The branch, master has been updated
via d7713d1... Re-fix bug 5202 - cannot change ACLs on writable file
with "dos filemode=yes"
from fca0c4d... s4:provision_self_join.ldif - Adapt comment after
implementation of distributed RIDs
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d7713d11a6dc2d66c820d7496bc45eb5fe527fbf
Author: Jeremy Allison <[email protected]>
Date: Fri Jan 8 10:17:46 2010 -0800
Re-fix bug 5202 - cannot change ACLs on writable file with "dos
filemode=yes"
This bug re-occurred for 3.3.x and above.
The reason is that to change a NT ACL we now have to open the file
requesting
WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT
permissions
in posix_acls doesn't add these bits when "dos filemode = yes", so even
though
the permission or owner change would be allowed by the POSIX ACL code, the
NTCreateX call fails with ACCESS_DENIED now we always check NT permissions
first.
Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/posix_acls.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 8280538..8d66bf1 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1107,6 +1107,9 @@ uint32_t map_canon_ace_perms(int snum,
nt_mask |= ((perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
nt_mask |= ((perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
}
+ if ((perms & S_IWUSR) && lp_dos_filemode(snum)) {
+ nt_mask |= (SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER);
+ }
}
DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",
--
Samba Shared Repository
