir_ace);
- return false;
- }
-
- /*
* If this is not an inherit only ACE we need to add a duplicate
* to the file acl.
*/