mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
smbd: Remove access check on SHARING_VIOLATION
This piece of code predates our user-space access checks, which we nowadays always do in open_file() Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
This commit is contained in:
parent
551e3590f9
commit
2c653515f3
@ -3454,38 +3454,9 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
|
||||
}
|
||||
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
uint32_t can_access_mask;
|
||||
bool can_access = True;
|
||||
|
||||
SMB_ASSERT(NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION));
|
||||
|
||||
/*
|
||||
* This next line is a subtlety we need for
|
||||
* MS-Access. If a file open will fail due to share
|
||||
* permissions and also for security (access) reasons,
|
||||
* we need to return the access failed error, not the
|
||||
* share error. We can't open the file due to kernel
|
||||
* oplock deadlock (it's possible we failed above on
|
||||
* the open_mode_check()) so use a userspace check.
|
||||
*/
|
||||
|
||||
if (flags & O_RDWR) {
|
||||
can_access_mask = FILE_READ_DATA|FILE_WRITE_DATA;
|
||||
} else if (flags & O_WRONLY) {
|
||||
can_access_mask = FILE_WRITE_DATA;
|
||||
} else {
|
||||
can_access_mask = FILE_READ_DATA;
|
||||
}
|
||||
|
||||
if (((can_access_mask & FILE_WRITE_DATA) &&
|
||||
!CAN_WRITE(conn)) ||
|
||||
!NT_STATUS_IS_OK(smbd_check_access_rights(conn,
|
||||
smb_fname,
|
||||
false,
|
||||
can_access_mask))) {
|
||||
can_access = False;
|
||||
}
|
||||
|
||||
/*
|
||||
* If we're returning a share violation, ensure we
|
||||
* cope with the braindead 1 second delay (SMB1 only).
|
||||
@ -3520,16 +3491,8 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
|
||||
|
||||
TALLOC_FREE(lck);
|
||||
fd_close(fsp);
|
||||
if (can_access) {
|
||||
/*
|
||||
* We have detected a sharing violation here
|
||||
* so return the correct error code
|
||||
*/
|
||||
status = NT_STATUS_SHARING_VIOLATION;
|
||||
} else {
|
||||
status = NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
return status;
|
||||
|
||||
return NT_STATUS_SHARING_VIOLATION;
|
||||
}
|
||||
|
||||
/* Should we atomically (to the client at least) truncate ? */
|
||||
|
Loading…
Reference in New Issue
Block a user