2025-01-12 09:18:10 +03:00 · 2005-01-07 02:14:34 +00:00 · 2005-01-07 02:14:34 +00:00 · ad7da47948
commit ad7da47948
parent 1a019f9883
5 changed files with 43 additions and 20 deletions
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@ -392,6 +392,8 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
 	/* expand the generic access bits to file specific bits */
 	*access_mask = pvfs_translate_mask(*access_mask);

+	*access_mask &= ~SEC_FILE_READ_ATTRIBUTE;
+
 	/* check the acl against the required access mask */
 	status = sec_access_check(sd, token, *access_mask, access_mask);

@ -424,7 +426,8 @@ NTSTATUS pvfs_access_check_simple(struct pvfs_state *pvfs,
 */
 NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs, 
 				  struct smbsrv_request *req,
-				  struct pvfs_filename *name)
+				  struct pvfs_filename *name,
+				  uint32_t *access_mask)
 {
 	struct pvfs_filename *parent;
 	NTSTATUS status;
@ -434,7 +437,34 @@ NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs,
 		return status;
 	}

-	return pvfs_access_check_simple(pvfs, req, parent, SEC_DIR_ADD_FILE);
+	status = pvfs_access_check(pvfs, req, parent, access_mask);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	if (! ((*access_mask) & SEC_DIR_ADD_FILE)) {
+		return pvfs_access_check_simple(pvfs, req, name, SEC_DIR_ADD_FILE);
+	}
+
+	return status;
+}
+
+/*
+  access check for creating a new file/directory - no access mask supplied
+*/
+NTSTATUS pvfs_access_check_create_nomask(struct pvfs_state *pvfs, 
+					 struct smbsrv_request *req,
+					 struct pvfs_filename *name)
+{
+	struct pvfs_filename *parent;
+	NTSTATUS status;
+
+	status = pvfs_resolve_parent(pvfs, req, name, &parent);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
+	return pvfs_access_check_simple(pvfs, req, name, SEC_DIR_ADD_FILE);
 }


--- a/source4/ntvfs/posix/pvfs_mkdir.c
+++ b/source4/ntvfs/posix/pvfs_mkdir.c
@ -44,7 +44,7 @@ static NTSTATUS pvfs_t2mkdir(struct pvfs_state *pvfs,
 		return NT_STATUS_OBJECT_NAME_COLLISION;
 	}

-	status = pvfs_access_check_create(pvfs, req, name);
+	status = pvfs_access_check_create_nomask(pvfs, req, name);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@ -114,7 +114,7 @@ NTSTATUS pvfs_mkdir(struct ntvfs_module_context *ntvfs,
 		return NT_STATUS_OBJECT_NAME_COLLISION;
 	}

-	status = pvfs_access_check_create(pvfs, req, name);
+	status = pvfs_access_check_create_nomask(pvfs, req, name);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@ -199,7 +199,7 @@ static NTSTATUS pvfs_open_directory(struct pvfs_state *pvfs,
 		/* check the security descriptor */
 		status = pvfs_access_check(pvfs, req, name, &access_mask);
 	} else {
-		status = pvfs_access_check_create(pvfs, req, name);
+		status = pvfs_access_check_create(pvfs, req, name, &access_mask);
 	}
 	if (!NT_STATUS_IS_OK(status)) {
 		idr_remove(pvfs->idtree_fnum, fnum);
@ -452,23 +452,16 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
 	mode_t mode;
 	uint32_t attrib;

-	status = pvfs_access_check_create(pvfs, req, name);
-	if (!NT_STATUS_IS_OK(status)) {
-		return status;
-	}
-
 	if ((io->ntcreatex.in.file_attr & FILE_ATTRIBUTE_READONLY) &&
 	    (create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE)) {
 		return NT_STATUS_CANNOT_DELETE;
 	}
 	
-	if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
-		access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE | 
-			SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL;
+	status = pvfs_access_check_create(pvfs, req, name, &access_mask);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
 	}

-	access_mask |= SEC_FILE_READ_ATTRIBUTE;
-
 	if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
 		flags = O_RDWR;
 	} else {
--- a/source4/ntvfs/posix/pvfs_rename.c
+++ b/source4/ntvfs/posix/pvfs_rename.c
@ -281,7 +281,7 @@ static NTSTATUS pvfs_rename_mv(struct ntvfs_module_context *ntvfs,
 		return status;
 	}

-	status = pvfs_access_check_create(pvfs, req, name2);
+	status = pvfs_access_check_create_nomask(pvfs, req, name2);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@ -360,7 +360,7 @@ static NTSTATUS pvfs_rename_nt(struct ntvfs_module_context *ntvfs,

 	switch (ren->ntrename.in.flags) {
 	case RENAME_FLAG_RENAME:
-		status = pvfs_access_check_create(pvfs, req, name2);
+		status = pvfs_access_check_create_nomask(pvfs, req, name2);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
@ -370,7 +370,7 @@ static NTSTATUS pvfs_rename_nt(struct ntvfs_module_context *ntvfs,
 		break;

 	case RENAME_FLAG_HARD_LINK:
-		status = pvfs_access_check_create(pvfs, req, name2);
+		status = pvfs_access_check_create_nomask(pvfs, req, name2);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
@ -380,7 +380,7 @@ static NTSTATUS pvfs_rename_nt(struct ntvfs_module_context *ntvfs,
 		break;

 	case RENAME_FLAG_COPY:
-		status = pvfs_access_check_create(pvfs, req, name2);
+		status = pvfs_access_check_create_nomask(pvfs, req, name2);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
--- a/source4/ntvfs/posix/pvfs_setfileinfo.c
+++ b/source4/ntvfs/posix/pvfs_setfileinfo.c
@ -139,7 +139,7 @@ static NTSTATUS pvfs_setfileinfo_rename(struct pvfs_state *pvfs,
 		}
 	}

-	status = pvfs_access_check_create(pvfs, req, name2);
+	status = pvfs_access_check_create_nomask(pvfs, req, name2);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}