diff options
author | Jeremy Allison <jra@samba.org> | 2011-09-02 11:58:56 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2011-09-02 11:58:56 -0700 |
commit | a5038ace24559bb02eec8262d3af5b5e78634d16 (patch) | |
tree | f25142ec6ece64d3affb68737eb207abd56e9050 /source3/smbd | |
parent | 2b935b49f3d975759eb1cbcf2b11bf7c9d982804 (diff) | |
download | samba-a5038ace24559bb02eec8262d3af5b5e78634d16.tar.gz samba-a5038ace24559bb02eec8262d3af5b5e78634d16.tar.bz2 samba-a5038ace24559bb02eec8262d3af5b5e78634d16.zip |
Part 2 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)
Only map CREATOR_OWNER/CREATOR_GROUP to ACL_USER_OBJ/ACL_GROUP_OBJ in
a default(directory) ACL set.
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/posix_acls.c | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 57704f397b..de88a065e4 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1760,6 +1760,7 @@ static bool create_canon_ace_lists(files_struct *fsp, if ((psa->flags & (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) == (SEC_ACE_FLAG_OBJECT_INHERIT|SEC_ACE_FLAG_CONTAINER_INHERIT)) { + canon_ace *current_dir_ace = current_ace; DLIST_ADD_END(dir_ace, current_ace, canon_ace *); /* @@ -1821,6 +1822,43 @@ static bool create_canon_ace_lists(files_struct *fsp, */ current_ace = NULL; } + + /* + * current_ace is now either owned by file_ace + * or is NULL. We can safely operate on current_dir_ace + * to treat mapping for default acl entries differently + * than access acl entries. + */ + + if (current_dir_ace->owner_type == UID_ACE) { + /* + * We already decided above this is a uid, + * for default acls ace's only CREATOR_OWNER + * maps to ACL_USER_OBJ. All other uid + * ace's are ACL_USER. + */ + if (dom_sid_equal(¤t_dir_ace->trustee, + &global_sid_Creator_Owner)) { + current_dir_ace->type = SMB_ACL_USER_OBJ; + } else { + current_dir_ace->type = SMB_ACL_USER; + } + } + + if (current_dir_ace->owner_type == GID_ACE) { + /* + * We already decided above this is a gid, + * for default acls ace's only CREATOR_GROUP + * maps to ACL_GROUP_OBJ. All other uid + * ace's are ACL_GROUP. + */ + if (dom_sid_equal(¤t_dir_ace->trustee, + &global_sid_Creator_Group)) { + current_dir_ace->type = SMB_ACL_GROUP_OBJ; + } else { + current_dir_ace->type = SMB_ACL_GROUP; + } + } } } |