[PATCHSET] Fix regression for a directory dropbox (dir with perm -wx).
Andreas Schneider
asn at samba.org
Wed Dec 4 04:11:01 MST 2013
On Tuesday 03 December 2013 13:49:15 Jeremy Allison wrote:
> On Tue, Dec 03, 2013 at 01:20:15PM +0100, Andreas Schneider wrote:
> > Hi Jeremy,
> >
> > with Samba 4.0 we introduced a regression. We are not able to write to a
> > dropbox (directory with permission -wx, 0733). I've debugged the code and
> > discussed it with Volker. We came up with the attached patches. We need
> > your input to this code, please review and comment!
>
> Ok, here is the modified version of the patch.
>
> The key change to the previous version is that we
> now ignore ACCESS_DENIED returned from a filename_convert()
> call in any of the SMB_VFS_CREATE_FILE() paths, allowing
> the real underlying open call to catch any access
> denieds that should be returned here.
>
> Removing a 'r' permission on a directory should
> only prohibit the reading of the filenames inside
> a directory, not any other activity (such as
> creating or opening files) - creating a file
> is controlled by the 'w' bit on the directory,
> and opening a file is controlled by the ACL
> on the underlying file itself.
>
> So the core of the patch is changing UCF_CREATING_FILE
> to UCF_OPENING_FILE, and ensuring this is passed
> into filename_convert() on any path that leads
> to a SMB_VFS_CREATE_FILE() call.
>
> This patch passes make test for me, and also the
> hand crafted tests I've done with smbclient over
> SMB1 and SMB2/3.
It looks good for me. I've tested it with smbclient from 3.6 and master.
Volker, what do you think?
-- andreas
--
Andreas Schneider GPG-ID: CC014E3D
Samba Team asn at samba.org
www.samba.org
More information about the samba-technical
mailing list