This was reported in https://lists.samba.org/archive/samba-technical/2016-November/117232.html , then in https://bugzilla.samba.org/show_bug.cgi?id=11490#c4 (but is not part of that original bug) and re-confirmed recently in https://lists.samba.org/archive/samba-technical/2017-November/124009.html On big-endian systems, in which mode_t is defined to be a 16-bit value (BSD variants), POSIX ACL is broken, because it returns that all ACL entries have no permissions, preventing file access from any non-admin user. Some pointer casting causes sys_acl_get_permset() function in SMBD code to return a pointer to a uint32_t field, which is later interpreted as a mode_t pointer. If mode_t is 16 bits and the system is little-endian, the code looks at the wrong bits.
On Linux mode_t is 32 bits.
Created attachment 13846 [details] proposed fix for master
Created attachment 13847 [details] proposed fix for 4.5.x
OK, I must be being dumb but I don't understand the fix, sorry :-(. In librpc/idl/smb_acl.idl we have: typedef struct { smb_acl_tag_t a_type; [switch_is(a_type)] smb_acl_entry_info info; mode_t a_perm; } smb_acl_entry; so a_perm is explicitly defined as a mode_t. On Linux this then gets mapped to a uint32_t, so in the pidl generated file bin/default/librpc/gen_ndr/smb_acl.h we have: struct smb_acl_entry { enum smb_acl_tag_t a_type; union smb_acl_entry_info info;/* [switch_is(a_type)] */ uint32_t a_perm; }; I'm assuming on FreeBSD this would be: struct smb_acl_entry { enum smb_acl_tag_t a_type; union smb_acl_entry_info info;/* [switch_is(a_type)] */ uint16_t a_perm; }; Correct ? Now in source3/lib/sysacls.c we have: int sys_acl_get_permset(SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) { *permset_p = &entry_d->a_perm; return 0; } So SMB_ACL_PERMSET_T should be a pointer to a mode_t, which will get mapped to a pointer of the correct size. If you make SMB_ACL_PERMSET_T a pointer to a uint32_t, then on FreeBSD isn't it going to be pointing to an element of the wrong size ? Can you explain why this fix works (sorry for being dumb) ? Jeremy.
(In reply to Jeremy Allison from comment #4) Pidl translates mode_t into uint32_t. $git grep mode_t "*.pm" pidl/lib/Parse/Pidl/Typelist.pm: "mode_t" => "uint32",
Created attachment 13885 [details] git-am fix for 4.7.next. Cherry-picked from master.
Created attachment 13886 [details] git-am fix for 4.6.next Back-ported from master.
Assigning to Karolin for inclusion in 4.6.next and 4.7.next
(In reply to Uri Simchoni from comment #8) Pushed to autobuild-v4-{7,6}-test.
Pushed to both branches. Closing out bug report. Thanks!