From 62ccae32297683815da608cfb938573784614cf8 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Wed, 26 Oct 2011 12:41:18 -0700
Subject: Factor out the code checking if a parent should override
 DELETE_ACCESS into a function.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Oct 26 23:15:05 CEST 2011 on sn-devel-104
---
 source3/smbd/open.c | 40 +++++++++++++++++++++++++++++++---------
 1 file changed, 31 insertions(+), 9 deletions(-)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 1a6a50bf5f..6ad85b752e 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -191,6 +191,25 @@ static NTSTATUS check_parent_access(struct connection_struct *conn,
 	return NT_STATUS_OK;
 }
 
+/****************************************************************************
+ If the requester wanted DELETE_ACCESS and was only rejected because
+ the file ACL didn't include DELETE_ACCESS, see if the parent ACL
+ ovverrides this.
+****************************************************************************/
+
+static bool parent_override_delete(connection_struct *conn,
+					struct smb_filename *smb_fname,
+					uint32_t access_mask,
+					uint32_t rejected_mask)
+{
+	if ((access_mask & DELETE_ACCESS) &&
+		    (rejected_mask == DELETE_ACCESS) &&
+		    can_delete_file_in_directory(conn, smb_fname)) {
+		return true;
+	}
+	return false;
+}
+
 /****************************************************************************
  fd support routines - attempt to do a dos_open.
 ****************************************************************************/
@@ -595,10 +614,10 @@ static NTSTATUS open_file(files_struct *fsp,
 						  smb_fname)));
 			}
 
-			if ((access_mask & DELETE_ACCESS) &&
-			    (access_granted & DELETE_ACCESS) &&
-			    can_delete_file_in_directory(conn,
-				smb_fname)) {
+			if (parent_override_delete(conn,
+						smb_fname,
+						access_mask,
+						access_granted)) {
 				/* Were we trying to do a stat open
 				 * for delete and didn't get DELETE
 				 * access (only) ? Check if the
@@ -619,12 +638,14 @@ static NTSTATUS open_file(files_struct *fsp,
 
 			if (access_granted != 0) {
 				DEBUG(10,("open_file: Access "
-					  "denied on file "
+					  "denied (0x%x) on file "
 					  "%s\n",
+					  access_granted,
 					  smb_fname_str_dbg(
 						  smb_fname)));
 				return status;
 			}
+
 		} else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
 				    fsp->posix_open &&
 				    S_ISLNK(smb_fname->st.st_ex_mode)) {
@@ -2788,10 +2809,11 @@ static NTSTATUS open_directory(connection_struct *conn,
 		 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
 		 * for details. */
 
-		if ((NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
-			(access_mask & DELETE_ACCESS) &&
-			(access_granted == DELETE_ACCESS) &&
-			can_delete_file_in_directory(conn, smb_dname))) {
+		if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED) &&
+				parent_override_delete(conn,
+						smb_dname,
+						access_mask,
+						access_granted)) {
 			DEBUG(10,("open_directory: overrode ACCESS_DENIED "
 				"on directory %s\n",
 				smb_fname_str_dbg(smb_dname)));
-- 
cgit