On Thu, Mar 12, 2009 at 02:56:59AM +0100, Günter Kukkukk wrote:
> Am Donnerstag, 12. März 2009 schrieb Jeremy Allison:
> > On Thu, Mar 12, 2009 at 12:56:27AM +0000, tom m. wrote:
> > > 
> > > I'm not against doing that, but does add some work: rebuild extended 
> > > attribute
> > > support in kernel, change fstab, etc.  But if I do this, what will be the 
> > > state
> > > of all the attribute bits of existing files?  That is, will files marked
> > > Read-only now suddenly be not Read-only?  How about System/Hidden files?
> > 
> > Yes, you'll lose current DOS attribute mapping, but you'll
> > be much happier in the long run :-).
> > 
> > Jeremy.
> 
> Hi Jeremy,
> but we have a bug here - the old wellknown "map readonly = Yes" stuff isn't 
> working
> anymore. Just did a test on latest v3-3-test.
> Digging deeper now ... it's related to (current) NTCreateAndX

Reproduced - here's the fix. Didn't make 3.3.2 unfortunately, but I'll
create the bug and attach the patch.

Jeremy.
diff --git a/source/smbd/open.c b/source/smbd/open.c
index c89a5f6..064e17c 100644
--- a/source/smbd/open.c
+++ b/source/smbd/open.c
@@ -425,8 +425,26 @@ static NTSTATUS open_file(files_struct *fsp,
                                        &access_granted);
                        if (!NT_STATUS_IS_OK(status)) {
                                if (NT_STATUS_EQUAL(status, 
NT_STATUS_ACCESS_DENIED)) {
+                                       /*
+                                        * On NT_STATUS_ACCESS_DENIED, 
access_granted
+                                        * contains the denied bits.
+                                        */
+
+                                       if ((access_mask & 
FILE_WRITE_ATTRIBUTES) &&
+                                                       (access_granted & 
FILE_WRITE_ATTRIBUTES) &&
+                                                       
(lp_map_readonly(SNUM(conn)) ||
+                                                        
lp_map_archive(SNUM(conn)) ||
+                                                        
lp_map_hidden(SNUM(conn)) ||
+                                                        
lp_map_system(SNUM(conn)))) {
+                                               access_granted &= 
~FILE_WRITE_ATTRIBUTES;
+
+                                               DEBUG(10,("open_file: overrode 
FILE_WRITE_ATTRIBUTES "
+                                                       "on file %s\n",
+                                                       path ));
+                                       }
+
                                        if ((access_mask & DELETE_ACCESS) &&
-                                                       (access_granted == 
DELETE_ACCESS) &&
+                                                       (access_granted & 
DELETE_ACCESS) &&
                                                        
can_delete_file_in_directory(conn, path)) {
                                                /* Were we trying to do a stat 
open
                                                 * for delete and didn't get 
DELETE
@@ -436,10 +454,14 @@ static NTSTATUS open_file(files_struct *fsp,
                                                 * 
http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
                                                 * for details. */
 
-                                               DEBUG(10,("open_file: overrode 
ACCESS_DENIED "
+                                               access_granted &= 
~DELETE_ACCESS;
+
+                                               DEBUG(10,("open_file: overrode 
DELETE_ACCESS "
                                                        "on file %s\n",
                                                        path ));
-                                       } else {
+                                       }
+
+                                       if (access_granted != 0) {
                                                DEBUG(10, ("open_file: Access 
denied on "
                                                        "file %s\n",
                                                        path));
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba

Reply via email to