From f689dc374ac84bcd0861c1804dffb9b467673fb3 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 24 Sep 2012 16:42:57 -0700
Subject: [PATCH 1/2] Add some const to can_delete_file_in_directory().

---
 source3/smbd/file_access.c |    2 +-
 source3/smbd/proto.h       |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index bd65a70..1f5ee4f 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -87,7 +87,7 @@ bool can_access_file_acl(struct connection_struct *conn,
 ****************************************************************************/
 
 bool can_delete_file_in_directory(connection_struct *conn,
-				  struct smb_filename *smb_fname)
+				  const struct smb_filename *smb_fname)
 {
 	TALLOC_CTX *ctx = talloc_tos();
 	char *dname = NULL;
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index e80e01e..d6f7511 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -301,7 +301,7 @@ bool can_access_file_acl(struct connection_struct *conn,
 			 const struct smb_filename *smb_fname,
 			 uint32_t access_mask);
 bool can_delete_file_in_directory(connection_struct *conn,
-				  struct smb_filename *smb_fname);
+				  const struct smb_filename *smb_fname);
 bool can_access_file_data(connection_struct *conn,
 			  const struct smb_filename *smb_fname,
 			  uint32 access_mask);
-- 
1.7.7.3


From 4b9b1da07c002992833717b9b1903260033a185e Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Mon, 24 Sep 2012 16:43:12 -0700
Subject: [PATCH 2/2] Fix bug #9189 - SMB2 Create doesn't return correct MAX
 ACCESS access mask in blob.

If we aren't already granted DELETE access, check if we have
DELETE_CHILD in the containing directory.
---
 source3/smbd/open.c |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 078a066..2467b06 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1412,6 +1412,12 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
 				return NT_STATUS_ACCESS_DENIED;
 			}
 
+			if (!(access_granted & DELETE_ACCESS)) {
+				if (can_delete_file_in_directory(conn, smb_fname)) {
+					access_granted |= DELETE_ACCESS;
+				}
+			}
+
 			access_mask = access_granted;
 		} else {
 			access_mask = FILE_GENERIC_ALL;
-- 
1.7.7.3