[SCM] Samba Shared Repository - branch v3-4-test updated
Karolin Seeger
kseeger at samba.org
Mon Jan 11 04:12:43 MST 2010
The branch, v3-4-test has been updated
via f04a8d1... Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"
from 3c092c7... Second part of the fix for bug #7020 - smbd using 2G memory.
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-4-test
- Log -----------------------------------------------------------------
commit f04a8d1811c1099eb653efda314bc98553fa6d02
Author: Jeremy Allison <jra at samba.org>
Date: Fri Jan 8 10:22:46 2010 -0800
Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"
This bug re-occurred for 3.3.x and above.
The reason is that to change a NT ACL we now have to open the file requesting
WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions
in posix_acls doesn't add these bits when "dos filemode = yes", so even though
the permission or owner change would be allowed by the POSIX ACL code, the
NTCreateX call fails with ACCESS_DENIED now we always check NT permissions
first.
Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/posix_acls.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 3b6f70b..43edf21 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1107,6 +1107,9 @@ static uint32_t map_canon_ace_perms(int snum,
nt_mask |= ((perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
nt_mask |= ((perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
}
+ if ((perms & S_IWUSR) && lp_dos_filemode(snum)) {
+ nt_mask |= (SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER);
+ }
}
DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",
--
Samba Shared Repository
More information about the samba-cvs
mailing list