diff options
-rw-r--r-- | source3/smbd/open.c | 128 |
1 files changed, 63 insertions, 65 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 6fb891830f..1a6a50bf5f 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -572,78 +572,76 @@ static NTSTATUS open_file(files_struct *fsp, smb_fname, access_mask, &access_granted); - if (!NT_STATUS_IS_OK(status)) { - if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { - /* - * On NT_STATUS_ACCESS_DENIED, access_granted - * contains the denied bits. - */ - - if ((access_mask & FILE_WRITE_ATTRIBUTES) && - (access_granted & FILE_WRITE_ATTRIBUTES) && - (lp_map_readonly(SNUM(conn)) || - lp_map_archive(SNUM(conn)) || - lp_map_hidden(SNUM(conn)) || - lp_map_system(SNUM(conn)))) { - access_granted &= ~FILE_WRITE_ATTRIBUTES; - - DEBUG(10,("open_file: " - "overrode " - "FILE_WRITE_" - "ATTRIBUTES " - "on file %s\n", - smb_fname_str_dbg( - smb_fname))); - } + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + /* + * On NT_STATUS_ACCESS_DENIED, access_granted + * contains the denied bits. + */ - if ((access_mask & DELETE_ACCESS) && - (access_granted & DELETE_ACCESS) && - can_delete_file_in_directory(conn, - smb_fname)) { - /* Were we trying to do a stat open - * for delete and didn't get DELETE - * access (only) ? Check if the - * directory allows DELETE_CHILD. - * See here: - * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx - * for details. */ - - access_granted &= ~DELETE_ACCESS; - - DEBUG(10,("open_file: " - "overrode " - "DELETE_ACCESS on " - "file %s\n", - smb_fname_str_dbg( - smb_fname))); - } + if ((access_mask & FILE_WRITE_ATTRIBUTES) && + (access_granted & FILE_WRITE_ATTRIBUTES) && + (lp_map_readonly(SNUM(conn)) || + lp_map_archive(SNUM(conn)) || + lp_map_hidden(SNUM(conn)) || + lp_map_system(SNUM(conn)))) { + access_granted &= ~FILE_WRITE_ATTRIBUTES; - if (access_granted != 0) { - DEBUG(10,("open_file: Access " - "denied on file " - "%s\n", - smb_fname_str_dbg( - smb_fname))); - return status; - } - } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) && - fsp->posix_open && - S_ISLNK(smb_fname->st.st_ex_mode)) { - /* This is a POSIX stat open for delete - * or rename on a symlink that points - * nowhere. Allow. */ - DEBUG(10,("open_file: allowing POSIX " - "open on bad symlink %s\n", + DEBUG(10,("open_file: " + "overrode " + "FILE_WRITE_" + "ATTRIBUTES " + "on file %s\n", smb_fname_str_dbg( smb_fname))); - } else { + } + + if ((access_mask & DELETE_ACCESS) && + (access_granted & DELETE_ACCESS) && + can_delete_file_in_directory(conn, + smb_fname)) { + /* Were we trying to do a stat open + * for delete and didn't get DELETE + * access (only) ? Check if the + * directory allows DELETE_CHILD. + * See here: + * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx + * for details. */ + + access_granted &= ~DELETE_ACCESS; + DEBUG(10,("open_file: " - "smbd_check_open_rights on file " - "%s returned %s\n", - smb_fname_str_dbg(smb_fname), - nt_errstr(status) )); + "overrode " + "DELETE_ACCESS on " + "file %s\n", + smb_fname_str_dbg( + smb_fname))); + } + + if (access_granted != 0) { + DEBUG(10,("open_file: Access " + "denied on file " + "%s\n", + smb_fname_str_dbg( + smb_fname))); return status; } + } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) && + fsp->posix_open && + S_ISLNK(smb_fname->st.st_ex_mode)) { + /* This is a POSIX stat open for delete + * or rename on a symlink that points + * nowhere. Allow. */ + DEBUG(10,("open_file: allowing POSIX " + "open on bad symlink %s\n", + smb_fname_str_dbg( + smb_fname))); + } else if (!NT_STATUS_IS_OK(status)) { + DEBUG(10,("open_file: " + "smbd_check_open_rights on file " + "%s returned %s\n", + smb_fname_str_dbg(smb_fname), + nt_errstr(status) )); + return status; } } |