Changeset 221 for branches/samba-3.3.x/source/smbd/open.c

Timestamp:

May 24, 2009, 7:17:10 AM (16 years ago)

Author:

Herwig Bauernfeind

Message:

Update Samba 3.3 to 3.3.1

File:

• branches/samba-3.3.x/source/smbd/open.c (modified) (11 diffs)

branches/samba-3.3.x/source/smbd/open.c

@@ -51 +51 @@
 static NTSTATUS check_open_rights(struct connection_struct *conn,
                                 const char *fname,
-                                uint32_t access_mask)
+                                uint32_t access_mask,
+                                uint32_t *access_granted)
 {
         /* Check if we have rights to open. */
         NTSTATUS status;
-        uint32_t access_granted = 0;
         struct security_descriptor *sd;
+
+        *access_granted = 0;
 
         status = SMB_VFS_GET_NT_ACL(conn, fname,
@@ -74 +76 @@
                                 conn->server_info->ptok,
                                 access_mask,
-                                &access_granted);
+                                access_granted);
 
         TALLOC_FREE(sd);
+
+        DEBUG(10,("check_open_rights: file %s requesting "
+                "0x%x returning 0x%x (%s)\n",
+                fname,
+                (unsigned int)access_mask,
+                (unsigned int)*access_granted,
+                nt_errstr(status) ));
+
         return status;
 }
@@ -399 +409 @@
                 fsp->fh->fd = -1; /* What we used to call a stat open. */
                 if (file_existed) {
+                        uint32_t access_granted = 0;
+
                         status = check_open_rights(conn,
                                         path,
-                                        access_mask);
+                                        access_mask,
+                                        &access_granted);
                         if (!NT_STATUS_IS_OK(status)) {
-                                DEBUG(10, ("open_file: Access denied on "
-                                        "file %s\n",
-                                        path));
-                                return status;
+                                if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+                                        if ((access_mask & DELETE_ACCESS) &&
+                                                        (access_granted == DELETE_ACCESS) &&
+                                                        can_delete_file_in_directory(conn, path)) {
+                                                /* Were we trying to do a stat open
+                                                 * for delete and didn't get DELETE
+                                                 * access (only) ? Check if the
+                                                 * directory allows DELETE_CHILD.
+                                                 * See here:
+                                                 * http://blogs.msdn.com/oldnewthing/archive/2004/06/04/148426.aspx
+                                                 * for details. */
+
+                                                DEBUG(10,("open_file: overrode ACCESS_DENIED "
+                                                        "on file %s\n",
+                                                        path ));
+                                        } else {
+                                                DEBUG(10, ("open_file: Access denied on "
+                                                        "file %s\n",
+                                                        path));
+                                                return status;
+                                        }
+                                } else if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND) &&
+                                                        fsp->posix_open &&
+                                                        S_ISLNK(psbuf->st_mode)) {
+                                        /* This is a POSIX stat open for delete
+                                         * or rename on a symlink that points
+                                         * nowhere. Allow. */
+                                        DEBUG(10, ("open_file: allowing POSIX open "
+                                                "on bad symlink %s\n",
+                                                path ));
+                                } else {
+                                        DEBUG(10, ("open_file: check_open_rights "
+                                                "on file %s returned %s\n",
+                                                path, nt_errstr(status) ));
+                                        return status;
+                                }
                         }
                 }
@@ -1314 +1359 @@
         bool posix_open = False;
         bool new_file_created = False;
+        bool clear_ads = false;
         struct file_id id;
         NTSTATUS fsp_open = NT_STATUS_ACCESS_DENIED;
@@ -1367 +1413 @@
                    "unix mode=0%o oplock_request=%d\n",
                    fname, new_dos_attributes, access_mask, share_access,
-                   create_disposition, create_options, unx_mode,
+                   create_disposition, create_options, (unsigned int)unx_mode,
                    oplock_request));
 
@@ -1446 +1492 @@
                          * exist create. */
                         flags2 |= (O_CREAT | O_TRUNC);
+                        clear_ads = true;
                         break;
 
@@ -1452 +1499 @@
                          * exist create. */
                         flags2 |= (O_CREAT | O_TRUNC);
+                        clear_ads = true;
                         break;
 
@@ -1476 +1524 @@
                         }
                         flags2 |= O_TRUNC;
+                        clear_ads = true;
                         break;
 
@@ -1908 +1957 @@
 
         SMB_ASSERT(lck != NULL);
+
+        /* Delete streams if create_disposition requires it */
+        if (file_existed && clear_ads && !is_ntfs_stream_name(fname)) {
+                status = delete_all_streams(conn, fname);
+                if (!NT_STATUS_IS_OK(status)) {
+                        TALLOC_FREE(lck);
+                        fd_close(fsp);
+                        return status;
+                }
+        }
 
         /* note that we ignore failure for the following. It is
@@ -2399 +2458 @@
 
         if (info == FILE_WAS_OPENED) {
+                uint32_t access_granted = 0;
                 status = check_open_rights(conn,
                                         fname,
-                                        access_mask);
+                                        access_mask,
+                                        &access_granted);
                 if (!NT_STATUS_IS_OK(status)) {
                         DEBUG(10, ("open_directory: check_open_rights on "
@@ -2820 +2881 @@
             && (share_access & FILE_SHARE_DELETE)
             && (access_mask & DELETE_ACCESS)
-            && (!can_delete_file_in_directory(conn, fname))) {
+            && (!(can_delete_file_in_directory(conn, fname) ||
+                 can_access_file_acl(conn, fname, DELETE_ACCESS)))) {
                 status = NT_STATUS_ACCESS_DENIED;
+                DEBUG(10,("create_file_unixpath: open file %s "
+                        "for delete ACCESS_DENIED\n", fname ));
                 goto fail;
         }