From cf1540b73714fac6b25de5942cbd821e5f4f6ffc Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 13 Nov 2012 11:22:15 -0800 Subject: [PATCH] Another fix needed for bug #9236 - ACL masks incorrectly applied when setting ACLs. Not caught by make test as it's an extreme edge case for strange incoming ACLs. I only found this as I'm making raw.acls and smb2.acls pass against 3.6.x and 4.0.0 with acl_xattr mapped onto a POSIX backend. An incoming inheritable ACE entry containing only one permission, WRITE_DATA maps into a POSIX owner perm of "-w-", which violates the principle that the owner of a file/directory can always read. Signed-off-by: Jeremy Allison Reviewed-by: Michael Adam Autobuild-User(master): Michael Adam Autobuild-Date(master): Thu Nov 15 19:52:52 CET 2012 on sn-devel-104 --- source3/smbd/posix_acls.c | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index b8e0d4aba42a..bca5304eff58 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1431,10 +1431,11 @@ static bool ensure_canon_entry_valid_on_set(connection_struct *conn, for (pace = *pp_ace; pace; pace = pace->next) { if (pace->type == SMB_ACL_USER_OBJ) { - - if (!is_default_acl) { - apply_default_perms(params, is_directory, pace, S_IRUSR); - } + /* + * Ensure we have default parameters for the + * user (owner) even on default ACLs. + */ + apply_default_perms(params, is_directory, pace, S_IRUSR); pace_user = pace; } else if (pace->type == SMB_ACL_GROUP_OBJ) { @@ -1515,9 +1516,11 @@ static bool ensure_canon_entry_valid_on_set(connection_struct *conn, pace->perms = pace_other->perms; } - if (!is_default_acl) { - apply_default_perms(params, is_directory, pace, S_IRUSR); - } + /* + * Ensure we have default parameters for the + * user (owner) even on default ACLs. + */ + apply_default_perms(params, is_directory, pace, S_IRUSR); DLIST_ADD(*pp_ace, pace); pace_user = pace; -- 2.34.1