sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2025-02-28 01:58:17 +03:00
Code

smbd: rename check_access_fsp() to check_any_access_fsp()

Browse Source 
The semantics of the access check in check_access_fsp() itself is to
allow access if *at least* one or more rights of the rights in
access_mask are allowed. The name check_any_access_fsp() better
reflects this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This commit is contained in:
Ralph Boehme 2023-12-21 10:58:09 +01:00
parent 76c8fe16bf
commit 96b577c380
3 changed files with 15 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
source3/smbd/proto.h
View File

@ -1060,8 +1060,8 @@ NTSTATUS smb_set_file_disposition_info(connection_struct *conn,
files_struct *fsp,
struct smb_filename *smb_fname);
NTSTATUS refuse_symlink_fsp(const struct files_struct *fsp);
NTSTATUS check_access_fsp(struct files_struct *fsp,
uint32_t access_mask);
NTSTATUS check_any_access_fsp(struct files_struct *fsp,
uint32_t access_mask);
uint64_t smb_roundup(connection_struct *conn, uint64_t val);
bool samba_private_attr_name(const char *unix_ea_name);
NTSTATUS get_ea_value_fsp(TALLOC_CTX *mem_ctx,

6
source3/smbd/smb2_ioctl_filesys.c
View File

@ -378,7 +378,7 @@ static NTSTATUS fsctl_set_cmprn(TALLOC_CTX *mem_ctx,
}
/* WRITE_DATA permission is required, WRITE_ATTRIBUTES is not */
status = check_access_fsp(fsp, FILE_WRITE_DATA);
status = check_any_access_fsp(fsp, FILE_WRITE_DATA);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@ -426,7 +426,7 @@ static NTSTATUS fsctl_zero_data(TALLOC_CTX *mem_ctx,
}
/* WRITE_DATA permission is required */
status = check_access_fsp(fsp, FILE_WRITE_DATA);
status = check_any_access_fsp(fsp, FILE_WRITE_DATA);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@ -616,7 +616,7 @@ static NTSTATUS fsctl_qar(TALLOC_CTX *mem_ctx,
}
/* READ_DATA permission is required */
status = check_access_fsp(fsp, FILE_READ_DATA);
status = check_any_access_fsp(fsp, FILE_READ_DATA);
if (!NT_STATUS_IS_OK(status)) {
return status;
}

15
source3/smbd/smb2_trans2.c
View File

@ -74,8 +74,13 @@ NTSTATUS refuse_symlink_fsp(const files_struct *fsp)
return NT_STATUS_OK;
}
NTSTATUS check_access_fsp(struct files_struct *fsp,
uint32_t access_mask)
/**
* Check that one or more of the rights in access_mask are
* allowed. Iow, access_mask can contain more then one right and
* it is sufficient having only one of those granted to pass.
**/
NTSTATUS check_any_access_fsp(struct files_struct *fsp,
uint32_t access_mask)
{
if (!fsp->fsp_flags.is_fsa) {
return smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
@ -681,7 +686,7 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
return status;
}
status = check_access_fsp(fsp, FILE_WRITE_EA);
status = check_any_access_fsp(fsp, FILE_WRITE_EA);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@ -4763,7 +4768,7 @@ static NTSTATUS smb_set_file_basic_info(connection_struct *conn,
return NT_STATUS_INVALID_HANDLE;
}
status = check_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
status = check_any_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@ -4834,7 +4839,7 @@ static NTSTATUS smb_set_info_standard(connection_struct *conn,
DEBUG(10,("smb_set_info_standard: file %s\n",
smb_fname_str_dbg(smb_fname)));
status = check_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
status = check_any_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
if (!NT_STATUS_IS_OK(status)) {
return status;
}