The Samba-Bugzilla – Attachment 3380 Details for
Bug 5202
cannot change ACLs on writable file with "dos filemode=yes"
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Fix "dos filemode" and rebirth "acl group control" parameter
samba-3.0.24-dos_filemode.patch (text/plain), 4.10 KB, created by
SATOH Fumiyasu
on 2008-07-03 02:23:12 UTC
(
hide
)
Description:
Fix "dos filemode" and rebirth "acl group control" parameter
Filename:
MIME Type:
Creator:
SATOH Fumiyasu
Created:
2008-07-03 02:23:12 UTC
Size:
4.10 KB
patch
obsolete
>This patch fixes: > > * Allow user to change file permission and ACL on writeable files. > * Rebirth the "acl group control" parameter and its semantics > as described in smb.conf(5) manpage. > >See also: > > https://bugzilla.samba.org/show_bug.cgi?id=5202 > https://bugzilla.samba.org/show_bug.cgi?id=5255 > >-- fumiyas at osstech, 2008-01-14 > >--- samba-3.0.24/source/param/loadparm.c.dist 2007-02-05 03:59:13.000000000 +0900 >+++ samba-3.0.24/source/param/loadparm.c 2008-07-03 15:12:02.000000000 +0900 >@@ -904,7 +904,7 @@ static struct parm_struct parm_table[] = > {"writable", P_BOOLREV, P_LOCAL, &sDefault.bRead_only, NULL, NULL, FLAG_HIDE}, > > {"acl check permissions", P_BOOL, P_LOCAL, &sDefault.bAclCheckPermissions, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE}, >- {"acl group control", P_BOOL, P_LOCAL, &sDefault.bAclGroupControl, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE | FLAG_DEPRECATED }, >+ {"acl group control", P_BOOL, P_LOCAL, &sDefault.bAclGroupControl, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE }, > {"acl map full control", P_BOOL, P_LOCAL, &sDefault.bAclMapFullControl, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE}, > {"create mask", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_ADVANCED | FLAG_GLOBAL | FLAG_SHARE}, > {"create mode", P_OCTAL, P_LOCAL, &sDefault.iCreate_mask, NULL, NULL, FLAG_HIDE}, >--- samba-3.0.24/source/smbd/posix_acls.c.dist 2007-02-05 03:59:13.000000000 +0900 >+++ samba-3.0.24/source/smbd/posix_acls.c 2008-07-03 15:10:51.000000000 +0900 >@@ -2250,18 +2250,26 @@ static BOOL current_user_in_group(gid_t > } > > /**************************************************************************** >- Should we override a deny ? Check deprecated 'acl group control' >- and 'dos filemode' >+ Should we override a deny ? Check 'acl group control' and 'dos filemode' > ****************************************************************************/ > >-static BOOL acl_group_override(connection_struct *conn, gid_t prim_gid) >+static BOOL acl_group_override(connection_struct *conn, gid_t prim_gid, const char *fname) > { >- if ( (errno == EACCES || errno == EPERM) >- && (lp_acl_group_control(SNUM(conn)) || lp_dos_filemode(SNUM(conn))) >- && current_user_in_group(prim_gid)) >- { >+ SMB_STRUCT_STAT sbuf; >+ >+ if ((errno != EPERM) && (errno != EACCES)) { >+ return False; >+ } >+ >+ /* file primary group == user primary or supplementary group */ >+ if (lp_acl_group_control(SNUM(conn)) && current_user_in_group(prim_gid)) { > return True; >- } >+ } >+ >+ /* user has writeable permission */ >+ if (lp_dos_filemode(SNUM(conn)) && can_write_to_file(conn, fname, &sbuf)) { >+ return True; >+ } > > return False; > } >@@ -2460,7 +2469,7 @@ static BOOL set_canon_ace_list(files_str > *pacl_set_support = False; > } > >- if (acl_group_override(conn, prim_gid)) { >+ if (acl_group_override(conn, prim_gid, fsp->fsp_name)) { > int sret; > > DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n", >@@ -2491,7 +2500,7 @@ static BOOL set_canon_ace_list(files_str > *pacl_set_support = False; > } > >- if (acl_group_override(conn, prim_gid)) { >+ if (acl_group_override(conn, prim_gid, fsp->fsp_name)) { > int sret; > > DEBUG(5,("set_canon_ace_list: acl group control on and current user in file %s primary group.\n", >@@ -3230,7 +3239,7 @@ BOOL set_nt_acl(files_struct *fsp, uint3 > if (SMB_VFS_SYS_ACL_DELETE_DEF_FILE(conn, fsp->fsp_name) == -1) { > int sret = -1; > >- if (acl_group_override(conn, sbuf.st_gid)) { >+ if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) { > DEBUG(5,("set_nt_acl: acl group control on and " > "current user in file %s primary group. Override delete_def_acl\n", > fsp->fsp_name )); >@@ -3277,7 +3286,7 @@ BOOL set_nt_acl(files_struct *fsp, uint3 > > if(SMB_VFS_CHMOD(conn,fsp->fsp_name, posix_perms) == -1) { > int sret = -1; >- if (acl_group_override(conn, sbuf.st_gid)) { >+ if (acl_group_override(conn, sbuf.st_gid, fsp->fsp_name)) { > DEBUG(5,("set_nt_acl: acl group control on and " > "current user in file %s primary group. Override chmod\n", > fsp->fsp_name ));
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3380">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 5202
:
3098
| 3380 |
5150
|
5151
|
5152