[smbd][PATCH] Writing EAs when overriding files

Marcel Müller samba at maazl.de
Thu May 14 23:05:37 GMT 2009


I think I found a bug in smbd. When a file is opened in 
overwritten/truncated the extended attributes are not applied.

Since the Win32 API does not have a single function that overwrites a 
file and associates extended attributes in one call, it is very unlikely 
to cause any harm to windows clients. But OS/2 clients have this API 
function and the LANMAN2 trans2open request is forwarded to create_file.

I have no sufficiently detailed documentation of the LANMAN2 protocol, 
but the OS/2 API docs for DosOpen clearly say:

   "peaop2 (PEAOP2) - in/out   Extended attributes.
This parameter is only used to specify extended attributes (EAs) when 
creating a new file, replacing an existing file, or truncating an 
existing file. When opening existing files, it should be set to null."

And usually the OS/2 file system API is nearly a 1:1 image of the 
LANMAN2 protocol.

The relating code is in open.c in the function create_file (samba 3.2)

-	if ((ea_list != NULL) && (info == FILE_WAS_CREATED)) {
+	if ((ea_list != NULL) && (info != FILE_WAS_OPENED)) {
		status = set_ea(conn, fsp, fname, ea_list);
		if (!NT_STATUS_IS_OK(status)) {
			goto fail;

The same applies to samba 3.0. But the related code is located in 
trans2.c in this case.

- if (total_data && smb_action == FILE_WAS_CREATED) {
+ if (total_data && smb_action != FILE_WAS_OPENED) {


More information about the samba-technical mailing list