From e41deac2cd022c055f2a7d05bb31926708556264 Mon Sep 17 00:00:00 2001 From: David Disseldorp Date: Fri, 25 Nov 2011 18:16:30 +0100 Subject: [PATCH] acl: do not map POSIX ACL x to DACL FILE_READ_ATTRIBUTES A POSIX ACE allowing --x becomes r-x when mapped to and from a Windows DACL without user intervention. The implicit granting of read permission to any ACE with execute permission is due to the existing POSIX ACL mapping algorithm: In the get DACL path map_canon_ace_perms() maps S_IXUSR to FILE_EXECUTE, SEC_STD_READ_CONTROL, FILE_READ_ATTRIBUTES and SYNCHRONIZE_ACCESS permissions. In the set DACL path map_nt_perms() checks for any of FILE_READ_DATA, FILE_READ_EA or FILE_READ_ATTRIBUTES. If set then the "r" flag is set in the corresponding POSIX Access Control entry. This change returns to pre 54eaf2d behaviour, whereby S_IXUSR is not mapped to FILE_READ_ATTRIBUTES. https://bugzilla.samba.org/show_bug.cgi?id=8631 --- source3/include/smb.h | 6 ++++-- 1 files changed, 4 insertions(+), 2 deletions(-) diff --git a/source3/include/smb.h b/source3/include/smb.h index b46f498..bb8a928 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -859,13 +859,15 @@ struct connections_data { #define UNIX_ACCESS_RWX FILE_GENERIC_ALL #define UNIX_ACCESS_R FILE_GENERIC_READ #define UNIX_ACCESS_W FILE_GENERIC_WRITE -#define UNIX_ACCESS_X FILE_GENERIC_EXECUTE +/* read attr is mapped by UNIX_ACCESS_R - bso#8631 */ +#define UNIX_ACCESS_X (FILE_GENERIC_EXECUTE & (^FILE_READ_ATTRIBUTES)) /* Mapping of access rights to UNIX perms. for a UNIX directory. */ #define UNIX_DIRECTORY_ACCESS_RWX FILE_GENERIC_ALL #define UNIX_DIRECTORY_ACCESS_R FILE_GENERIC_READ #define UNIX_DIRECTORY_ACCESS_W (FILE_GENERIC_WRITE|FILE_DELETE_CHILD) -#define UNIX_DIRECTORY_ACCESS_X FILE_GENERIC_EXECUTE +/* read attr is mapped by UNIX_ACCESS_R - bso#8631 */ +#define UNIX_DIRECTORY_ACCESS_X (FILE_GENERIC_EXECUTE & (^FILE_READ_ATTRIBUTES)) #if 0 /* -- 1.7.7