* fhandler.cc (fhandler_base::open): Partly revert change from

2007-08-24: Call has_acls to avoid permission problems getting a handle to a file on a remote share. Add comment.
2007-09-17 16:48:14 +00:00
parent 70e728c2db
commit 8e34786463
2 changed files with 17 additions and 1 deletions
--- a/winsup/cygwin/fhandler.cc
+++ b/winsup/cygwin/fhandler.cc
@@ -551,7 +551,17 @@ fhandler_base::open (int flags, mode_t mode)

      /* If the file should actually be created and ntsec is on,
 	 set files attributes. */
-      if (allow_ntsec)
+      /* TODO: Don't remove the call to has_acls() unless there's a
+	 solution for the security descriptor problem on remote samba
+	 drives.  The local user SID is used in set_security_attribute,
+	 but the actual owner on the Samba share is the SID of the Unix
+	 account.  There's no transparent mapping between these accounts.
+	 And Samba has a strange behaviour when creating a file.  Apparently
+	 it *first*( creates the file, *then* it looks if the security
+	 descriptor matches.  The result is that the file gets created, but
+	 then NtCreateFile doesn't return a handle to the file and fails
+	 with STATUS_ACCESS_DENIED.  Go figure! */
+      if (allow_ntsec && has_acls ())
 	{
 	  set_security_attribute (mode, &sa, sd);
 	  attr.SecurityDescriptor = sa.lpSecurityDescriptor;