Questions about smbd option "strict rename"
metze at samba.org
Mon Nov 30 08:43:20 UTC 2015
> On Sun, Nov 29, 2015 at 10:59:16AM +0100, Stefan Metzmacher wrote:
>> Hi Ralph,
>>>> Yeah, that looks much closer !
>>>>> I'm not fully happy with the flag names yet, I think we should prefix
>>>>> them with VFS_ so they won't collide with flags we may add later on
>>>>> for SMB2/3 UNIX extensions.
>>>> Hmmm. Don't like VFS_ as they're not really VFS. How about
>>>> FSP_ prefix as they're more to do with fsp open handles ?
>>> perfect, thanks!
>>> Updated patchset attached. I've added a test that verifies both
>>> possibilities: deny rename if POSIX rename cap is not enabled, permit
>>> rename if POSIX rename cap is enabled via AAPL/vfs_fruit.
>> Can we make change from bool posix_open to uint8_t posix_flags first?
>> Maybe with a #define posix_open posix_flags.
> excellent idea! Something like the attached patch?
Except that we need to allow renames with just the _OPEN flags
specified (for the backports).
A VFS module can do fsp->posix_open = true; and expect renames
>> Can we also have a test with 2 connections, one with aapl and one
>> without and test the interaction between both against an apple
> Apple's server doesn't care and allows this even without AAPL. I had
> verified this previously with smbclient.
> Only allowing this for AAPL (or UNIX) clients would be our way of
> preserving protocol conformance.
That's sad, but true, while I wouldn't call it protocol conformance.
It's bad design to let a client give itself the privilege to
overwrite protection of other clients.
I wouldn't wonder if some Windows applications get really unhappy,
when another client to renames the parent directory of an open file handle.
A better design would have been only allowing it if all conflicting opens
allow posix renames too. I that case it would also make sense to a
allow a Windows client to rename.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: OpenPGP digital signature
More information about the samba-technical