mirror of
https://github.com/samba-team/samba.git
synced 2024-12-24 21:34:56 +03:00
s3: smbd: Subtle change to semantics needed for smbd_check_access_rights_fsp().
smbd_check_access_rights() is checking permissions on a file *before* open, so getting ACCESS_DENIED and mapping to NT_STATUS_OK when reading the security descriptor is fine, as if we really don't have access the open will fail. smbd_check_access_rights_fsp() takes place *after* the open (pathref or otherwise), so being unable to get the security decriptor should be reported back to the caller and not mapped to NT_STATUS_OK. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org>
This commit is contained in:
parent
12ede1732a
commit
ae5cb84fae
@ -293,9 +293,6 @@ NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp,
|
||||
SECINFO_DACL),
|
||||
talloc_tos(),
|
||||
&sd);
|
||||
if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
|
||||
status = NT_STATUS_OK;
|
||||
}
|
||||
if (!NT_STATUS_IS_OK(status)) {
|
||||
DBG_DEBUG("Could not get acl on %s: %s\n",
|
||||
fsp_str_dbg(fsp),
|
||||
|
Loading…
Reference in New Issue
Block a user