sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-08-07 09:49:30 +03:00
Code Activity

Remove the "stat_open()" function, flag, and all associated code. It was only

Browse Source 
being (correctly) used in the can_read/can_write checks for hide unreadable/unwritable
and this is more properly done using the functions in smbd/file_access.c.
Preparing to do NT access checks on all file access.
Jeremy.
This commit is contained in:
Jeremy Allison
2008-05-02 17:22:10 -07:00
parent b739c7f1cd
commit 6bfb06ad95
8 changed files with 16 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
source/include/smb.h
View File

@ -508,7 +508,6 @@ typedef struct files_struct {
bool print_file;
bool modified;
bool is_directory;
bool is_stat;
bool aio_write_behind;
bool lockdb_clean;
bool initial_delete_on_close; /* Only set at NTCreateX if file was created. */

4
source/locking/locking.c
View File

@ -1363,10 +1363,6 @@ bool set_delete_on_close(files_struct *fsp, bool delete_on_close, UNIX_USER_TOKE
delete_on_close ? "Adding" : "Removing", fsp->fnum,
fsp->fsp_name ));
if (fsp->is_stat) {
return True;
}
lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
NULL);
if (lck == NULL) {

11
source/rpc_server/srv_srvsvc_nt.c
View File

@ -2206,13 +2206,20 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p,
goto error_exit;
}
nt_status = open_file_stat(conn, NULL, filename, &st, &fsp);
nt_status = open_file_ntcreate(conn, NULL, filename, &st,
FILE_WRITE_ATTRIBUTES,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
0,
FILE_ATTRIBUTE_NORMAL,
INTERNAL_OPEN_ONLY,
NULL, &fsp);
if ( !NT_STATUS_IS_OK(nt_status) ) {
/* Perhaps it is a directory */
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_FILE_IS_A_DIRECTORY))
nt_status = open_directory(conn, NULL, filename, &st,
FILE_READ_ATTRIBUTES,
FILE_WRITE_ATTRIBUTES,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
0,

16
source/smbd/close.c
View File

@ -702,20 +702,6 @@ static NTSTATUS close_directory(files_struct *fsp, enum file_close_type close_ty
return status;
}
/****************************************************************************
Close a 'stat file' opened internally.
****************************************************************************/
static NTSTATUS close_stat(files_struct *fsp)
{
/*
* Do the code common to files and directories.
*/
close_filestruct(fsp);
file_free(fsp);
return NT_STATUS_OK;
}
/****************************************************************************
Close a files_struct.
****************************************************************************/
@ -727,8 +713,6 @@ NTSTATUS close_file(files_struct *fsp, enum file_close_type close_type)
if(fsp->is_directory) {
status = close_directory(fsp, close_type);
} else if (fsp->is_stat) {
status = close_stat(fsp);
} else if (fsp->fake_file_handle != NULL) {
status = close_fake_file(fsp);
} else {

68
source/smbd/dir.c
View File

@ -925,11 +925,6 @@ bool get_dir_entry(TALLOC_CTX *ctx,
static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst)
{
SEC_DESC *psd = NULL;
files_struct *fsp;
NTSTATUS status;
uint32 access_granted;
/*
* If user is a member of the Admin group
* we never hide files from them.
@ -941,36 +936,7 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S
SMB_ASSERT(VALID_STAT(*pst));
/* Pseudo-open the file (note - no fd's created). */
if(S_ISDIR(pst->st_mode)) {
status = open_directory(conn, NULL, name, pst,
READ_CONTROL_ACCESS,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
0, /* no create options. */
FILE_ATTRIBUTE_DIRECTORY,
NULL, &fsp);
} else {
status = open_file_stat(conn, NULL, name, pst, &fsp);
}
if (!NT_STATUS_IS_OK(status)) {
return False;
}
/* Get NT ACL -allocated in main loop talloc context. No free needed here. */
status = SMB_VFS_FGET_NT_ACL(fsp,
(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
close_file(fsp, NORMAL_CLOSE);
/* No access if SD get failed. */
if (!NT_STATUS_IS_OK(status)) {
return False;
}
return se_access_check(psd, current_user.nt_user_token, FILE_READ_DATA,
&access_granted, &status);
return can_access_file_acl(conn, name, pst, FILE_READ_DATA);
}
/*******************************************************************
@ -982,12 +948,6 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S
static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst)
{
SEC_DESC *psd = NULL;
files_struct *fsp;
int info;
NTSTATUS status;
uint32 access_granted;
/*
* If user is a member of the Admin group
* we never hide files from them.
@ -1003,33 +963,9 @@ static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_
if(S_ISDIR(pst->st_mode)) {
return True;
} else {
status = open_file_ntcreate(conn, NULL, name, pst,
FILE_WRITE_ATTRIBUTES,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
0,
FILE_ATTRIBUTE_NORMAL,
INTERNAL_OPEN_ONLY,
&info, &fsp);
}
if (!NT_STATUS_IS_OK(status)) {
return False;
}
/* Get NT ACL -allocated in main loop talloc context. No free needed here. */
status = SMB_VFS_FGET_NT_ACL(fsp,
(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd);
close_file(fsp, NORMAL_CLOSE);
/* No access if SD get failed. */
if (!NT_STATUS_IS_OK(status)) {
return False;
}
return se_access_check(psd, current_user.nt_user_token, FILE_WRITE_DATA,
&access_granted, &status);
return can_write_to_file(conn, name, pst);
}
/*******************************************************************

8
source/smbd/file_access.c
View File

@ -25,7 +25,7 @@ extern struct current_user current_user;
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_ACLS
static bool can_access_file_acl(struct connection_struct *conn,
bool can_access_file_acl(struct connection_struct *conn,
const char * fname, SMB_STRUCT_STAT *psbuf,
uint32_t access_mask)
{
@ -125,7 +125,7 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname)
Note this doesn't take into account share write permissions.
****************************************************************************/
bool can_access_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf, uint32 access_mask)
bool can_access_file_data(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf, uint32 access_mask)
{
if (!(access_mask & (FILE_READ_DATA|FILE_WRITE_DATA))) {
return False;
@ -134,7 +134,7 @@ bool can_access_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT
/* some fast paths first */
DEBUG(10,("can_access_file: requesting 0x%x on file %s\n",
DEBUG(10,("can_access_file_data: requesting 0x%x on file %s\n",
(unsigned int)access_mask, fname ));
if (current_user.ut.uid == 0 || conn->admin_user) {
@ -180,7 +180,7 @@ bool can_access_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT
bool can_write_to_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf)
{
return can_access_file(conn, fname, psbuf, FILE_WRITE_DATA);
return can_access_file_data(conn, fname, psbuf, FILE_WRITE_DATA);
}
/****************************************************************************

1
source/smbd/files.c
View File

@ -539,7 +539,6 @@ NTSTATUS dup_file_fsp(files_struct *fsp,
dup_fsp->print_file = fsp->print_file;
dup_fsp->modified = fsp->modified;
dup_fsp->is_directory = fsp->is_directory;
dup_fsp->is_stat = fsp->is_stat;
dup_fsp->aio_write_behind = fsp->aio_write_behind;
string_set(&dup_fsp->fsp_name,fsp->fsp_name);

56
source/smbd/open.c
View File

@ -391,7 +391,6 @@ static NTSTATUS open_file(files_struct *fsp,
fsp->modified = False;
fsp->sent_oplock_break = NO_BREAK_SENT;
fsp->is_directory = False;
fsp->is_stat = False;
if (conn->aio_write_behind_list &&
is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) {
fsp->aio_write_behind = True;
@ -1571,7 +1570,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn,
}
if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) ||
!can_access_file(conn,fname,psbuf,can_access_mask)) {
!can_access_file_data(conn,fname,psbuf,can_access_mask)) {
can_access = False;
}
@ -2223,7 +2222,6 @@ NTSTATUS open_directory(connection_struct *conn,
fsp->oplock_type = NO_OPLOCK;
fsp->sent_oplock_break = NO_BREAK_SENT;
fsp->is_directory = True;
fsp->is_stat = False;
fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False;
string_set(&fsp->fsp_name,fname);
@ -2305,58 +2303,6 @@ NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, cons
return status;
}
/****************************************************************************
Open a pseudo-file (no locking checks - a 'stat' open).
****************************************************************************/
NTSTATUS open_file_stat(connection_struct *conn, struct smb_request *req,
const char *fname, SMB_STRUCT_STAT *psbuf,
files_struct **result)
{
files_struct *fsp = NULL;
NTSTATUS status;
if (!VALID_STAT(*psbuf)) {
return NT_STATUS_INVALID_PARAMETER;
}
/* Can't 'stat' open directories. */
if(S_ISDIR(psbuf->st_mode)) {
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
status = file_new(conn, &fsp);
if(!NT_STATUS_IS_OK(status)) {
return status;
}
DEBUG(5,("open_file_stat: 'opening' file %s\n", fname));
/*
* Setup the files_struct for it.
*/
fsp->mode = psbuf->st_mode;
fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
fsp->file_pid = req ? req->smbpid : 0;
fsp->can_lock = False;
fsp->can_read = False;
fsp->can_write = False;
fsp->print_file = False;
fsp->modified = False;
fsp->oplock_type = NO_OPLOCK;
fsp->sent_oplock_break = NO_BREAK_SENT;
fsp->is_directory = False;
fsp->is_stat = True;
string_set(&fsp->fsp_name,fname);
conn->num_files_open++;
*result = fsp;
return NT_STATUS_OK;
}
/****************************************************************************
Receive notification that one of our open files has been renamed by another
smbd process.