[PATCHSET] Fix regression for a directory dropbox (dir with perm -wx).
Volker Lendecke
Volker.Lendecke at SerNet.DE
Sun Dec 8 01:33:36 MST 2013
On Tue, Dec 03, 2013 at 01:49:15PM -0800, Jeremy Allison wrote:
> On Tue, Dec 03, 2013 at 01:20:15PM +0100, Andreas Schneider wrote:
> > Hi Jeremy,
> >
> > with Samba 4.0 we introduced a regression. We are not able to write to a
> > dropbox (directory with permission -wx, 0733). I've debugged the code and
> > discussed it with Volker. We came up with the attached patches. We need your
> > input to this code, please review and comment!
>
> Ok, here is the modified version of the patch.
>
> The key change to the previous version is that we
> now ignore ACCESS_DENIED returned from a filename_convert()
> call in any of the SMB_VFS_CREATE_FILE() paths, allowing
> the real underlying open call to catch any access
> denieds that should be returned here.
>
> Removing a 'r' permission on a directory should
> only prohibit the reading of the filenames inside
> a directory, not any other activity (such as
> creating or opening files) - creating a file
> is controlled by the 'w' bit on the directory,
> and opening a file is controlled by the ACL
> on the underlying file itself.
>
> So the core of the patch is changing UCF_CREATING_FILE
> to UCF_OPENING_FILE, and ensuring this is passed
> into filename_convert() on any path that leads
> to a SMB_VFS_CREATE_FILE() call.
Ok. The only thing I don't like is the name
UCF_OPENING_FILE. I can't think about anything better, but I
think we need something more descriptive.
UCF_PREP_CREATEFILE or so?
Volker
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de, mailto:kontakt at sernet.de
More information about the samba-technical
mailing list