The branch, v3-6-test has been updated via 8635486 Fix bug #8254 - "acl check permissions = no" does not work in all cases from d8d18fa s3:test: don't rely on pyhton being in /usr/bin/python in the sids2xids test
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test - Log ----------------------------------------------------------------- commit 863548647dabca2c9706fbc48b4ae72277fc8c11 Author: Jeremy Allison <j...@samba.org> Date: Thu Jun 23 15:06:16 2011 -0700 Fix bug #8254 - "acl check permissions = no" does not work in all cases Move lp_acl_check_permissions() into can_delete_file_in_directory() where it makes sense. Remove ACL check when requesting DELETE_ACCESS when lp_acl_check_permissions is false. Thanks to John Janosik @ IBM for noticing this. Autobuild-User: Jeremy Allison <j...@samba.org> Autobuild-Date: Fri Jun 24 01:18:11 CEST 2011 on sn-devel-104 ----------------------------------------------------------------------- Summary of changes: source3/smbd/file_access.c | 5 +++++ source3/smbd/open.c | 13 +++++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 960dcb7..7485564 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -92,6 +92,11 @@ bool can_delete_file_in_directory(connection_struct *conn, return False; } + if (!lp_acl_check_permissions(SNUM(conn))) { + /* This option means don't check. */ + return true; + } + /* Get the parent directory permission mask and owners. */ if (!parent_dirname(ctx, smb_fname->base_name, &dname, NULL)) { return False; diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 9b94e65..44b1835 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -77,6 +77,16 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, NTSTATUS status; struct security_descriptor *sd = NULL; + if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) { + *access_granted = access_mask; + + DEBUG(10,("smbd_check_open_rights: not checking ACL " + "on DELETE_ACCESS on file %s. Granting 0x%x\n", + smb_fname_str_dbg(smb_fname), + (unsigned int)*access_granted )); + return NT_STATUS_OK; + } + status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name, (SECINFO_OWNER | SECINFO_GROUP | @@ -3280,8 +3290,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, /* Setting FILE_SHARE_DELETE is the hint. */ - if (lp_acl_check_permissions(SNUM(conn)) - && (create_disposition != FILE_CREATE) + if ((create_disposition != FILE_CREATE) && (access_mask & DELETE_ACCESS) && (!(can_delete_file_in_directory(conn, smb_fname) || can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) { -- Samba Shared Repository