RWX on a file does not imply DELETE access

Without this the changed checks in can_delete_file_in_directory give DELETE access where there is none. So we can end up granting the ntcreate&x preparing the unlink where we should not, which leads to a NT_STATUS_ACCESS_DENIED at close time later, which in turn does *not* give the access denied error message in the Windows GUI. can_delete_file_in_directory will grant access now by looking at the directory permissions. (This used to be commit 51b5364c2afb3a18df4bec2bc1624760ccc01676)
author: Volker Lendecke <vl@samba.org> 2008-06-17 16:22:43 +0200
committer: Volker Lendecke <vl@samba.org> 2008-06-19 15:27:41 +0200
commit: 156cd09899c7328c164b55159c17b1947d97f9d8 (patch)
tree: ad66207bd9b3c2dd8e809eddb4d65af63e2a70f8 /source3/smbd
parent: 066f6c856fccc791009f85492289276267e24bcf (diff)
download: samba-156cd09899c7328c164b55159c17b1947d97f9d8.tar.gz
samba-156cd09899c7328c164b55159c17b1947d97f9d8.tar.bz2
samba-156cd09899c7328c164b55159c17b1947d97f9d8.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index b83e3b692a..e92a263ca0 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -904,7 +904,7 @@ static SEC_ACCESS map_canon_ace_perms(int snum,
 		if (directory_ace) {
 			nt_mask = UNIX_DIRECTORY_ACCESS_RWX;
 		} else {
-			nt_mask = UNIX_ACCESS_RWX;
+			nt_mask = (UNIX_ACCESS_RWX & ~DELETE_ACCESS);
 		}
 	} else if ((perms & ALL_ACE_PERMS) == (mode_t)0) {
 		/*
author	Volker Lendecke <vl@samba.org>	2008-06-17 16:22:43 +0200
committer	Volker Lendecke <vl@samba.org>	2008-06-19 15:27:41 +0200
commit	156cd09899c7328c164b55159c17b1947d97f9d8 (patch)
tree	ad66207bd9b3c2dd8e809eddb4d65af63e2a70f8 /source3/smbd
parent	066f6c856fccc791009f85492289276267e24bcf (diff)
download	samba-156cd09899c7328c164b55159c17b1947d97f9d8.tar.gz samba-156cd09899c7328c164b55159c17b1947d97f9d8.tar.bz2 samba-156cd09899c7328c164b55159c17b1947d97f9d8.zip