summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2011-11-04 15:56:15 -0700
committerJeremy Allison <jra@samba.org>2011-11-04 15:56:15 -0700
commitbbcb589ef5a9cf1ad98b70fc2ea00d346323c57e (patch)
tree71b70f31563979605b923cef240da12113a27b0f
parentb988a3233fae309c6f034724ae106d935b1489f7 (diff)
downloadsamba-bbcb589ef5a9cf1ad98b70fc2ea00d346323c57e.tar.gz
samba-bbcb589ef5a9cf1ad98b70fc2ea00d346323c57e.tar.bz2
samba-bbcb589ef5a9cf1ad98b70fc2ea00d346323c57e.zip
No longer do the pre-check on DELETE_ACCESS - we're correctly checking the ACL every time now.
-rw-r--r--source3/smbd/open.c22
1 files changed, 0 insertions, 22 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index eb9f13e22c..575503fa62 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3254,28 +3254,6 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
}
}
- /* This is the correct thing to do (check every time) but can_delete
- * is expensive (it may have to read the parent directory
- * permissions). So for now we're not doing it unless we have a strong
- * hint the client is really going to delete this file. If the client
- * is forcing FILE_CREATE let the filesystem take care of the
- * permissions. */
-
- /* Setting FILE_SHARE_DELETE is the hint. */
-
- if ((create_disposition != FILE_CREATE)
- && (access_mask & DELETE_ACCESS)
- && (!(can_delete_file_in_directory(conn, smb_fname) ||
- NT_STATUS_IS_OK(smbd_check_access_rights(conn,
- smb_fname,
- DELETE_ACCESS))))) {
- status = NT_STATUS_ACCESS_DENIED;
- DEBUG(10,("create_file_unixpath: open file %s "
- "for delete ACCESS_DENIED\n",
- smb_fname_str_dbg(smb_fname)));
- goto fail;
- }
-
if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
!security_token_has_privilege(get_current_nttok(conn),
SEC_PRIV_SECURITY)) {