r4615: added acl checking on directory search in pvfs

author Andrew Tridgell <tridge@samba.org>

Sun, 9 Jan 2005 08:27:35 +0000 (08:27 +0000)

committer Gerald (Jerry) Carter <jerry@samba.org>

Wed, 10 Oct 2007 18:08:33 +0000 (13:08 -0500)
author Andrew Tridgell <tridge@samba.org>
Sun, 9 Jan 2005 08:27:35 +0000 (08:27 +0000)
committer Gerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 18:08:33 +0000 (13:08 -0500)
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c

index 590c9c18b504636301373b015dbbfb1154586f27..e38f2c9ecb2180851db736f4451a0c8db83788da 100644 (file)
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -452,9 +452,10 @@ NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs,
  /*
    access check for creating a new file/directory - no access mask supplied
  */
-NTSTATUS pvfs_access_check_create_nomask(struct pvfs_state *pvfs, 
-                                        struct smbsrv_request *req,
-                                        struct pvfs_filename *name)
+NTSTATUS pvfs_access_check_parent(struct pvfs_state *pvfs, 
+                                 struct smbsrv_request *req,
+                                 struct pvfs_filename *name,
+                                 uint32_t access_mask)
  {
         struct pvfs_filename *parent;
         NTSTATUS status;
@@ -464,7 +465,7 @@ NTSTATUS pvfs_access_check_create_nomask(struct pvfs_state *pvfs,
                 return status;
         }
  
-       return pvfs_access_check_simple(pvfs, req, parent, SEC_DIR_ADD_FILE);
+       return pvfs_access_check_simple(pvfs, req, parent, access_mask);
  }
  
  
diff --git a/source4/ntvfs/posix/pvfs_mkdir.c b/source4/ntvfs/posix/pvfs_mkdir.c

index 42b5109673161c6c9b2af3c0e0f323f8fdba7347..03bc16cdbea87b7098e9d7fcb82382168ffd8208 100644 (file)
--- a/source4/ntvfs/posix/pvfs_mkdir.c
+++ b/source4/ntvfs/posix/pvfs_mkdir.c
@@ -44,7 +44,7 @@ static NTSTATUS pvfs_t2mkdir(struct pvfs_state *pvfs,
                 return NT_STATUS_OBJECT_NAME_COLLISION;
         }
  
-       status = pvfs_access_check_create_nomask(pvfs, req, name);
+       status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_ADD_FILE);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }
@@ -114,7 +114,7 @@ NTSTATUS pvfs_mkdir(struct ntvfs_module_context *ntvfs,
                 return NT_STATUS_OBJECT_NAME_COLLISION;
         }
  
-       status = pvfs_access_check_create_nomask(pvfs, req, name);
+       status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_ADD_FILE);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }
diff --git a/source4/ntvfs/posix/pvfs_rename.c b/source4/ntvfs/posix/pvfs_rename.c

index 91ad9aa3d9e3b3da3a44a15375ed65aec1689d8e..b70f1298889ae04612fecfaeff25c02ad5e67ebd 100644 (file)
--- a/source4/ntvfs/posix/pvfs_rename.c
+++ b/source4/ntvfs/posix/pvfs_rename.c
@@ -22,7 +22,7 @@
  
  #include "includes.h"
  #include "vfs_posix.h"
-
+#include "librpc/gen_ndr/ndr_security.h"
  
  /*
    resolve a wildcard rename pattern. This works on one component of the name
@@ -281,7 +281,7 @@ static NTSTATUS pvfs_rename_mv(struct ntvfs_module_context *ntvfs,
                 return status;
         }
  
-       status = pvfs_access_check_create_nomask(pvfs, req, name2);
+       status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }
@@ -360,7 +360,7 @@ static NTSTATUS pvfs_rename_nt(struct ntvfs_module_context *ntvfs,
  
         switch (ren->ntrename.in.flags) {
         case RENAME_FLAG_RENAME:
-               status = pvfs_access_check_create_nomask(pvfs, req, name2);
+               status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE);
                 if (!NT_STATUS_IS_OK(status)) {
                         return status;
                 }
@@ -370,7 +370,7 @@ static NTSTATUS pvfs_rename_nt(struct ntvfs_module_context *ntvfs,
                 break;
  
         case RENAME_FLAG_HARD_LINK:
-               status = pvfs_access_check_create_nomask(pvfs, req, name2);
+               status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE);
                 if (!NT_STATUS_IS_OK(status)) {
                         return status;
                 }
@@ -380,7 +380,7 @@ static NTSTATUS pvfs_rename_nt(struct ntvfs_module_context *ntvfs,
                 break;
  
         case RENAME_FLAG_COPY:
-               status = pvfs_access_check_create_nomask(pvfs, req, name2);
+               status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE);
                 if (!NT_STATUS_IS_OK(status)) {
                         return status;
                 }
diff --git a/source4/ntvfs/posix/pvfs_search.c b/source4/ntvfs/posix/pvfs_search.c

index 34f5f2208e8e2c3403d2ec10c2c437dcda40b7a3..21067587849f2b4fcbd0f91fcc4ca6485ac7e93a 100644 (file)
--- a/source4/ntvfs/posix/pvfs_search.c
+++ b/source4/ntvfs/posix/pvfs_search.c
@@ -24,6 +24,7 @@
  #include "vfs_posix.h"
  #include "system/time.h"
  #include "system/filesys.h"
+#include "librpc/gen_ndr/ndr_security.h"
  
  
  /* the state of a search started with pvfs_search_first() */
@@ -325,6 +326,11 @@ static NTSTATUS pvfs_search_first_old(struct ntvfs_module_context *ntvfs,
                 return STATUS_NO_MORE_FILES;
         }
  
+       status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_TRAVERSE | SEC_DIR_LIST);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
         /* we initially make search a child of the request, then if we
            need to keep it long term we steal it for the private
            structure */
@@ -461,6 +467,11 @@ NTSTATUS pvfs_search_first(struct ntvfs_module_context *ntvfs,
                 return NT_STATUS_NO_SUCH_FILE;
         }
  
+       status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_TRAVERSE | SEC_DIR_LIST);
+       if (!NT_STATUS_IS_OK(status)) {
+               return status;
+       }
+
         /* we initially make search a child of the request, then if we
            need to keep it long term we steal it for the private
            structure */
diff --git a/source4/ntvfs/posix/pvfs_setfileinfo.c b/source4/ntvfs/posix/pvfs_setfileinfo.c

index 8c4d016ccc79e84df1f3817cf8a8190f762a513c..9934388461ff35ab38afa2c893b7601d63b5a3b7 100644 (file)
--- a/source4/ntvfs/posix/pvfs_setfileinfo.c
+++ b/source4/ntvfs/posix/pvfs_setfileinfo.c
@@ -139,7 +139,7 @@ static NTSTATUS pvfs_setfileinfo_rename(struct pvfs_state *pvfs,
                 }
         }
  
-       status = pvfs_access_check_create_nomask(pvfs, req, name2);
+       status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE);
         if (!NT_STATUS_IS_OK(status)) {
                 return status;
         }
author	Andrew Tridgell <tridge@samba.org>
	Sun, 9 Jan 2005 08:27:35 +0000 (08:27 +0000)
committer	Gerald (Jerry) Carter <jerry@samba.org>
	Wed, 10 Oct 2007 18:08:33 +0000 (13:08 -0500)
source4/ntvfs/posix/pvfs_acl.c		patch \| blob \| history
source4/ntvfs/posix/pvfs_mkdir.c		patch \| blob \| history
source4/ntvfs/posix/pvfs_rename.c		patch \| blob \| history
source4/ntvfs/posix/pvfs_search.c		patch \| blob \| history
source4/ntvfs/posix/pvfs_setfileinfo.c		patch \| blob \| history