mirror of
https://github.com/samba-team/samba.git
synced 2024-12-22 13:34:15 +03:00
s3: smbd: smbd_check_access_rights_fsp(). Add dirfsp parameter.
Pass down to smbd_check_access_rights_sd(). Always pass conn->cwd_fsp for now. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
parent
88881510c7
commit
699356a245
@ -209,7 +209,8 @@ static int ceph_snap_enum_snapdir(struct vfs_handle_struct *handle,
|
||||
|
||||
/* Check we have SEC_DIR_LIST access on this fsp. */
|
||||
dirfsp = dir_hnd_fetch_fsp(dir_hnd);
|
||||
status = smbd_check_access_rights_fsp(dirfsp,
|
||||
status = smbd_check_access_rights_fsp(dirfsp->conn->cwd_fsp,
|
||||
dirfsp,
|
||||
false,
|
||||
SEC_DIR_LIST);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
@ -529,7 +530,8 @@ static int ceph_snap_gmt_convert_dir(struct vfs_handle_struct *handle,
|
||||
|
||||
/* Check we have SEC_DIR_LIST access on this fsp. */
|
||||
dirfsp = dir_hnd_fetch_fsp(dir_hnd);
|
||||
status = smbd_check_access_rights_fsp(dirfsp,
|
||||
status = smbd_check_access_rights_fsp(dirfsp->conn->cwd_fsp,
|
||||
dirfsp,
|
||||
false,
|
||||
SEC_DIR_LIST);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
|
@ -1995,7 +1995,8 @@ static int shadow_copy2_get_shadow_copy_data(
|
||||
fsp_set_fd(dirfsp, fd);
|
||||
|
||||
/* Now we have the handle, check access here. */
|
||||
status = smbd_check_access_rights_fsp(dirfsp,
|
||||
status = smbd_check_access_rights_fsp(fspcwd,
|
||||
dirfsp,
|
||||
false,
|
||||
SEC_DIR_LIST);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
|
@ -503,7 +503,8 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
status = smbd_check_access_rights_fsp(smb_fname->fsp,
|
||||
status = smbd_check_access_rights_fsp(conn->cwd_fsp,
|
||||
smb_fname->fsp,
|
||||
false,
|
||||
FILE_WRITE_ATTRIBUTES);
|
||||
if (NT_STATUS_IS_OK(status)) {
|
||||
|
@ -124,6 +124,7 @@ bool can_delete_file_in_directory(connection_struct *conn,
|
||||
*/
|
||||
|
||||
ret = NT_STATUS_IS_OK(smbd_check_access_rights_fsp(
|
||||
conn->cwd_fsp,
|
||||
smb_fname_parent->fsp,
|
||||
false,
|
||||
FILE_DELETE_CHILD));
|
||||
@ -140,7 +141,9 @@ bool can_delete_file_in_directory(connection_struct *conn,
|
||||
|
||||
bool can_write_to_fsp(struct files_struct *fsp)
|
||||
{
|
||||
return NT_STATUS_IS_OK(smbd_check_access_rights_fsp(fsp,
|
||||
return NT_STATUS_IS_OK(smbd_check_access_rights_fsp(
|
||||
fsp->conn->cwd_fsp,
|
||||
fsp,
|
||||
false,
|
||||
FILE_WRITE_DATA));
|
||||
}
|
||||
|
@ -669,7 +669,8 @@ static bool user_can_stat_name_under_fsp(files_struct *fsp, const char *name)
|
||||
return false;
|
||||
}
|
||||
|
||||
status = smbd_check_access_rights_fsp(fname->fsp,
|
||||
status = smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
|
||||
fname->fsp,
|
||||
false,
|
||||
rights);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
@ -711,7 +712,8 @@ static bool user_can_stat_name_under_fsp(files_struct *fsp, const char *name)
|
||||
TALLOC_FREE(filepath);
|
||||
return false;
|
||||
}
|
||||
status = smbd_check_access_rights_fsp(fname->fsp,
|
||||
status = smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
|
||||
fname->fsp,
|
||||
false,
|
||||
rights);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
|
@ -246,7 +246,8 @@ access_denied:
|
||||
return NT_STATUS_OK;
|
||||
}
|
||||
|
||||
NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp,
|
||||
NTSTATUS smbd_check_access_rights_fsp(struct files_struct *dirfsp,
|
||||
struct files_struct *fsp,
|
||||
bool use_privs,
|
||||
uint32_t access_mask)
|
||||
{
|
||||
@ -290,7 +291,7 @@ NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp,
|
||||
}
|
||||
|
||||
return smbd_check_access_rights_sd(fsp->conn,
|
||||
fsp->conn->cwd_fsp,
|
||||
dirfsp,
|
||||
fsp->fsp_name,
|
||||
sd,
|
||||
use_privs,
|
||||
@ -436,7 +437,8 @@ static NTSTATUS check_base_file_access(struct files_struct *fsp,
|
||||
}
|
||||
}
|
||||
|
||||
return smbd_check_access_rights_fsp(fsp,
|
||||
return smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
|
||||
fsp,
|
||||
false,
|
||||
access_mask);
|
||||
}
|
||||
@ -1362,7 +1364,9 @@ static NTSTATUS open_file(files_struct *fsp,
|
||||
if (!fsp->base_fsp) {
|
||||
/* Only do this check on non-stream open. */
|
||||
if (file_existed) {
|
||||
status = smbd_check_access_rights_fsp(fsp,
|
||||
status = smbd_check_access_rights_fsp(
|
||||
fsp->conn->cwd_fsp,
|
||||
fsp,
|
||||
false,
|
||||
access_mask);
|
||||
|
||||
@ -1547,7 +1551,8 @@ static NTSTATUS open_file(files_struct *fsp,
|
||||
}
|
||||
}
|
||||
|
||||
status = smbd_check_access_rights_fsp(fsp,
|
||||
status = smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
|
||||
fsp,
|
||||
false,
|
||||
access_mask);
|
||||
|
||||
@ -4617,7 +4622,8 @@ static NTSTATUS open_directory(connection_struct *conn,
|
||||
}
|
||||
|
||||
if (info == FILE_WAS_OPENED) {
|
||||
status = smbd_check_access_rights_fsp(fsp,
|
||||
status = smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
|
||||
fsp,
|
||||
false,
|
||||
access_mask);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
|
@ -725,7 +725,8 @@ void reply_nttranss(struct smb_request *req);
|
||||
|
||||
/* The following definitions come from smbd/open.c */
|
||||
|
||||
NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp,
|
||||
NTSTATUS smbd_check_access_rights_fsp(struct files_struct *dirfsp,
|
||||
struct files_struct *fsp,
|
||||
bool use_privs,
|
||||
uint32_t access_mask);
|
||||
NTSTATUS check_parent_access_fsp(struct files_struct *fsp,
|
||||
|
@ -1507,7 +1507,8 @@ void reply_setatr(struct smb_request *req)
|
||||
else
|
||||
mode &= ~FILE_ATTRIBUTE_DIRECTORY;
|
||||
|
||||
status = smbd_check_access_rights_fsp(smb_fname->fsp,
|
||||
status = smbd_check_access_rights_fsp(conn->cwd_fsp,
|
||||
smb_fname->fsp,
|
||||
false,
|
||||
FILE_WRITE_ATTRIBUTES);
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
|
@ -81,7 +81,8 @@ NTSTATUS check_access_fsp(struct files_struct *fsp,
|
||||
uint32_t access_mask)
|
||||
{
|
||||
if (!fsp->fsp_flags.is_fsa) {
|
||||
return smbd_check_access_rights_fsp(fsp,
|
||||
return smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
|
||||
fsp,
|
||||
false,
|
||||
access_mask);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user