[SCM] Samba Shared Repository - branch v3-6-test updated
Karolin Seeger
kseeger at samba.org
Fri Aug 30 02:16:07 MDT 2013
The branch, v3-6-test has been updated
via 0150086 smbd: Simplify dropbox special case in unix_convert
via b55072c smbd: Fix a profile problem
from 87adc21 s3-winbindd: fix fallback to ncacn_np in cm_connect_lsat().
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit 0150086d44e90351634a68aced1e44ad076a693c
Author: Volker Lendecke <Volker.Lendecke at SerNet.DE>
Date: Wed Aug 28 15:42:22 2013 -0700
smbd: Simplify dropbox special case in unix_convert
EACCESS needs special treatment: If we want to create a fresh file,
return OBJECT_PATH_NOT_FOUND, so that the client will continue creating
the file. If the client wants us to open a potentially existing file,
we need to correctly return ACCESS_DENIED.
This patch makes this behaviour hopefully a bit clearer than the code
before did.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
The last 2 patches address bug #10114 - Dropbox (write-only-directory) case
isn't handled correctly in pathname lookup.
commit b55072ccf8d801726aec49a925f5a69277a10494
Author: Volker Lendecke <Volker.Lendecke at SerNet.DE>
Date: Wed Aug 28 15:39:41 2013 -0700
smbd: Fix a profile problem
When trying to read a profile, under certain circumstances Windows tries
to read with its machine account first. The profile previously written
was stored with an ACL that only allows access for the user and not
the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using
the machine account, making it retry with the user account (which would
then succeed).
Samba under these circumstances erroneously gives
NT_STATUS_OBJECT_PATH_NOT_FOUND, which makes Windows give up and not
retry. The reasons is the "dropbox" patch in unix_convert, turning EACCESS
on the last path component to OBJECT_PATH_NOT_FOUND. This patch makes
the dropbox behaviour only kick in when we are creating a file. I think
this is an abstraction violation. unix_convert() should not have to know
about the create_disposition, but given that we have pathname resolution
separated from the core open code right now this is the best we can do.
Signed-off-by: Volker Lendecke <Volker.Lendecke at SerNet.DE>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/include/smb.h | 1 +
source3/smbd/filename.c | 27 ++++++++++++++++++++----
source3/smbd/nttrans.c | 6 +++-
source3/smbd/reply.c | 48 ++++++++++++++++++++++---------------------
source3/smbd/smb2_create.c | 3 +-
5 files changed, 54 insertions(+), 31 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/include/smb.h b/source3/include/smb.h
index 873657a..2d04373 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -1716,6 +1716,7 @@ struct smb_file_time {
#define UCF_COND_ALLOW_WCARD_LCOMP 0x00000004
#define UCF_POSIX_PATHNAMES 0x00000008
#define UCF_UNIX_NAME_LOOKUP 0x00000010
+#define UCF_CREATING_FILE 0x00000020
/*
* smb_filename
diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 207b56c..8ef0c0a 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -713,12 +713,29 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
/*
* ENOENT/EACCESS are the only valid errors
- * here. EACCESS needs handling here for
- * "dropboxes", i.e. directories where users
- * can only put stuff with permission -wx.
+ * here.
*/
- if ((errno != 0) && (errno != ENOENT)
- && (errno != EACCES)) {
+ if (errno == EACCES) {
+ if (ucf_flags & UCF_CREATING_FILE) {
+ /*
+ * This is the dropbox
+ * behaviour. A dropbox is a
+ * directory with only -wx
+ * permissions, so
+ * get_real_filename fails
+ * with EACCESS, it needs to
+ * list the directory. We
+ * nevertheless want to allow
+ * users creating a file.
+ */
+ status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
+ } else {
+ status = NT_STATUS_ACCESS_DENIED;
+ }
+ goto fail;
+ }
+
+ if ((errno != 0) && (errno != ENOENT)) {
/*
* ENOTDIR and ELOOP both map to
* NT_STATUS_OBJECT_PATH_NOT_FOUND
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index a884b2f..4c145e0 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -536,7 +536,8 @@ void reply_ntcreate_and_X(struct smb_request *req)
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ (create_disposition == FILE_CREATE)
+ ? UCF_CREATING_FILE : 0,
NULL,
&smb_fname);
@@ -1165,7 +1166,8 @@ static void call_nt_transact_create(connection_struct *conn,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ (create_disposition == FILE_CREATE)
+ ? UCF_CREATING_FILE : 0,
NULL,
&smb_fname);
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index ca3a08f..0585a6e 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1748,11 +1748,20 @@ void reply_open(struct smb_request *req)
goto out;
}
+ if (!map_open_params_to_ntcreate(fname, deny_mode,
+ OPENX_FILE_EXISTS_OPEN, &access_mask,
+ &share_mode, &create_disposition,
+ &create_options, &private_flags)) {
+ reply_force_doserror(req, ERRDOS, ERRbadaccess);
+ goto out;
+ }
+
status = filename_convert(ctx,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ (create_disposition == FILE_CREATE)
+ ? UCF_CREATING_FILE : 0,
NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
@@ -1766,14 +1775,6 @@ void reply_open(struct smb_request *req)
goto out;
}
- if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode,
- OPENX_FILE_EXISTS_OPEN, &access_mask,
- &share_mode, &create_disposition,
- &create_options, &private_flags)) {
- reply_force_doserror(req, ERRDOS, ERRbadaccess);
- goto out;
- }
-
status = SMB_VFS_CREATE_FILE(
conn, /* conn */
req, /* req */
@@ -1923,11 +1924,22 @@ void reply_open_and_X(struct smb_request *req)
goto out;
}
+ if (!map_open_params_to_ntcreate(fname, deny_mode,
+ smb_ofun,
+ &access_mask, &share_mode,
+ &create_disposition,
+ &create_options,
+ &private_flags)) {
+ reply_force_doserror(req, ERRDOS, ERRbadaccess);
+ goto out;
+ }
+
status = filename_convert(ctx,
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ (create_disposition == FILE_CREATE)
+ ? UCF_CREATING_FILE : 0,
NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
@@ -1941,16 +1953,6 @@ void reply_open_and_X(struct smb_request *req)
goto out;
}
- if (!map_open_params_to_ntcreate(smb_fname->base_name, deny_mode,
- smb_ofun,
- &access_mask, &share_mode,
- &create_disposition,
- &create_options,
- &private_flags)) {
- reply_force_doserror(req, ERRDOS, ERRbadaccess);
- goto out;
- }
-
status = SMB_VFS_CREATE_FILE(
conn, /* conn */
req, /* req */
@@ -2145,7 +2147,7 @@ void reply_mknew(struct smb_request *req)
conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ UCF_CREATING_FILE,
NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
@@ -2286,7 +2288,7 @@ void reply_ctemp(struct smb_request *req)
status = filename_convert(ctx, conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ UCF_CREATING_FILE,
NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
@@ -5539,7 +5541,7 @@ void reply_mkdir(struct smb_request *req)
status = filename_convert(ctx, conn,
req->flags2 & FLAGS2_DFS_PATHNAMES,
directory,
- 0,
+ UCF_CREATING_FILE,
NULL,
&smb_dname);
if (!NT_STATUS_IS_OK(status)) {
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 5b81099..0862990 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -694,7 +694,8 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
smb1req->conn,
smb1req->flags2 & FLAGS2_DFS_PATHNAMES,
fname,
- 0,
+ (in_create_disposition == FILE_CREATE) ?
+ UCF_CREATING_FILE : 0,
NULL,
&smb_fname);
if (!NT_STATUS_IS_OK(status)) {
--
Samba Shared Repository
More information about the samba-cvs
mailing list