From 2aa3628e97615e5d7bb463d4330b75c933ec8f29 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 23 Jun 2011 09:18:03 -0700 Subject: [PATCH] Fix bug #8254 - "acl check permissions = no" does not work in all cases Move lp_acl_check_permissions() into can_delete_file_in_directory() where it makes sense. Thanks to John Janosik @ IBM for noticing this. --- source3/smbd/file_access.c | 5 +++++ source3/smbd/open.c | 3 +-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 7d0a552..8b669fe 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -77,6 +77,11 @@ bool can_delete_file_in_directory(connection_struct *conn, return False; } + if (!lp_acl_check_permissions(SNUM(conn))) { + /* This option means don't check. */ + return true; + } + /* Get the parent directory permission mask and owners. */ if (!parent_dirname(ctx, smb_fname->base_name, &dname, NULL)) { return False; diff --git a/source3/smbd/open.c b/source3/smbd/open.c index aac6e9c..4cfd47c 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -2967,8 +2967,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, /* Setting FILE_SHARE_DELETE is the hint. */ - if (lp_acl_check_permissions(SNUM(conn)) - && (create_disposition != FILE_CREATE) + if ((create_disposition != FILE_CREATE) && (access_mask & DELETE_ACCESS) && (!(can_delete_file_in_directory(conn, smb_fname) || can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) { -- 1.7.1