mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
r18580: map the PVFS_FLAG_READONLY bit in the posix backend onto
NT_STATUS_ACCESS_DENIED in the access mask checks
(This used to be commit ceffc34f3e
)
This commit is contained in:
parent
7c017f9015
commit
9c53e14602
@ -349,6 +349,13 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs,
|
||||
uid_t uid = geteuid();
|
||||
uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL;
|
||||
|
||||
if ((pvfs->flags & PVFS_FLAG_READONLY) &&
|
||||
((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
|
||||
SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
|
||||
SEC_DIR_DELETE_CHILD))) {
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
/* owner and root get extra permissions */
|
||||
if (uid == 0) {
|
||||
max_bits |= SEC_STD_ALL | SEC_FLAG_SYSTEM_SECURITY;
|
||||
@ -390,6 +397,13 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
|
||||
NTSTATUS status;
|
||||
struct security_descriptor *sd;
|
||||
|
||||
if ((pvfs->flags & PVFS_FLAG_READONLY) &&
|
||||
((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
|
||||
SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
|
||||
SEC_DIR_DELETE_CHILD))) {
|
||||
return NT_STATUS_ACCESS_DENIED;
|
||||
}
|
||||
|
||||
acl = talloc(req, struct xattr_NTACL);
|
||||
if (acl == NULL) {
|
||||
return NT_STATUS_NO_MEMORY;
|
||||
|
Loading…
Reference in New Issue
Block a user