afpd: several ACL error messages now logged with loglevel debug

Signed-off-by: Ralph Boehme <slow@samba.org>

diff --git a/NEWS b/NEWS
index 79b8ac475f25aec6bbbb4a15c6bdbd3f9977a245..813277b77a28cc32cbf41895266d6cd11a1c073a 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,8 @@ Changes in 3.1.7
 * FIX: Spotlight: Limiting searches to subfolders, bug #581
 * FIX: afpd: reloading logging config may result in privilege
        escalation in afpd processes
+* FIX: afpd: ACL related error messages, now logged with loglevel
+       debug instead of error
 
 Changes in 3.1.6
 ================

diff --git a/etc/afpd/acls.c b/etc/afpd/acls.c
index f914c8e4754753e55033f5b77222edd6688808bf..a7922737135d7488126ce057830fb9ef9a90983d 100644 (file)
--- a/etc/afpd/acls.c
+++ b/etc/afpd/acls.c
@@ -588,7 +588,12 @@ static int posix_acls_to_uaperms(const AFPObj *obj, const char *path, struct sta
     u_char acl_rights = 0x00;
     u_char mask = 0xff;
 
-    EC_NULL_LOG(acl = acl_get_file(path, ACL_TYPE_ACCESS));
+    acl = acl_get_file(path, ACL_TYPE_ACCESS);
+    if (acl == NULL) {
+        LOG(log_debug, logtype_afpd, "acl_get_file: %s: %s",
+            path, strerror(errno));
+        EC_FAIL;
+    }
 
     /* iterate through all ACEs */
     while (acl_get_entry(acl, entry_id, &entry) == 1) {
@@ -1701,15 +1706,19 @@ int afp_setacl(AFPObj *obj, char *ibuf, size_t ibuflen _U_, char *rbuf _U_, size
 
     /* Change owner: dont even try */
     if (bitmap & kFileSec_UUID) {
-        LOG(log_note, logtype_afpd, "afp_setacl: change owner request, discarded");
-        ret = AFPERR_ACCESS;
+        LOG(log_debug, logtype_afpd,
+            "afp_setacl(\"%s\"): ignoring change owner request",
+            fullpathname(s_path->u_name));
+        ret = AFP_OK;
         ibuf += UUID_BINSIZE;
     }
 
     /* Change group: certain changes might be allowed, so try it. FIXME: not implemented yet. */
     if (bitmap & kFileSec_UUID) {
-        LOG(log_note, logtype_afpd, "afp_setacl: change group request, not supported");
-        ret = AFPERR_PARAM;
+        LOG(log_debug, logtype_afpd,
+            "afp_setacl(\"%s\"): ignoring change group request",
+            fullpathname(s_path->u_name));
+        ret = AFP_OK;
         ibuf += UUID_BINSIZE;
     }
 
@@ -1773,7 +1782,10 @@ int acltoownermode(const AFPObj *obj, const struct vol *vol, char *path, struct
 #endif
 
 #ifdef HAVE_POSIX_ACLS
-    EC_ZERO_LOG(posix_acls_to_uaperms(obj, path, st, ma));
+    ret = posix_acls_to_uaperms(obj, path, st, ma);
+    if (ret != 0) {
+        EC_FAIL;
+    }
 #endif
 
     LOG(log_maxdebug, logtype_afpd, "resulting user maccess: 0x%02x group maccess: 0x%02x", ma->ma_user, ma->ma_group);