From bbcb589ef5a9cf1ad98b70fc2ea00d346323c57e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Fri, 4 Nov 2011 15:56:15 -0700
Subject: No longer do the pre-check on DELETE_ACCESS - we're correctly
 checking the ACL every time now.

---
 source3/smbd/open.c | 22 ----------------------
 1 file changed, 22 deletions(-)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index eb9f13e22c..575503fa62 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -3254,28 +3254,6 @@ static NTSTATUS create_file_unixpath(connection_struct *conn,
 		}
 	}
 
-	/* This is the correct thing to do (check every time) but can_delete
-	 * is expensive (it may have to read the parent directory
-	 * permissions). So for now we're not doing it unless we have a strong
-	 * hint the client is really going to delete this file. If the client
-	 * is forcing FILE_CREATE let the filesystem take care of the
-	 * permissions. */
-
-	/* Setting FILE_SHARE_DELETE is the hint. */
-
-	if ((create_disposition != FILE_CREATE)
-	    && (access_mask & DELETE_ACCESS)
-	    && (!(can_delete_file_in_directory(conn, smb_fname) ||
-		 NT_STATUS_IS_OK(smbd_check_access_rights(conn,
-				smb_fname,
-				DELETE_ACCESS))))) {
-		status = NT_STATUS_ACCESS_DENIED;
-		DEBUG(10,("create_file_unixpath: open file %s "
-			  "for delete ACCESS_DENIED\n",
-			  smb_fname_str_dbg(smb_fname)));
-		goto fail;
-	}
-
 	if ((access_mask & SEC_FLAG_SYSTEM_SECURITY) &&
 			!security_token_has_privilege(get_current_nttok(conn),
 					SEC_PRIV_SECURITY)) {
-- 
cgit