diff options
| author | Jeremy Allison <jra@samba.org> | 2011-11-04 15:56:15 -0700 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2011-11-04 15:56:15 -0700 |
| commit | bbcb589ef5a9cf1ad98b70fc2ea00d346323c57e (patch) | |
| tree | 71b70f31563979605b923cef240da12113a27b0f /source3/smbd/open.c | |
| parent | b988a3233fae309c6f034724ae106d935b1489f7 (diff) | |
| download | samba-bbcb589ef5a9cf1ad98b70fc2ea00d346323c57e.tar.gz samba-bbcb589ef5a9cf1ad98b70fc2ea00d346323c57e.tar.bz2 samba-bbcb589ef5a9cf1ad98b70fc2ea00d346323c57e.zip | |
No longer do the pre-check on DELETE_ACCESS - we're correctly checking the ACL every time now.
Diffstat (limited to 'source3/smbd/open.c')
| -rw-r--r-- | source3/smbd/open.c | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c index eb9f13e22c..575503fa62 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -3254,28 +3254,6 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, } } - /* This is the correct thing to do (check every time) but can_delete - * is expensive (it may have to read the parent directory - * permissions). So for now we're not doing it unless we have a strong - * hint the client is really going to delete this file. If the client - * is forcing FILE_CREATE let the filesystem take care of the - * permissions. */ - - /* Setting FILE_SHARE_DELETE is the hint. */ - - if ((create_disposition != FILE_CREATE) - && (access_mask & DELETE_ACCESS) - && (!(can_delete_file_in_directory(conn, smb_fname) || - NT_STATUS_IS_OK(smbd_check_access_rights(conn, - smb_fname, - DELETE_ACCESS))))) { - status = NT_STATUS_ACCESS_DENIED; - DEBUG(10,("create_file_unixpath: open file %s " - "for delete ACCESS_DENIED\n", - smb_fname_str_dbg(smb_fname))); - goto fail; - } - if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) && !security_token_has_privilege(get_current_nttok(conn), SEC_PRIV_SECURITY)) { |