The branch, v3-6-test has been updated
via bde0ecf Add in fsp->access_mask checks. Not required (underlying
system does this) but makes logic cleaner. Pointed out by Metze.
from 3439a81 Fix bug #7812 - vfs_acl_xattr/vfs_acl_tdb: ACL inheritance
cannot be disabled
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit bde0ecf307fb0650659e6613f3ffd123190dd5e3
Author: Jeremy Allison <[email protected]>
Date: Tue Nov 23 15:59:33 2010 -0800
Add in fsp->access_mask checks. Not required (underlying system does this)
but makes logic cleaner. Pointed out by Metze.
Jeremy.
(cherry picked from commit b869df5489b85807fd830c544099e71a058a03ec)
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/nttrans.c | 6 ++++--
source3/smbd/trans2.c | 38 ++++++++++++++++++++++++++++++++++++++
2 files changed, 42 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index e70e683..6a38d1e 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1388,7 +1388,8 @@ static NTSTATUS copy_internals(TALLOC_CTX *ctx,
req, /* req */
0, /* root_dir_fid */
smb_fname_src, /* fname */
- FILE_READ_DATA, /* access_mask */
+ FILE_READ_DATA|FILE_READ_ATTRIBUTES|
+ FILE_READ_EA, /* access_mask */
(FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
FILE_SHARE_DELETE),
FILE_OPEN, /* create_disposition*/
@@ -1411,7 +1412,8 @@ static NTSTATUS copy_internals(TALLOC_CTX *ctx,
req, /* req */
0, /* root_dir_fid */
smb_fname_dst, /* fname */
- FILE_WRITE_DATA, /* access_mask */
+ FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|
+ FILE_WRITE_EA, /* access_mask */
(FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */
FILE_SHARE_DELETE),
FILE_CREATE, /* create_disposition*/
diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index b755944..ddcaae7 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -503,6 +503,10 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
return NT_STATUS_EAS_NOT_SUPPORTED;
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* For now setting EAs on streams isn't supported. */
fname = smb_fname->base_name;
@@ -5445,6 +5449,10 @@ NTSTATUS smb_set_file_time(connection_struct *conn,
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* get some defaults (no modifications) if any info is zero or -1. */
if (null_timespec(ft->create_time)) {
action &= ~FILE_NOTIFY_CHANGE_CREATION;
@@ -5598,6 +5606,10 @@ static NTSTATUS smb_set_file_size(connection_struct
*conn,
return NT_STATUS_OBJECT_NAME_NOT_FOUND;
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
DEBUG(6,("smb_set_file_size: size: %.0f ", (double)size));
if (size == get_file_size_stat(psbuf)) {
@@ -5704,6 +5716,11 @@ static NTSTATUS smb_info_set_ea(connection_struct *conn,
if (!ea_list) {
return NT_STATUS_INVALID_PARAMETER;
}
+
+ if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
status = set_ea(conn, fsp, smb_fname, ea_list);
return status;
@@ -5746,6 +5763,11 @@ static NTSTATUS
smb_set_file_full_ea_info(connection_struct *conn,
if (!ea_list) {
return NT_STATUS_INVALID_PARAMETER;
}
+
+ if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
DEBUG(10, ("smb_set_file_full_ea_info on file %s returned %s\n",
@@ -6484,6 +6506,10 @@ static NTSTATUS
smb_set_file_basic_info(connection_struct *conn,
return NT_STATUS_INVALID_PARAMETER;
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* Set the attributes */
dosmode = IVAL(pdata,32);
status = smb_set_file_dosmode(conn, smb_fname, dosmode);
@@ -6528,6 +6554,10 @@ static NTSTATUS smb_set_info_standard(connection_struct
*conn,
return NT_STATUS_INVALID_PARAMETER;
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* create time */
ft.create_time = convert_time_t_to_timespec(srv_make_unix_date2(pdata));
/* access time */
@@ -6586,6 +6616,10 @@ static NTSTATUS
smb_set_file_allocation_info(connection_struct *conn,
allocation_size = smb_roundup(conn, allocation_size);
}
+ if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
DEBUG(10,("smb_set_file_allocation_info: file %s : setting new "
"allocation size to %.0f\n", smb_fname_str_dbg(smb_fname),
(double)allocation_size));
@@ -6683,6 +6717,10 @@ static NTSTATUS
smb_set_file_end_of_file_info(connection_struct *conn,
"file %s to %.0f\n", smb_fname_str_dbg(smb_fname),
(double)size));
+ if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
return smb_set_file_size(conn, req,
fsp,
smb_fname,
--
Samba Shared Repository
