Fix bug #6297 - owner of sticky directory cannot delete files created by

others.
The reason we couldn't delete was we were erroring out early
if requestor was not the owner of the file we wanted to delete,
instead of checking if the requestor owned the directory as well.
If either of these is true, we must go on and check the ACL.
Karolin, this is a must for 3.4.0 and also 3.3.next. I'll update
the bug report with patches for 3.4.0 and 3.3.next and ask vl
to review.
Jeremy.
(cherry picked from commit cea3a63a86a733a16c3e91f5a78e972be802eb5c)

diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index abffcd2f4fd6cd7305ac02a3ee7ccf22cbb5abac..1c0124ecbc51f3611c318477482066d1de8b18cc 100644 (file)
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -89,7 +89,8 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname)
        }
 
 #ifdef S_ISVTX
-       /* sticky bit means delete only by owner or root. */
+       /* sticky bit means delete only by owner of file or by root or
+        * by owner of directory. */
        if (sbuf.st_mode & S_ISVTX) {
                SMB_STRUCT_STAT sbuf_file;
                if(SMB_VFS_STAT(conn, fname, &sbuf_file) != 0) {
@@ -98,14 +99,24 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname)
                                 * yes we'll be able to delete it. */
                                return True;
                        }
+                       DEBUG(10,("can_delete_file_in_directory: can't "
+                               "stat file %s (%s)",
+                               fname, strerror(errno) ));
                        return False;
                }
                /*
                 * Patch from SATOH Fumiyasu <fumiyas@miraclelinux.com>
                 * for bug #3348. Don't assume owning sticky bit
                 * directory means write access allowed.
+                * Fail to delete if we're not the owner of the file,
+                * or the owner of the directory as we have no possible
+                * chance of deleting. Otherwise, go on and check the ACL.
                 */
-               if (conn->server_info->utok.uid != sbuf_file.st_uid) {
+               if ((conn->server_info->utok.uid != sbuf.st_uid) &&
+                               (conn->server_info->utok.uid != sbuf_file.st_uid)) {
+                       DEBUG(10,("can_delete_file_in_directory: not "
+                               "owner of file %s or directory %s",
+                               fname, dname));
                        return False;
                }
        }