1
0
mirror of https://github.com/samba-team/samba.git synced 2025-01-11 05:18:09 +03:00

s3: smbd: smbd_check_access_rights_fsp(). Add dirfsp parameter.

Pass down to smbd_check_access_rights_sd().

Always pass conn->cwd_fsp for now.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
Jeremy Allison 2021-06-08 12:24:17 -07:00 committed by Ralph Boehme
parent 88881510c7
commit 699356a245
9 changed files with 34 additions and 16 deletions

View File

@ -209,7 +209,8 @@ static int ceph_snap_enum_snapdir(struct vfs_handle_struct *handle,
/* Check we have SEC_DIR_LIST access on this fsp. */
dirfsp = dir_hnd_fetch_fsp(dir_hnd);
status = smbd_check_access_rights_fsp(dirfsp,
status = smbd_check_access_rights_fsp(dirfsp->conn->cwd_fsp,
dirfsp,
false,
SEC_DIR_LIST);
if (!NT_STATUS_IS_OK(status)) {
@ -529,7 +530,8 @@ static int ceph_snap_gmt_convert_dir(struct vfs_handle_struct *handle,
/* Check we have SEC_DIR_LIST access on this fsp. */
dirfsp = dir_hnd_fetch_fsp(dir_hnd);
status = smbd_check_access_rights_fsp(dirfsp,
status = smbd_check_access_rights_fsp(dirfsp->conn->cwd_fsp,
dirfsp,
false,
SEC_DIR_LIST);
if (!NT_STATUS_IS_OK(status)) {

View File

@ -1995,7 +1995,8 @@ static int shadow_copy2_get_shadow_copy_data(
fsp_set_fd(dirfsp, fd);
/* Now we have the handle, check access here. */
status = smbd_check_access_rights_fsp(dirfsp,
status = smbd_check_access_rights_fsp(fspcwd,
dirfsp,
false,
SEC_DIR_LIST);
if (!NT_STATUS_IS_OK(status)) {

View File

@ -503,7 +503,8 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
return NT_STATUS_ACCESS_DENIED;
}
status = smbd_check_access_rights_fsp(smb_fname->fsp,
status = smbd_check_access_rights_fsp(conn->cwd_fsp,
smb_fname->fsp,
false,
FILE_WRITE_ATTRIBUTES);
if (NT_STATUS_IS_OK(status)) {

View File

@ -124,6 +124,7 @@ bool can_delete_file_in_directory(connection_struct *conn,
*/
ret = NT_STATUS_IS_OK(smbd_check_access_rights_fsp(
conn->cwd_fsp,
smb_fname_parent->fsp,
false,
FILE_DELETE_CHILD));
@ -140,7 +141,9 @@ bool can_delete_file_in_directory(connection_struct *conn,
bool can_write_to_fsp(struct files_struct *fsp)
{
return NT_STATUS_IS_OK(smbd_check_access_rights_fsp(fsp,
return NT_STATUS_IS_OK(smbd_check_access_rights_fsp(
fsp->conn->cwd_fsp,
fsp,
false,
FILE_WRITE_DATA));
}

View File

@ -669,7 +669,8 @@ static bool user_can_stat_name_under_fsp(files_struct *fsp, const char *name)
return false;
}
status = smbd_check_access_rights_fsp(fname->fsp,
status = smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
fname->fsp,
false,
rights);
if (!NT_STATUS_IS_OK(status)) {
@ -711,7 +712,8 @@ static bool user_can_stat_name_under_fsp(files_struct *fsp, const char *name)
TALLOC_FREE(filepath);
return false;
}
status = smbd_check_access_rights_fsp(fname->fsp,
status = smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
fname->fsp,
false,
rights);
if (!NT_STATUS_IS_OK(status)) {

View File

@ -246,7 +246,8 @@ access_denied:
return NT_STATUS_OK;
}
NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp,
NTSTATUS smbd_check_access_rights_fsp(struct files_struct *dirfsp,
struct files_struct *fsp,
bool use_privs,
uint32_t access_mask)
{
@ -290,7 +291,7 @@ NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp,
}
return smbd_check_access_rights_sd(fsp->conn,
fsp->conn->cwd_fsp,
dirfsp,
fsp->fsp_name,
sd,
use_privs,
@ -436,7 +437,8 @@ static NTSTATUS check_base_file_access(struct files_struct *fsp,
}
}
return smbd_check_access_rights_fsp(fsp,
return smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
fsp,
false,
access_mask);
}
@ -1362,7 +1364,9 @@ static NTSTATUS open_file(files_struct *fsp,
if (!fsp->base_fsp) {
/* Only do this check on non-stream open. */
if (file_existed) {
status = smbd_check_access_rights_fsp(fsp,
status = smbd_check_access_rights_fsp(
fsp->conn->cwd_fsp,
fsp,
false,
access_mask);
@ -1547,7 +1551,8 @@ static NTSTATUS open_file(files_struct *fsp,
}
}
status = smbd_check_access_rights_fsp(fsp,
status = smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
fsp,
false,
access_mask);
@ -4617,7 +4622,8 @@ static NTSTATUS open_directory(connection_struct *conn,
}
if (info == FILE_WAS_OPENED) {
status = smbd_check_access_rights_fsp(fsp,
status = smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
fsp,
false,
access_mask);
if (!NT_STATUS_IS_OK(status)) {

View File

@ -725,7 +725,8 @@ void reply_nttranss(struct smb_request *req);
/* The following definitions come from smbd/open.c */
NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp,
NTSTATUS smbd_check_access_rights_fsp(struct files_struct *dirfsp,
struct files_struct *fsp,
bool use_privs,
uint32_t access_mask);
NTSTATUS check_parent_access_fsp(struct files_struct *fsp,

View File

@ -1507,7 +1507,8 @@ void reply_setatr(struct smb_request *req)
else
mode &= ~FILE_ATTRIBUTE_DIRECTORY;
status = smbd_check_access_rights_fsp(smb_fname->fsp,
status = smbd_check_access_rights_fsp(conn->cwd_fsp,
smb_fname->fsp,
false,
FILE_WRITE_ATTRIBUTES);
if (!NT_STATUS_IS_OK(status)) {

View File

@ -81,7 +81,8 @@ NTSTATUS check_access_fsp(struct files_struct *fsp,
uint32_t access_mask)
{
if (!fsp->fsp_flags.is_fsa) {
return smbd_check_access_rights_fsp(fsp,
return smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
fsp,
false,
access_mask);
}