summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2007-01-13 02:34:43 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 12:17:07 -0500
commit67b0f18f62049013cd220912d66c9029ccbda26b (patch)
treea2f9856babba4d33dd0f85f591ed3290731c186c
parent50b3dacb525d026dd7d280948d8a63075756d029 (diff)
downloadsamba-67b0f18f62049013cd220912d66c9029ccbda26b.tar.gz
samba-67b0f18f62049013cd220912d66c9029ccbda26b.tar.bz2
samba-67b0f18f62049013cd220912d66c9029ccbda26b.zip
r20724: Get closer to passing RAW-OPEN. If the client is using
create disposition of FILE_CREATE then there's no need to check can_delete_file_in_directory(). Jeremy. (This used to be commit eb32b60efc4c332295ff6fc7e5d575f4b40e8ff6)
-rw-r--r--source3/smbd/nttrans.c22
1 files changed, 10 insertions, 12 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 94bf363fc7..28d7a169a8 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -640,20 +640,19 @@ int reply_ntcreate_and_X(connection_struct *conn,
return UNIXERROR(ERRDOS,ERRbadpath);
}
-#if 0
/* This is the correct thing to do (check every time) but can_delete is
expensive (it may have to read the parent directory permissions). So
for now we're not doing it unless we have a strong hint the client
- is really going to delete this file. */
- if ((desired_access & DELETE_ACCESS)
- && !can_delete_file_in_directory(conn, fname)) {
-#else
+ is really going to delete this file. If the client is forcing FILE_CREATE
+ let the filesystem take care of the permissions. */
+
/* Setting FILE_SHARE_DELETE is the hint. */
+
if (lp_acl_check_permissions(SNUM(conn))
+ && (create_disposition != FILE_CREATE)
&& (share_access & FILE_SHARE_DELETE)
&& (access_mask & DELETE_ACCESS)
&& !can_delete_file_in_directory(conn, fname)) {
-#endif
restore_case_semantics(conn, file_attributes);
END_PROFILE(SMBntcreateX);
return ERROR_NT(NT_STATUS_ACCESS_DENIED);
@@ -1265,20 +1264,19 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o
return UNIXERROR(ERRDOS,ERRbadpath);
}
-#if 0
/* This is the correct thing to do (check every time) but can_delete is
expensive (it may have to read the parent directory permissions). So
for now we're not doing it unless we have a strong hint the client
- is really going to delete this file. */
- if ((desired_access & DELETE_ACCESS)
- && !can_delete_file_in_directory(conn, fname)) {
-#else
+ is really going to delete this file. If the client is forcing FILE_CREATE
+ let the filesystem take care of the permissions. */
+
/* Setting FILE_SHARE_DELETE is the hint. */
+
if (lp_acl_check_permissions(SNUM(conn))
+ && (create_disposition != FILE_CREATE)
&& (share_access & FILE_SHARE_DELETE)
&& (access_mask & DELETE_ACCESS)
&& !can_delete_file_in_directory(conn, fname)) {
-#endif
restore_case_semantics(conn, file_attributes);
return ERROR_NT(NT_STATUS_ACCESS_DENIED);
}