diff options
author | Jeremy Allison <jra@samba.org> | 2011-09-02 15:08:42 -0700 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2011-10-08 19:53:18 +0200 |
commit | 06fd08dea1dde4b86546a8f87574d68dcac0e840 (patch) | |
tree | 9f2bd9c442acd0c997fc80a3311b8fb713eb67bc | |
parent | 36f60cef6d6ac5625a88a73ce53bdb2b0fe0f000 (diff) | |
download | samba-06fd08dea1dde4b86546a8f87574d68dcac0e840.tar.gz samba-06fd08dea1dde4b86546a8f87574d68dcac0e840.tar.xz samba-06fd08dea1dde4b86546a8f87574d68dcac0e840.zip |
Part 3 of bugfix for bug #7509 - smb_acl_to_posix: ACL is invalid for set (Invalid argument)
Don't call check_owning_objs() to convert ACL_USER->ACL_USER_OBJ and
AC_GROUP->ACL_GROUP_OBJ for default (directory) ACLs, we do this separately
inside ensure_canon_entry_valid().
-rw-r--r-- | source3/smbd/posix_acls.c | 13 |
1 files changed, 6 insertions, 7 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index ec16bf20319..17860bdb50e 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1484,6 +1484,7 @@ static bool ensure_canon_entry_valid(canon_ace **pp_ace, Check if a POSIX ACL has the required SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries. If it does not have them, check if there are any entries where the trustee is the file owner or the owning group, and map these to SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ. + Note we must not do this to default directory ACLs. ****************************************************************************/ static void check_owning_objs(canon_ace *ace, DOM_SID *pfile_owner_sid, DOM_SID *pfile_grp_sid) @@ -1908,17 +1909,15 @@ static bool create_canon_ace_lists(files_struct *fsp, dir_ace = NULL; } else { /* - * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in each - * ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP - * entries can be converted to *_OBJ. Usually we will already have these - * entries in the Default ACL, and the Access ACL will not have them. + * Check if we have SMB_ACL_USER_OBJ and SMB_ACL_GROUP_OBJ entries in + * the file ACL. If we don't have them, check if any SMB_ACL_USER/SMB_ACL_GROUP + * entries can be converted to *_OBJ. Don't do this for the default + * ACL, we will create them separately for this if needed inside + * ensure_canon_entry_valid(). */ if (file_ace) { check_owning_objs(file_ace, pfile_owner_sid, pfile_grp_sid); } - if (dir_ace) { - check_owning_objs(dir_ace, pfile_owner_sid, pfile_grp_sid); - } } *ppfile_ace = file_ace; |