Questions about smbd option "strict rename"
Ralph Boehme
rb at sernet.de
Mon Nov 23 21:22:35 UTC 2015
On Mon, Nov 23, 2015 at 12:59:35PM +0100, Stefan Metzmacher wrote:
> Am 22.11.2015 um 13:49 schrieb Ralph Boehme:
> > On Fri, Nov 20, 2015 at 01:45:08PM -0800, Jeremy Allison wrote:
> >> On Fri, Nov 20, 2015 at 10:01:46AM +0100, Ralph Boehme wrote:
> >>> - "strict rename = no": doesn't work, opens are always checked,
> >>> regardless of the setting of "strict rename". can_rename(), the
> >>> function where we do this check when renaming a directory, is
> >>> missing a check for lp_strict_rename() or similar.
> >>
> >> Yep. That's how it was supposed to work. The code in
> >> can_rename() should probably be the same as the code in
> >> source/smbd/dir.c which is:
> >>
> >> if (!lp_posix_pathnames() &&
> >> lp_strict_rename(SNUM(conn)) &&
> >> have_file_open_below(fsp->conn, fsp->fsp_name))
> >> {
> >> return NT_STATUS_ACCESS_DENIED;
> >> }
> >
> > Ok, thanks for clarifying. Does everybody agree? Metze?
>
> I don't agree, sorry.
>
> We should provide the semantics the client asked for
> and try to behave like a windows server.
>
> I think we should fix the manpage and use file_find_subpath()
> if lp_strict_rename() is false.
I'm leaning towards that interpretation of "strict rename" too.
> Can we use fsp->posix_open instead of lp_posix_pathnames() ?
>
> We fruit module could set fsp->posix_open in that case.
posix_open is too broad and implies other things like POSIX brl
behaviour.
-Ralph
--
SerNet GmbH, Bahnhofsallee 1b, 37081 Göttingen
phone: +49-551-370000-0, fax: +49-551-370000-9
AG Göttingen, HRB 2816, GF: Dr. Johannes Loxen
http://www.sernet.de,mailto:kontakt@sernet.de
More information about the samba-technical
mailing list