CVE-2020-25720 s4:ntvfs: Use se_file_access_check() to check file access rights

se_access_check() will be changed in a following commit to remove the
implicit WRITE_DAC right that comes with being the owner of an object.
We want to keep this implicit right for file access, and by using
se_file_access_check() we can preserve the existing behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14810

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index d284585f260a2d03d50fd0c49c96ad7aaf937419..0278e29be6fa85baf82cd5d90ce2fb122497ec76 100644 (file)
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -670,7 +670,7 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
        }
 
        /* check the acl against the required access mask */
-       status = se_access_check(sd, token, *access_mask, access_mask);
+       status = se_file_access_check(sd, token, false, *access_mask, access_mask);
        talloc_free(acl);
 
        /* if we used a NT acl, then allow access override if the