smbd: Simplify dropbox special case in unix_convert

EACCESS needs special treatment: If we want to create a fresh file,
return OBJECT_PATH_NOT_FOUND, so that the client will continue creating
the file. If the client wants us to open a potentially existing file,
we need to correctly return ACCESS_DENIED.

This patch makes this behaviour hopefully a bit clearer than the code
before did.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 26 12:14:26 CEST 2013 on sn-devel-104

diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 4384f5a5c030c8046dbe1c12b38a090f67ebc830..68321eebbb0ac46ebd1fa15abfc35077ec39e33c 100644 (file)
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -718,13 +718,30 @@ NTSTATUS unix_convert(TALLOC_CTX *ctx,
 
                                /*
                                 * ENOENT/EACCESS are the only valid errors
-                                * here. EACCESS needs handling here for
-                                * "dropboxes", i.e. directories where users
-                                * can only put stuff with permission -wx.
+                                * here.
                                 */
-                               if ((errno != 0) && (errno != ENOENT)
-                                   && ((ucf_flags & UCF_CREATING_FILE) &&
-                                       (errno != EACCES))) {
+
+                               if (errno == EACCES) {
+                                       if (ucf_flags & UCF_CREATING_FILE) {
+                                               /*
+                                                * This is the dropbox
+                                                * behaviour. A dropbox is a
+                                                * directory with only -wx
+                                                * permissions, so
+                                                * get_real_filename fails
+                                                * with EACCESS, it needs to
+                                                * list the directory. We
+                                                * nevertheless want to allow
+                                                * users creating a file.
+                                                */
+                                               status = NT_STATUS_OBJECT_PATH_NOT_FOUND;
+                                       } else {
+                                               status = NT_STATUS_ACCESS_DENIED;
+                                       }
+                                       goto fail;
+                               }
+
+                               if ((errno != 0) && (errno != ENOENT)) {
                                        /*
                                         * ENOTDIR and ELOOP both map to
                                         * NT_STATUS_OBJECT_PATH_NOT_FOUND