summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Tridgell <tridge@samba.org>2004-12-21 11:44:32 +0000
committerGerald (Jerry) Carter <jerry@samba.org>2007-10-10 13:07:33 -0500
commita66a985cde1606d0ed6f66f2dc80357b0f7d3363 (patch)
treef699472e80bc6b48edaebc8b1e15f3d6cbc3268e
parentde2ccc5ca93e0a0476aa829afd987cc043479e91 (diff)
downloadsamba-a66a985cde1606d0ed6f66f2dc80357b0f7d3363.tar.gz
samba-a66a985cde1606d0ed6f66f2dc80357b0f7d3363.tar.bz2
samba-a66a985cde1606d0ed6f66f2dc80357b0f7d3363.zip
r4314: added ACL checking on unlink
(This used to be commit f25c469693517ed993e0379d8b07cd7eb235a669)
-rw-r--r--source4/ntvfs/posix/pvfs_acl.c13
-rw-r--r--source4/ntvfs/posix/pvfs_open.c8
-rw-r--r--source4/ntvfs/posix/pvfs_rename.c2
-rw-r--r--source4/ntvfs/posix/pvfs_setfileinfo.c2
-rw-r--r--source4/ntvfs/posix/pvfs_unlink.c15
5 files changed, 31 insertions, 9 deletions
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index 95a4e5765c..5302cc9524 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -390,3 +390,16 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs,
return status;
}
+
+
+/*
+ a simplified interface to access check, designed for calls that
+ do not take or return an access check mask
+*/
+NTSTATUS pvfs_access_check_simple(struct pvfs_state *pvfs,
+ struct smbsrv_request *req,
+ struct pvfs_filename *name,
+ uint32_t access_needed)
+{
+ return pvfs_access_check(pvfs, req, name, &access_needed);
+}
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index 7cb8a5d90c..34052fc44a 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -1211,7 +1211,9 @@ NTSTATUS pvfs_change_create_options(struct pvfs_state *pvfs,
determine if a file can be deleted, or if it is prevented by an
already open file
*/
-NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, struct pvfs_filename *name)
+NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs,
+ struct smbsrv_request *req,
+ struct pvfs_filename *name)
{
NTSTATUS status;
DATA_BLOB key;
@@ -1228,6 +1230,10 @@ NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, struct pvfs_filename *name)
NTCREATEX_OPTIONS_DELETE_ON_CLOSE,
SEC_STD_DELETE);
+ if (NT_STATUS_IS_OK(status)) {
+ status = pvfs_access_check_simple(pvfs, req, name, SEC_STD_DELETE);
+ }
+
return status;
}
diff --git a/source4/ntvfs/posix/pvfs_rename.c b/source4/ntvfs/posix/pvfs_rename.c
index cba9cace59..0ca05bbc17 100644
--- a/source4/ntvfs/posix/pvfs_rename.c
+++ b/source4/ntvfs/posix/pvfs_rename.c
@@ -162,7 +162,7 @@ static NTSTATUS pvfs_rename_one(struct pvfs_state *pvfs,
status = pvfs_resolve_partial(pvfs, mem_ctx,
dir_path, fname2, &name2);
if (NT_STATUS_IS_OK(status)) {
- status = pvfs_can_delete(pvfs, name2);
+ status = pvfs_can_delete(pvfs, req, name2);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(mem_ctx);
return status;
diff --git a/source4/ntvfs/posix/pvfs_setfileinfo.c b/source4/ntvfs/posix/pvfs_setfileinfo.c
index 2a06def2b4..295d2e919e 100644
--- a/source4/ntvfs/posix/pvfs_setfileinfo.c
+++ b/source4/ntvfs/posix/pvfs_setfileinfo.c
@@ -91,7 +91,7 @@ static NTSTATUS pvfs_setfileinfo_rename(struct pvfs_state *pvfs,
return NT_STATUS_OBJECT_NAME_COLLISION;
}
- status = pvfs_can_delete(pvfs, name2);
+ status = pvfs_can_delete(pvfs, req, name2);
if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) {
return NT_STATUS_ACCESS_DENIED;
}
diff --git a/source4/ntvfs/posix/pvfs_unlink.c b/source4/ntvfs/posix/pvfs_unlink.c
index f29a70600f..09732d7735 100644
--- a/source4/ntvfs/posix/pvfs_unlink.c
+++ b/source4/ntvfs/posix/pvfs_unlink.c
@@ -27,7 +27,9 @@
/*
unlink a stream
*/
-static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, struct pvfs_filename *name,
+static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs,
+ struct smbsrv_request *req,
+ struct pvfs_filename *name,
uint16_t attrib)
{
NTSTATUS status;
@@ -42,7 +44,7 @@ static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, struct pvfs_filename
return status;
}
- status = pvfs_can_delete(pvfs, name);
+ status = pvfs_can_delete(pvfs, req, name);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -54,7 +56,8 @@ static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, struct pvfs_filename
/*
unlink one file
*/
-static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
+static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs,
+ struct smbsrv_request *req,
const char *unix_path,
const char *fname, uint32_t attrib)
{
@@ -62,7 +65,7 @@ static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
NTSTATUS status;
/* get a pvfs_filename object */
- status = pvfs_resolve_partial(pvfs, mem_ctx,
+ status = pvfs_resolve_partial(pvfs, req,
unix_path, fname, &name);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -75,7 +78,7 @@ static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx,
return status;
}
- status = pvfs_can_delete(pvfs, name);
+ status = pvfs_can_delete(pvfs, req, name);
if (!NT_STATUS_IS_OK(status)) {
talloc_free(name);
return status;
@@ -133,7 +136,7 @@ NTSTATUS pvfs_unlink(struct ntvfs_module_context *ntvfs,
}
if (name->stream_name) {
- return pvfs_unlink_stream(pvfs, name, unl->in.attrib);
+ return pvfs_unlink_stream(pvfs, req, name, unl->in.attrib);
}
/* get list of matching files */