The Samba-Bugzilla – Attachment 3098 Details for
Bug 5202
cannot change ACLs on writable file with "dos filemode=yes"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Proposed patch: Use can_write_to_file() in acl_group_override()
samba-3.0.28-dos_filemode.patch (text/plain), 2.53 KB, created by
SATOH Fumiyasu
on 2008-01-14 23:16:07 UTC
(
hide
)
Description:
Proposed patch: Use can_write_to_file() in acl_group_override()
Filename:
MIME Type:
Creator:
SATOH Fumiyasu
Created:
2008-01-14 23:16:07 UTC
Size:
2.53 KB
patch
obsolete
>--- samba-3.0.28/source/posix_acls.c.orig 2007-11-21 12:58:01.000000000 +0900 >+++ samba-3.0.28/source/posix_acls.c 2008-01-15 14:03:39.000000000 +0900 >@@ -2281,14 +2281,25 @@ static BOOL current_user_in_group(gid_t > and 'dos filemode' > ****************************************************************************/ > >-static BOOL acl_group_override(connection_struct *conn, gid_t prim_gid) >+static BOOL acl_group_override(connection_struct *conn, gid_t prim_gid, const char *fname) > { >- if ( (errno == EACCES || errno == EPERM) >- && (lp_acl_group_control(SNUM(conn)) || lp_dos_filemode(SNUM(conn))) >- && current_user_in_group(prim_gid)) >- { >+ SMB_STRUCT_STAT sbuf; >+ >+ ZERO_STRUCT(sbuf); >+ >+ if ((errno != EPERM) && (errno != EACCES)) >+ return False; >+ >+ if (!lp_acl_group_control(SNUM(conn)) && !lp_dos_filemode(SNUM(conn))) >+ return False; >+ >+ /* file group == user primary group */ >+ if (current_user_in_group(prim_gid)) >+ return True; >+ >+ /* user has write permission */ >+ if (can_write_to_file(conn, fname, &sbuf)) > return True; >- } > > return False; > } >@@ -2476,7 +2487,7 @@ static BOOL set_canon_ace_list(files_str > *pacl_set_support = False; > } > >- if (acl_group_override(conn, prim_gid)) { >+ if (acl_group_override(conn, prim_gid, fsp->fsp_name)) { > int sret; > > DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n", >@@ -2507,7 +2518,7 @@ static BOOL set_canon_ace_list(files_str > *pacl_set_support = False; > } > >- if (acl_group_override(conn, prim_gid)) { >+ if (acl_group_override(conn, prim_gid, fsp->fsp_name)) { > int sret; > > DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n", >@@ -3469,7 +3480,7 @@ BOOL set_nt_acl(files_struct *fsp, uint3 > if (SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fsp->fsp_name) == -1) { > int sret = -1; > >- if (acl_group_override(conn, sbuf.st_gid)) { >+ if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) { > DEBUG(5,("set_nt_acl: acl group control on and " > "current user in file %s primary group. Override delete_def_acl\n", > fsp->fsp_name )); >@@ -3516,7 +3527,7 @@ BOOL set_nt_acl(files_struct *fsp, uint3 > > if(SMB_VFS_CHMOD(conn,fsp->fsp_name, posix_perms) == -1) { > int sret = -1; >- if (acl_group_override(conn, sbuf.st_gid)) { >+ if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) { > DEBUG(5,("set_nt_acl: acl group control on and " > "current user in file %s primary group. Override chmod\n", > fsp->fsp_name ));
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3098">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 5202
:
3098
|
3380
|
5150
|
5151
|
5152