PATCH (was: Re: An extra 'executable' bit is seen when POSIX ACL is used by Samba)

Fri Sep 22 13:48:08 GMT 2006

Dmitry Butskoy wrote:

>@@ -3430,6 +3432,12 @@ static int chmod_acl_internals( connecti
> 	if ((num_entries == 3) || (num_entries == 0))
> 		return -1;
> 
>+	/*  set the mask calculated as ACL_MASK entry  */
>+	if (map_acl_perms_to_permset(conn, mask, &permset) == -1)
>+		return -1;
>+	if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, mask_entry, permset) == -1)
>+		return -1;
>+
> 	return 0;
> }
> 
>  
>
Surely forgotten something :), 'permset' should be obtained from 
'mask_entry" first.

Corrected patch attached.


~buc
-------------- next part --------------
diff -Nrbup samba-3.0.23a/source/smbd/posix_acls.c samba-3.0.23a-OK/source/smbd/posix_acls.c

--- samba-3.0.23a/source/smbd/posix_acls.c	2006-07-21 20:22:56.000000000 +0400
+++ samba-3.0.23a-OK/source/smbd/posix_acls.c	2006-09-22 17:43:43.000000000 +0400
@@ -3372,12 +3372,13 @@ int get_acl_group_bits( connection_struc
 static int chmod_acl_internals( connection_struct *conn, SMB_ACL_T posix_acl, mode_t mode)
 {
 	int entry_id = SMB_ACL_FIRST_ENTRY;
-	SMB_ACL_ENTRY_T entry;
+	SMB_ACL_ENTRY_T entry, mask_entry;
+	mode_t mask = 0;
+	SMB_ACL_PERMSET_T permset;
 	int num_entries = 0;
 
 	while ( SMB_VFS_SYS_ACL_GET_ENTRY(conn, posix_acl, entry_id, &entry) == 1) {
 		SMB_ACL_TAG_T tagtype;
-		SMB_ACL_PERMSET_T permset;
 		mode_t perms;
 
 		/* get_next... */
@@ -3398,15 +3399,16 @@ static int chmod_acl_internals( connecti
 				break;
 			case SMB_ACL_GROUP_OBJ:
 				perms = unix_perms_to_acl_perms(mode, S_IRGRP, S_IWGRP, S_IXGRP);
+				mask |= perms;
+				break;
+			case SMB_ACL_USER:
+			case SMB_ACL_GROUP:
+				mask |= convert_permset_to_mode_t(conn, permset);
 				break;
 			case SMB_ACL_MASK:
-				/*
-				 * FIXME: The ACL_MASK entry permissions should really be set to
-				 * the union of the permissions of all ACL_USER,
-				 * ACL_GROUP_OBJ, and ACL_GROUP entries. That's what
-				 * acl_calc_mask() does, but Samba ACLs doesn't provide it.
-				 */
-				perms = S_IRUSR|S_IWUSR|S_IXUSR;
+				/*  save it to set the actual mask later  */
+				mask_entry = entry;
+				continue;
 				break;
 			case SMB_ACL_OTHER:
 				perms = unix_perms_to_acl_perms(mode, S_IROTH, S_IWOTH, S_IXOTH);
@@ -3430,6 +3432,14 @@ static int chmod_acl_internals( connecti
 	if ((num_entries == 3) || (num_entries == 0))
 		return -1;
 
+	/*  set the mask calculated as ACL_MASK entry  */
+	if (SMB_VFS_SYS_ACL_GET_PERMSET(conn, mask_entry, &permset) == -1)
+		return -1;
+	if (map_acl_perms_to_permset(conn, mask, &permset) == -1)
+		return -1;
+	if (SMB_VFS_SYS_ACL_SET_PERMSET(conn, mask_entry, permset) == -1)
+		return -1;
+
 	return 0;
 }
 
