diff options
author | Jeremy Allison <jra@samba.org> | 2010-01-08 10:24:34 -0800 |
---|---|---|
committer | Karolin Seeger <kseeger@samba.org> | 2010-01-13 14:01:05 +0100 |
commit | 31d45ea2091222fac27b82df7e69fdd5bbe375d6 (patch) | |
tree | 1727fe7a61f710356188116ff116a2a3e8326460 | |
parent | 26bb48ec4d14addbf915d80bbec5656dc0fff155 (diff) | |
download | samba-31d45ea2091222fac27b82df7e69fdd5bbe375d6.tar.gz samba-31d45ea2091222fac27b82df7e69fdd5bbe375d6.tar.xz samba-31d45ea2091222fac27b82df7e69fdd5bbe375d6.zip |
Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"
This bug re-occurred for 3.3.x and above.
The reason is that to change a NT ACL we now have to open the file requesting
WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions
in posix_acls doesn't add these bits when "dos filemode = yes", so even though
the permission or owner change would be allowed by the POSIX ACL code, the
NTCreateX call fails with ACCESS_DENIED now we always check NT permissions
first.
Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access.
Jeremy.
(cherry picked from commit 9bd957580360ed7a0f98b02d1e03d7fcaf8a878e)
-rw-r--r-- | source/smbd/posix_acls.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c index c8d9e0026c6..2836389e68f 100644 --- a/source/smbd/posix_acls.c +++ b/source/smbd/posix_acls.c @@ -930,6 +930,9 @@ static uint32_t map_canon_ace_perms(int snum, nt_mask |= ((perms & S_IWUSR) ? UNIX_ACCESS_W : 0 ); nt_mask |= ((perms & S_IXUSR) ? UNIX_ACCESS_X : 0 ); } + if ((perms & S_IWUSR) && lp_dos_filemode(snum)) { + nt_mask |= (WRITE_DAC_ACCESS|WRITE_OWNER_ACCESS); + } } DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n", |