From fbd9e4098333e7d121207ae6991e525768d411e0 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 11 Feb 2005 02:14:49 +0000 Subject: r5324: In order to process DELETE_ACCESS correctly and return access denied to a WXPSP2 client we must do permission checking in userspace first (this is a race condition but what can you do...). Needed for bugid #2227. Jeremy. (This used to be commit da23577f162b6bdca7d631fca256a9b3b04043e4) --- source3/smbd/nttrans.c | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) (limited to 'source3/smbd/nttrans.c') diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 5758b9d716..ea155a8edb 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -780,6 +780,15 @@ create_options = 0x%x root_dir_fid = 0x%x\n", flags, desired_access, file_attrib } } + if (desired_access & DELETE_ACCESS) { + status = can_delete(conn, fname, file_attributes, bad_path, True); + if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status,NT_STATUS_FILE_IS_A_DIRECTORY)) { + restore_case_semantics(conn, file_attributes); + END_PROFILE(SMBntcreateX); + return ERROR_NT(status); + } + } + /* * If it's a request for a directory open, deal with it separately. */ @@ -1319,6 +1328,15 @@ static int call_nt_transact_create(connection_struct *conn, char *inbuf, char *o return set_bad_path_error(errno, bad_path, outbuf, ERRDOS,ERRbadpath); } + if (desired_access & DELETE_ACCESS) { + status = can_delete(conn, fname, file_attributes, bad_path, True); + if (!NT_STATUS_IS_OK(status) && !NT_STATUS_EQUAL(status,NT_STATUS_FILE_IS_A_DIRECTORY)) { + restore_case_semantics(conn, file_attributes); + END_PROFILE(SMBntcreateX); + return ERROR_NT(status); + } + } + /* * If it's a request for a directory open, deal with it separately. */ -- cgit