The Samba-Bugzilla – Attachment 6613 Details for
Bug 8254
"acl check permissions = no" does not work in all cases
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am patch for 3.5.next
0001-Fix-bug-8254-acl-check-permissions-no-does-not-work-.patch (text/plain), 2.24 KB, created by
Jeremy Allison
on 2011-06-23 21:43:55 UTC
(
hide
)
Description:
git-am patch for 3.5.next
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-06-23 21:43:55 UTC
Size:
2.24 KB
patch
obsolete
>From 4945fe00f397da6799f0c40bdaf10b7f80aa7ab3 Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 23 Jun 2011 14:42:27 -0700 >Subject: [PATCH] Fix bug #8254 - "acl check permissions = no" does not work in all cases > >Move lp_acl_check_permissions() into can_delete_file_in_directory() >where it makes sense. Remove ACL check when requesting DELETE_ACCESS >when lp_acl_check_permissions is false. > >Thanks to John Janosik @ IBM for noticing this. >--- > source3/smbd/file_access.c | 5 +++++ > source3/smbd/open.c | 13 +++++++++++-- > 2 files changed, 16 insertions(+), 2 deletions(-) > >diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c >index 7d0a552..8b669fe 100644 >--- a/source3/smbd/file_access.c >+++ b/source3/smbd/file_access.c >@@ -77,6 +77,11 @@ bool can_delete_file_in_directory(connection_struct *conn, > return False; > } > >+ if (!lp_acl_check_permissions(SNUM(conn))) { >+ /* This option means don't check. */ >+ return true; >+ } >+ > /* Get the parent directory permission mask and owners. */ > if (!parent_dirname(ctx, smb_fname->base_name, &dname, NULL)) { > return False; >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index aac6e9c..f0b9271 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -86,6 +86,16 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, > NTSTATUS status; > struct security_descriptor *sd = NULL; > >+ if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) { >+ *access_granted = access_mask; >+ >+ DEBUG(10,("smbd_check_open_rights: not checking ACL " >+ "on DELETE_ACCESS on file %s. Granting 0x%x\n", >+ smb_fname_str_dbg(smb_fname), >+ (unsigned int)*access_granted )); >+ return NT_STATUS_OK; >+ } >+ > status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name, > (OWNER_SECURITY_INFORMATION | > GROUP_SECURITY_INFORMATION | >@@ -2967,8 +2977,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, > > /* Setting FILE_SHARE_DELETE is the hint. */ > >- if (lp_acl_check_permissions(SNUM(conn)) >- && (create_disposition != FILE_CREATE) >+ if ((create_disposition != FILE_CREATE) > && (access_mask & DELETE_ACCESS) > && (!(can_delete_file_in_directory(conn, smb_fname) || > can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) { >-- >1.7.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6613">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Flags:
ambi
:
review+
Actions:
View
Attachments on
bug 8254
:
6611
|
6612
| 6613 |
6640
|
6704
|
6705
|
6706
|
6707