[SCM] Samba Shared Repository - branch v3-5-test updated

Karolin Seeger Mon, 27 Jun 2011 12:19:10 -0700

The branch, v3-5-test has been updated
       via  83357ec Fix bug #8254 - "acl check permissions = no" does not work 
in all cases
      from  ba118ac s3: increase the log level for missing PIDs on SIGCHLD


http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test


- Log -----------------------------------------------------------------
commit 83357ecf6adafe3d23ada705e79c3af25ad4e734
Author: Jeremy Allison <[email protected]>
Date:   Thu Jun 23 14:42:27 2011 -0700

    Fix bug #8254 - "acl check permissions = no" does not work in all cases
    
    Move lp_acl_check_permissions() into can_delete_file_in_directory()
    where it makes sense. Remove ACL check when requesting DELETE_ACCESS
    when lp_acl_check_permissions is false.
    
    Thanks to John Janosik @ IBM for noticing this.

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/file_access.c |    5 +++++
 source3/smbd/open.c        |   13 +++++++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 7d0a552..8b669fe 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -77,6 +77,11 @@ bool can_delete_file_in_directory(connection_struct *conn,
                return False;
        }
 
+       if (!lp_acl_check_permissions(SNUM(conn))) {
+               /* This option means don't check. */
+               return true;
+       }
+
        /* Get the parent directory permission mask and owners. */
        if (!parent_dirname(ctx, smb_fname->base_name, &dname, NULL)) {
                return False;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index aac6e9c..f0b9271 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -86,6 +86,16 @@ NTSTATUS smbd_check_open_rights(struct connection_struct 
*conn,
        NTSTATUS status;
        struct security_descriptor *sd = NULL;
 
+       if ((access_mask & DELETE_ACCESS) && 
!lp_acl_check_permissions(SNUM(conn))) {
+               *access_granted = access_mask;
+
+               DEBUG(10,("smbd_check_open_rights: not checking ACL "
+                       "on DELETE_ACCESS on file %s. Granting 0x%x\n",
+                       smb_fname_str_dbg(smb_fname),
+                       (unsigned int)*access_granted ));
+               return NT_STATUS_OK;
+       }
+
        status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
                        (OWNER_SECURITY_INFORMATION |
                        GROUP_SECURITY_INFORMATION |
@@ -2967,8 +2977,7 @@ static NTSTATUS create_file_unixpath(connection_struct 
*conn,
 
        /* Setting FILE_SHARE_DELETE is the hint. */
 
-       if (lp_acl_check_permissions(SNUM(conn))
-           && (create_disposition != FILE_CREATE)
+       if ((create_disposition != FILE_CREATE)
            && (access_mask & DELETE_ACCESS)
            && (!(can_delete_file_in_directory(conn, smb_fname) ||
                 can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) {


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v3-5-test updated

Reply via email to