From 714f58c54e8c15c31413104023daf03bd67e09e6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 8 Jan 2010 10:22:46 -0800 Subject: [PATCH] Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes" This bug re-occurred for 3.3.x and above. The reason is that to change a NT ACL we now have to open the file requesting WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions in posix_acls doesn't add these bits when "dos filemode = yes", so even though the permission or owner change would be allowed by the POSIX ACL code, the NTCreateX call fails with ACCESS_DENIED now we always check NT permissions first. Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access. Jeremy. --- source3/smbd/posix_acls.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 3b6f70b..43edf21 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -1107,6 +1107,9 @@ static uint32_t map_canon_ace_perms(int snum, nt_mask |= ((perms & S_IWUSR) ? UNIX_ACCESS_W : 0 ); nt_mask |= ((perms & S_IXUSR) ? UNIX_ACCESS_X : 0 ); } + if ((perms & S_IWUSR) && lp_dos_filemode(snum)) { + nt_mask |= (SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER); + } } DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n", -- 1.5.4.3