summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2011-06-23 15:06:16 -0700
committerJeremy Allison <jra@samba.org>2011-06-24 01:18:11 +0200
commit5d7d52ceea6ac046940ae0a8112ee7ba79ce886d (patch)
tree63814023c1bb201d3eff7443a654a4b8d1804435 /source3
parenta73abc0403b8267eeb15f9d5f394109495d1b667 (diff)
downloadsamba-5d7d52ceea6ac046940ae0a8112ee7ba79ce886d.tar.gz
samba-5d7d52ceea6ac046940ae0a8112ee7ba79ce886d.tar.bz2
samba-5d7d52ceea6ac046940ae0a8112ee7ba79ce886d.zip
Fix bug #8254 - "acl check permissions = no" does not work in all cases
Move lp_acl_check_permissions() into can_delete_file_in_directory() where it makes sense. Remove ACL check when requesting DELETE_ACCESS when lp_acl_check_permissions is false. Thanks to John Janosik @ IBM for noticing this. Autobuild-User: Jeremy Allison <jra@samba.org> Autobuild-Date: Fri Jun 24 01:18:11 CEST 2011 on sn-devel-104
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/file_access.c5
-rw-r--r--source3/smbd/open.c13
2 files changed, 16 insertions, 2 deletions
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 960dcb703a..74855649ea 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -92,6 +92,11 @@ bool can_delete_file_in_directory(connection_struct *conn,
return False;
}
+ if (!lp_acl_check_permissions(SNUM(conn))) {
+ /* This option means don't check. */
+ return true;
+ }
+
/* Get the parent directory permission mask and owners. */
if (!parent_dirname(ctx, smb_fname->base_name, &dname, NULL)) {
return False;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index ee7b2ad6d2..86a5924f16 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -77,6 +77,16 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn,
NTSTATUS status;
struct security_descriptor *sd = NULL;
+ if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) {
+ *access_granted = access_mask;
+
+ DEBUG(10,("smbd_check_open_rights: not checking ACL "
+ "on DELETE_ACCESS on file %s. Granting 0x%x\n",
+ smb_fname_str_dbg(smb_fname),
+ (unsigned int)*access_granted ));
+ return NT_STATUS_OK;
+ }
+
status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
(SECINFO_OWNER |
SECINFO_GROUP |
@@ -3278,8 +3288,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
/* Setting FILE_SHARE_DELETE is the hint. */
- if (lp_acl_check_permissions(SNUM(conn))
- && (create_disposition != FILE_CREATE)
+ if ((create_disposition != FILE_CREATE)
&& (access_mask & DELETE_ACCESS)
&& (!(can_delete_file_in_directory(conn, smb_fname) ||
can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) {