svn commit: samba r20470 - in branches/SAMBA_3_0/source/smbd: .

vlendec at samba.org vlendec at samba.org
Tue Jan 2 12:10:47 GMT 2007


Author: vlendec
Date: 2007-01-02 12:10:46 +0000 (Tue, 02 Jan 2007)
New Revision: 20470

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20470

Log:
Jeremy, another one to check:

The only error path of can_delete() that we're interested in ntcreate&x is the
one of can_delete_file_in_directory(), so call that directly.

The only other one where we might get a NT_STATUS_ACCESS_DENIED is from the
lstat in can_delete, but this is covered later in the open_directory and
open_file_ntcreate calls. open_directory does a stat() in the open case which
also covers the (potential) symlink, and open_file_ntcreate does the open(2)
itself, so this should also work.

This makes can_delete() static to reply.c.

Volker


Modified:
   branches/SAMBA_3_0/source/smbd/nttrans.c
   branches/SAMBA_3_0/source/smbd/reply.c


Changeset:
Modified: branches/SAMBA_3_0/source/smbd/nttrans.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/nttrans.c	2007-01-02 12:02:43 UTC (rev 20469)
+++ branches/SAMBA_3_0/source/smbd/nttrans.c	2007-01-02 12:10:46 UTC (rev 20470)
@@ -647,21 +647,18 @@
 	   expensive (it may have to read the parent directory permissions). So
 	   for now we're not doing it unless we have a strong hint the client
 	   is really going to delete this file. */
-	if (desired_access & DELETE_ACCESS) {
+	if ((desired_access & DELETE_ACCESS)
+	    && !can_delete_file_in_directory(conn, fname)) {
 #else
 	/* Setting FILE_SHARE_DELETE is the hint. */
-	if (lp_acl_check_permissions(SNUM(conn)) && (share_access & FILE_SHARE_DELETE)
-				&& (access_mask & DELETE_ACCESS)) {
+	if (lp_acl_check_permissions(SNUM(conn))
+	    && (share_access & FILE_SHARE_DELETE)
+	    && (access_mask & DELETE_ACCESS)
+	    && !can_delete_file_in_directory(conn, fname)) {
 #endif
-		status = can_delete(conn, fname, file_attributes, bad_path, True);
-		/* We're only going to fail here if it's access denied, as that's the
-		   only error we care about for "can we delete this ?" questions. */
-		if (NT_STATUS_EQUAL(status,NT_STATUS_ACCESS_DENIED) ||
-		    NT_STATUS_EQUAL(status,NT_STATUS_CANNOT_DELETE)) {
-			restore_case_semantics(conn, file_attributes);
-			END_PROFILE(SMBntcreateX);
-			return ERROR_NT(NT_STATUS_ACCESS_DENIED);
-		}
+		restore_case_semantics(conn, file_attributes);
+		END_PROFILE(SMBntcreateX);
+		return ERROR_NT(NT_STATUS_ACCESS_DENIED);
 	}
 
 	/* 
@@ -1276,19 +1273,17 @@
 	   expensive (it may have to read the parent directory permissions). So
 	   for now we're not doing it unless we have a strong hint the client
 	   is really going to delete this file. */
-	if (desired_access & DELETE_ACCESS) {
+	if ((desired_access & DELETE_ACCESS)
+	    && !can_delete_file_in_directory(conn, fname)) {
 #else
 	/* Setting FILE_SHARE_DELETE is the hint. */
-	if (lp_acl_check_permissions(SNUM(conn)) && (share_access & FILE_SHARE_DELETE) && (access_mask & DELETE_ACCESS)) {
+	if (lp_acl_check_permissions(SNUM(conn))
+	    && (share_access & FILE_SHARE_DELETE)
+	    && (access_mask & DELETE_ACCESS)
+	    && !can_delete_file_in_directory(conn, fname)) {
 #endif
-		status = can_delete(conn, fname, file_attributes, bad_path, True);
-		/* We're only going to fail here if it's access denied, as that's the
-		   only error we care about for "can we delete this ?" questions. */
-		if (NT_STATUS_EQUAL(status,NT_STATUS_ACCESS_DENIED) ||
-		    NT_STATUS_EQUAL(status,NT_STATUS_CANNOT_DELETE)) {
-			restore_case_semantics(conn, file_attributes);
-			return ERROR_NT(status);
-		}
+		restore_case_semantics(conn, file_attributes);
+		return ERROR_NT(NT_STATUS_ACCESS_DENIED);
 	}
 
 	if (ea_len) {

Modified: branches/SAMBA_3_0/source/smbd/reply.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/reply.c	2007-01-02 12:02:43 UTC (rev 20469)
+++ branches/SAMBA_3_0/source/smbd/reply.c	2007-01-02 12:10:46 UTC (rev 20470)
@@ -1888,7 +1888,9 @@
  Check if a user is allowed to delete a file.
 ********************************************************************/
 
-NTSTATUS can_delete(connection_struct *conn, char *fname, uint32 dirtype, BOOL bad_path, BOOL check_is_at_open)
+static NTSTATUS can_delete(connection_struct *conn, char *fname,
+			   uint32 dirtype, BOOL bad_path,
+			   BOOL check_is_at_open)
 {
 	SMB_STRUCT_STAT sbuf;
 	uint32 fattr;



More information about the samba-cvs mailing list