From 84b2a3d013390c01ef27d10085a0bf10137c857f Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 22 Oct 2010 15:56:31 -0700
Subject: [PATCH] Fix handling of "NULL" DACL. Map to u/g/w - rwx.

---
 source3/smbd/posix_acls.c | 56 ++++++++++++++++++++++++++++-------------------
 1 file changed, 33 insertions(+), 23 deletions(-)

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 6d12b3cddae..20eb30f10d2 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3864,29 +3864,6 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC
 		return NT_STATUS_NO_MEMORY;
 	}
 
-	if((security_info_sent & SECINFO_DACL) &&
-			(psd->type & SEC_DESC_DACL_PRESENT) &&
-			(psd->dacl == NULL)) {
-		SEC_ACE ace;
-
-		/* We can't have NULL DACL in POSIX.
-		   Use Everyone -> full access. */
-
-		init_sec_ace(&ace,
-				&global_sid_World,
-				SEC_ACE_TYPE_ACCESS_ALLOWED,
-				GENERIC_ALL_ACCESS,
-				0);
-		psd->dacl = make_sec_acl(talloc_tos(),
-					NT4_ACL_REVISION,
-					1,
-					&ace);
-		if (psd->dacl == NULL) {
-			return NT_STATUS_NO_MEMORY;
-		}
-		security_acl_map_generic(psd->dacl, &file_generic_mapping);
-	}
-
 	/*
 	 * Get the current state of the file.
 	 */
@@ -3961,6 +3938,39 @@ NTSTATUS set_nt_acl(files_struct *fsp, uint32 security_info_sent, const SEC_DESC
 
 	create_file_sids(&fsp->fsp_name->st, &file_owner_sid, &file_grp_sid);
 
+	if((security_info_sent & SECINFO_DACL) &&
+			(psd->type & SEC_DESC_DACL_PRESENT) &&
+			(psd->dacl == NULL)) {
+		SEC_ACE ace[3];
+
+		/* We can't have NULL DACL in POSIX.
+		   Use owner/group/Everyone -> full access. */
+
+		init_sec_ace(&ace[0],
+				&file_owner_sid,
+				SEC_ACE_TYPE_ACCESS_ALLOWED,
+				GENERIC_ALL_ACCESS,
+				0);
+		init_sec_ace(&ace[1],
+				&file_grp_sid,
+				SEC_ACE_TYPE_ACCESS_ALLOWED,
+				GENERIC_ALL_ACCESS,
+				0);
+		init_sec_ace(&ace[2],
+				&global_sid_World,
+				SEC_ACE_TYPE_ACCESS_ALLOWED,
+				GENERIC_ALL_ACCESS,
+				0);
+		psd->dacl = make_sec_acl(talloc_tos(),
+					NT4_ACL_REVISION,
+					3,
+					ace);
+		if (psd->dacl == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+		security_acl_map_generic(psd->dacl, &file_generic_mapping);
+	}
+
 	acl_perms = unpack_canon_ace(fsp, &fsp->fsp_name->st, &file_owner_sid,
 				     &file_grp_sid, &file_ace_list,
 				     &dir_ace_list, security_info_sent, psd);
-- 
2.11.4.GIT