+2007-09-17 Corinna Vinschen <corinna@vinschen.de>
+
+ * fhandler.cc (fhandler_base::open): Partly revert change from
+ 2007-08-24: Call has_acls to avoid permission problems getting
+ a handle to a file on a remote share. Add comment.
+
2007-09-08 Brian Dessent <brian@dessent.net>
* include/cygwin/config.h: Conditionalize inline __getreent()
/* If the file should actually be created and ntsec is on,
set files attributes. */
- if (allow_ntsec)
+ /* TODO: Don't remove the call to has_acls() unless there's a
+ solution for the security descriptor problem on remote samba
+ drives. The local user SID is used in set_security_attribute,
+ but the actual owner on the Samba share is the SID of the Unix
+ account. There's no transparent mapping between these accounts.
+ And Samba has a strange behaviour when creating a file. Apparently
+ it *first*( creates the file, *then* it looks if the security
+ descriptor matches. The result is that the file gets created, but
+ then NtCreateFile doesn't return a handle to the file and fails
+ with STATUS_ACCESS_DENIED. Go figure! */
+ if (allow_ntsec && has_acls ())
{
set_security_attribute (mode, &sa, sd);
attr.SecurityDescriptor = sa.lpSecurityDescriptor;