1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

r18580: map the PVFS_FLAG_READONLY bit in the posix backend onto

NT_STATUS_ACCESS_DENIED in the access mask checks
(This used to be commit ceffc34f3e)
This commit is contained in:
Andrew Tridgell 2006-09-16 15:31:53 +00:00 committed by Gerald (Jerry) Carter
parent 7c017f9015
commit 9c53e14602

View File

@ -349,6 +349,13 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs,
uid_t uid = geteuid();
uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL;
if ((pvfs->flags & PVFS_FLAG_READONLY) &&
((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
SEC_DIR_DELETE_CHILD))) {
return NT_STATUS_ACCESS_DENIED;
}
/* owner and root get extra permissions */
if (uid == 0) {
max_bits |= SEC_STD_ALL | SEC_FLAG_SYSTEM_SECURITY;
@ -390,6 +397,13 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
NTSTATUS status;
struct security_descriptor *sd;
if ((pvfs->flags & PVFS_FLAG_READONLY) &&
((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
SEC_DIR_DELETE_CHILD))) {
return NT_STATUS_ACCESS_DENIED;
}
acl = talloc(req, struct xattr_NTACL);
if (acl == NULL) {
return NT_STATUS_NO_MEMORY;