git.samba.org / sfrench / samba-autobuild / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7c017f9)
r18580: map the PVFS_FLAG_READONLY bit in the posix backend onto
authorAndrew Tridgell <tridge@samba.org>
Sat, 16 Sep 2006 15:31:53 +0000 (15:31 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 19:18:51 +0000 (14:18 -0500)
NT_STATUS_ACCESS_DENIED in the access mask checks
(This used to be commit ceffc34f3e9f47a8a44dad52054688f9855eeb37)

source4/ntvfs/posix/pvfs_acl.c patch | blob | history

diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index 3d276431dc21c09c3a3c046627dc9d100826f8b4..1dd40c0e06b3047736114dcdc144c81ff25e3d9a 100644 (file)
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -349,6 +349,13 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs,
        uid_t uid = geteuid();
        uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL;
 
+       if ((pvfs->flags & PVFS_FLAG_READONLY) &&
+           ((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | 
+                              SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | 
+                              SEC_DIR_DELETE_CHILD))) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        /* owner and root get extra permissions */
        if (uid == 0) {
                max_bits |= SEC_STD_ALL | SEC_FLAG_SYSTEM_SECURITY;
@@ -390,6 +397,13 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
        NTSTATUS status;
        struct security_descriptor *sd;
 
+       if ((pvfs->flags & PVFS_FLAG_READONLY) &&
+           ((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | 
+                              SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | 
+                              SEC_DIR_DELETE_CHILD))) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        acl = talloc(req, struct xattr_NTACL);
        if (acl == NULL) {
                return NT_STATUS_NO_MEMORY;
Unnamed repository; edit this file 'description' to name the repository.