[Samba] Can't modify ms word files with samba 3.3
Jeremy Allison
jra at samba.org
Thu Mar 5 00:32:19 GMT 2009
On Tue, Feb 24, 2009 at 09:33:56PM +0100, François Legal wrote:
>
>
> Hello,
> I tried this week to upgrade my samba 3.2.4 (2 PDCs one trusting the
> other) to samba 3.3.0 then samba 3.3.1, and apart from the problem
> with winbindd and trusted domain, my users are not able to modify any
> ms word document (excel does the same).
>
> You can open the file correctly, modify it, and when saving it, it
> pops up "Access denied"
>
> If you try to save the file in the same directory with another name,
> it does not work either (sam "access denied" message).
> I tried to set og level to 10, but could not find anything pointing
> me to the right direction.
> Can anybody help ?
Ok, I think this patch should fix the problem. If you can
confirm it works for you then I'll put it into 3.3.2.
Thanks !
Jeremy.
-------------- next part --------------
diff --git a/source/smbd/open.c b/source/smbd/open.c
index 9b51ff0..ee730c7 100644
--- a/source/smbd/open.c
+++ b/source/smbd/open.c
@@ -2382,6 +2382,14 @@ NTSTATUS open_directory(connection_struct *conn,
return status;
}
+ /* We need to support SeSecurityPrivilege for this. */
+ if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
+ DEBUG(10, ("open_directory: open on %s "
+ "failed - SEC_RIGHT_SYSTEM_SECURITY denied.\n",
+ fname));
+ return NT_STATUS_PRIVILEGE_NOT_HELD;
+ }
+
switch( create_disposition ) {
case FILE_OPEN:
@@ -2915,8 +2923,23 @@ NTSTATUS create_file_unixpath(connection_struct *conn,
status = NT_STATUS_PRIVILEGE_NOT_HELD;
goto fail;
}
+#else
+ /* We need to support SeSecurityPrivilege for this. */
+ if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
+ status = NT_STATUS_PRIVILEGE_NOT_HELD;
+ goto fail;
+ }
+ /* Don't allow a SACL set from an NTtrans create until we
+ * support SeSecurityPrivilege. */
+ if (!VALID_STAT(sbuf) &&
+ lp_nt_acl_support(SNUM(conn)) &&
+ sd && (sd->sacl != NULL)) {
+ status = NT_STATUS_PRIVILEGE_NOT_HELD;
+ goto fail;
+ }
#endif
+
if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
&& is_ntfs_stream_name(fname)
&& (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {
More information about the samba
mailing list