From 17f6e0272370f764d4a0053c8e74f20b0444c721 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 2 Sep 2011 13:41:24 -0700 Subject: Part 5 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument) Be smarter about setting default permissions when a ACL_GROUP_OBJ isn't given. Use the principle of least surprises for the user. Autobuild-User: Jeremy Allison Autobuild-Date: Sat Sep 3 00:16:05 CEST 2011 on sn-devel-104 --- source3/smbd/posix_acls.c | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) (limited to 'source3/smbd/posix_acls.c') diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 0be7bec47f..0d0b5da630 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1457,12 +1457,29 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace pace->unix_ug.uid = pst->st_ex_gid; pace->trustee = *pfile_grp_sid; pace->attr = ALLOW_ACE; + /* Start with existing permissions, principle of least + surprises for the user. */ + pace->perms = pst->st_ex_mode; + if (setting_acl) { + /* See if there's a matching group entry. + If so, OR in the permissions from that entry. */ + + canon_ace *pace_iter; + + for (pace_iter = *pp_ace; pace_iter; pace_iter = pace_iter->next) { + if (pace_iter->type == SMB_ACL_GROUP && + pace_iter->unix_ug.gid == pace->unix_ug.gid) { + pace->perms |= pace_iter->perms; + break; + } + } + /* If we only got an "everyone" perm, just use that. */ - if (got_other) - pace->perms = pace_other->perms; - else - pace->perms = 0; + if (pace->perms == 0) { + if (got_other) + pace->perms = pace_other->perms; + } apply_default_perms(params, is_directory, pace, S_IRGRP); } else { pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRGRP, S_IWGRP, S_IXGRP); -- cgit