diff options
| author | Andrew Tridgell <tridge@samba.org> | 2009-08-05 17:51:21 +1000 |
|---|---|---|
| committer | Andrew Tridgell <tridge@samba.org> | 2009-08-05 17:51:58 +1000 |
| commit | 00a8ff5fe9acf965395b99b39b0c24a5517b6e2b (patch) | |
| tree | f544527da4c973658174926191ef630d79208e58 /source4/ntvfs/posix/pvfs_open.c | |
| parent | 0a16265bc21e6f1f8cef4f38b7b45f3fd356527c (diff) | |
| download | samba-00a8ff5fe9acf965395b99b39b0c24a5517b6e2b.tar.gz samba-00a8ff5fe9acf965395b99b39b0c24a5517b6e2b.tar.bz2 samba-00a8ff5fe9acf965395b99b39b0c24a5517b6e2b.zip | |
fixed a problem with group policy writes causing policy corruption
This bug was caused by two things:
1) in the unix ACL mapping, we were not taking into account group
write permssions for the SEC_STD_DELETE flag
2) when a file is created using OVERWRITE mode, a fchmod() would
fail if the user is not the file owner. We resolve that by only
doing the fchmod() if the mapped file attribute does not match the
desired file attribute
Diffstat (limited to 'source4/ntvfs/posix/pvfs_open.c')
| -rw-r--r-- | source4/ntvfs/posix/pvfs_open.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c index 12f50fcc97..46e39a00dd 100644 --- a/source4/ntvfs/posix/pvfs_open.c +++ b/source4/ntvfs/posix/pvfs_open.c @@ -534,7 +534,7 @@ static int pvfs_handle_destructor(struct pvfs_file_handle *h) if (!timeval_is_zero(&tv[0]) || !timeval_is_zero(&tv[1])) { if (utimes(h->name->full_name, tv) == -1) { - DEBUG(0,("pvfs_handle_destructor: utimes() failed '%s' - %s\n", + DEBUG(3,("pvfs_handle_destructor: utimes() failed '%s' - %s\n", h->name->full_name, strerror(errno))); } } @@ -1516,6 +1516,8 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, if (fd == -1) { status = pvfs_map_errno(f->pvfs, errno); + DEBUG(0,(__location__ " mapped errno %s for %s (was %d)\n", + nt_errstr(status), f->handle->name->full_name, errno)); /* * STATUS_MORE_ENTRIES is EAGAIN or EWOULDBLOCK */ @@ -1581,10 +1583,12 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, if (f->handle->name->stream_id == 0 && (io->generic.in.open_disposition == NTCREATEX_DISP_OVERWRITE || io->generic.in.open_disposition == NTCREATEX_DISP_OVERWRITE_IF)) { - /* for overwrite we need to replace file permissions */ + /* for overwrite we may need to replace file permissions */ uint32_t attrib = io->ntcreatex.in.file_attr | FILE_ATTRIBUTE_ARCHIVE; mode_t mode = pvfs_fileperms(pvfs, attrib); - if (fchmod(fd, mode) == -1) { + if (f->handle->name->st.st_mode != mode && + f->handle->name->dos.attrib != attrib && + fchmod(fd, mode) == -1) { talloc_free(lck); return pvfs_map_errno(pvfs, errno); } |