mirror of
https://github.com/samba-team/samba.git
synced 2024-12-27 03:21:53 +03:00
r18581: also check for SEC_STD_DELETE, and split out the check into a separate
static function
This commit is contained in:
parent
ceffc34f3e
commit
024ca6a91c
@ -335,6 +335,25 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs,
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/*
|
||||||
|
check the read only bit against any of the write access bits
|
||||||
|
*/
|
||||||
|
static BOOL pvfs_read_only(struct pvfs_state *pvfs, uint32_t access_mask)
|
||||||
|
{
|
||||||
|
if ((pvfs->flags & PVFS_FLAG_READONLY) &&
|
||||||
|
(access_mask & (SEC_FILE_WRITE_DATA |
|
||||||
|
SEC_FILE_APPEND_DATA |
|
||||||
|
SEC_FILE_WRITE_EA |
|
||||||
|
SEC_FILE_WRITE_ATTRIBUTE |
|
||||||
|
SEC_STD_DELETE |
|
||||||
|
SEC_STD_WRITE_DAC |
|
||||||
|
SEC_STD_WRITE_OWNER |
|
||||||
|
SEC_DIR_DELETE_CHILD))) {
|
||||||
|
return True;
|
||||||
|
}
|
||||||
|
return False;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
default access check function based on unix permissions
|
default access check function based on unix permissions
|
||||||
doing this saves on building a full security descriptor
|
doing this saves on building a full security descriptor
|
||||||
@ -349,10 +368,7 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs,
|
|||||||
uid_t uid = geteuid();
|
uid_t uid = geteuid();
|
||||||
uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL;
|
uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL;
|
||||||
|
|
||||||
if ((pvfs->flags & PVFS_FLAG_READONLY) &&
|
if (pvfs_read_only(pvfs, *access_mask)) {
|
||||||
((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
|
|
||||||
SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
|
|
||||||
SEC_DIR_DELETE_CHILD))) {
|
|
||||||
return NT_STATUS_ACCESS_DENIED;
|
return NT_STATUS_ACCESS_DENIED;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -397,10 +413,7 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
|
|||||||
NTSTATUS status;
|
NTSTATUS status;
|
||||||
struct security_descriptor *sd;
|
struct security_descriptor *sd;
|
||||||
|
|
||||||
if ((pvfs->flags & PVFS_FLAG_READONLY) &&
|
if (pvfs_read_only(pvfs, *access_mask)) {
|
||||||
((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
|
|
||||||
SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
|
|
||||||
SEC_DIR_DELETE_CHILD))) {
|
|
||||||
return NT_STATUS_ACCESS_DENIED;
|
return NT_STATUS_ACCESS_DENIED;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user