[Samba] Fwd: STATUS_ACCESS_DENIED with NTCreateAndX if Access Mask has System Security bit set

Tom Lee tlee2951 at gmail.com
Tue Feb 28 13:22:38 MST 2012


I have tested with this fix and it looks like it does take care of the
problem.  We'll look forward to seeing this update in the latest 3.6.x
codebase. Thanks a lot.

On Tue, Feb 28, 2012 at 10:42 AM, Jeremy Allison <jra at samba.org> wrote:

> On Mon, Feb 27, 2012 at 04:55:29PM -0800, Jeremy Allison wrote:
> > On Mon, Feb 27, 2012 at 03:12:49PM -0700, Tom Lee wrote:
> > > ---------- Forwarded message ----------
> > > From: Tom Lee <tlee2951 at gmail.com>
> > > Date: Mon, Feb 27, 2012 at 3:10 PM
> > > Subject: Re: [Samba] STATUS_ACCESS_DENIED with NTCreateAndX if Access
> Mask
> > > has System Security bit set
> > > To: Jeremy Allison <jra at samba.org>
> > >
> > >
> > > Jeremy thanks for your response.  I didn't actually build Samba from
> > > sources I'm just running the version of Samba that comes with OpenSuse
> > > v12.1 which is 3.6.1-34.3.1.x86_64 .
> > >
> > > I'm pretty sure the chunk of code inside
> libcli/security/access_check.c you
> > > mentioned is enabled with this version, since before I gave the
> > > Administrator user SeSecurityPrivilege I was getting the
> > > NT_STATUS_PRIVILEGE_NOT_HELD error, then once I granted the privilege
> that
> > > error went away. But then I started getting the NT_STATUS_ACCESS_DENIED
> > > coming from the check in open.c smbd_calculate_access_mask.
> > >
> > > Please let me know if there is something else I should try or if you
> need
> > > any additional info on my configuration. Thanks.
> >
> > Ok, I've figured it out. The share security mask isn't being
> > set correctly when you have these privileges.
> >
> > If you can build from source code, can you test the
> > following patch (should apply cleanly to 3.6.x) ?
>
> Actually, ignore that previous patch (breaks other tests).
> Try this one instead - I think this fixes the problem in
> the right place.
>
> Jeremy.
>


More information about the samba mailing list