1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00

s3: smbd: Subtle change to semantics needed for smbd_check_access_rights_fsp().

smbd_check_access_rights() is checking permissions on a file *before*
open, so getting ACCESS_DENIED and mapping to NT_STATUS_OK when
reading the security descriptor is fine, as if we really don't have
access the open will fail.

smbd_check_access_rights_fsp() takes place *after* the open (pathref
or otherwise), so being unable to get the security decriptor should
be reported back to the caller and not mapped to NT_STATUS_OK.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
Jeremy Allison 2021-06-03 17:05:51 -07:00 committed by Ralph Boehme
parent 12ede1732a
commit ae5cb84fae

View File

@ -293,9 +293,6 @@ NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp,
SECINFO_DACL),
talloc_tos(),
&sd);
if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
status = NT_STATUS_OK;
}
if (!NT_STATUS_IS_OK(status)) {
DBG_DEBUG("Could not get acl on %s: %s\n",
fsp_str_dbg(fsp),