From 6c53a18c20a0137a37b04065b020e93c9552acfc Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 8 Nov 2012 17:08:01 -0800 Subject: [PATCH] Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. Not caught by make test as it's an extreme edge case for strange incoming ACLs. I only found this as I'm making raw.acls and smb2.acls pass against 3.6.x with acl_xattr mapped onto a POSIX backend (which isn't tested in make test). An incoming inheritable ACE entry containing only one permission, WRITE_DATA maps into a POSIX owner perm of "-w-", which violates the principle that the owner of a file/directory can always read. --- source3/smbd/posix_acls.c | 14 ++++++++++---- 1 files changed, 10 insertions(+), 4 deletions(-) diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 503727f..5f7351f 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1369,7 +1369,11 @@ static bool ensure_canon_entry_valid(connection_struct *conn, for (pace = *pp_ace; pace; pace = pace->next) { if (pace->type == SMB_ACL_USER_OBJ) { - if (setting_acl && !is_default_acl) { + if (setting_acl) { + /* + * Ensure we have default parameters for the + * user (owner) even on default ACLs. + */ apply_default_perms(params, is_directory, pace, S_IRUSR); } pace_user = pace; @@ -1452,9 +1456,11 @@ static bool ensure_canon_entry_valid(connection_struct *conn, pace->perms = pace_other->perms; } - if (!is_default_acl) { - apply_default_perms(params, is_directory, pace, S_IRUSR); - } + /* + * Ensure we have default parameters for the + * user (owner) even on default ACLs. + */ + apply_default_perms(params, is_directory, pace, S_IRUSR); } else { pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IRUSR, S_IWUSR, S_IXUSR); } -- 1.7.7.3