[Samba] Re: Can not clear Read-only attribute

Thu Mar 12 17:26:41 GMT 2009

On Thu, Mar 12, 2009 at 02:56:59AM +0100, Günter Kukkukk wrote:
> Am Donnerstag, 12. März 2009 schrieb Jeremy Allison:
> > On Thu, Mar 12, 2009 at 12:56:27AM +0000, tom m. wrote:
> > > 
> > > I'm not against doing that, but does add some work: rebuild extended attribute
> > > support in kernel, change fstab, etc.  But if I do this, what will be the state
> > > of all the attribute bits of existing files?  That is, will files marked
> > > Read-only now suddenly be not Read-only?  How about System/Hidden files?
> > 
> > Yes, you'll lose current DOS attribute mapping, but you'll
> > be much happier in the long run :-).
> > 
> > Jeremy.
> 
> Hi Jeremy,
> but we have a bug here - the old wellknown "map readonly = Yes" stuff isn't working
> anymore. Just did a test on latest v3-3-test.
> Digging deeper now ... it's related to (current) NTCreateAndX

Reproduced - here's the fix. Didn't make 3.3.2 unfortunately, but I'll
create the bug and attach the patch.

Jeremy.
-------------- next part --------------

diff --git a/source/smbd/open.c b/source/smbd/open.c
index c89a5f6..064e17c 100644
--- a/source/smbd/open.c
+++ b/source/smbd/open.c
@@ -425,8 +425,26 @@ static NTSTATUS open_file(files_struct *fsp,
 					&access_granted);
 			if (!NT_STATUS_IS_OK(status)) {
 				if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+					/*
+					 * On NT_STATUS_ACCESS_DENIED, access_granted
+					 * contains the denied bits.
+					 */
+
+					if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
+							(access_granted & FILE_WRITE_ATTRIBUTES) &&
+							(lp_map_readonly(SNUM(conn)) ||
+							 lp_map_archive(SNUM(conn)) ||
+							 lp_map_hidden(SNUM(conn)) ||
+							 lp_map_system(SNUM(conn)))) {
+						access_granted &= ~FILE_WRITE_ATTRIBUTES;
+
+						DEBUG(10,("open_file: overrode FILE_WRITE_ATTRIBUTES "
+							"on file %s\n",
+							path ));
+					}
+
 					if ((access_mask & DELETE_ACCESS) &&
-							(access_granted == DELETE_ACCESS) &&
+							(access_granted & DELETE_ACCESS) &&
 							can_delete_file_in_directory(conn, path)) {
 						/* Were we trying to do a stat open
 						 * for delete and didn't get DELETE
@@ -436,10 +454,14 @@ static NTSTATUS open_file(files_struct *fsp,
 						 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
 						 * for details. */
 
-						DEBUG(10,("open_file: overrode ACCESS_DENIED "
+						access_granted &= ~DELETE_ACCESS;
+
+						DEBUG(10,("open_file: overrode DELETE_ACCESS "
 							"on file %s\n",
 							path ));
-					} else {
+					}
+
+					if (access_granted != 0) {
 						DEBUG(10, ("open_file: Access denied on "
 							"file %s\n",
 							path));
