git.samba.org - samba.git/commit

author	Volker Lendecke <Volker.Lendecke@SerNet.DE>
	Wed, 28 Aug 2013 22:39:41 +0000 (15:39 -0700)
committer	Karolin Seeger <kseeger@samba.org>
	Wed, 18 Sep 2013 08:41:20 +0000 (10:41 +0200)
commit	cbd9d40912dc4cbe91dbeed8fcfefbdc40208178
tree	337c4b301a0f943fc193da294cdfd43ae2d940f0	tree
parent	6cefd961094ee15841bb2b0a00eab9eee86ee91d	commit \| diff

smbd: Fix a profile problem

When trying to read a profile, under certain circumstances Windows tries
to read with its machine account first. The profile previously written
was stored with an ACL that only allows access for the user and not
the machine. Windows should get an NT_STATUS_ACCESS_DENIED when using
the machine account, making it retry with the user account (which would
then succeed).

Samba under these circumstances erroneously gives
NT_STATUS_OBJECT_PATH_NOT_FOUND, which makes Windows give up and not
retry. The reasons is the "dropbox" patch in unix_convert, turning EACCESS
on the last path component to OBJECT_PATH_NOT_FOUND. This patch makes
the dropbox behaviour only kick in when we are creating a file. I think
this is an abstraction violation. unix_convert() should not have to know
about the create_disposition, but given that we have pathname resolution
separated from the core open code right now this is the best we can do.

Signed-off-by: Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b55072ccf8d801726aec49a925f5a69277a10494)

source3/include/smb.h		diff \| blob \| history
source3/smbd/filename.c		diff \| blob \| history
source3/smbd/nttrans.c		diff \| blob \| history
source3/smbd/reply.c		diff \| blob \| history
source3/smbd/smb2_create.c		diff \| blob \| history