s3: smbd: smbd_check_access_rights_fsp(). Add dirfsp parameter.

Pass down to smbd_check_access_rights_sd().

Always pass conn->cwd_fsp for now.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

diff --git a/source3/modules/vfs_ceph_snapshots.c b/source3/modules/vfs_ceph_snapshots.c
index 35681e24e0b06376f2f33ec69f76cd4e009578c9..41b7e0cfe91959d18112112c051ae69d9f96d74e 100644 (file)
--- a/source3/modules/vfs_ceph_snapshots.c
+++ b/source3/modules/vfs_ceph_snapshots.c
@@ -209,7 +209,8 @@ static int ceph_snap_enum_snapdir(struct vfs_handle_struct *handle,
 
        /* Check we have SEC_DIR_LIST access on this fsp. */
        dirfsp = dir_hnd_fetch_fsp(dir_hnd);
-       status = smbd_check_access_rights_fsp(dirfsp,
+       status = smbd_check_access_rights_fsp(dirfsp->conn->cwd_fsp,
+                                             dirfsp,
                                              false,
                                              SEC_DIR_LIST);
        if (!NT_STATUS_IS_OK(status)) {
@@ -529,7 +530,8 @@ static int ceph_snap_gmt_convert_dir(struct vfs_handle_struct *handle,
 
        /* Check we have SEC_DIR_LIST access on this fsp. */
        dirfsp = dir_hnd_fetch_fsp(dir_hnd);
-       status = smbd_check_access_rights_fsp(dirfsp,
+       status = smbd_check_access_rights_fsp(dirfsp->conn->cwd_fsp,
+                                             dirfsp,
                                              false,
                                              SEC_DIR_LIST);
        if (!NT_STATUS_IS_OK(status)) {

diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c
index 3945d661d08f0fd547fb7109e36c140b749daad1..9f004aff6b613605e4c967cfa87e12ea2c64e1d9 100644 (file)
--- a/source3/modules/vfs_shadow_copy2.c
+++ b/source3/modules/vfs_shadow_copy2.c
@@ -1995,7 +1995,8 @@ static int shadow_copy2_get_shadow_copy_data(
        fsp_set_fd(dirfsp, fd);
 
        /* Now we have the handle, check access here. */
-       status = smbd_check_access_rights_fsp(dirfsp,
+       status = smbd_check_access_rights_fsp(fspcwd,
+                                       dirfsp,
                                        false,
                                        SEC_DIR_LIST);
        if (!NT_STATUS_IS_OK(status)) {

diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 2528e47b4464c8058ee0f75feaf22ba5f19b35ed..ac6afe77464df034c90080514a32899a6486eee7 100644 (file)
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -503,7 +503,8 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
                        return NT_STATUS_ACCESS_DENIED;
                }
 
-               status = smbd_check_access_rights_fsp(smb_fname->fsp,
+               status = smbd_check_access_rights_fsp(conn->cwd_fsp,
+                                       smb_fname->fsp,
                                        false,
                                        FILE_WRITE_ATTRIBUTES);
                if (NT_STATUS_IS_OK(status)) {

diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 581c11cb7fe8264cac73dd781153dbc7e05c6046..9193c6503160678a17070f9297260b47f39ec2cc 100644 (file)
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -124,6 +124,7 @@ bool can_delete_file_in_directory(connection_struct *conn,
         */
 
        ret = NT_STATUS_IS_OK(smbd_check_access_rights_fsp(
+                               conn->cwd_fsp,
                                smb_fname_parent->fsp,
                                false,
                                FILE_DELETE_CHILD));
@@ -140,7 +141,9 @@ bool can_delete_file_in_directory(connection_struct *conn,
 
 bool can_write_to_fsp(struct files_struct *fsp)
 {
-       return NT_STATUS_IS_OK(smbd_check_access_rights_fsp(fsp,
+       return NT_STATUS_IS_OK(smbd_check_access_rights_fsp(
+                                                       fsp->conn->cwd_fsp,
+                                                       fsp,
                                                        false,
                                                        FILE_WRITE_DATA));
 }

diff --git a/source3/smbd/notify.c b/source3/smbd/notify.c
index 64655a3084e1e778dad59b74033d975ac447df7e..4de62aba4f1871dfdfd0b26d39f734ae77cd81ae 100644 (file)
--- a/source3/smbd/notify.c
+++ b/source3/smbd/notify.c
@@ -669,7 +669,8 @@ static bool user_can_stat_name_under_fsp(files_struct *fsp, const char *name)
                        return false;
                }
 
-               status = smbd_check_access_rights_fsp(fname->fsp,
+               status = smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
+                                                 fname->fsp,
                                                  false,
                                                  rights);
                if (!NT_STATUS_IS_OK(status)) {
@@ -711,7 +712,8 @@ static bool user_can_stat_name_under_fsp(files_struct *fsp, const char *name)
                TALLOC_FREE(filepath);
                return false;
        }
-       status = smbd_check_access_rights_fsp(fname->fsp,
+       status = smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
+                                         fname->fsp,
                                          false,
                                          rights);
        if (!NT_STATUS_IS_OK(status)) {

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index edced0d613129c4e0d9505b89f1ce32e3b3dd47d..43b630c2d804fdf2b723491f75f4d39d17abdcd4 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -246,7 +246,8 @@ access_denied:
        return NT_STATUS_OK;
 }
 
-NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp,
+NTSTATUS smbd_check_access_rights_fsp(struct files_struct *dirfsp,
+                                     struct files_struct *fsp,
                                      bool use_privs,
                                      uint32_t access_mask)
 {
@@ -290,7 +291,7 @@ NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp,
        }
 
        return smbd_check_access_rights_sd(fsp->conn,
-                                          fsp->conn->cwd_fsp,
+                                          dirfsp,
                                           fsp->fsp_name,
                                           sd,
                                           use_privs,
@@ -436,7 +437,8 @@ static NTSTATUS check_base_file_access(struct files_struct *fsp,
                }
        }
 
-       return smbd_check_access_rights_fsp(fsp,
+       return smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
+                                       fsp,
                                        false,
                                        access_mask);
 }
@@ -1362,7 +1364,9 @@ static NTSTATUS open_file(files_struct *fsp,
                if (!fsp->base_fsp) {
                        /* Only do this check on non-stream open. */
                        if (file_existed) {
-                               status = smbd_check_access_rights_fsp(fsp,
+                               status = smbd_check_access_rights_fsp(
+                                               fsp->conn->cwd_fsp,
+                                               fsp,
                                                false,
                                                access_mask);
 
@@ -1547,7 +1551,8 @@ static NTSTATUS open_file(files_struct *fsp,
                        }
                }
 
-               status = smbd_check_access_rights_fsp(fsp,
+               status = smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
+                                                     fsp,
                                                      false,
                                                      access_mask);
 
@@ -4617,7 +4622,8 @@ static NTSTATUS open_directory(connection_struct *conn,
        }
 
        if (info == FILE_WAS_OPENED) {
-               status = smbd_check_access_rights_fsp(fsp,
+               status = smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
+                                               fsp,
                                                false,
                                                access_mask);
                if (!NT_STATUS_IS_OK(status)) {

diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index fd090f1565530e770c386cb4d9b4b5087774c407..68ce8b3332ce5ac667a4caab3116914da14f82d5 100644 (file)
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -725,7 +725,8 @@ void reply_nttranss(struct smb_request *req);
 
 /* The following definitions come from smbd/open.c  */
 
-NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp,
+NTSTATUS smbd_check_access_rights_fsp(struct files_struct *dirfsp,
+                                     struct files_struct *fsp,
                                      bool use_privs,
                                      uint32_t access_mask);
 NTSTATUS check_parent_access_fsp(struct files_struct *fsp,

diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index f3a262a79bb362d197d7506af2d7d259e22ef07a..d453eb5e6f4bd4e8f34cd36fead282fdde7bd13f 100644 (file)
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -1507,7 +1507,8 @@ void reply_setatr(struct smb_request *req)
                else
                        mode &= ~FILE_ATTRIBUTE_DIRECTORY;
 
-               status = smbd_check_access_rights_fsp(smb_fname->fsp,
+               status = smbd_check_access_rights_fsp(conn->cwd_fsp,
+                                       smb_fname->fsp,
                                        false,
                                        FILE_WRITE_ATTRIBUTES);
                if (!NT_STATUS_IS_OK(status)) {

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 983bd48c61549e1ff6a90da91708336503d560c8..a1a3e92fafd8b20028f99cd42a097aa76a6b07ff 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -81,7 +81,8 @@ NTSTATUS check_access_fsp(struct files_struct *fsp,
                          uint32_t access_mask)
 {
        if (!fsp->fsp_flags.is_fsa) {
-               return smbd_check_access_rights_fsp(fsp,
+               return smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
+                                                   fsp,
                                                    false,
                                                    access_mask);
        }