summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2009-06-11 12:51:45 -0700
committerJeremy Allison <jra@samba.org>2009-06-11 12:51:45 -0700
commit5cef57ff7d899773a084d23838b7f18a83f6e79d (patch)
tree0ee2d37f23d7fed1677b28b879c0f62c34c7ee6d /source3/smbd
parentef55c2bd91181d896e0a4d05b72e9da8bfb7b915 (diff)
downloadsamba-5cef57ff7d899773a084d23838b7f18a83f6e79d.tar.gz
samba-5cef57ff7d899773a084d23838b7f18a83f6e79d.tar.bz2
samba-5cef57ff7d899773a084d23838b7f18a83f6e79d.zip
Fix bug #6297 - owner of sticky directory cannot delete files created by others.
The reason we couldn't delete was we were erroring out early if requestor was not the owner of the file we wanted to delete, instead of checking if the requestor owned the directory as well. If either of these is true, we must go on and check the ACL. Karolin, this is a must for 3.4.0 and also 3.3.next. I'll update the bug report with patches for 3.4.0 and 3.3.next and ask vl to review. Jeremy.
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/file_access.c15
1 files changed, 13 insertions, 2 deletions
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index a248dd9f3b..9c77f9e961 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -89,7 +89,8 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname)
}
#ifdef S_ISVTX
- /* sticky bit means delete only by owner or root. */
+ /* sticky bit means delete only by owner of file or by root or
+ * by owner of directory. */
if (sbuf.st_ex_mode & S_ISVTX) {
SMB_STRUCT_STAT sbuf_file;
if(SMB_VFS_STAT(conn, fname, &sbuf_file) != 0) {
@@ -98,14 +99,24 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname)
* yes we'll be able to delete it. */
return True;
}
+ DEBUG(10,("can_delete_file_in_directory: can't "
+ "stat file %s (%s)",
+ fname, strerror(errno) ));
return False;
}
/*
* Patch from SATOH Fumiyasu <fumiyas@miraclelinux.com>
* for bug #3348. Don't assume owning sticky bit
* directory means write access allowed.
+ * Fail to delete if we're not the owner of the file,
+ * or the owner of the directory as we have no possible
+ * chance of deleting. Otherwise, go on and check the ACL.
*/
- if (conn->server_info->utok.uid != sbuf_file.st_ex_uid) {
+ if ((conn->server_info->utok.uid != sbuf.st_ex_uid) &&
+ (conn->server_info->utok.uid != sbuf_file.st_ex_uid)) {
+ DEBUG(10,("can_delete_file_in_directory: not "
+ "owner of file %s or directory %s",
+ fname, dname));
return False;
}
}