[SCM] Samba Shared Repository - branch master updated

Jeremy Allison jra at samba.org
Tue Dec 20 14:14:02 MST 2011 

The branch, master has been updated
       via  c23f1ee Allow an object to be deleted from a directory if the caller has DELETE_CHILD access even if we don't have access to read the ACL on the object. Fixes bug #8673 - NT ACL issue. Different fix needed for 3.6.x.
      from  75d3b9c s3: Fix some False/NULL hickups

http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit c23f1ee0c9342c6562166331c1b8bf9a2601a77c
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Dec 20 11:38:37 2011 -0800

    Allow an object to be deleted from a directory if the caller has DELETE_CHILD access
    even if we don't have access to read the ACL on the object. Fixes bug #8673 - NT ACL issue.
    Different fix needed for 3.6.x.
    
    Autobuild-User: Jeremy Allison <jra at samba.org>
    Autobuild-Date: Tue Dec 20 22:13:51 CET 2011 on sn-devel-104

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/open.c |   10 +++++++++-
 1 files changed, 9 insertions(+), 1 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index fd99994..587093a 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -69,7 +69,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
 	NTSTATUS status;
 	struct security_descriptor *sd = NULL;
 	uint32_t rejected_share_access;
-	uint32_t rejected_mask = 0;
+	uint32_t rejected_mask = access_mask;
 
 	rejected_share_access = access_mask & ~(conn->share_access);
 
@@ -119,6 +119,11 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
 			"on %s: %s\n",
 			smb_fname_str_dbg(smb_fname),
 			nt_errstr(status)));
+
+		if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+			goto access_denied;
+		}
+
 		return status;
 	}
 
@@ -154,6 +159,9 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
 	}
 
 	/* Here we know status == NT_STATUS_ACCESS_DENIED. */
+
+  access_denied:
+
 	if ((access_mask & FILE_WRITE_ATTRIBUTES) &&
 			(rejected_mask & FILE_WRITE_ATTRIBUTES) &&
 			(lp_map_readonly(SNUM(conn)) ||


-- 
Samba Shared Repository

More information about the samba-cvs mailing list