[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Fri Feb 3 19:28:03 MST 2012


The branch, master has been updated
       via  74ca6d1 s3-popt: Fix configure.developer builds on Solairs.
       via  4452082 Ensure when setting a POSIX ACL, that the uid for a SMB_ACL_USER_OBJ ACE (the owner ACE entry) has a duplicate permission entry as an SMB_ACL_USER, and a gid for a SMB_ACL_GROUP_OBJ ACE (the primary group ACE entry) also has a duplicate permission entry as an SMB_ACL_GROUP. If not, then if the ownership or group ownership of this file or directory gets changed, the user or group can lose their access.
       via  6a31e0f Fix mistaken assignment of gid to uid field.
       via  41152d7 Replace bool flags inside ensure_canon_entry_valid() with pointers. This will make the second tweak to the ACL mapping on set easier.
       via  45a3b14 Fix bug #7933 - samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module.
       via  d9b9ad2 Replace all malloc/free with talloc on tos.
      from  877d4e0 s4:torture: add a smb2.durable_open.reopen4 test

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 74ca6d1ddb1c5a4fbe9ddb29566878efe1761897
Author: Ira Cooper <ira at samba.org>
Date:   Fri Feb 3 16:47:18 2012 -0800

    s3-popt: Fix configure.developer builds on Solairs.
    
    alloca.h needs to be included, or the build complains the implicit
    definition of alloca.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User: Jeremy Allison <jra at samba.org>
    Autobuild-Date: Sat Feb  4 03:27:42 CET 2012 on sn-devel-104

commit 4452082002cb222cc8f1d92fbeebda79061f6e8f
Author: Jeremy Allison <jra at samba.org>
Date:   Fri Feb 3 16:37:41 2012 -0800

    Ensure when setting a POSIX ACL, that the uid for a
    SMB_ACL_USER_OBJ ACE (the owner ACE entry) has a duplicate
    permission entry as an SMB_ACL_USER, and a gid for a
    SMB_ACL_GROUP_OBJ ACE (the primary group ACE entry) also has
    a duplicate permission entry as an SMB_ACL_GROUP. If not,
    then if the ownership or group ownership of this file or
    directory gets changed, the user or group can lose their
    access.

commit 6a31e0f4f21affeea332d92d5249a2a877cc3b42
Author: Jeremy Allison <jra at samba.org>
Date:   Fri Feb 3 15:58:12 2012 -0800

    Fix mistaken assignment of gid to uid field.

commit 41152d7157c8284e65f472249426fc7bc531cc4b
Author: Jeremy Allison <jra at samba.org>
Date:   Fri Feb 3 15:28:22 2012 -0800

    Replace bool flags inside ensure_canon_entry_valid() with pointers.
    This will make the second tweak to the ACL mapping on set easier.

commit 45a3b14beab20445ecffea5f66d278d1bd102c74
Author: Jeremy Allison <jra at samba.org>
Date:   Fri Feb 3 14:55:34 2012 -0800

    Fix bug #7933 - samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module.

commit d9b9ad2af27d4d4ace21838cb90a1714e9168887
Author: Jeremy Allison <jra at samba.org>
Date:   Fri Feb 3 14:06:38 2012 -0800

    Replace all malloc/free with talloc on tos.

-----------------------------------------------------------------------

Summary of changes:
 lib/popt/system.h                |    2 +
 source3/modules/vfs_acl_common.c |   37 ++++++++-
 source3/smbd/posix_acls.c        |  167 ++++++++++++++++++++++++++------------
 3 files changed, 152 insertions(+), 54 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/popt/system.h b/lib/popt/system.h
index 1d1b9da..bbb4f6c 100644
--- a/lib/popt/system.h
+++ b/lib/popt/system.h
@@ -58,6 +58,8 @@ char *alloca ();
 # endif
 #elif defined(__GNUC__) && defined(__STRICT_ANSI__)
 #define alloca __builtin_alloca
+#elif defined(__GNUC__) && defined(HAVE_ALLOCA_H)
+# include <alloca.h>
 #endif
 
 /*@-redecl -redef@*/
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index e162bb9..ca303d3 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -480,6 +480,7 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 	struct security_descriptor *pdesc_next = NULL;
 	struct security_descriptor *psd = NULL;
 	uint8_t hash[XATTR_SD_HASH_SIZE];
+	bool chown_needed = false;
 
 	if (DEBUGLEVEL >= 10) {
 		DEBUG(10,("fset_nt_acl_xattr: incoming sd for file %s\n",
@@ -502,9 +503,17 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 	psd->type = orig_psd->type | SEC_DESC_SELF_RELATIVE;
 
 	if ((security_info_sent & SECINFO_OWNER) && (orig_psd->owner_sid != NULL)) {
+		if (!dom_sid_equal(orig_psd->owner_sid, psd->owner_sid)) {
+			/* We're changing the owner. */
+			chown_needed = true;
+		}
 		psd->owner_sid = orig_psd->owner_sid;
 	}
 	if ((security_info_sent & SECINFO_GROUP) && (orig_psd->group_sid != NULL)) {
+		if (!dom_sid_equal(orig_psd->group_sid, psd->group_sid)) {
+			/* We're changing the group. */
+			chown_needed = true;
+		}
 		psd->group_sid = orig_psd->group_sid;
 	}
 	if (security_info_sent & SECINFO_DACL) {
@@ -518,7 +527,33 @@ static NTSTATUS fset_nt_acl_common(vfs_handle_struct *handle, files_struct *fsp,
 
 	status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp, security_info_sent, psd);
 	if (!NT_STATUS_IS_OK(status)) {
-		return status;
+		if (!NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+			return status;
+		}
+		/* We got access denied here. If we're already root,
+		   or we didn't need to do a chown, or the fsp isn't
+		   open with WRITE_OWNER access, just return. */
+		if (get_current_uid(handle->conn) == 0 ||
+				chown_needed == false ||
+				!(fsp->access_mask & SEC_STD_WRITE_OWNER)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+
+		DEBUG(10,("fset_nt_acl_common: overriding chown on file %s "
+			"for sid %s\n",
+			fsp_str_dbg(fsp),
+			sid_string_tos(psd->owner_sid)
+			));
+
+		/* Ok, we failed to chown and we have
+		   SEC_STD_WRITE_OWNER access - override. */
+		become_root();
+		status = SMB_VFS_NEXT_FSET_NT_ACL(handle, fsp,
+				security_info_sent, psd);
+		unbecome_root();
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
 	}
 
 	/* Get the full underlying sd, then hash. */
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 2ed64c2..029eeae 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -201,7 +201,7 @@ static char *create_pai_buf_v2(canon_ace *file_ace_list,
 	*store_size = PAI_V2_ENTRIES_BASE +
 		((num_entries + num_def_entries)*PAI_V2_ENTRY_LENGTH);
 
-	pai_buf = (char *)SMB_MALLOC(*store_size);
+	pai_buf = talloc_array(talloc_tos(), char, *store_size);
 	if (!pai_buf) {
 		return NULL;
 	}
@@ -283,7 +283,7 @@ static void store_inheritance_attributes(files_struct *fsp,
 				       pai_buf, store_size, 0);
 	}
 
-	SAFE_FREE(pai_buf);
+	TALLOC_FREE(pai_buf);
 
 	DEBUG(10,("store_inheritance_attribute: type 0x%x for file %s\n",
 		(unsigned int)sd_type,
@@ -304,13 +304,13 @@ static void free_inherited_info(struct pai_val *pal)
 		struct pai_entry *paie, *paie_next;
 		for (paie = pal->entry_list; paie; paie = paie_next) {
 			paie_next = paie->next;
-			SAFE_FREE(paie);
+			TALLOC_FREE(paie);
 		}
 		for (paie = pal->def_entry_list; paie; paie = paie_next) {
 			paie_next = paie->next;
-			SAFE_FREE(paie);
+			TALLOC_FREE(paie);
 		}
-		SAFE_FREE(pal);
+		TALLOC_FREE(pal);
 	}
 }
 
@@ -440,14 +440,14 @@ static const char *create_pai_v1_entries(struct pai_val *paiv,
 	int i;
 
 	for (i = 0; i < paiv->num_entries; i++) {
-		struct pai_entry *paie = SMB_MALLOC_P(struct pai_entry);
+		struct pai_entry *paie = talloc(talloc_tos(), struct pai_entry);
 		if (!paie) {
 			return NULL;
 		}
 
 		paie->ace_flags = SEC_ACE_FLAG_INHERITED_ACE;
 		if (!get_pai_owner_type(paie, entry_offset)) {
-			SAFE_FREE(paie);
+			TALLOC_FREE(paie);
 			return NULL;
 		}
 
@@ -474,7 +474,7 @@ static struct pai_val *create_pai_val_v1(const char *buf, size_t size)
 		return NULL;
 	}
 
-	paiv = SMB_MALLOC_P(struct pai_val);
+	paiv = talloc(talloc_tos(), struct pai_val);
 	if (!paiv) {
 		return NULL;
 	}
@@ -518,7 +518,7 @@ static const char *create_pai_v2_entries(struct pai_val *paiv,
 	unsigned int i;
 
 	for (i = 0; i < num_entries; i++) {
-		struct pai_entry *paie = SMB_MALLOC_P(struct pai_entry);
+		struct pai_entry *paie = talloc(talloc_tos(), struct pai_entry);
 		if (!paie) {
 			return NULL;
 		}
@@ -526,7 +526,7 @@ static const char *create_pai_v2_entries(struct pai_val *paiv,
 		paie->ace_flags = CVAL(entry_offset,0);
 
 		if (!get_pai_owner_type(paie, entry_offset+1)) {
-			SAFE_FREE(paie);
+			TALLOC_FREE(paie);
 			return NULL;
 		}
 		if (!def_entry) {
@@ -552,7 +552,7 @@ static struct pai_val *create_pai_val_v2(const char *buf, size_t size)
 		return NULL;
 	}
 
-	paiv = SMB_MALLOC_P(struct pai_val);
+	paiv = talloc(talloc_tos(), struct pai_val);
 	if (!paiv) {
 		return NULL;
 	}
@@ -619,7 +619,7 @@ static struct pai_val *fload_inherited_info(files_struct *fsp)
 		return NULL;
 	}
 
-	if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL) {
+	if ((pai_buf = talloc_array(talloc_tos(), char, pai_buf_size)) == NULL) {
 		return NULL;
 	}
 
@@ -640,11 +640,11 @@ static struct pai_val *fload_inherited_info(files_struct *fsp)
 			}
 			/* Buffer too small - enlarge it. */
 			pai_buf_size *= 2;
-			SAFE_FREE(pai_buf);
+			TALLOC_FREE(pai_buf);
 			if (pai_buf_size > 1024*1024) {
 				return NULL; /* Limit malloc to 1mb. */
 			}
-			if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL)
+			if ((pai_buf = talloc_array(talloc_tos(), char, pai_buf_size)) == NULL)
 				return NULL;
 		}
 	} while (ret == -1);
@@ -661,7 +661,7 @@ static struct pai_val *fload_inherited_info(files_struct *fsp)
 		if (errno != ENOSYS)
 			DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
 #endif
-		SAFE_FREE(pai_buf);
+		TALLOC_FREE(pai_buf);
 		return NULL;
 	}
 
@@ -672,7 +672,7 @@ static struct pai_val *fload_inherited_info(files_struct *fsp)
 			  (unsigned int)paiv->sd_type, fsp_str_dbg(fsp)));
 	}
 
-	SAFE_FREE(pai_buf);
+	TALLOC_FREE(pai_buf);
 	return paiv;
 }
 
@@ -692,7 +692,7 @@ static struct pai_val *load_inherited_info(const struct connection_struct *conn,
 		return NULL;
 	}
 
-	if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL) {
+	if ((pai_buf = talloc_array(talloc_tos(), char, pai_buf_size)) == NULL) {
 		return NULL;
 	}
 
@@ -707,11 +707,11 @@ static struct pai_val *load_inherited_info(const struct connection_struct *conn,
 			}
 			/* Buffer too small - enlarge it. */
 			pai_buf_size *= 2;
-			SAFE_FREE(pai_buf);
+			TALLOC_FREE(pai_buf);
 			if (pai_buf_size > 1024*1024) {
 				return NULL; /* Limit malloc to 1mb. */
 			}
-			if ((pai_buf = (char *)SMB_MALLOC(pai_buf_size)) == NULL)
+			if ((pai_buf = talloc_array(talloc_tos(), char, pai_buf_size)) == NULL)
 				return NULL;
 		}
 	} while (ret == -1);
@@ -727,7 +727,7 @@ static struct pai_val *load_inherited_info(const struct connection_struct *conn,
 		if (errno != ENOSYS)
 			DEBUG(10,("load_inherited_info: Error %s\n", strerror(errno) ));
 #endif
-		SAFE_FREE(pai_buf);
+		TALLOC_FREE(pai_buf);
 		return NULL;
 	}
 
@@ -739,7 +739,7 @@ static struct pai_val *load_inherited_info(const struct connection_struct *conn,
 			fname));
 	}
 
-	SAFE_FREE(pai_buf);
+	TALLOC_FREE(pai_buf);
 	return paiv;
 }
 
@@ -773,7 +773,7 @@ static void free_canon_ace_list( canon_ace *l_head )
 	for (list = l_head; list; list = next) {
 		next = list->next;
 		DLIST_REMOVE(l_head, list);
-		SAFE_FREE(list);
+		TALLOC_FREE(list);
 	}
 }
 
@@ -783,7 +783,7 @@ static void free_canon_ace_list( canon_ace *l_head )
 
 static canon_ace *dup_canon_ace( canon_ace *src_ace)
 {
-	canon_ace *dst_ace = SMB_MALLOC_P(canon_ace);
+	canon_ace *dst_ace = talloc(talloc_tos(), canon_ace);
 
 	if (dst_ace == NULL)
 		return NULL;
@@ -977,7 +977,7 @@ static void merge_aces( canon_ace **pp_list_head, bool dir_acl)
 				curr_ace_outer->perms |= curr_ace->perms;
 				curr_ace_outer->ace_flags |= curr_ace->ace_flags;
 				DLIST_REMOVE(l_head, curr_ace);
-				SAFE_FREE(curr_ace);
+				TALLOC_FREE(curr_ace);
 				curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */
 			}
 		}
@@ -1022,7 +1022,7 @@ static void merge_aces( canon_ace **pp_list_head, bool dir_acl)
 					 */
 
 					DLIST_REMOVE(l_head, curr_ace);
-					SAFE_FREE(curr_ace);
+					TALLOC_FREE(curr_ace);
 					curr_ace_outer_next = curr_ace_outer->next; /* We may have deleted the link. */
 
 				} else {
@@ -1038,7 +1038,7 @@ static void merge_aces( canon_ace **pp_list_head, bool dir_acl)
 					 */
 
 					DLIST_REMOVE(l_head, curr_ace_outer);
-					SAFE_FREE(curr_ace_outer);
+					TALLOC_FREE(curr_ace_outer);
 					break;
 				}
 			}
@@ -1362,9 +1362,8 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
 							bool setting_acl)
 {
 	canon_ace *pace;
-	bool got_user = False;
-	bool got_grp = False;
-	bool got_other = False;
+	canon_ace *pace_user = NULL;
+	canon_ace *pace_group = NULL;
 	canon_ace *pace_other = NULL;
 
 	for (pace = *pp_ace; pace; pace = pace->next) {
@@ -1372,7 +1371,7 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
 
 			if (setting_acl)
 				apply_default_perms(params, is_directory, pace, S_IRUSR);
-			got_user = True;
+			pace_user = pace;
 
 		} else if (pace->type == SMB_ACL_GROUP_OBJ) {
 
@@ -1382,7 +1381,7 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
 
 			if (setting_acl)
 				apply_default_perms(params, is_directory, pace, S_IRGRP);
-			got_grp = True;
+			pace_group = pace;
 
 		} else if (pace->type == SMB_ACL_OTHER) {
 
@@ -1392,13 +1391,12 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
 
 			if (setting_acl)
 				apply_default_perms(params, is_directory, pace, S_IROTH);
-			got_other = True;
 			pace_other = pace;
 		}
 	}
 
-	if (!got_user) {
-		if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
+	if (!pace_user) {
+		if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
 			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
 			return False;
 		}
@@ -1433,7 +1431,7 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
 
 			if (pace->perms == 0) {
 				/* If we only got an "everyone" perm, just use that. */
-				if (got_other)
+				if (pace_other)
 					pace->perms = pace_other->perms;
 			}
 
@@ -1443,10 +1441,11 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
 		}
 
 		DLIST_ADD(*pp_ace, pace);
+		pace_user = pace;
 	}
 
-	if (!got_grp) {
-		if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
+	if (!pace_group) {
+		if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
 			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
 			return False;
 		}
@@ -1454,12 +1453,12 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
 		ZERO_STRUCTP(pace);
 		pace->type = SMB_ACL_GROUP_OBJ;
 		pace->owner_type = GID_ACE;
-		pace->unix_ug.uid = pst->st_ex_gid;
+		pace->unix_ug.gid = pst->st_ex_gid;
 		pace->trustee = *pfile_grp_sid;
 		pace->attr = ALLOW_ACE;
 		if (setting_acl) {
 			/* If we only got an "everyone" perm, just use that. */
-			if (got_other)
+			if (pace_other)
 				pace->perms = pace_other->perms;
 			else
 				pace->perms = 0;
@@ -1469,10 +1468,11 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
 		}
 
 		DLIST_ADD(*pp_ace, pace);
+		pace_group = pace;
 	}
 
-	if (!got_other) {
-		if ((pace = SMB_MALLOC_P(canon_ace)) == NULL) {
+	if (!pace_other) {
+		if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
 			DEBUG(0,("ensure_canon_entry_valid: malloc fail.\n"));
 			return False;
 		}
@@ -1490,6 +1490,67 @@ static bool ensure_canon_entry_valid(connection_struct *conn, canon_ace **pp_ace
 			pace->perms = unix_perms_to_acl_perms(pst->st_ex_mode, S_IROTH, S_IWOTH, S_IXOTH);
 
 		DLIST_ADD(*pp_ace, pace);
+		pace_other = pace;
+	}
+
+	if (setting_acl) {
+		/* Ensure when setting a POSIX ACL, that the uid for a
+		   SMB_ACL_USER_OBJ ACE (the owner ACE entry) has a duplicate
+		   permission entry as an SMB_ACL_USER, and a gid for a
+		   SMB_ACL_GROUP_OBJ ACE (the primary group ACE entry) also has
+		   a duplicate permission entry as an SMB_ACL_GROUP. If not,
+		   then if the ownership or group ownership of this file or
+		   directory gets changed, the user or group can lose their
+		   access. */
+
+		for (pace = *pp_ace; pace; pace = pace->next) {
+			if (pace->type == SMB_ACL_USER &&
+					pace->unix_ug.uid == pace_user->unix_ug.uid) {
+				/* Already got one. */
+				pace_user = NULL;
+			} else if (pace->type == SMB_ACL_USER &&
+					pace->unix_ug.uid == pace_user->unix_ug.uid) {
+				/* Already got one. */
+				pace_group = NULL;
+			}
+		}
+
+		if (pace_user) {
+			/* Add a duplicate SMB_ACL_USER entry. */
+			if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
+				DEBUG(0,("ensure_canon_entry_valid: talloc fail.\n"));
+				return false;
+			}
+
+			ZERO_STRUCTP(pace);
+			pace->type = SMB_ACL_USER;;
+			pace->owner_type = UID_ACE;
+			pace->unix_ug.uid = pace_user->unix_ug.uid;
+			pace->trustee = pace_user->trustee;
+			pace->attr = pace_user->attr;
+			pace->perms = pace_user->perms;
+
+			DLIST_ADD(*pp_ace, pace);
+		}
+
+		if (pace_group) {
+			/* Add a duplicate SMB_ACL_GROUP entry. */
+			if ((pace = talloc(talloc_tos(), canon_ace)) == NULL) {
+				DEBUG(0,("ensure_canon_entry_valid: talloc fail.\n"));
+				return false;
+			}
+
+			ZERO_STRUCTP(pace);
+			pace->type = SMB_ACL_GROUP;;
+			pace->owner_type = GID_ACE;
+			pace->unix_ug.gid = pace_group->unix_ug.gid;
+			pace->trustee = pace_group->trustee;
+			pace->attr = pace_group->attr;
+			pace->perms = pace_group->perms;
+
+			DLIST_ADD(*pp_ace, pace);
+		}
+
 	}
 
 	return True;
@@ -1643,7 +1704,7 @@ static bool create_canon_ace_lists(files_struct *fsp,
 		 * Create a canon_ace entry representing this NT DACL ACE.
 		 */
 
-		if ((current_ace = SMB_MALLOC_P(canon_ace)) == NULL) {
+		if ((current_ace = talloc(talloc_tos(), canon_ace)) == NULL) {
 			free_canon_ace_list(file_ace);
 			free_canon_ace_list(dir_ace);
 			DEBUG(0,("create_canon_ace_lists: malloc fail.\n"));
@@ -1716,7 +1777,7 @@ static bool create_canon_ace_lists(files_struct *fsp,
 				DEBUG(10, ("create_canon_ace_lists: ignoring "
 					   "non-mappable SID %s\n",
 					   sid_string_dbg(&psa->trustee)));
-				SAFE_FREE(current_ace);
+				TALLOC_FREE(current_ace);
 				continue;
 			}
 
@@ -1724,7 +1785,7 @@ static bool create_canon_ace_lists(files_struct *fsp,
 				DEBUG(10, ("create_canon_ace_lists: ignoring "
 					"unknown or foreign SID %s\n",
 					sid_string_dbg(&psa->trustee)));
-				SAFE_FREE(current_ace);
+				TALLOC_FREE(current_ace);
 				continue;
 			}
 
@@ -1733,7 +1794,7 @@ static bool create_canon_ace_lists(files_struct *fsp,
 			DEBUG(0, ("create_canon_ace_lists: unable to map SID "
 				  "%s to uid or gid.\n",
 				  sid_string_dbg(&current_ace->trustee)));
-			SAFE_FREE(current_ace);
+			TALLOC_FREE(current_ace);
 			return False;
 		}
 
@@ -1907,7 +1968,7 @@ static bool create_canon_ace_lists(files_struct *fsp,


-- 
Samba Shared Repository


More information about the samba-cvs mailing list