git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ba118ac)
Fix bug #8254 - "acl check permissions = no" does not work in all cases
authorJeremy Allison <jra@samba.org>
Thu, 23 Jun 2011 21:42:27 +0000 (14:42 -0700)
committerKarolin Seeger <kseeger@samba.org>
Mon, 27 Jun 2011 19:19:03 +0000 (21:19 +0200)
Move lp_acl_check_permissions() into can_delete_file_in_directory()
where it makes sense. Remove ACL check when requesting DELETE_ACCESS
when lp_acl_check_permissions is false.

Thanks to John Janosik @ IBM for noticing this.

source3/smbd/file_access.c patch | blob | history
source3/smbd/open.c patch | blob | history

diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 7d0a552956e508e7787764072d875a98929dc0ac..8b669fecb8c1e4c45f42e41e48c009f3ea58eea3 100644 (file)
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -77,6 +77,11 @@ bool can_delete_file_in_directory(connection_struct *conn,
                return False;
        }
 
+       if (!lp_acl_check_permissions(SNUM(conn))) {
+               /* This option means don't check. */
+               return true;
+       }
+
        /* Get the parent directory permission mask and owners. */
        if (!parent_dirname(ctx, smb_fname->base_name, &dname, NULL)) {
                return False;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index aac6e9c7a814b40229ee23f77f6bd1f40ee062e0..f0b92713d7787d9154318db6903708dbc3cb2645 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -86,6 +86,16 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
        NTSTATUS status;
        struct security_descriptor *sd = NULL;
 
+       if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
+               *access_granted = access_mask;
+
+               DEBUG(10,("smbd_check_open_rights: not checking ACL "
+                       "on DELETE_ACCESS on file %s. Granting 0x%x\n",
+                       smb_fname_str_dbg(smb_fname),
+                       (unsigned int)*access_granted ));
+               return NT_STATUS_OK;
+       }
+
        status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
                        (OWNER_SECURITY_INFORMATION |
                        GROUP_SECURITY_INFORMATION |
@@ -2967,8 +2977,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
 
        /* Setting FILE_SHARE_DELETE is the hint. */
 
-       if (lp_acl_check_permissions(SNUM(conn))
-           && (create_disposition != FILE_CREATE)
+       if ((create_disposition != FILE_CREATE)
            && (access_mask & DELETE_ACCESS)
            && (!(can_delete_file_in_directory(conn, smb_fname) ||
                 can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) {
Samba Shared Repository