git.samba.org / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8e3798d)
smbd: add smbd_check_access_rights_fsp()
authorRalph Boehme <slow@samba.org>
Tue, 27 Oct 2020 10:24:03 +0000 (11:24 +0100)
committerRalph Boehme <slow@samba.org>
Wed, 16 Dec 2020 09:08:31 +0000 (09:08 +0000)
Handle based version of smbd_check_access_rights().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
source3/smbd/open.c patch | blob | history
source3/smbd/proto.h patch | blob | history

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index d902e461ec6fc532dae325ac595d8f5c50b12f49..6f43d4f55b628936377930c349ff32d82dad5c8e 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -280,6 +280,36 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
                                           access_mask);
 }
 
+NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp,
+                                     bool use_privs,
+                                     uint32_t access_mask)
+{
+       struct security_descriptor *sd = NULL;
+       NTSTATUS status;
+
+       status = SMB_VFS_FGET_NT_ACL(fsp,
+                                    (SECINFO_OWNER |
+                                     SECINFO_GROUP |
+                                     SECINFO_DACL),
+                                    talloc_tos(),
+                                    &sd);
+       if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) {
+               status = NT_STATUS_OK;
+       }
+       if (!NT_STATUS_IS_OK(status)) {
+               DBG_DEBUG("Could not get acl on %s: %s\n",
+                         fsp_str_dbg(fsp),
+                         nt_errstr(status));
+               return status;
+       }
+
+       return smbd_check_access_rights_sd(fsp->conn,
+                                          fsp->fsp_name,
+                                          sd,
+                                          use_privs,
+                                          access_mask);
+}
+
 NTSTATUS check_parent_access(struct connection_struct *conn,
                                struct files_struct *dirfsp,
                                struct smb_filename *smb_fname,
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index ea81f7a7dd824f44a7187f150d6cfead9d6d329c..b99f701fd3b0497298321f73c3bbb287d7e371bc 100644 (file)
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -719,6 +719,9 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
                                const struct smb_filename *smb_fname,
                                bool use_privs,
                                uint32_t access_mask);
+NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp,
+                                     bool use_privs,
+                                     uint32_t access_mask);
 NTSTATUS check_parent_access(struct connection_struct *conn,
                                struct files_struct *dirfsp,
                                struct smb_filename *smb_fname,
Samba Shared Repository