Add 'bool use_privs' to smbd_calculate_access_mask().

author Jeremy Allison <jra@samba.org>

Fri, 14 Sep 2012 00:12:24 +0000 (17:12 -0700)

committer Jeremy Allison <jra@samba.org>

Fri, 14 Sep 2012 22:37:49 +0000 (00:37 +0200)
author Jeremy Allison <jra@samba.org>
Fri, 14 Sep 2012 00:12:24 +0000 (17:12 -0700)
committer Jeremy Allison <jra@samba.org>
Fri, 14 Sep 2012 22:37:49 +0000 (00:37 +0200)
diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c

index d052d4965df3750dcb38df03554be2d33951ca07..3f9e2aec059cbc1fdfdf950886ab8ee5cd2c702e 100644 (file)
--- a/source3/smbd/fake_file.c
+++ b/source3/smbd/fake_file.c
@@ -129,7 +129,7 @@ NTSTATUS open_fake_file(struct smb_request *req, connection_struct *conn,
         files_struct *fsp = NULL;
         NTSTATUS status;
  
-       status = smbd_calculate_access_mask(conn, smb_fname,
+       status = smbd_calculate_access_mask(conn, smb_fname, false,
                                             access_mask, &access_mask);
         if (!NT_STATUS_IS_OK(status)) {
                 DEBUG(10, ("open_fake_file: smbd_calculate_access_mask "
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h

index 566f04d71f3fe754c72110807ef7e8f552bcf464..74e42c77afec6d393a69e23fe66a0141ff6f4a0f 100644 (file)
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -202,6 +202,7 @@ bool smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx,
  
  NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
                                     const struct smb_filename *smb_fname,
+                                   bool use_privs,
                                     uint32_t access_mask,
                                     uint32_t *access_mask_out);
  
diff --git a/source3/smbd/open.c b/source3/smbd/open.c

index b0303f819698788d12b53b18a2f8b6aac465f08f..b67c045e340a674ac568ee969429c56538087f5f 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1662,13 +1662,14 @@ static void schedule_async_open(struct timeval request_time,
  static NTSTATUS smbd_calculate_maximum_allowed_access(
         connection_struct *conn,
         const struct smb_filename *smb_fname,
+       bool use_privs,
         uint32_t *p_access_mask)
  {
         struct security_descriptor *sd;
         uint32_t access_granted;
         NTSTATUS status;
  
-       if (get_current_uid(conn) == (uid_t)0) {
+       if (!use_privs && (get_current_uid(conn) == (uid_t)0)) {
                 *p_access_mask |= FILE_GENERIC_ALL;
                 return NT_STATUS_OK;
         }
@@ -1698,7 +1699,7 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
          */
         status = se_file_access_check(sd,
                                  get_current_nttok(conn),
-                                false,
+                                use_privs,
                                  (*p_access_mask & ~FILE_READ_ATTRIBUTES),
                                  &access_granted);
  
@@ -1716,6 +1717,7 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
  
  NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
                                     const struct smb_filename *smb_fname,
+                                   bool use_privs,
                                     uint32_t access_mask,
                                     uint32_t *access_mask_out)
  {
@@ -1733,7 +1735,7 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
         if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
  
                 status = smbd_calculate_maximum_allowed_access(
-                       conn, smb_fname, &access_mask);
+                       conn, smb_fname, use_privs, &access_mask);
  
                 if (!NT_STATUS_IS_OK(status)) {
                         return status;
@@ -2085,6 +2087,7 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
         }
  
         status = smbd_calculate_access_mask(conn, smb_fname,
+                                       false,
                                         access_mask,
                                         &access_mask); 
         if (!NT_STATUS_IS_OK(status)) {
@@ -2922,7 +2925,7 @@ static NTSTATUS open_directory(connection_struct *conn,
                  (unsigned int)create_disposition,
                  (unsigned int)file_attributes));
  
-       status = smbd_calculate_access_mask(conn, smb_dname,
+       status = smbd_calculate_access_mask(conn, smb_dname, false,
                                             access_mask, &access_mask);
         if (!NT_STATUS_IS_OK(status)) {
                 DEBUG(10, ("open_directory: smbd_calculate_access_mask "
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c

index 331ca49b1bac03486a809e469b45e0a7faa31fcf..0d9a146b2323f45c77ff8f58963ee566388dfd2c 100644 (file)
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -932,6 +932,7 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
  
                                 status = smbd_calculate_access_mask(smb1req->conn,
                                                         result->fsp_name,
+                                                       false,
                                                         SEC_FLAG_MAXIMUM_ALLOWED,
                                                         &max_access_granted);
author	Jeremy Allison <jra@samba.org>
	Fri, 14 Sep 2012 00:12:24 +0000 (17:12 -0700)
committer	Jeremy Allison <jra@samba.org>
	Fri, 14 Sep 2012 22:37:49 +0000 (00:37 +0200)
source3/smbd/fake_file.c		patch \| blob \| history
source3/smbd/globals.h		patch \| blob \| history
source3/smbd/open.c		patch \| blob \| history
source3/smbd/smb2_create.c		patch \| blob \| history