From 00a8ff5fe9acf965395b99b39b0c24a5517b6e2b Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Wed, 5 Aug 2009 17:51:21 +1000 Subject: fixed a problem with group policy writes causing policy corruption This bug was caused by two things: 1) in the unix ACL mapping, we were not taking into account group write permssions for the SEC_STD_DELETE flag 2) when a file is created using OVERWRITE mode, a fchmod() would fail if the user is not the file owner. We resolve that by only doing the fchmod() if the mapped file attribute does not match the desired file attribute --- source4/ntvfs/posix/pvfs_open.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_open.c') diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c index 12f50fcc97..46e39a00dd 100644 --- a/source4/ntvfs/posix/pvfs_open.c +++ b/source4/ntvfs/posix/pvfs_open.c @@ -534,7 +534,7 @@ static int pvfs_handle_destructor(struct pvfs_file_handle *h) if (!timeval_is_zero(&tv[0]) || !timeval_is_zero(&tv[1])) { if (utimes(h->name->full_name, tv) == -1) { - DEBUG(0,("pvfs_handle_destructor: utimes() failed '%s' - %s\n", + DEBUG(3,("pvfs_handle_destructor: utimes() failed '%s' - %s\n", h->name->full_name, strerror(errno))); } } @@ -1516,6 +1516,8 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, if (fd == -1) { status = pvfs_map_errno(f->pvfs, errno); + DEBUG(0,(__location__ " mapped errno %s for %s (was %d)\n", + nt_errstr(status), f->handle->name->full_name, errno)); /* * STATUS_MORE_ENTRIES is EAGAIN or EWOULDBLOCK */ @@ -1581,10 +1583,12 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, if (f->handle->name->stream_id == 0 && (io->generic.in.open_disposition == NTCREATEX_DISP_OVERWRITE || io->generic.in.open_disposition == NTCREATEX_DISP_OVERWRITE_IF)) { - /* for overwrite we need to replace file permissions */ + /* for overwrite we may need to replace file permissions */ uint32_t attrib = io->ntcreatex.in.file_attr | FILE_ATTRIBUTE_ARCHIVE; mode_t mode = pvfs_fileperms(pvfs, attrib); - if (fchmod(fd, mode) == -1) { + if (f->handle->name->st.st_mode != mode && + f->handle->name->dos.attrib != attrib && + fchmod(fd, mode) == -1) { talloc_free(lck); return pvfs_map_errno(pvfs, errno); } -- cgit