Bug 6082 - smbd_gpfs_getacl failed: Windows client can´t rename or delete file
smbd_gpfs_getacl failed: Windows client can´t rename or delete file
Status: RESOLVED FIXED
Product: Samba 3.2
Classification: Unclassified
Component: VFS Modules
3.2.3
x64 Linux
: P3 major
: ---
Assigned To: Jeremy Allison
Samba QA Contact
:
: 6078 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-02-02 09:32 UTC by Heiner Billich
Modified: 2013-12-16 09:38 UTC (History)
2 users (show)

See Also:


Attachments
Patch. (5.39 KB, patch)
2009-02-02 17:25 UTC, Jeremy Allison
no flags Details
Experimental patch for 3.3.1 (969 bytes, patch)
2009-02-27 23:11 UTC, Jeremy Allison
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Heiner Billich 2009-02-02 09:32:57 UTC
Hello,

our Windows clients can't rename or delte files which reside on gpfs: samba uses vfs_gpfs. vfs_gpfs does not support gpfs_getacl_alloc, hence samb's smbd/file_access.c:can_access_file_acl returns NT_STATUS_ACCESS_DENIED when the client tries such operations. 

This is bad. Unix file permissions allow access, creating files, writing and appending to files works o.k.

[2009/02/02 16:04:18,  3] smbd/process.c:switch_message(1361)
  switch message SMBntcreateX (pid 2812) conn 0x2b0a657cec40
[2009/02/02 16:04:18,  4] smbd/uid.c:change_to_user(176)
  change_to_user: Skipping user change - already user
[2009/02/02 16:04:18,  5] smbd/filename.c:unix_convert(148)
  unix_convert called on file "tmp/test2.txt"
[2009/02/02 16:04:18,  8] modules/vfs_gpfs.c:gpfs_getacl_alloc(136)
  smbd_gpfs_getacl failed with Function not implemented
[2009/02/02 16:04:18,  5] smbd/file_access.c:can_access_file_acl(43)
  Could not get acl: NT_STATUS_ACCESS_DENIED
[2009/02/02 16:04:18,  8] modules/vfs_gpfs.c:gpfs_getacl_alloc(136)
  smbd_gpfs_getacl failed with Function not implemented
[2009/02/02 16:04:18,  5] smbd/file_access.c:can_access_file_acl(43)
  Could not get acl: NT_STATUS_ACCESS_DENIED
[2009/02/02 16:04:18,  3] smbd/error.c:error_packet_set(61)
  error packet at smbd/nttrans.c(532) cmd=162 (SMBntcreateX) NT_STATUS_ACCESS_DENIED
[2009/02/02 16:04:18,  5] lib/util.c:show_msg(642)
[2009/02/02 16:04:18,  5] lib/util.c:show_msg(652)
Comment 1 Jeremy Allison 2009-02-02 17:01:26 UTC
This is an ACL processing bug. I'm working on a fix ASAP.
Jeremy.
Comment 2 Jeremy Allison 2009-02-02 17:01:53 UTC
*** Bug 6078 has been marked as a duplicate of this bug. ***
Comment 3 Jeremy Allison 2009-02-02 17:25:27 UTC
Created attachment 3908 [details]
Patch.

This should fix deletes and renames on all ACL-bearing filesystems with 3.3.0.
Will be in 3.3.1.
Thanks,
Jeremy.
Comment 4 Sven Strickroth 2009-02-27 20:18:43 UTC
deleting works with 3.3.1 again, but renaming of folders is still not possible for me.
Comment 5 Jeremy Allison 2009-02-27 23:11:01 UTC
Created attachment 3961 [details]
Experimental patch for 3.3.1

Can you try this patch for 3.3.1 ? It adds the same override in the open_directory path
as for files.
Thanks,
Jeremy.
Comment 6 Sven Strickroth 2009-02-28 06:25:04 UTC
(In reply to comment #5)
> Can you try this patch for 3.3.1 ? It adds the same override in the
> open_directory path as for files.

seems to work.
Comment 7 Jeremy Allison 2009-02-28 15:15:56 UTC
Ok, pushed to the 3.3 and master trees.
Jeremy.
Comment 8 Karolin Seeger 2009-05-13 04:27:16 UTC
Closing out bug report.
Please re-open if it's still an issue.

Thanks for reporting!
Comment 9 Jens 2013-11-25 11:59:06 UTC
Hello, I installed a new server running RHEL6.4 together with an IBM gpfs filesystem. Now I tried to install samba 4.1 from SerNet including the ctdb/gpfs support. When I try to connect from a Windows machine (Server 2008R2 or Win7) I can access the local mounted folders but not the gpfs SAN folders. In Windows it just says cannot connect and the samba log files shows exactly the error message I found here in this thread. Perhaps anyone has a solution for me, perhaps I'm doing something wrong?! Thanx in advance! Jens...

Here is a part of my samba.log including the error message
"smbd_gpfs_getacl failed with Function not implemented"
and my smb.conf:

[2013/11/22 13:06:51.485569,  4] ../source3/smbd/sec_ctx.c:316(set_sec_ctx)
  setting sec ctx (3172, 234) - sec_ctx_stack_ndx = 0
[2013/11/22 13:06:51.485679,  5] ../libcli/security/security_token.c:63(security_token_debug)
  Security token SIDs (20):
    SID[  0]: S-1-22-1-3172
    SID[  1]: S-1-22-2-234
    SID[  2]: S-1-22-2-288
    SID[  3]: S-1-22-2-5695
    SID[  4]: S-1-22-2-247
    SID[  5]: S-1-22-2-3224
    SID[  6]: S-1-22-2-290
    SID[  7]: S-1-22-2-5140
    SID[  8]: S-1-22-2-3172
    SID[  9]: S-1-22-2-178
    SID[ 10]: S-1-22-2-218
    SID[ 11]: S-1-22-2-5814
    SID[ 12]: S-1-22-2-4098
    SID[ 13]: S-1-22-2-3840
    SID[ 14]: S-1-22-2-3369
    SID[ 15]: S-1-22-2-4403
    SID[ 16]: S-1-22-2-4416
    SID[ 17]: S-1-1-0
    SID[ 18]: S-1-5-2
    SID[ 19]: S-1-5-11
  Privileges (0x               0):
  Rights (0x               0):
[2013/11/22 13:06:51.486180,  5] ../source3/auth/token_util.c:528(debug_unix_user_token)
  UNIX token of user 3172
  Primary group is 234 and contains 16 supplementary groups
  Group[  0]: 234
  Group[  1]: 288
  Group[  2]: 5695
  Group[  3]: 247
  Group[  4]: 3224
  Group[  5]: 290
  Group[  6]: 5140
  Group[  7]: 3172
  Group[  8]: 178
  Group[  9]: 218
  Group[ 10]: 5814
  Group[ 11]: 4098
  Group[ 12]: 3840
  Group[ 13]: 3369
  Group[ 14]: 4403
  Group[ 15]: 4416
[2013/11/22 13:06:51.486574,  5] ../source3/smbd/uid.c:363(change_to_user_internal)
  Impersonated user: uid=(3172,3172), gid=(0,234)
[2013/11/22 13:06:51.486658,  5] ../source3/smbd/filename.c:258(unix_convert)
  unix_convert called on file ""
[2013/11/22 13:06:51.486800,  5] ../source3/smbd/filename.c:292(unix_convert)
  conversion finished "" -> .
[2013/11/22 13:06:51.486865,  5] ../source3/smbd/open.c:3019(open_directory)
  open_directory: opening directory ., access_mask = 0x100081, share_access = 0x7 create_options = 0x1, create_disposition = 0x1, file_attributes = 0x10
[2013/11/22 13:06:51.487053,  5] ../source3/modules/vfs_gpfs.c:294(vfs_gpfs_getacl)
  smbd_gpfs_getacl failed with Function not implemented
[2013/11/22 13:06:51.489148,  4] ../source3/smbd/uid.c:384(change_to_user)
  Skipping user change - already user
[2013/11/22 13:06:51.489271,  5] ../source3/smbd/filename.c:258(unix_convert)
  unix_convert called on file "desktop.ini"
[2013/11/22 13:06:51.489351,  5] ../source3/smbd/filename.c:421(unix_convert)
  unix_convert begin: name = desktop.ini, dirpath = , start = desktop.ini
[2013/11/22 13:06:51.489531,  5] ../source3/smbd/dir.c:1485(OpenDir)
  OpenDir: Can't open .. Permission denied
[2013/11/22 13:06:51.489645,  3] ../source3/smbd/filename.c:1150(get_real_filename_full_scan)
  scan dir didn't open dir [.]


smb.conf:

[global]
        clustering = no
        workgroup = xyz
        server string = Home 
        netbios name = servername
        interfaces = eth8
        log file = /var/log/samba/%m.log
;       max log size = 50
 log level = 5
        security = ADS
        passdb backend = tdbsam
        realm = domain name
        password server = AD servers
        domain master = no      
        local master = no
        preferred master = no
        unix extensions  = no
        username map = /etc/samba/smbusers      
        load printers = no
# The following attributes I have tried without any change in behavior
#	ea support = yes
#	mangled names = no
#	store dos attributes = no
#	map readonly = no
#	map archive = no
#	map system = no
#	force unknown acl user = no

[homes]
	vfs objects = gpfs
        comment = Home Directories
        browseable = no
        writable = yes
        follow symlinks = yes
        wide links = yes
	inherit acls = no
	path = /gpfs/home
	create mask = 0600
	force create mode = 0600
	locking = yes
	gpfs:sharemodes = yes
	gpfs:winattr = no
Comment 10 Jens 2013-12-16 09:38:09 UTC
Problem solved. De-installing selinux and everything works.