1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-27 03:21:53 +03:00

r18581: also check for SEC_STD_DELETE, and split out the check into a separate

static function
This commit is contained in:
Andrew Tridgell 2006-09-16 15:37:45 +00:00 committed by Gerald (Jerry) Carter
parent ceffc34f3e
commit 024ca6a91c

View File

@ -335,6 +335,25 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs,
} }
/*
check the read only bit against any of the write access bits
*/
static BOOL pvfs_read_only(struct pvfs_state *pvfs, uint32_t access_mask)
{
if ((pvfs->flags & PVFS_FLAG_READONLY) &&
(access_mask & (SEC_FILE_WRITE_DATA |
SEC_FILE_APPEND_DATA |
SEC_FILE_WRITE_EA |
SEC_FILE_WRITE_ATTRIBUTE |
SEC_STD_DELETE |
SEC_STD_WRITE_DAC |
SEC_STD_WRITE_OWNER |
SEC_DIR_DELETE_CHILD))) {
return True;
}
return False;
}
/* /*
default access check function based on unix permissions default access check function based on unix permissions
doing this saves on building a full security descriptor doing this saves on building a full security descriptor
@ -349,10 +368,7 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs,
uid_t uid = geteuid(); uid_t uid = geteuid();
uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL; uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL;
if ((pvfs->flags & PVFS_FLAG_READONLY) && if (pvfs_read_only(pvfs, *access_mask)) {
((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
SEC_DIR_DELETE_CHILD))) {
return NT_STATUS_ACCESS_DENIED; return NT_STATUS_ACCESS_DENIED;
} }
@ -397,10 +413,7 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
NTSTATUS status; NTSTATUS status;
struct security_descriptor *sd; struct security_descriptor *sd;
if ((pvfs->flags & PVFS_FLAG_READONLY) && if (pvfs_read_only(pvfs, *access_mask)) {
((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
SEC_DIR_DELETE_CHILD))) {
return NT_STATUS_ACCESS_DENIED; return NT_STATUS_ACCESS_DENIED;
} }