Allow an object to be deleted from a directory if the caller has DELETE_CHILD access

even if we don't have access to read the ACL on the object. Fixes bug #8673 - NT ACL issue.
Different fix needed for 3.6.x.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Tue Dec 20 22:13:51 CET 2011 on sn-devel-104

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index fd99994ca79873d4bc2f552baca2bbf9a3047740..587093a8bda8a9a3136c285ab3e9faebab6979aa 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -69,7 +69,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
        NTSTATUS status;
        struct security_descriptor *sd = NULL;
        uint32_t rejected_share_access;
-       uint32_t rejected_mask = 0;
+       uint32_t rejected_mask = access_mask;
 
        rejected_share_access = access_mask & ~(conn->share_access);
 
@@ -119,6 +119,11 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
                        "on %s: %s\n",
                        smb_fname_str_dbg(smb_fname),
                        nt_errstr(status)));
+
+               if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+                       goto access_denied;
+               }
+
                return status;
        }
 
@@ -154,6 +159,9 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
        }
 
        /* Here we know status == NT_STATUS_ACCESS_DENIED. */
+
+  access_denied:
+
        if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
                        (rejected_mask & FILE_WRITE_ATTRIBUTES) &&
                        (lp_map_readonly(SNUM(conn)) ||