[Samba] Can't modify ms word files with samba 3.3

Jeremy Allison jra at samba.org
Thu Mar 5 00:32:19 GMT 2009


On Tue, Feb 24, 2009 at 09:33:56PM +0100, François Legal wrote:
> 
> 
> Hello, 
> I tried this week to upgrade my samba 3.2.4 (2 PDCs one trusting the
> other) to samba 3.3.0 then samba 3.3.1, and apart from the problem
> with winbindd and trusted domain, my users are not able to modify any
> ms word document (excel does the same). 
> 
> You can open the file correctly, modify it, and when saving it, it
> pops up "Access denied" 
> 
> If you try to save the file in the same directory with another name,
> it does not work either (sam "access denied" message). 
> I tried to set og level to 10, but could not find anything pointing
> me to the right direction. 
> Can anybody help ? 

Ok, I think this patch should fix the problem. If you can
confirm it works for you then I'll put it into 3.3.2.

Thanks !

Jeremy.
-------------- next part --------------
diff --git a/source/smbd/open.c b/source/smbd/open.c
index 9b51ff0..ee730c7 100644
--- a/source/smbd/open.c
+++ b/source/smbd/open.c
@@ -2382,6 +2382,14 @@ NTSTATUS open_directory(connection_struct *conn,
 		return status;
 	}
 
+	/* We need to support SeSecurityPrivilege for this. */
+	if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
+		DEBUG(10, ("open_directory: open on %s "
+			"failed - SEC_RIGHT_SYSTEM_SECURITY denied.\n",
+			fname));
+		return NT_STATUS_PRIVILEGE_NOT_HELD;
+	}
+
 	switch( create_disposition ) {
 		case FILE_OPEN:
 
@@ -2915,8 +2923,23 @@ NTSTATUS create_file_unixpath(connection_struct *conn,
 		status = NT_STATUS_PRIVILEGE_NOT_HELD;
 		goto fail;
 	}
+#else
+	/* We need to support SeSecurityPrivilege for this. */
+	if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) {
+		status = NT_STATUS_PRIVILEGE_NOT_HELD;
+		goto fail;
+	}
+	/* Don't allow a SACL set from an NTtrans create until we
+	 * support SeSecurityPrivilege. */
+	if (!VALID_STAT(sbuf) &&
+			lp_nt_acl_support(SNUM(conn)) &&
+			sd && (sd->sacl != NULL)) {
+		status = NT_STATUS_PRIVILEGE_NOT_HELD;
+		goto fail;
+	}
 #endif
 
+
 	if ((conn->fs_capabilities & FILE_NAMED_STREAMS)
 	    && is_ntfs_stream_name(fname)
 	    && (!(create_options & NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE))) {


More information about the samba mailing list