From f61f1690548edbd1c6e3badfe8d2e7b50485d03e Mon Sep 17 00:00:00 2001 From: Tim Prouty Date: Tue, 3 Mar 2009 19:23:33 -0800 Subject: s3: Change open_streams_for_delete to call through the vfs layer This eliminates the last direct caller of create_file_unixpath --- source3/smbd/open.c | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/open.c b/source3/smbd/open.c index acd347520d..ccc6fc77d6 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2719,7 +2719,7 @@ struct case_semantics_state *set_posix_case_semantics(TALLOC_CTX *mem_ctx, * If that works, delete them all by setting the delete on close and close. */ -static NTSTATUS open_streams_for_delete(connection_struct *conn, +NTSTATUS open_streams_for_delete(connection_struct *conn, const char *fname) { struct stream_struct *stream_info; @@ -2777,13 +2777,15 @@ static NTSTATUS open_streams_for_delete(connection_struct *conn, goto fail; } - status = create_file_unixpath - (conn, /* conn */ + status = SMB_VFS_CREATE_FILE( + conn, /* conn */ NULL, /* req */ + 0, /* root_dir_fid */ streamname, /* fname */ + 0, /* create_file_flags */ DELETE_ACCESS, /* access_mask */ - FILE_SHARE_READ | FILE_SHARE_WRITE - | FILE_SHARE_DELETE, /* share_access */ + (FILE_SHARE_READ | /* share_access */ + FILE_SHARE_WRITE | FILE_SHARE_DELETE), FILE_OPEN, /* create_disposition*/ NTCREATEX_OPTIONS_PRIVATE_STREAM_DELETE, /* create_options */ FILE_ATTRIBUTE_NORMAL, /* file_attributes */ -- cgit From bb1dab3a97d07dd6778f414ce3bff4f150b60d5d Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 5 Mar 2009 09:04:16 -0800 Subject: Fix bug #6160 - Office 2007 fails saving files to a Samba mapped drive. Confirmed by reporters. Jeremy. --- source3/smbd/open.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'source3/smbd') diff --git a/source3/smbd/open.c b/source3/smbd/open.c index ccc6fc77d6..c8cc2e64a3 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2386,6 +2386,14 @@ static NTSTATUS open_directory(connection_struct *conn, return status; } + /* We need to support SeSecurityPrivilege for this. */ + if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) { + DEBUG(10, ("open_directory: open on %s " + "failed - SEC_RIGHT_SYSTEM_SECURITY denied.\n", + fname)); + return NT_STATUS_PRIVILEGE_NOT_HELD; + } + switch( create_disposition ) { case FILE_OPEN: @@ -2931,6 +2939,20 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, status = NT_STATUS_PRIVILEGE_NOT_HELD; goto fail; } +#else + /* We need to support SeSecurityPrivilege for this. */ + if (access_mask & SEC_RIGHT_SYSTEM_SECURITY) { + status = NT_STATUS_PRIVILEGE_NOT_HELD; + goto fail; + } + /* Don't allow a SACL set from an NTtrans create until we + * support SeSecurityPrivilege. */ + if (!VALID_STAT(sbuf) && + lp_nt_acl_support(SNUM(conn)) && + sd && (sd->sacl != NULL)) { + status = NT_STATUS_PRIVILEGE_NOT_HELD; + goto fail; + } #endif if ((conn->fs_capabilities & FILE_NAMED_STREAMS) -- cgit From 196a5d038886bdea678ac9ae97bdf9dab825e23f Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Fri, 6 Mar 2009 07:45:06 +0100 Subject: s3:signing: the seqnum should only be decremented by 1 for ntcancel requests [MS-SMB] 3.3.5.1 Receiving Any Message says that the seqnum is incremented by only for ntcancel requests for any other request it's by incremented by 2, even if it doesn't expect a response. metze --- source3/smbd/aio.c | 8 ++++---- source3/smbd/nttrans.c | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'source3/smbd') diff --git a/source3/smbd/aio.c b/source3/smbd/aio.c index 6b19e098e5..cfa4b430eb 100644 --- a/source3/smbd/aio.c +++ b/source3/smbd/aio.c @@ -347,7 +347,7 @@ static int handle_aio_read_complete(struct aio_extra *aio_ex) /* If errno is ECANCELED then don't return anything to the * client. */ if (errno == ECANCELED) { - srv_cancel_sign_response(aio_ex->req->mid); + srv_cancel_sign_response(aio_ex->req->mid, false); return 0; } @@ -441,7 +441,7 @@ static int handle_aio_write_complete(struct aio_extra *aio_ex) /* If errno is ECANCELED then don't return anything to the * client. */ if (errno == ECANCELED) { - srv_cancel_sign_response(aio_ex->req->mid); + srv_cancel_sign_response(aio_ex->req->mid, false); return 0; } @@ -534,7 +534,7 @@ void smbd_aio_complete_mid(unsigned int mid) if (!aio_ex) { DEBUG(3,("smbd_aio_complete_mid: Can't find record to " "match mid %u.\n", mid)); - srv_cancel_sign_response(mid); + srv_cancel_sign_response(mid, false); return; } @@ -544,7 +544,7 @@ void smbd_aio_complete_mid(unsigned int mid) * ignore. */ DEBUG( 3,( "smbd_aio_complete_mid: file closed whilst " "aio outstanding (mid[%u]).\n", mid)); - srv_cancel_sign_response(mid); + srv_cancel_sign_response(mid, false); return; } diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 86a46505a2..9c7fb1914e 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1131,7 +1131,7 @@ void reply_ntcancel(struct smb_request *req) START_PROFILE(SMBntcancel); remove_pending_change_notify_requests_by_mid(req->mid); remove_pending_lock_requests_by_mid(req->mid); - srv_cancel_sign_response(req->mid); + srv_cancel_sign_response(req->mid, true); DEBUG(3,("reply_ntcancel: cancel called on mid = %d.\n", req->mid)); -- cgit