IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
Pass down to smbd_check_access_rights_sd().
Always pass conn->cwd_fsp for now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Pass down to parent_override_delete().
Always pass fsp->conn->cwd_fsp for now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Pass down to can_delete_file_in_directory().
Always pass conn->cwd_fsp for now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Pass this down into smbd_calculate_maximum_allowed_access_fsp().
Currently pass fsp->conn->cwd_fsp everywhere.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Pass the same fsp->conn->cwd_fsp parameter to can_delete_file_in_directory()
dirfsp for now.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Comment out smbd_calculate_maximum_allowed_access() as it is
a static function and we just removed the only caller.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Not yet used but this now uses smbd_calculate_maximum_allowed_access_fsp(),
so uncomment it.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Commented out as not yet used.
Signed-off-by: Noel Power <noel.power@suse.com>
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
open_file() can now use parent_dir_fname->fsp for handle-based
access calls.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This will allow us to change directory_has_default_acl() to
directory_has_default_acl_fsp() later.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
atname is a better name, as base_name refers to the name without streams
and this is nothing to do with streams.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
We don't need the parent_pathref() and more, and as we don't
own parent_dir_fname anymore, don't free it on exit.
Next step will be to remove the local variables.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Not yet used. Next step will be to use them to replace the
internal parent_dir_fname,base_name variables inside mkdir_internal().
Annotate them so we know what these extra params are.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Not yet used.
We will be passing this down to open_directory() and
open_file_ntcreate() and using it within create_file_unixpath()
as all of these functions need a parent pathref to check parent
ACLs etc.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
For the pathname verison of this function smbd_check_access_rights()
we return the st_mode bits turned into an NT ACL for a symlink.
For a symlink the mode bits are always 'lrwxrwxrwx' which means
smbd_check_access_rights() version always returned NT_STATUS_OK
for any access rights requested on a symlink.
For smbd_check_access_rights_fsp() to a symlink use the handle
access bits as this is a better representation of the access
allowed.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
smbd_check_access_rights() is checking permissions on a file *before*
open, so getting ACCESS_DENIED and mapping to NT_STATUS_OK when
reading the security descriptor is fine, as if we really don't have
access the open will fail.
smbd_check_access_rights_fsp() takes place *after* the open (pathref
or otherwise), so being unable to get the security decriptor should
be reported back to the caller and not mapped to NT_STATUS_OK.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
This doesn't matter now, but later we will move to a handle-based call to
check access rights, so we will need the full handle setup.
Add a fd_close(fsp) in the error path now this is done after the fd open.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Now we do an early check for opening a directory, this code
could never have been triggered.
The only case we need to consider now is when the filesystem
object exists as a file when we enter open_file() and another
smbd removes and then re-creates the object as a directory before we
call reopen_from_fsp(). In that case, we will open the object,
and come back out to open_file_ntcreate(), where the race
condition detection code that calls check_same_dev_ino()
will catch the case and error out the client request.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Makes sure we keep the pathref fd open for the NT_FILE_IS_A_DIRECTORY case.
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
This is really subtle. If someone passes in an smb_fname where smb_fname
actually is taken from fsp->fsp_name, then the lifetime of these objects is
meant to be the same.
This is commonly the case from an SMB1 path-based call
(eg call_trans2qfilepathinfo()) where we use the pathref fsp
(smb_fname->fsp) as the handle. In this case we must not unlink smb_fname->fsp
from it's owner.
The asserts below:
SMB_ASSERT(fsp->fsp_name->fsp != NULL);
SMB_ASSERT(fsp->fsp_name->fsp == fsp);
ensure the required invarients are met.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14732
Pair-Programmed-With: Ralph Boehme <slow@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jun 8 20:44:41 UTC 2021 on sn-devel-184