Author: tridge Date: 2005-01-09 08:27:35 +0000 (Sun, 09 Jan 2005) New Revision: 4615
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4615 Log: added acl checking on directory search in pvfs Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_search.c branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c Changeset: Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c =================================================================== --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c 2005-01-09 07:39:31 UTC (rev 4614) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c 2005-01-09 08:27:35 UTC (rev 4615) @@ -452,9 +452,10 @@ /* access check for creating a new file/directory - no access mask supplied */ -NTSTATUS pvfs_access_check_create_nomask(struct pvfs_state *pvfs, - struct smbsrv_request *req, - struct pvfs_filename *name) +NTSTATUS pvfs_access_check_parent(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name, + uint32_t access_mask) { struct pvfs_filename *parent; NTSTATUS status; @@ -464,7 +465,7 @@ return status; } - return pvfs_access_check_simple(pvfs, req, parent, SEC_DIR_ADD_FILE); + return pvfs_access_check_simple(pvfs, req, parent, access_mask); } Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c =================================================================== --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c 2005-01-09 07:39:31 UTC (rev 4614) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c 2005-01-09 08:27:35 UTC (rev 4615) @@ -44,7 +44,7 @@ return NT_STATUS_OBJECT_NAME_COLLISION; } - status = pvfs_access_check_create_nomask(pvfs, req, name); + status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_ADD_FILE); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -114,7 +114,7 @@ return NT_STATUS_OBJECT_NAME_COLLISION; } - status = pvfs_access_check_create_nomask(pvfs, req, name); + status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_ADD_FILE); if (!NT_STATUS_IS_OK(status)) { return status; } Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c =================================================================== --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c 2005-01-09 07:39:31 UTC (rev 4614) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c 2005-01-09 08:27:35 UTC (rev 4615) @@ -22,8 +22,8 @@ #include "includes.h" #include "vfs_posix.h" +#include "librpc/gen_ndr/ndr_security.h" - /* resolve a wildcard rename pattern. This works on one component of the name */ @@ -281,7 +281,7 @@ return status; } - status = pvfs_access_check_create_nomask(pvfs, req, name2); + status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -360,7 +360,7 @@ switch (ren->ntrename.in.flags) { case RENAME_FLAG_RENAME: - status = pvfs_access_check_create_nomask(pvfs, req, name2); + status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -370,7 +370,7 @@ break; case RENAME_FLAG_HARD_LINK: - status = pvfs_access_check_create_nomask(pvfs, req, name2); + status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -380,7 +380,7 @@ break; case RENAME_FLAG_COPY: - status = pvfs_access_check_create_nomask(pvfs, req, name2); + status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE); if (!NT_STATUS_IS_OK(status)) { return status; } Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_search.c =================================================================== --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_search.c 2005-01-09 07:39:31 UTC (rev 4614) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_search.c 2005-01-09 08:27:35 UTC (rev 4615) @@ -24,6 +24,7 @@ #include "vfs_posix.h" #include "system/time.h" #include "system/filesys.h" +#include "librpc/gen_ndr/ndr_security.h" /* the state of a search started with pvfs_search_first() */ @@ -325,6 +326,11 @@ return STATUS_NO_MORE_FILES; } + status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_TRAVERSE | SEC_DIR_LIST); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + /* we initially make search a child of the request, then if we need to keep it long term we steal it for the private structure */ @@ -461,6 +467,11 @@ return NT_STATUS_NO_SUCH_FILE; } + status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_TRAVERSE | SEC_DIR_LIST); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + /* we initially make search a child of the request, then if we need to keep it long term we steal it for the private structure */ Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c =================================================================== --- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c 2005-01-09 07:39:31 UTC (rev 4614) +++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c 2005-01-09 08:27:35 UTC (rev 4615) @@ -139,7 +139,7 @@ } } - status = pvfs_access_check_create_nomask(pvfs, req, name2); + status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE); if (!NT_STATUS_IS_OK(status)) { return status; }