From c333e7ad01fb63c9682526799b2571cac251b76e Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Tue, 10 Jan 2012 13:41:55 -0800 Subject: [PATCH] First part of fix for bug #8673 - NT ACL issue. Simplify the logic in the unlink/rmdir calls - makes it readable (and correct). Add some debug. --- source3/modules/vfs_acl_common.c | 52 +++++++++++++++++++++----------- 1 file changed, 34 insertions(+), 18 deletions(-) diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c index e8c79e6eab1..17e1874376b 100644 --- a/source3/modules/vfs_acl_common.c +++ b/source3/modules/vfs_acl_common.c @@ -626,8 +626,11 @@ static int open_acl_common(vfs_handle_struct *handle, &access_granted); if (!NT_STATUS_IS_OK(status)) { DEBUG(10,("open_acl_xattr: %s open " + "for access 0x%x (0x%x) " "refused with error %s\n", fsp_str_dbg(fsp), + (unsigned int)fsp->access_mask, + (unsigned int)access_granted, nt_errstr(status) )); goto err; } @@ -911,17 +914,23 @@ static int rmdir_acl_common(struct vfs_handle_struct *handle, { int ret; + /* Try the normal rmdir first. */ ret = SMB_VFS_NEXT_RMDIR(handle, path); - if (!(ret == -1 && (errno == EACCES || errno == EPERM))) { - DEBUG(10,("rmdir_acl_common: unlink of %s failed %s\n", - path, - strerror(errno) )); - return ret; + if (ret == 0) { + return 0; + } + if (errno == EACCES || errno == EPERM) { + /* Failed due to access denied, + see if we need to root override. */ + return acl_common_remove_object(handle, + path, + true); } - return acl_common_remove_object(handle, - path, - true); + DEBUG(10,("rmdir_acl_common: unlink of %s failed %s\n", + path, + strerror(errno) )); + return -1; } static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle, @@ -1039,21 +1048,28 @@ static int unlink_acl_common(struct vfs_handle_struct *handle, { int ret; + /* Try the normal unlink first. */ ret = SMB_VFS_NEXT_UNLINK(handle, smb_fname); - if (!(ret == -1 && (errno == EACCES || errno == EPERM))) { - DEBUG(10,("unlink_acl_common: unlink of %s failed %s\n", - smb_fname->base_name, - strerror(errno) )); - return ret; - } - /* Don't do anything fancy for streams. */ - if (smb_fname->stream_name) { - return ret; + if (ret == 0) { + return 0; } + if (errno == EACCES || errno == EPERM) { + /* Failed due to access denied, + see if we need to root override. */ - return acl_common_remove_object(handle, + /* Don't do anything fancy for streams. */ + if (smb_fname->stream_name) { + return -1; + } + return acl_common_remove_object(handle, smb_fname->base_name, false); + } + + DEBUG(10,("unlink_acl_common: unlink of %s failed %s\n", + smb_fname->base_name, + strerror(errno) )); + return -1; } static int chmod_acl_module_common(struct vfs_handle_struct *handle, -- 2.47.2