Change the S3 fileserver over to se_file_access_check().

Don't set the priv_open_requested yet until the open-for-backup
request is correctly passed in.

diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c
index 978edf2ece988bbb4be24b7105045cf6ce57e04b..c7a8e51c05a4356c58d710699a67d4ec2fffb48d 100644 (file)
--- a/source3/lib/sharesec.c
+++ b/source3/lib/sharesec.c
@@ -451,7 +451,7 @@ bool share_access_check(const struct security_token *token,
                return false;
        }
 
-       status = se_access_check(psd, token, desired_access, &granted);
+       status = se_file_access_check(psd, token, true, desired_access, &granted);
 
        TALLOC_FREE(psd);
 

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 415f6adf2e2f6706183ef74b1d577202f8c5e39f..b69db8b5e100a01451424ed8b7be989c6c9e5254 100644 (file)
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -129,11 +129,12 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
        }
 
        /*
-        * Never test FILE_READ_ATTRIBUTES. se_access_check() also takes care of
+        * Never test FILE_READ_ATTRIBUTES. se_file_access_check() also takes care of
         * owner WRITE_DAC and READ_CONTROL.
         */
-       status = se_access_check(sd,
+       status = se_file_access_check(sd,
                                get_current_nttok(conn),
+                               false,
                                (access_mask & ~FILE_READ_ATTRIBUTES),
                                &rejected_mask);
 
@@ -245,11 +246,12 @@ static NTSTATUS check_parent_access(struct connection_struct *conn,
        }
 
        /*
-        * Never test FILE_READ_ATTRIBUTES. se_access_check() also takes care of
+        * Never test FILE_READ_ATTRIBUTES. se_file_access_check() also takes care of
         * owner WRITE_DAC and READ_CONTROL.
         */
-       status = se_access_check(parent_sd,
+       status = se_file_access_check(parent_sd,
                                get_current_nttok(conn),
+                               false,
                                (access_mask & ~FILE_READ_ATTRIBUTES),
                                &access_granted);
        if(!NT_STATUS_IS_OK(status)) {
@@ -1681,11 +1683,12 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
        }
 
        /*
-        * Never test FILE_READ_ATTRIBUTES. se_access_check()
+        * Never test FILE_READ_ATTRIBUTES. se_file_access_check()
         * also takes care of owner WRITE_DAC and READ_CONTROL.
         */
-       status = se_access_check(sd,
+       status = se_file_access_check(sd,
                                 get_current_nttok(conn),
+                                false,
                                 (*p_access_mask & ~FILE_READ_ATTRIBUTES),
                                 &access_granted);