[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-2911-g51b5364
Volker Lendecke
vlendec at samba.org
Thu Jun 19 13:51:56 GMT 2008
The branch, v3-3-test has been updated
via 51b5364c2afb3a18df4bec2bc1624760ccc01676 (commit)
via daa9b056645a45edfb3a70e3536011ebe5678970 (commit)
from abe1bed665ad8d1dbf9177dcbb9344b25df9594c (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit 51b5364c2afb3a18df4bec2bc1624760ccc01676
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 17 16:22:43 2008 +0200
RWX on a file does not imply DELETE access
Without this the changed checks in can_delete_file_in_directory give DELETE
access where there is none. So we can end up granting the ntcreate&x preparing
the unlink where we should not, which leads to a NT_STATUS_ACCESS_DENIED at
close time later, which in turn does *not* give the access denied error message
in the Windows GUI.
can_delete_file_in_directory will grant access now by looking at the directory
permissions.
commit daa9b056645a45edfb3a70e3536011ebe5678970
Author: Volker Lendecke <vl at samba.org>
Date: Thu Jun 19 14:53:46 2008 +0200
Fix checks in can_delete_file_in_directory()
With at least NFSv4 ACLs around the write permission for the owner is a bogus
check if we can delete a file in a directory. Like in Windows, there are two
ways which can grant us such: First, the DELETE permission on the file itself,
or if that does not help, the DELETE_CHILD permission on the directory. It
might be a bit more code that runs, but essentially we should end up with the
same set of syscalls in the non-acl case.
-----------------------------------------------------------------------
Summary of changes:
source/smbd/file_access.c | 21 +++++++++++++++------
source/smbd/posix_acls.c | 2 +-
2 files changed, 16 insertions(+), 7 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/smbd/file_access.c b/source/smbd/file_access.c
index 0552a16..e61a8c3 100644
--- a/source/smbd/file_access.c
+++ b/source/smbd/file_access.c
@@ -87,11 +87,6 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname)
return True;
}
- /* Check primary owner write access. */
- if (conn->server_info->uid == sbuf.st_uid) {
- return (sbuf.st_mode & S_IWUSR) ? True : False;
- }
-
#ifdef S_ISVTX
/* sticky bit means delete only by owner or root. */
if (sbuf.st_mode & S_ISVTX) {
@@ -117,7 +112,21 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname)
/* now for ACL checks */
- return can_access_file_acl(conn, dname, FILE_WRITE_DATA);
+ /*
+ * There's two ways to get the permission to delete a file: First by
+ * having the DELETE bit on the file itself and second if that does
+ * not help, by the DELETE_CHILD bit on the containing directory.
+ *
+ * Here we check the other way round because with just posix
+ * permissions looking at the file itself will never grant DELETE, so
+ * by looking at the directory first we save one get_acl call.
+ */
+
+ if (can_access_file_acl(conn, dname, FILE_DELETE_CHILD)) {
+ return true;
+ }
+
+ return can_access_file_acl(conn, fname, DELETE_ACCESS);
}
/****************************************************************************
diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c
index b83e3b6..e92a263 100644
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@@ -904,7 +904,7 @@ static SEC_ACCESS map_canon_ace_perms(int snum,
if (directory_ace) {
nt_mask = UNIX_DIRECTORY_ACCESS_RWX;
} else {
- nt_mask = UNIX_ACCESS_RWX;
+ nt_mask = (UNIX_ACCESS_RWX & ~DELETE_ACCESS);
}
} else if ((perms & ALL_ACE_PERMS) == (mode_t)0) {
/*
--
Samba Shared Repository
More information about the samba-cvs
mailing list