From da8bebaa646db4c298038ba0013b47e88840977e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 26 Sep 2008 15:17:14 -0700 Subject: Fix bug #5797 - Moving readonly files fails. Reported by infomail@lordb.de. We don't need to deny a DELETE open on a readonly file (I'm also adding a s4 torture test for this), the set_file_disposition call will return NT_STATUS_CANNOT_DELETE if the delete-on-close bit is set on a readonly file (and we already do this). Jeremy. --- source3/smbd/open.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'source3/smbd/open.c') diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 71191475b3..ad024a58ef 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2608,9 +2608,7 @@ NTSTATUS create_file_unixpath(connection_struct *conn, && (create_disposition != FILE_CREATE) && (share_access & FILE_SHARE_DELETE) && (access_mask & DELETE_ACCESS) - && (((dos_mode(conn, fname, &sbuf) & FILE_ATTRIBUTE_READONLY) - && !lp_delete_readonly(SNUM(conn))) - || !can_delete_file_in_directory(conn, fname))) { + && (!can_delete_file_in_directory(conn, fname))) { status = NT_STATUS_ACCESS_DENIED; goto fail; } -- cgit From 543c6a02ae1dcb903de800c88af1f9e221827d61 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 8 Oct 2008 18:06:58 -0700 Subject: For the vfs_acl_xattr.c module, make sure we map GENERIC file and directory bits to specific bits every time a security descriptor is set. The S4 torture suite proves that generic bits are not returned when querying an ACL set using them (ie. only the specific bits are stored on disk). Jeremy. --- source3/smbd/open.c | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'source3/smbd/open.c') diff --git a/source3/smbd/open.c b/source3/smbd/open.c index ad024a58ef..8727e80d5f 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2764,6 +2764,10 @@ NTSTATUS create_file_unixpath(connection_struct *conn, fsp->access_mask = FILE_GENERIC_ALL; + /* Convert all the generic bits. */ + security_acl_map_generic(sd->dacl, &file_generic_mapping); + security_acl_map_generic(sd->sacl, &file_generic_mapping); + status = SMB_VFS_FSET_NT_ACL(fsp, sec_info_sent, sd); fsp->access_mask = saved_access_mask; -- cgit