svn commit: samba r20724 - in branches: SAMBA_3_0/source/smbd SAMBA_3_0_24/source/smbd

jra at samba.org jra at samba.org
Sat Jan 13 02:34:43 GMT 2007 

Author: jra
Date: 2007-01-13 02:34:43 +0000 (Sat, 13 Jan 2007)
New Revision: 20724

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=20724

Log:
Get closer to passing RAW-OPEN. If the client is using
create disposition of FILE_CREATE then there's no need
to check can_delete_file_in_directory().
Jeremy.

Modified:
   branches/SAMBA_3_0/source/smbd/nttrans.c
   branches/SAMBA_3_0_24/source/smbd/nttrans.c


Changeset:
Modified: branches/SAMBA_3_0/source/smbd/nttrans.c
===================================================================
--- branches/SAMBA_3_0/source/smbd/nttrans.c	2007-01-13 02:27:54 UTC (rev 20723)
+++ branches/SAMBA_3_0/source/smbd/nttrans.c	2007-01-13 02:34:43 UTC (rev 20724)
@@ -640,20 +640,19 @@
 		return UNIXERROR(ERRDOS,ERRbadpath);
 	}
 
-#if 0
 	/* This is the correct thing to do (check every time) but can_delete is
 	   expensive (it may have to read the parent directory permissions). So
 	   for now we're not doing it unless we have a strong hint the client
-	   is really going to delete this file. */
-	if ((desired_access & DELETE_ACCESS)
-	    && !can_delete_file_in_directory(conn, fname)) {
-#else
+	   is really going to delete this file. If the client is forcing FILE_CREATE
+	   let the filesystem take care of the permissions. */
+
 	/* Setting FILE_SHARE_DELETE is the hint. */
+
 	if (lp_acl_check_permissions(SNUM(conn))
+	    && (create_disposition != FILE_CREATE)
 	    && (share_access & FILE_SHARE_DELETE)
 	    && (access_mask & DELETE_ACCESS)
 	    && !can_delete_file_in_directory(conn, fname)) {
-#endif
 		restore_case_semantics(conn, file_attributes);
 		END_PROFILE(SMBntcreateX);
 		return ERROR_NT(NT_STATUS_ACCESS_DENIED);
@@ -1265,20 +1264,19 @@
 		return UNIXERROR(ERRDOS,ERRbadpath);
 	}
     
-#if 0
 	/* This is the correct thing to do (check every time) but can_delete is
 	   expensive (it may have to read the parent directory permissions). So
 	   for now we're not doing it unless we have a strong hint the client
-	   is really going to delete this file. */
-	if ((desired_access & DELETE_ACCESS)
-	    && !can_delete_file_in_directory(conn, fname)) {
-#else
+	   is really going to delete this file. If the client is forcing FILE_CREATE
+	   let the filesystem take care of the permissions. */
+
 	/* Setting FILE_SHARE_DELETE is the hint. */
+
 	if (lp_acl_check_permissions(SNUM(conn))
+	    && (create_disposition != FILE_CREATE)
 	    && (share_access & FILE_SHARE_DELETE)
 	    && (access_mask & DELETE_ACCESS)
 	    && !can_delete_file_in_directory(conn, fname)) {
-#endif
 		restore_case_semantics(conn, file_attributes);
 		return ERROR_NT(NT_STATUS_ACCESS_DENIED);
 	}

Modified: branches/SAMBA_3_0_24/source/smbd/nttrans.c
===================================================================
--- branches/SAMBA_3_0_24/source/smbd/nttrans.c	2007-01-13 02:27:54 UTC (rev 20723)
+++ branches/SAMBA_3_0_24/source/smbd/nttrans.c	2007-01-13 02:34:43 UTC (rev 20724)
@@ -640,20 +640,19 @@
 		return UNIXERROR(ERRDOS,ERRbadpath);
 	}
 
-#if 0
 	/* This is the correct thing to do (check every time) but can_delete is
 	   expensive (it may have to read the parent directory permissions). So
 	   for now we're not doing it unless we have a strong hint the client
-	   is really going to delete this file. */
-	if ((desired_access & DELETE_ACCESS)
-	    && !can_delete_file_in_directory(conn, fname)) {
-#else
+	   is really going to delete this file. If the client is forcing FILE_CREATE
+	   let the filesystem take care of the permissions. */
+
 	/* Setting FILE_SHARE_DELETE is the hint. */
+
 	if (lp_acl_check_permissions(SNUM(conn))
+	    && (create_disposition != FILE_CREATE)
 	    && (share_access & FILE_SHARE_DELETE)
 	    && (access_mask & DELETE_ACCESS)
 	    && !can_delete_file_in_directory(conn, fname)) {
-#endif
 		restore_case_semantics(conn, file_attributes);
 		END_PROFILE(SMBntcreateX);
 		return ERROR_NT(NT_STATUS_ACCESS_DENIED);
@@ -1265,20 +1264,19 @@
 		return UNIXERROR(ERRDOS,ERRbadpath);
 	}
     
-#if 0
 	/* This is the correct thing to do (check every time) but can_delete is
 	   expensive (it may have to read the parent directory permissions). So
 	   for now we're not doing it unless we have a strong hint the client
-	   is really going to delete this file. */
-	if ((desired_access & DELETE_ACCESS)
-	    && !can_delete_file_in_directory(conn, fname)) {
-#else
+	   is really going to delete this file. If the client is forcing FILE_CREATE
+	   let the filesystem take care of the permissions. */
+
 	/* Setting FILE_SHARE_DELETE is the hint. */
+
 	if (lp_acl_check_permissions(SNUM(conn))
+	    && (create_disposition != FILE_CREATE)
 	    && (share_access & FILE_SHARE_DELETE)
 	    && (access_mask & DELETE_ACCESS)
 	    && !can_delete_file_in_directory(conn, fname)) {
-#endif
 		restore_case_semantics(conn, file_attributes);
 		return ERROR_NT(NT_STATUS_ACCESS_DENIED);
 	}

More information about the samba-cvs mailing list