diff options
author | Jeremy Allison <jra@samba.org> | 2011-10-26 12:41:18 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2011-10-26 23:15:05 +0200 |
commit | 62ccae32297683815da608cfb938573784614cf8 (patch) | |
tree | ce80b30aa12cb61152992719cfd0b53b6862181a /source3/smbd | |
parent | 4ec2c2a5e8977852c9a553952596d819743e70af (diff) | |
download | samba-62ccae32297683815da608cfb938573784614cf8.tar.gz samba-62ccae32297683815da608cfb938573784614cf8.tar.bz2 samba-62ccae32297683815da608cfb938573784614cf8.zip |
Factor out the code checking if a parent should override DELETE_ACCESS into a function.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 26 23:15:05 CEST 2011 on sn-devel-104
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/open.c | 40 |
1 files changed, 31 insertions, 9 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 1a6a50bf5f..6ad85b752e 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -192,6 +192,25 @@ static NTSTATUS check_parent_access(struct connection_struct *conn, } /**************************************************************************** + If the requester wanted DELETE_ACCESS and was only rejected because + the file ACL didn't include DELETE_ACCESS, see if the parent ACL + ovverrides this. +****************************************************************************/ + +static bool parent_override_delete(connection_struct *conn, + struct smb_filename *smb_fname, + uint32_t access_mask, + uint32_t rejected_mask) +{ + if ((access_mask & DELETE_ACCESS) && + (rejected_mask == DELETE_ACCESS) && + can_delete_file_in_directory(conn, smb_fname)) { + return true; + } + return false; +} + +/**************************************************************************** fd support routines - attempt to do a dos_open. ****************************************************************************/ @@ -595,10 +614,10 @@ static NTSTATUS open_file(files_struct *fsp, smb_fname))); } - if ((access_mask & DELETE_ACCESS) && - (access_granted & DELETE_ACCESS) && - can_delete_file_in_directory(conn, - smb_fname)) { + if (parent_override_delete(conn, + smb_fname, + access_mask, + access_granted)) { /* Were we trying to do a stat open * for delete and didn't get DELETE * access (only) ? Check if the @@ -619,12 +638,14 @@ static NTSTATUS open_file(files_struct *fsp, if (access_granted != 0) { DEBUG(10,("open_file: Access " - "denied on file " + "denied (0x%x) on file " "%s\n", + access_granted, smb_fname_str_dbg( smb_fname))); return status; } + } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) && fsp->posix_open && S_ISLNK(smb_fname->st.st_ex_mode)) { @@ -2788,10 +2809,11 @@ static NTSTATUS open_directory(connection_struct *conn, * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx * for details. */ - if ((NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) && - (access_mask & DELETE_ACCESS) && - (access_granted == DELETE_ACCESS) && - can_delete_file_in_directory(conn, smb_dname))) { + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) && + parent_override_delete(conn, + smb_dname, + access_mask, + access_granted)) { DEBUG(10,("open_directory: overrode ACCESS_DENIED " "on directory %s\n", smb_fname_str_dbg(smb_dname))); |