Attachment 5150 Details for Bug 5202 – git-am format patch for 3.5.0.

[patch] git-am format patch for 3.5.0.

0001-Re-fix-bug-5202-cannot-change-ACLs-on-writable-fil.patch (text/plain), 1.42 KB, created by Jeremy Allison on 2010-01-08 12:21:46 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeremy Allison

Created: 2010-01-08 12:21:46 UTC

Size: 1.42 KB

patch

obsolete

>From c5f7878c0fca97b6d2c57a15a82836f2bae5c63f Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Fri, 8 Jan 2010 10:17:46 -0800
>Subject: [PATCH] Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"
>
>This bug re-occurred for 3.3.x and above.
>
>The reason is that to change a NT ACL we now have to open the file requesting
>WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions
>in posix_acls doesn't add these bits when "dos filemode = yes", so even though
>the permission or owner change would be allowed by the POSIX ACL code, the
>NTCreateX call fails with ACCESS_DENIED now we always check NT permissions
>first.
>
>Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access.
>
>Jeremy.
>(cherry picked from commit d7713d11a6dc2d66c820d7496bc45eb5fe527fbf)
>---
> source3/smbd/posix_acls.c |    3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
>diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
>index 8280538..8d66bf1 100644
>--- a/source3/smbd/posix_acls.c
>+++ b/source3/smbd/posix_acls.c
>@@ -1107,6 +1107,9 @@ uint32_t map_canon_ace_perms(int snum,
> 			nt_mask |= ((perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
> 			nt_mask |= ((perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
> 		}
>+		if ((perms & S_IWUSR) && lp_dos_filemode(snum)) {
>+			nt_mask |= (SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER);
>+		}
> 	}
> 
> 	DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",
>-- 
>1.5.4.3
>

Actions: View

Attachments on bug 5202: 3098 | 3380 | 5150 | 5151 | 5152