The branch, v3-3-test has been updated
via 6bfb06ad95963ae2acb67c4694a98282d3b29faa (commit)
from b739c7f1cdb2b19a380b06681b00dcf490d788a9 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit 6bfb06ad95963ae2acb67c4694a98282d3b29faa
Author: Jeremy Allison <[EMAIL PROTECTED]>
Date: Fri May 2 17:22:10 2008 -0700
Remove the "stat_open()" function, flag, and all associated code. It was
only
being (correctly) used in the can_read/can_write checks for hide
unreadable/unwritable
and this is more properly done using the functions in smbd/file_access.c.
Preparing to do NT access checks on all file access.
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/include/smb.h | 1 -
source/locking/locking.c | 4 --
source/rpc_server/srv_srvsvc_nt.c | 11 +++++-
source/smbd/close.c | 16 ---------
source/smbd/dir.c | 68 +-----------------------------------
source/smbd/file_access.c | 8 ++--
source/smbd/files.c | 1 -
source/smbd/open.c | 56 +------------------------------
8 files changed, 16 insertions(+), 149 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/smb.h b/source/include/smb.h
index 598708b..ce91d81 100644
--- a/source/include/smb.h
+++ b/source/include/smb.h
@@ -508,7 +508,6 @@ typedef struct files_struct {
bool print_file;
bool modified;
bool is_directory;
- bool is_stat;
bool aio_write_behind;
bool lockdb_clean;
bool initial_delete_on_close; /* Only set at NTCreateX if file was
created. */
diff --git a/source/locking/locking.c b/source/locking/locking.c
index 5faebef..17131d9 100644
--- a/source/locking/locking.c
+++ b/source/locking/locking.c
@@ -1363,10 +1363,6 @@ bool set_delete_on_close(files_struct *fsp, bool
delete_on_close, UNIX_USER_TOKE
delete_on_close ? "Adding" : "Removing", fsp->fnum,
fsp->fsp_name ));
- if (fsp->is_stat) {
- return True;
- }
-
lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL,
NULL);
if (lck == NULL) {
diff --git a/source/rpc_server/srv_srvsvc_nt.c
b/source/rpc_server/srv_srvsvc_nt.c
index 7188360..1b578cc 100644
--- a/source/rpc_server/srv_srvsvc_nt.c
+++ b/source/rpc_server/srv_srvsvc_nt.c
@@ -2206,13 +2206,20 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p,
goto error_exit;
}
- nt_status = open_file_stat(conn, NULL, filename, &st, &fsp);
+ nt_status = open_file_ntcreate(conn, NULL, filename, &st,
+ FILE_WRITE_ATTRIBUTES,
+ FILE_SHARE_READ|FILE_SHARE_WRITE,
+ FILE_OPEN,
+ 0,
+ FILE_ATTRIBUTE_NORMAL,
+ INTERNAL_OPEN_ONLY,
+ NULL, &fsp);
if ( !NT_STATUS_IS_OK(nt_status) ) {
/* Perhaps it is a directory */
if (NT_STATUS_EQUAL(nt_status, NT_STATUS_FILE_IS_A_DIRECTORY))
nt_status = open_directory(conn, NULL, filename, &st,
- FILE_READ_ATTRIBUTES,
+ FILE_WRITE_ATTRIBUTES,
FILE_SHARE_READ|FILE_SHARE_WRITE,
FILE_OPEN,
0,
diff --git a/source/smbd/close.c b/source/smbd/close.c
index 3afc037..e27d5c4 100644
--- a/source/smbd/close.c
+++ b/source/smbd/close.c
@@ -703,20 +703,6 @@ static NTSTATUS close_directory(files_struct *fsp, enum
file_close_type close_ty
}
/****************************************************************************
- Close a 'stat file' opened internally.
-****************************************************************************/
-
-static NTSTATUS close_stat(files_struct *fsp)
-{
- /*
- * Do the code common to files and directories.
- */
- close_filestruct(fsp);
- file_free(fsp);
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
Close a files_struct.
****************************************************************************/
@@ -727,8 +713,6 @@ NTSTATUS close_file(files_struct *fsp, enum file_close_type
close_type)
if(fsp->is_directory) {
status = close_directory(fsp, close_type);
- } else if (fsp->is_stat) {
- status = close_stat(fsp);
} else if (fsp->fake_file_handle != NULL) {
status = close_fake_file(fsp);
} else {
diff --git a/source/smbd/dir.c b/source/smbd/dir.c
index 6e02401..7d58497 100644
--- a/source/smbd/dir.c
+++ b/source/smbd/dir.c
@@ -925,11 +925,6 @@ bool get_dir_entry(TALLOC_CTX *ctx,
static bool user_can_read_file(connection_struct *conn, char *name,
SMB_STRUCT_STAT *pst)
{
- SEC_DESC *psd = NULL;
- files_struct *fsp;
- NTSTATUS status;
- uint32 access_granted;
-
/*
* If user is a member of the Admin group
* we never hide files from them.
@@ -941,36 +936,7 @@ static bool user_can_read_file(connection_struct *conn,
char *name, SMB_STRUCT_S
SMB_ASSERT(VALID_STAT(*pst));
- /* Pseudo-open the file (note - no fd's created). */
-
- if(S_ISDIR(pst->st_mode)) {
- status = open_directory(conn, NULL, name, pst,
- READ_CONTROL_ACCESS,
- FILE_SHARE_READ|FILE_SHARE_WRITE,
- FILE_OPEN,
- 0, /* no create options. */
- FILE_ATTRIBUTE_DIRECTORY,
- NULL, &fsp);
- } else {
- status = open_file_stat(conn, NULL, name, pst, &fsp);
- }
-
- if (!NT_STATUS_IS_OK(status)) {
- return False;
- }
-
- /* Get NT ACL -allocated in main loop talloc context. No free needed
here. */
- status = SMB_VFS_FGET_NT_ACL(fsp,
-
(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION),
&psd);
- close_file(fsp, NORMAL_CLOSE);
-
- /* No access if SD get failed. */
- if (!NT_STATUS_IS_OK(status)) {
- return False;
- }
-
- return se_access_check(psd, current_user.nt_user_token, FILE_READ_DATA,
- &access_granted, &status);
+ return can_access_file_acl(conn, name, pst, FILE_READ_DATA);
}
/*******************************************************************
@@ -982,12 +948,6 @@ static bool user_can_read_file(connection_struct *conn,
char *name, SMB_STRUCT_S
static bool user_can_write_file(connection_struct *conn, char *name,
SMB_STRUCT_STAT *pst)
{
- SEC_DESC *psd = NULL;
- files_struct *fsp;
- int info;
- NTSTATUS status;
- uint32 access_granted;
-
/*
* If user is a member of the Admin group
* we never hide files from them.
@@ -1003,33 +963,9 @@ static bool user_can_write_file(connection_struct *conn,
char *name, SMB_STRUCT_
if(S_ISDIR(pst->st_mode)) {
return True;
- } else {
- status = open_file_ntcreate(conn, NULL, name, pst,
- FILE_WRITE_ATTRIBUTES,
- FILE_SHARE_READ|FILE_SHARE_WRITE,
- FILE_OPEN,
- 0,
- FILE_ATTRIBUTE_NORMAL,
- INTERNAL_OPEN_ONLY,
- &info, &fsp);
- }
-
- if (!NT_STATUS_IS_OK(status)) {
- return False;
- }
-
- /* Get NT ACL -allocated in main loop talloc context. No free needed
here. */
- status = SMB_VFS_FGET_NT_ACL(fsp,
-
(OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION),
&psd);
- close_file(fsp, NORMAL_CLOSE);
-
- /* No access if SD get failed. */
- if (!NT_STATUS_IS_OK(status)) {
- return False;
}
- return se_access_check(psd, current_user.nt_user_token, FILE_WRITE_DATA,
- &access_granted, &status);
+ return can_write_to_file(conn, name, pst);
}
/*******************************************************************
diff --git a/source/smbd/file_access.c b/source/smbd/file_access.c
index 4c07bc5..71f3291 100644
--- a/source/smbd/file_access.c
+++ b/source/smbd/file_access.c
@@ -25,7 +25,7 @@ extern struct current_user current_user;
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_ACLS
-static bool can_access_file_acl(struct connection_struct *conn,
+bool can_access_file_acl(struct connection_struct *conn,
const char * fname, SMB_STRUCT_STAT *psbuf,
uint32_t access_mask)
{
@@ -125,7 +125,7 @@ bool can_delete_file_in_directory(connection_struct *conn,
const char *fname)
Note this doesn't take into account share write permissions.
****************************************************************************/
-bool can_access_file(connection_struct *conn, const char *fname,
SMB_STRUCT_STAT *psbuf, uint32 access_mask)
+bool can_access_file_data(connection_struct *conn, const char *fname,
SMB_STRUCT_STAT *psbuf, uint32 access_mask)
{
if (!(access_mask & (FILE_READ_DATA|FILE_WRITE_DATA))) {
return False;
@@ -134,7 +134,7 @@ bool can_access_file(connection_struct *conn, const char
*fname, SMB_STRUCT_STAT
/* some fast paths first */
- DEBUG(10,("can_access_file: requesting 0x%x on file %s\n",
+ DEBUG(10,("can_access_file_data: requesting 0x%x on file %s\n",
(unsigned int)access_mask, fname ));
if (current_user.ut.uid == 0 || conn->admin_user) {
@@ -180,7 +180,7 @@ bool can_access_file(connection_struct *conn, const char
*fname, SMB_STRUCT_STAT
bool can_write_to_file(connection_struct *conn, const char *fname,
SMB_STRUCT_STAT *psbuf)
{
- return can_access_file(conn, fname, psbuf, FILE_WRITE_DATA);
+ return can_access_file_data(conn, fname, psbuf, FILE_WRITE_DATA);
}
/****************************************************************************
diff --git a/source/smbd/files.c b/source/smbd/files.c
index d6e91c6..17c473f 100644
--- a/source/smbd/files.c
+++ b/source/smbd/files.c
@@ -539,7 +539,6 @@ NTSTATUS dup_file_fsp(files_struct *fsp,
dup_fsp->print_file = fsp->print_file;
dup_fsp->modified = fsp->modified;
dup_fsp->is_directory = fsp->is_directory;
- dup_fsp->is_stat = fsp->is_stat;
dup_fsp->aio_write_behind = fsp->aio_write_behind;
string_set(&dup_fsp->fsp_name,fsp->fsp_name);
diff --git a/source/smbd/open.c b/source/smbd/open.c
index dd518b9..5c860f8 100644
--- a/source/smbd/open.c
+++ b/source/smbd/open.c
@@ -391,7 +391,6 @@ static NTSTATUS open_file(files_struct *fsp,
fsp->modified = False;
fsp->sent_oplock_break = NO_BREAK_SENT;
fsp->is_directory = False;
- fsp->is_stat = False;
if (conn->aio_write_behind_list &&
is_in_path(path, conn->aio_write_behind_list,
conn->case_sensitive)) {
fsp->aio_write_behind = True;
@@ -1571,7 +1570,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn,
}
if (((can_access_mask & FILE_WRITE_DATA) &&
!CAN_WRITE(conn)) ||
- !can_access_file(conn,fname,psbuf,can_access_mask))
{
+
!can_access_file_data(conn,fname,psbuf,can_access_mask)) {
can_access = False;
}
@@ -2223,7 +2222,6 @@ NTSTATUS open_directory(connection_struct *conn,
fsp->oplock_type = NO_OPLOCK;
fsp->sent_oplock_break = NO_BREAK_SENT;
fsp->is_directory = True;
- fsp->is_stat = False;
fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True
: False;
string_set(&fsp->fsp_name,fname);
@@ -2306,58 +2304,6 @@ NTSTATUS create_directory(connection_struct *conn,
struct smb_request *req, cons
}
/****************************************************************************
- Open a pseudo-file (no locking checks - a 'stat' open).
-****************************************************************************/
-
-NTSTATUS open_file_stat(connection_struct *conn, struct smb_request *req,
- const char *fname, SMB_STRUCT_STAT *psbuf,
- files_struct **result)
-{
- files_struct *fsp = NULL;
- NTSTATUS status;
-
- if (!VALID_STAT(*psbuf)) {
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- /* Can't 'stat' open directories. */
- if(S_ISDIR(psbuf->st_mode)) {
- return NT_STATUS_FILE_IS_A_DIRECTORY;
- }
-
- status = file_new(conn, &fsp);
- if(!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
- DEBUG(5,("open_file_stat: 'opening' file %s\n", fname));
-
- /*
- * Setup the files_struct for it.
- */
-
- fsp->mode = psbuf->st_mode;
- fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf);
- fsp->vuid = req ? req->vuid : UID_FIELD_INVALID;
- fsp->file_pid = req ? req->smbpid : 0;
- fsp->can_lock = False;
- fsp->can_read = False;
- fsp->can_write = False;
- fsp->print_file = False;
- fsp->modified = False;
- fsp->oplock_type = NO_OPLOCK;
- fsp->sent_oplock_break = NO_BREAK_SENT;
- fsp->is_directory = False;
- fsp->is_stat = True;
- string_set(&fsp->fsp_name,fname);
-
- conn->num_files_open++;
-
- *result = fsp;
- return NT_STATUS_OK;
-}
-
-/****************************************************************************
Receive notification that one of our open files has been renamed by another
smbd process.
****************************************************************************/
--
Samba Shared Repository
