Commit b1d93356 authored by Steve French's avatar Steve French

setfacl removes part of ACL when setting POSIX ACLs to Samba

setfacl over cifs mounts can remove the default ACL when setting the
(non-default part of) the ACL and vice versa (we were leaving at 0
rather than setting to -1 the count field for the unaffected
half of the ACL.  For example notice the setfacl removed
the default ACL in this sequence:

steven@steven-GA-970A-DS3:~/cifs-2.6$ getfacl /mnt/test-dir ; setfacl
-m default:user:test:rwx,user:test:rwx /mnt/test-dir
getfacl: Removing leading '/' from absolute path names
user::rwx
group::r-x
other::r-x
default:user::rwx
default:user:test:rwx
default:group::r-x
default:mask::rwx
default:other::r-x

steven@steven-GA-970A-DS3:~/cifs-2.6$ getfacl /mnt/test-dir
getfacl: Removing leading '/' from absolute path names
user::rwx
user:test:rwx
group::r-x
mask::rwx
other::r-x

CC: Stable <stable@kernel.org>
Signed-off-by: default avatarSteve French <smfrench@gmail.com>
Acked-by: default avatarJeremy Allison <jra@samba.org>
parent de9f68df
...@@ -3369,11 +3369,13 @@ static __u16 ACL_to_cifs_posix(char *parm_data, const char *pACL, ...@@ -3369,11 +3369,13 @@ static __u16 ACL_to_cifs_posix(char *parm_data, const char *pACL,
return 0; return 0;
} }
cifs_acl->version = cpu_to_le16(1); cifs_acl->version = cpu_to_le16(1);
if (acl_type == ACL_TYPE_ACCESS) if (acl_type == ACL_TYPE_ACCESS) {
cifs_acl->access_entry_count = cpu_to_le16(count); cifs_acl->access_entry_count = cpu_to_le16(count);
else if (acl_type == ACL_TYPE_DEFAULT) cifs_acl->default_entry_count = __constant_cpu_to_le16(0xFFFF);
} else if (acl_type == ACL_TYPE_DEFAULT) {
cifs_acl->default_entry_count = cpu_to_le16(count); cifs_acl->default_entry_count = cpu_to_le16(count);
else { cifs_acl->access_entry_count = __constant_cpu_to_le16(0xFFFF);
} else {
cifs_dbg(FYI, "unknown ACL type %d\n", acl_type); cifs_dbg(FYI, "unknown ACL type %d\n", acl_type);
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment