Some comments about the Synology version of Samba
Richard Sharpe
realrichardsharpe at gmail.com
Sat Apr 20 16:09:26 MDT 2013
On Fri, Apr 19, 2013 at 6:40 PM, Richard Sharpe
<realrichardsharpe at gmail.com> wrote:
> Out of curiosity I downloaded the synology source code from here:
> http://sourceforge.net/projects/dsgpl/files/Synology%20NAS%20GPL%20Source/3201branch/synogpl-3201-x64.tbz/download
>
> The Samba code consists the Samba source as modified by Synology.
> There are no patches that I can find.
>
> There are 146 modified files.
>
> Modifications are surounded with #ifdef MY_ABC_HERE or #ifndef
> MY_ABC_HERE. Weird symbols.
>
> More when I get a better look at the differences.
This is almost certainly already fixed in 3.6.9 (because I remember
the problem) and was the wrong way to fix it anyway. The perils of not
keeping in touch with the Samba team:
+++ samba-3.6.x/source3/smbd/open.c 2013-02-24 23:21:39.000000000 -0800
@@ -30,6 +30,10 @@
#include "auth.h"
#include "messages.h"
+#ifdef MY_ABC_HERE
+# include <synosdk/fs.h>
+#endif
+
extern const struct generic_mapping file_generic_mapping;
struct deferred_open_record {
@@ -85,6 +89,7 @@
return NT_STATUS_ACCESS_DENIED;
}
+
if ((access_mask & DELETE_ACCESS) &&
!lp_acl_check_permissions(SNUM(conn))) {
*access_granted = access_mask;
@@ -110,6 +115,18 @@
SECINFO_GROUP |
SECINFO_DACL),&sd);
+#ifdef MY_ABC_HERE
+ //samba add ACL delete permission check when open file
+ //But if no permission to "READ ACL", we will return
access_deny. Even if the request doesn't need to read ACL
+ if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) && 0 ==
(READ_CONTROL_ACCESS & access_mask)) {
+ become_root();
+ status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
+ (SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL),&sd);
+ unbecome_root();
+ }
+#endif
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("smbd_check_open_rights: Could not get acl "
"on %s: %s\n",
--
Regards,
Richard Sharpe
(何以解憂?唯有杜康。--曹操)
More information about the samba-technical
mailing list