s3: smbd: Add a dirfsp parameter to smbd_check_access_rights().
authorJeremy Allison <jra@samba.org>
Thu, 30 Apr 2020 23:02:43 +0000 (16:02 -0700)
committerRalph Boehme <slow@samba.org>
Mon, 4 May 2020 13:55:33 +0000 (13:55 +0000)
Not yet used. Currently always conn->cwd_fsp.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
source3/modules/vfs_ceph_snapshots.c
source3/modules/vfs_shadow_copy2.c
source3/smbd/dosmode.c
source3/smbd/file_access.c
source3/smbd/open.c
source3/smbd/proto.h
source3/smbd/reply.c
source3/smbd/trans2.c

index d2010d8fc52ac5d3fb72363d886c55a03625ed40..163772e59c4c1fb87580380488464b2bb15be5ba 100644 (file)
@@ -186,6 +186,7 @@ static int ceph_snap_enum_snapdir(struct vfs_handle_struct *handle,
        uint32_t slots;
 
        status = smbd_check_access_rights(handle->conn,
+                                       handle->conn->cwd_fsp,
                                        snaps_dname,
                                        false,
                                        SEC_DIR_LIST);
@@ -572,6 +573,7 @@ static int ceph_snap_gmt_convert_dir(struct vfs_handle_struct *handle,
        }
 
        status = smbd_check_access_rights(handle->conn,
+                                       handle->conn->cwd_fsp,
                                        snaps_dname,
                                        false,
                                        SEC_DIR_LIST);
index b57720a73c796894445741fa494ea868431e7447..2d7fd0064de401a4d75d8dda66d027162d59e478 100644 (file)
@@ -1778,6 +1778,7 @@ static bool check_access_snapdir(struct vfs_handle_struct *handle,
        }
 
        status = smbd_check_access_rights(handle->conn,
+                                       handle->conn->cwd_fsp,
                                        &smb_fname,
                                        false,
                                        SEC_DIR_LIST);
index 910da9d1ed0a9e9ff516e6b597ae91a36f72ea85..a08bb9a55ca5a1ef2a22c36b4aee53da96669ec9 100644 (file)
@@ -536,6 +536,7 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
                }
 
                status = smbd_check_access_rights(conn,
+                                       conn->cwd_fsp,
                                        smb_fname,
                                        false,
                                        FILE_WRITE_ATTRIBUTES);
index eb9ff905781e26b9bc26e30674c60757b7fa4efe..35ee81b47ddf1cdc4e4fa9cb0ea4c819aeee0731 100644 (file)
@@ -117,7 +117,12 @@ bool can_delete_file_in_directory(connection_struct *conn,
         * check the file DELETE permission separately.
         */
 
+       /*
+        * NB. When dirfsp != conn->cwd_fsp, we must
+        * change smb_fname_parent to be "." for the name here.
+        */
        ret = NT_STATUS_IS_OK(smbd_check_access_rights(conn,
+                               dirfsp,
                                smb_fname_parent,
                                false,
                                FILE_DELETE_CHILD));
@@ -136,6 +141,7 @@ bool can_write_to_file(connection_struct *conn,
 {
        SMB_ASSERT(dirfsp == conn->cwd_fsp);
        return NT_STATUS_IS_OK(smbd_check_access_rights(conn,
+                               dirfsp,
                                smb_fname,
                                false,
                                FILE_WRITE_DATA));
index 1736ecf990f3f56939537d12345064e04a58411b..b3a8187ebc2726e8e6fca68730c952b6ebe81c7d 100644 (file)
@@ -95,6 +95,7 @@ static bool parent_override_delete(connection_struct *conn,
 ****************************************************************************/
 
 NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
+                               struct files_struct *dirfsp,
                                const struct smb_filename *smb_fname,
                                bool use_privs,
                                uint32_t access_mask)
@@ -106,6 +107,8 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
        uint32_t rejected_mask = access_mask;
        uint32_t do_not_check_mask = 0;
 
+       SMB_ASSERT(dirfsp == conn->cwd_fsp);
+
        rejected_share_access = access_mask & ~(conn->share_access);
 
        if (rejected_share_access) {
@@ -410,6 +413,7 @@ static NTSTATUS check_base_file_access(struct connection_struct *conn,
        }
 
        return smbd_check_access_rights(conn,
+                                       conn->cwd_fsp,
                                        smb_fname,
                                        false,
                                        access_mask);
@@ -1212,6 +1216,7 @@ static NTSTATUS open_file(files_struct *fsp,
                        /* Only do this check on non-stream open. */
                        if (file_existed) {
                                status = smbd_check_access_rights(conn,
+                                               conn->cwd_fsp,
                                                smb_fname,
                                                false,
                                                access_mask);
@@ -1355,6 +1360,7 @@ static NTSTATUS open_file(files_struct *fsp,
                }
 
                status = smbd_check_access_rights(conn,
+                               conn->cwd_fsp,
                                smb_fname,
                                false,
                                access_mask);
@@ -4373,6 +4379,7 @@ static NTSTATUS open_directory(connection_struct *conn,
 
        if (info == FILE_WAS_OPENED) {
                status = smbd_check_access_rights(conn,
+                                               conn->cwd_fsp,
                                                smb_dname,
                                                false,
                                                access_mask);
index 931d2fd2cdd5e28d7d400d5ab7dd4e9813e1c307..c2f0e2e184ea5b5fa7b760ea5989218419975bd6 100644 (file)
@@ -703,6 +703,7 @@ void reply_nttranss(struct smb_request *req);
 /* The following definitions come from smbd/open.c  */
 
 NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
+                               struct files_struct *dirfsp,
                                const struct smb_filename *smb_fname,
                                bool use_privs,
                                uint32_t access_mask);
index aa84be991596595963fb8f2f6e37fafa5616a4ca..f8c0124cbb8d7bb82b17cdf37ed6afe5986a270f 100644 (file)
@@ -1554,6 +1554,7 @@ void reply_setatr(struct smb_request *req)
                        mode &= ~FILE_ATTRIBUTE_DIRECTORY;
 
                status = smbd_check_access_rights(conn,
+                                       conn->cwd_fsp,
                                        smb_fname,
                                        false,
                                        FILE_WRITE_ATTRIBUTES);
index 7d1fe8ba05c62e51be4df2f336d659ecd4737290..65c50336f6f179ab915574a8a0c5ac00b7a9e2c5 100644 (file)
@@ -202,6 +202,7 @@ static NTSTATUS check_access(connection_struct *conn,
 {
        SMB_ASSERT(dirfsp == dirfsp->conn->cwd_fsp);
        return smbd_check_access_rights(conn,
+                       dirfsp,
                        smb_fname,
                        false,
                        access_mask);