The Samba-Bugzilla – Attachment 6640 Details for
Bug 8254
"acl check permissions = no" does not work in all cases
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
git-am fix for 3.6.0
0001-Fix-bug-8254-acl-check-permissions-no-does-not-work-.patch (text/plain), 2.33 KB, created by
Jeremy Allison
on 2011-06-28 00:44:12 UTC
(
hide
)
Description:
git-am fix for 3.6.0
Filename:
MIME Type:
Creator:
Jeremy Allison
Created:
2011-06-28 00:44:12 UTC
Size:
2.33 KB
patch
obsolete
>From 5d7d52ceea6ac046940ae0a8112ee7ba79ce886d Mon Sep 17 00:00:00 2001 >From: Jeremy Allison <jra@samba.org> >Date: Thu, 23 Jun 2011 15:06:16 -0700 >Subject: [PATCH] Fix bug #8254 - "acl check permissions = no" does not work in all cases > >Move lp_acl_check_permissions() into can_delete_file_in_directory() >where it makes sense. Remove ACL check when requesting DELETE_ACCESS >when lp_acl_check_permissions is false. > >Thanks to John Janosik @ IBM for noticing this. > >Autobuild-User: Jeremy Allison <jra@samba.org> >Autobuild-Date: Fri Jun 24 01:18:11 CEST 2011 on sn-devel-104 >--- > source3/smbd/file_access.c | 5 +++++ > source3/smbd/open.c | 13 +++++++++++-- > 2 files changed, 16 insertions(+), 2 deletions(-) > >diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c >index 960dcb7..7485564 100644 >--- a/source3/smbd/file_access.c >+++ b/source3/smbd/file_access.c >@@ -92,6 +92,11 @@ bool can_delete_file_in_directory(connection_struct *conn, > return False; > } > >+ if (!lp_acl_check_permissions(SNUM(conn))) { >+ /* This option means don't check. */ >+ return true; >+ } >+ > /* Get the parent directory permission mask and owners. */ > if (!parent_dirname(ctx, smb_fname->base_name, &dname, NULL)) { > return False; >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index ee7b2ad..86a5924 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -77,6 +77,16 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, > NTSTATUS status; > struct security_descriptor *sd = NULL; > >+ if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) { >+ *access_granted = access_mask; >+ >+ DEBUG(10,("smbd_check_open_rights: not checking ACL " >+ "on DELETE_ACCESS on file %s. Granting 0x%x\n", >+ smb_fname_str_dbg(smb_fname), >+ (unsigned int)*access_granted )); >+ return NT_STATUS_OK; >+ } >+ > status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name, > (SECINFO_OWNER | > SECINFO_GROUP | >@@ -3278,8 +3288,7 @@ static NTSTATUS create_file_unixpath(connection_struct *conn, > > /* Setting FILE_SHARE_DELETE is the hint. */ > >- if (lp_acl_check_permissions(SNUM(conn)) >- && (create_disposition != FILE_CREATE) >+ if ((create_disposition != FILE_CREATE) > && (access_mask & DELETE_ACCESS) > && (!(can_delete_file_in_directory(conn, smb_fname) || > can_access_file_acl(conn, smb_fname, DELETE_ACCESS)))) { >-- >1.7.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=6640">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 8254
:
6611
|
6612
|
6613
| 6640 |
6704
|
6705
|
6706
|
6707