summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2011-09-02 12:22:34 -0700
committerJeremy Allison <jra@samba.org>2011-09-02 12:22:34 -0700
commitc528fc5cacaae7e0e83041eb98150052b436071e (patch)
treeb675bfa37f978feba0230fde7a0e6817523fbf30 /source3/smbd
parenta5038ace24559bb02eec8262d3af5b5e78634d16 (diff)
downloadsamba-c528fc5cacaae7e0e83041eb98150052b436071e.tar.gz
samba-c528fc5cacaae7e0e83041eb98150052b436071e.tar.bz2
samba-c528fc5cacaae7e0e83041eb98150052b436071e.zip
Part 3 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)
Don't call check_owning_objs() to convert ACL_USER->ACL_USER_OBJ and AC_GROUP->ACL_GROUP_OBJ for default (directory) ACLs, we do this separately inside ensure_canon_entry_valid().
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/posix_acls.c13
1 files changed, 6 insertions, 7 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index de88a065e4..5c9c4b89d4 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1496,6 +1496,7 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
Check if a POSIX ACL has the required SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries.
If it does not have them, check if there are any entries where the trustee is the
file owner or the owning group, and map these to SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ.
+ Note we must not do this to default directory ACLs.
****************************************************************************/
static void check_owning_objs(canon_ace *ace, struct dom_sid *pfile_owner_sid, struct dom_sid *pfile_grp_sid)
@@ -1920,17 +1921,15 @@ static bool create_canon_ace_lists(files_struct *fsp,
dir_ace = NULL;
} else {
/*
- * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in each
- * ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP
- * entries can be converted to *_OBJ. Usually we will already have these
- * entries in the Default ACL, and the Access ACL will not have them.
+ * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in
+ * the file ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP
+ * entries can be converted to *_OBJ. Don't do this for the default
+ * ACL, we will create them separately for this if needed inside
+ * ensure_canon_entry_valid().
*/
if (file_ace) {
check_owning_objs(file_ace, pfile_owner_sid, pfile_grp_sid);
}
- if (dir_ace) {
- check_owning_objs(dir_ace, pfile_owner_sid, pfile_grp_sid);
- }
}
*ppfile_ace = file_ace;