From fc496ef323c908a6b621198d9dc8076f6857385e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Fri, 8 Mar 2013 16:15:37 +1100 Subject: smbd:posix_acls Remove incorrectly added lp_create_mask() and lp_dir_mask() calls When 6adc7dad96b8c7366da042f0d93b28c1ecb092eb removed the calls to lp_security_mask/lp_force_security_mode/lp_dir_security_mask/lp_force_dir_security_mode these calls were replaced with lp_create_mask() and lp_dir_mask() The issue is that while lp_security_mask() and lp_dir_security_mask defaulted to 0777, the replacement calls did not. This changes behaviour, and incorrectly prevents a posix mode being specified by the client from being applied to the disk in the non-ACL enabled case. Andrew Bartlett Reviewed-by: Jeremy Allison Reviewed-by: Michael Adam --- source3/smbd/posix_acls.c | 17 ----------------- 1 file changed, 17 deletions(-) (limited to 'source3/smbd/posix_acls.c') diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index fbeb66264c..ee8b4d3517 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -3084,14 +3084,11 @@ SMB_ACL_T free_empty_sys_acl(connection_struct *conn, SMB_ACL_T the_acl) static bool convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file_ace_list, mode_t *posix_perms) { - int snum = SNUM(fsp->conn); size_t ace_count = count_canon_ace_list(file_ace_list); canon_ace *ace_p; canon_ace *owner_ace = NULL; canon_ace *group_ace = NULL; canon_ace *other_ace = NULL; - mode_t and_bits; - mode_t or_bits; if (ace_count != 3) { DEBUG(3,("convert_canon_ace_to_posix_perms: Too many ACE " @@ -3131,20 +3128,6 @@ static bool convert_canon_ace_to_posix_perms( files_struct *fsp, canon_ace *file if (fsp->is_directory) *posix_perms |= (S_IWUSR|S_IXUSR); - /* If requested apply the masks. */ - - /* Get the initial bits to apply. */ - - if (fsp->is_directory) { - and_bits = lp_dir_mask(snum); - or_bits = lp_force_dir_mode(snum); - } else { - and_bits = lp_create_mask(snum); - or_bits = lp_force_create_mode(snum); - } - - *posix_perms = (((*posix_perms) & and_bits)|or_bits); - DEBUG(10,("convert_canon_ace_to_posix_perms: converted u=%o,g=%o,w=%o " "to perm=0%o for file %s.\n", (int)owner_ace->perms, (int)group_ace->perms, (int)other_ace->perms, -- cgit