First part of fix for bug #8673 - NT ACL issue.

Simplify the logic in the unlink/rmdir calls - makes it readable
(and correct). Add some debug.

diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index e8c79e6eab1216528948933eafcdee7ad8586c97..17e1874376b352dda6dbc4eb5f2925b8d9db1858 100644 (file)
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -626,8 +626,11 @@ static int open_acl_common(vfs_handle_struct *handle,
                                        &access_granted);
                if (!NT_STATUS_IS_OK(status)) {
                        DEBUG(10,("open_acl_xattr: %s open "
+                               "for access 0x%x (0x%x) "
                                "refused with error %s\n",
                                fsp_str_dbg(fsp),
+                               (unsigned int)fsp->access_mask,
+                               (unsigned int)access_granted,
                                nt_errstr(status) ));
                        goto err;
                }
@@ -911,17 +914,23 @@ static int rmdir_acl_common(struct vfs_handle_struct *handle,
 {
        int ret;
 
+       /* Try the normal rmdir first. */
        ret = SMB_VFS_NEXT_RMDIR(handle, path);
-       if (!(ret == -1 && (errno == EACCES || errno == EPERM))) {
-               DEBUG(10,("rmdir_acl_common: unlink of %s failed %s\n",
-                       path,
-                       strerror(errno) ));
-               return ret;
+       if (ret == 0) {
+               return 0;
+       }
+       if (errno == EACCES || errno == EPERM) {
+               /* Failed due to access denied,
+                  see if we need to root override. */
+               return acl_common_remove_object(handle,
+                                               path,
+                                               true);
        }
 
-       return acl_common_remove_object(handle,
-                                       path,
-                                       true);
+       DEBUG(10,("rmdir_acl_common: unlink of %s failed %s\n",
+               path,
+               strerror(errno) ));
+       return -1;
 }
 
 static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
@@ -1039,21 +1048,28 @@ static int unlink_acl_common(struct vfs_handle_struct *handle,
 {
        int ret;
 
+       /* Try the normal unlink first. */
        ret = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
-       if (!(ret == -1 && (errno == EACCES || errno == EPERM))) {
-               DEBUG(10,("unlink_acl_common: unlink of %s failed %s\n",
-                       smb_fname->base_name,
-                       strerror(errno) ));
-               return ret;
-       }
-       /* Don't do anything fancy for streams. */
-       if (smb_fname->stream_name) {
-               return ret;
+       if (ret == 0) {
+               return 0;
        }
+       if (errno == EACCES || errno == EPERM) {
+               /* Failed due to access denied,
+                  see if we need to root override. */
 
-       return acl_common_remove_object(handle,
+               /* Don't do anything fancy for streams. */
+               if (smb_fname->stream_name) {
+                       return -1;
+               }
+               return acl_common_remove_object(handle,
                                        smb_fname->base_name,
                                        false);
+       }
+
+       DEBUG(10,("unlink_acl_common: unlink of %s failed %s\n",
+               smb_fname->base_name,
+               strerror(errno) ));
+       return -1;
 }
 
 static int chmod_acl_module_common(struct vfs_handle_struct *handle,