summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2010-01-08 10:17:46 -0800
committerJeremy Allison <jra@samba.org>2010-01-08 10:17:46 -0800
commitd7713d11a6dc2d66c820d7496bc45eb5fe527fbf (patch)
tree0720ac7ab70626eddb887d273477eecbdc9a5063 /source3/smbd
parentfca0c4de2ab8890af4d5f15009a2777691f222bd (diff)
downloadsamba-d7713d11a6dc2d66c820d7496bc45eb5fe527fbf.tar.gz
samba-d7713d11a6dc2d66c820d7496bc45eb5fe527fbf.tar.bz2
samba-d7713d11a6dc2d66c820d7496bc45eb5fe527fbf.zip
Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"
This bug re-occurred for 3.3.x and above. The reason is that to change a NT ACL we now have to open the file requesting WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions in posix_acls doesn't add these bits when "dos filemode = yes", so even though the permission or owner change would be allowed by the POSIX ACL code, the NTCreateX call fails with ACCESS_DENIED now we always check NT permissions first. Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access. Jeremy.
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/posix_acls.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 828053811b..8d66bf1059 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1107,6 +1107,9 @@ uint32_t map_canon_ace_perms(int snum,
nt_mask |= ((perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
nt_mask |= ((perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
}
+ if ((perms & S_IWUSR) && lp_dos_filemode(snum)) {
+ nt_mask |= (SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER);
+ }
}
DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",