Fix bug #6297 - owner of sticky directory cannot delete files created by others.

The reason we couldn't delete was we were erroring out early
if requestor was not the owner of the file we wanted to delete,
instead of checking if the requestor owned the directory as well.
If either of these is true, we must go on and check the ACL.
Karolin, this is a must for 3.4.0 and also 3.3.next. I'll update
the bug report with patches for 3.4.0 and 3.3.next and ask vl
to review.
Jeremy.

diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index a248dd9f3b46c44466a42a51102e56c2fbf6016c..9c77f9e96163fb3b811e062cda99d9ba9f32295f 100644 (file)
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -89,7 +89,8 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname)
        }
 
 #ifdef S_ISVTX
-       /* sticky bit means delete only by owner or root. */
+       /* sticky bit means delete only by owner of file or by root or
+        * by owner of directory. */
        if (sbuf.st_ex_mode & S_ISVTX) {
                SMB_STRUCT_STAT sbuf_file;
                if(SMB_VFS_STAT(conn, fname, &sbuf_file) != 0) {
@@ -98,14 +99,24 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname)
                                 * yes we'll be able to delete it. */
                                return True;
                        }
+                       DEBUG(10,("can_delete_file_in_directory: can't "
+                               "stat file %s (%s)",
+                               fname, strerror(errno) ));
                        return False;
                }
                /*
                 * Patch from SATOH Fumiyasu <fumiyas@miraclelinux.com>
                 * for bug #3348. Don't assume owning sticky bit
                 * directory means write access allowed.
+                * Fail to delete if we're not the owner of the file,
+                * or the owner of the directory as we have no possible
+                * chance of deleting. Otherwise, go on and check the ACL.
                 */
-               if (conn->server_info->utok.uid != sbuf_file.st_ex_uid) {
+               if ((conn->server_info->utok.uid != sbuf.st_ex_uid) &&
+                               (conn->server_info->utok.uid != sbuf_file.st_ex_uid)) {
+                       DEBUG(10,("can_delete_file_in_directory: not "
+                               "owner of file %s or directory %s",
+                               fname, dname));
                        return False;
                }
        }