Hi. If the samba login user does not have local access permission to the shared directory, the error returned by smbd must be NT_STATUS_ACCESS_DENIED and not NT_STATUS_OBJECT_PATH_INVALID. The wrong errors returned by samba are not a small bug, but can lose a lot of time at many users of samba. And, for example, the kioslave-smb browsing program not ask to the user the new account data, and this cause the fail of the share browse.
Created attachment 5323 [details] Fix for wrong NT_STATUS_OBJECT_PATH_INVALID error
Created attachment 5339 [details] patch for master. I think this is a more correct fix. We can't return different error codes here such as NT_STATUS_OBJECT_PATH_INVALID - Windows clients might not accept this, we have to be careful about the values we return, so I'm keeping this as NT_STATUS_BAD_NETWORK_NAME, which is the correct error for a bad share. I think the attached is a more correct patch. Please test and report back. Thanks, Jeremy.
Actually, I'm not sure my patch is correct either. This is the same as a share definition on Windows with an ACL allowing FULL_ACCESS to everyone, but a path that is owned and restricted to Administrators only. I'm going to look at what Windows does in this case. It might be that the client author needs to fix their code. Jeremy.
Created attachment 5340 [details] Correct patch for master This is the correct fix (IMHO). We need to allow connections to a directory with no permissions for the user, but fail all operations with ACCESS_DENIED errors. The previous code was incorrect in that it errored out with NT_STATUS_BAD_NETWORK_NAME if the SMB_VFS_STAT call failed with errno = EACCESS, whereas it should have silently ignored the error (as does Windows). Jeremy.
Created attachment 5341 [details] git-am format patch for 3.5.x. Volker, take a look at this for some version of 3.5.x. (either rc3, or 3.5.1, I don't mind which). Jeremy.
Created attachment 5342 [details] git-am format patch for 3.4.6.
Created attachment 5343 [details] git-am format patch for 3.3.11.
Comment on attachment 5341 [details] git-am format patch for 3.5.x. This patch is incorrect - please ignore.
Comment on attachment 5342 [details] git-am format patch for 3.4.6. Incorrect - ignore.
Comment on attachment 5343 [details] git-am format patch for 3.3.11. This patch is incorrect. Please ignore.
Ok, I'm really not sure about this one, so I've reverted my fix. I must consider this a lot more, this is subtle stuff :-). Jeremy.
(In reply to comment #11) > Ok, I'm really not sure about this one, so I've reverted my fix. I must > consider this a lot more, this is subtle stuff :-). > > Jeremy. > I have tested my patch with Fedora 11 and Windows Vista, and both systems work properly, the two systems just require to the user the access data for shared directory.
Yes but your patch is *wrong*, as defined as how Windows behaves in this scenario. I've added a more complete fix to master, which causes smbd to behave like Windows does. The correct behavior when the connecting user has no access permission to the shared directory is to allow the connection, but cause every access to return NT_STATUS_ACCESS_DENIED. Master now does this and it will be in release 3.6.0. Let me know if you need this fix in any earlier version. Jeremy.
(In reply to comment #13) > Yes but your patch is *wrong*, as defined as how Windows behaves in this ]zac[ Thanks for the Windows internal info. Thinking better, my patch could cause problems to the Windows clients if they use different account simultaneously for connect to shared directorys. The fix on the 3.6.0 release is good for me. Gdb
I have tested your patch on my samba 3.4.5 with windows vista and fedora 11, these work very well. Thanks for all Jeremy. Gdb
*** Bug 6616 has been marked as a duplicate of this bug. ***