Re-fix bug 5202 - cannot change ACLs on writable file with "dos filemode=yes"

This bug re-occurred for 3.3.x and above.

The reason is that to change a NT ACL we now have to open the file requesting
WRITE_DAC and WRITE_OWNER access. The mapping from POSIX "w" to NT permissions
in posix_acls doesn't add these bits when "dos filemode = yes", so even though
the permission or owner change would be allowed by the POSIX ACL code, the
NTCreateX call fails with ACCESS_DENIED now we always check NT permissions
first.

Added in the mapping from "w" to WRITE_DAC and WRITE_OWNER access.

Jeremy.

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 828053811b291b2cf967f899ed350baf1964db81..8d66bf105948c3b8207f4b5a3d9e4edb404b9e6c 100644 (file)
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1107,6 +1107,9 @@ uint32_t map_canon_ace_perms(int snum,
                        nt_mask |= ((perms & S_IWUSR) ? UNIX_ACCESS_W : 0 );
                        nt_mask |= ((perms & S_IXUSR) ? UNIX_ACCESS_X : 0 );
                }
+               if ((perms & S_IWUSR) && lp_dos_filemode(snum)) {
+                       nt_mask |= (SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER);
+               }
        }
 
        DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",