From c528fc5cacaae7e0e83041eb98150052b436071e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 2 Sep 2011 12:22:34 -0700 Subject: Part 3 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument) Don't call check_owning_objs() to convert ACL_USER->ACL_USER_OBJ and AC_GROUP->ACL_GROUP_OBJ for default (directory) ACLs, we do this separately inside ensure_canon_entry_valid(). --- source3/smbd/posix_acls.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index de88a065e4..5c9c4b89d4 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1496,6 +1496,7 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace Check if a POSIX ACL has the required SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries. If it does not have them, check if there are any entries where the trustee is the file owner or the owning group, and map these to SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ. + Note we must not do this to default directory ACLs. ****************************************************************************/ static void check_owning_objs(canon_ace *ace, struct dom_sid *pfile_owner_sid, struct dom_sid *pfile_grp_sid) @@ -1920,17 +1921,15 @@ static bool create_canon_ace_lists(files_struct *fsp, dir_ace = NULL; } else { /* - * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in each - * ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP - * entries can be converted to *_OBJ. Usually we will already have these - * entries in the Default ACL, and the Access ACL will not have them. + * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in + * the file ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP + * entries can be converted to *_OBJ. Don't do this for the default + * ACL, we will create them separately for this if needed inside + * ensure_canon_entry_valid(). */ if (file_ace) { check_owning_objs(file_ace, pfile_owner_sid, pfile_grp_sid); } - if (dir_ace) { - check_owning_objs(dir_ace, pfile_owner_sid, pfile_grp_sid); - } } *ppfile_ace = file_ace; -- cgit