smbd: rename check_access_fsp() to check_any_access_fsp()

The semantics of the access check in check_access_fsp() itself is to
allow access if *at least* one or more rights of the rights in
access_mask are allowed. The name check_any_access_fsp() better
reflects this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 2875fcf562b61317b27e098b6d83afe511e97a3e..a90326b877b88661033e1669220e439d15dd6347 100644 (file)
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -1060,8 +1060,8 @@ NTSTATUS smb_set_file_disposition_info(connection_struct *conn,
                                       files_struct *fsp,
                                       struct smb_filename *smb_fname);
 NTSTATUS refuse_symlink_fsp(const struct files_struct *fsp);
-NTSTATUS check_access_fsp(struct files_struct *fsp,
-                         uint32_t access_mask);
+NTSTATUS check_any_access_fsp(struct files_struct *fsp,
+                             uint32_t access_mask);
 uint64_t smb_roundup(connection_struct *conn, uint64_t val);
 bool samba_private_attr_name(const char *unix_ea_name);
 NTSTATUS get_ea_value_fsp(TALLOC_CTX *mem_ctx,

diff --git a/source3/smbd/smb2_ioctl_filesys.c b/source3/smbd/smb2_ioctl_filesys.c
index 36429b8fd352206d9263400185cc82965af07a9c..6cc53d4828ed05c06963c5e98507ec1ed276fed1 100644 (file)
--- a/source3/smbd/smb2_ioctl_filesys.c
+++ b/source3/smbd/smb2_ioctl_filesys.c
@@ -378,7 +378,7 @@ static NTSTATUS fsctl_set_cmprn(TALLOC_CTX *mem_ctx,
        }
 
        /* WRITE_DATA permission is required, WRITE_ATTRIBUTES is not */
-       status = check_access_fsp(fsp, FILE_WRITE_DATA);
+       status = check_any_access_fsp(fsp, FILE_WRITE_DATA);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -426,7 +426,7 @@ static NTSTATUS fsctl_zero_data(TALLOC_CTX *mem_ctx,
        }
 
        /* WRITE_DATA permission is required */
-       status = check_access_fsp(fsp, FILE_WRITE_DATA);
+       status = check_any_access_fsp(fsp, FILE_WRITE_DATA);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -616,7 +616,7 @@ static NTSTATUS fsctl_qar(TALLOC_CTX *mem_ctx,
        }
 
        /* READ_DATA permission is required */
-       status = check_access_fsp(fsp, FILE_READ_DATA);
+       status = check_any_access_fsp(fsp, FILE_READ_DATA);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }

diff --git a/source3/smbd/smb2_trans2.c b/source3/smbd/smb2_trans2.c
index c7da35ad0a5796bb00b237dd94547b169841e098..81fa867688d795c45532bfef6e549b5e1a13a842 100644 (file)
--- a/source3/smbd/smb2_trans2.c
+++ b/source3/smbd/smb2_trans2.c
@@ -74,8 +74,13 @@ NTSTATUS refuse_symlink_fsp(const files_struct *fsp)
        return NT_STATUS_OK;
 }
 
-NTSTATUS check_access_fsp(struct files_struct *fsp,
-                         uint32_t access_mask)
+/**
+ * Check that one or more of the rights in access_mask are
+ * allowed. Iow, access_mask can contain more then one right and
+ * it is sufficient having only one of those granted to pass.
+ **/
+NTSTATUS check_any_access_fsp(struct files_struct *fsp,
+                             uint32_t access_mask)
 {
        if (!fsp->fsp_flags.is_fsa) {
                return smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
@@ -681,7 +686,7 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
                return status;
        }
 
-       status = check_access_fsp(fsp, FILE_WRITE_EA);
+       status = check_any_access_fsp(fsp, FILE_WRITE_EA);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -4763,7 +4768,7 @@ static NTSTATUS smb_set_file_basic_info(connection_struct *conn,
                return NT_STATUS_INVALID_HANDLE;
        }
 
-       status = check_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
+       status = check_any_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -4834,7 +4839,7 @@ static NTSTATUS smb_set_info_standard(connection_struct *conn,
        DEBUG(10,("smb_set_info_standard: file %s\n",
                smb_fname_str_dbg(smb_fname)));
 
-       status = check_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
+       status = check_any_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }