diff options
| author | Jeremy Allison <jra@samba.org> | 2011-09-02 12:22:34 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2011-09-02 12:22:34 -0700 |
| commit | c528fc5cacaae7e0e83041eb98150052b436071e (patch) | |
| tree | b675bfa37f978feba0230fde7a0e6817523fbf30 /source3/smbd | |
| parent | a5038ace24559bb02eec8262d3af5b5e78634d16 (diff) | |
| download | samba-c528fc5cacaae7e0e83041eb98150052b436071e.tar.gz samba-c528fc5cacaae7e0e83041eb98150052b436071e.tar.bz2 samba-c528fc5cacaae7e0e83041eb98150052b436071e.zip | |
Part 3 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)
Don't call check_owning_objs() to convert ACL_USER->ACL_USER_OBJ and
AC_GROUP->ACL_GROUP_OBJ for default (directory) ACLs, we do this separately
inside ensure_canon_entry_valid().
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/posix_acls.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index de88a065e4..5c9c4b89d4 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1496,6 +1496,7 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace Check if a POSIX ACL has the required SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries. If it does not have them, check if there are any entries where the trustee is the file owner or the owning group, and map these to SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ. + Note we must not do this to default directory ACLs. ****************************************************************************/ static void check_owning_objs(canon_ace *ace, struct dom_sid *pfile_owner_sid, struct dom_sid *pfile_grp_sid) @@ -1920,17 +1921,15 @@ static bool create_canon_ace_lists(files_struct *fsp, dir_ace = NULL; } else { /* - * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in each - * ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP - * entries can be converted to *_OBJ. Usually we will already have these - * entries in the Default ACL, and the Access ACL will not have them. + * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in + * the file ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP + * entries can be converted to *_OBJ. Don't do this for the default + * ACL, we will create them separately for this if needed inside + * ensure_canon_entry_valid(). */ if (file_ace) { check_owning_objs(file_ace, pfile_owner_sid, pfile_grp_sid); } - if (dir_ace) { - check_owning_objs(dir_ace, pfile_owner_sid, pfile_grp_sid); - } } *ppfile_ace = file_ace; |