diff options
author | Jeremy Allison <jra@samba.org> | 2009-06-11 12:51:45 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2009-06-11 12:51:45 -0700 |
commit | 5cef57ff7d899773a084d23838b7f18a83f6e79d (patch) | |
tree | 0ee2d37f23d7fed1677b28b879c0f62c34c7ee6d /source3/smbd | |
parent | ef55c2bd91181d896e0a4d05b72e9da8bfb7b915 (diff) | |
download | samba-5cef57ff7d899773a084d23838b7f18a83f6e79d.tar.gz samba-5cef57ff7d899773a084d23838b7f18a83f6e79d.tar.bz2 samba-5cef57ff7d899773a084d23838b7f18a83f6e79d.zip |
Fix bug #6297 - owner of sticky directory cannot delete files created by others.
The reason we couldn't delete was we were erroring out early
if requestor was not the owner of the file we wanted to delete,
instead of checking if the requestor owned the directory as well.
If either of these is true, we must go on and check the ACL.
Karolin, this is a must for 3.4.0 and also 3.3.next. I'll update
the bug report with patches for 3.4.0 and 3.3.next and ask vl
to review.
Jeremy.
Diffstat (limited to 'source3/smbd')
-rw-r--r-- | source3/smbd/file_access.c | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index a248dd9f3b..9c77f9e961 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -89,7 +89,8 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname) } #ifdef S_ISVTX - /* sticky bit means delete only by owner or root. */ + /* sticky bit means delete only by owner of file or by root or + * by owner of directory. */ if (sbuf.st_ex_mode & S_ISVTX) { SMB_STRUCT_STAT sbuf_file; if(SMB_VFS_STAT(conn, fname, &sbuf_file) != 0) { @@ -98,14 +99,24 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname) * yes we'll be able to delete it. */ return True; } + DEBUG(10,("can_delete_file_in_directory: can't " + "stat file %s (%s)", + fname, strerror(errno) )); return False; } /* * Patch from SATOH Fumiyasu <fumiyas@miraclelinux.com> * for bug #3348. Don't assume owning sticky bit * directory means write access allowed. + * Fail to delete if we're not the owner of the file, + * or the owner of the directory as we have no possible + * chance of deleting. Otherwise, go on and check the ACL. */ - if (conn->server_info->utok.uid != sbuf_file.st_ex_uid) { + if ((conn->server_info->utok.uid != sbuf.st_ex_uid) && + (conn->server_info->utok.uid != sbuf_file.st_ex_uid)) { + DEBUG(10,("can_delete_file_in_directory: not " + "owner of file %s or directory %s", + fname, dname)); return False; } } |