From: Volker Lendecke <vl@samba.org>
Date: Tue, 17 Jun 2008 14:22:43 +0000 (+0200)
Subject: RWX on a file does not imply DELETE access
X-Git-Tag: samba-3.3.0pre1~848
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=51b5364c2afb3a18df4bec2bc1624760ccc01676;p=thirdparty%2Fsamba.git

RWX on a file does not imply DELETE access

Without this the changed checks in can_delete_file_in_directory give DELETE
access where there is none. So we can end up granting the ntcreate&x preparing
the unlink where we should not, which leads to a NT_STATUS_ACCESS_DENIED at
close time later, which in turn does *not* give the access denied error message
in the Windows GUI.

can_delete_file_in_directory will grant access now by looking at the directory
permissions.
---

diff --git a/source/smbd/posix_acls.c b/source/smbd/posix_acls.c
index b83e3b692a1..e92a263ca00 100644
--- a/source/smbd/posix_acls.c
+++ b/source/smbd/posix_acls.c
@@ -904,7 +904,7 @@ static SEC_ACCESS map_canon_ace_perms(int snum,
 		if (directory_ace) {
 			nt_mask = UNIX_DIRECTORY_ACCESS_RWX;
 		} else {
-			nt_mask = UNIX_ACCESS_RWX;
+			nt_mask = (UNIX_ACCESS_RWX & ~DELETE_ACCESS);
 		}
 	} else if ((perms & ALL_ACE_PERMS) == (mode_t)0) {
 		/*