summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2008-06-17 16:22:43 +0200
committerVolker Lendecke <vl@samba.org>2008-06-19 15:27:41 +0200
commit156cd09899c7328c164b55159c17b1947d97f9d8 (patch)
treead66207bd9b3c2dd8e809eddb4d65af63e2a70f8
parent066f6c856fccc791009f85492289276267e24bcf (diff)
downloadsamba-156cd09899c7328c164b55159c17b1947d97f9d8.tar.gz
samba-156cd09899c7328c164b55159c17b1947d97f9d8.tar.bz2
samba-156cd09899c7328c164b55159c17b1947d97f9d8.zip
RWX on a file does not imply DELETE access
Without this the changed checks in can_delete_file_in_directory give DELETE access where there is none. So we can end up granting the ntcreate&x preparing the unlink where we should not, which leads to a NT_STATUS_ACCESS_DENIED at close time later, which in turn does *not* give the access denied error message in the Windows GUI. can_delete_file_in_directory will grant access now by looking at the directory permissions. (This used to be commit 51b5364c2afb3a18df4bec2bc1624760ccc01676)
-rw-r--r--source3/smbd/posix_acls.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index b83e3b692a..e92a263ca0 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -904,7 +904,7 @@ static SEC_ACCESS map_canon_ace_perms(int snum,
if (directory_ace) {
nt_mask = UNIX_DIRECTORY_ACCESS_RWX;
} else {
- nt_mask = UNIX_ACCESS_RWX;
+ nt_mask = (UNIX_ACCESS_RWX & ~DELETE_ACCESS);
}
} else if ((perms & ALL_ACE_PERMS) == (mode_t)0) {
/*