From d1edbdcd673983d16aaa0a0c475883cbfcfdf58a Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 20 Sep 2012 12:32:10 -0700 Subject: [PATCH 1/2] Fix bug #9189 - SMB2 Create doesn't return correct MAX ACCESS access mask in blob. If we aren't already granted DELETE access, check if we have DELETE_CHILD in the containing directory. --- source3/smbd/open.c | 7 +++++++ 1 files changed, 7 insertions(+), 0 deletions(-) diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 0da2386..101a9ba 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -1710,6 +1710,13 @@ static NTSTATUS smbd_calculate_maximum_allowed_access( return NT_STATUS_ACCESS_DENIED; } *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES); + + if (!(access_granted & DELETE_ACCESS)) { + if (can_delete_file_in_directory(conn, smb_fname)) { + *p_access_mask |= DELETE_ACCESS; + } + } + return NT_STATUS_OK; } -- 1.7.7.3 From bc0a208eb8c2441505a9b54c2acaf912c36e5a88 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 20 Sep 2012 13:35:47 -0700 Subject: [PATCH 2/2] We now pass "samba3.raw.acls.generic" and "samba3.smb2.acls.GENERIC" with the max access change. --- selftest/knownfail | 3 --- 1 files changed, 0 insertions(+), 3 deletions(-) diff --git a/selftest/knownfail b/selftest/knownfail index 0180eb3..2e244b6 100644 --- a/selftest/knownfail +++ b/selftest/knownfail @@ -45,7 +45,6 @@ ^samba3.blackbox.smbclient_machine_auth.plain \(s3dc:local\)# the S3dc does not currently set up a self-join ^samba3.raw.samba3hide.samba3hide\((s3dc|plugin_s4_dc)\) # This test fails against an smbd environment with NT ACLs enabled ^samba3.raw.samba3closeerr.samba3closeerr\(s3dc\) # This test fails against an smbd environment with NT ACLs enabled -^samba3.raw.acls.generic\(s3dc\) # This fails against smbd ^samba3.base.delete.deltest16a ^samba3.base.delete.deltest17a ^samba3.unix.whoami anonymous connection.whoami\(plugin_s4_dc\) # We need to resolve if we should be including SID_NT_WORLD and SID_NT_NETWORK in this token @@ -196,7 +195,6 @@ ^samba3.smb2.lease.multibreak ^samba3.smb2.oplock.batch12 ^samba3.smb2.oplock.batch20 -^samba3.smb2.acls.GENERIC ^samba3.smb2.streams.rename ^samba3.smb2.streams.rename2 ^samba3.smb2.streams.attributes @@ -212,7 +210,6 @@ # but in the interests of ensuring we do not regress, we run the tests # and list the current failures here. # -^samba3.raw.acls.generic\(plugin_s4_dc\) ^samba3.rpc.eventlog.eventlog.GetLogIntormation\(plugin_s4_dc\) ^samba3.rpc.eventlog.eventlog.FlushEventLog\(plugin_s4_dc\) ^samba3.rpc.eventlog.eventlog.ReportEventLog\(plugin_s4_dc\) -- 1.7.7.3