diff options
author | Andrew Tridgell <tridge@samba.org> | 2004-12-21 11:44:32 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 13:07:33 -0500 |
commit | a66a985cde1606d0ed6f66f2dc80357b0f7d3363 (patch) | |
tree | f699472e80bc6b48edaebc8b1e15f3d6cbc3268e | |
parent | de2ccc5ca93e0a0476aa829afd987cc043479e91 (diff) | |
download | samba-a66a985cde1606d0ed6f66f2dc80357b0f7d3363.tar.gz samba-a66a985cde1606d0ed6f66f2dc80357b0f7d3363.tar.bz2 samba-a66a985cde1606d0ed6f66f2dc80357b0f7d3363.zip |
r4314: added ACL checking on unlink
(This used to be commit f25c469693517ed993e0379d8b07cd7eb235a669)
-rw-r--r-- | source4/ntvfs/posix/pvfs_acl.c | 13 | ||||
-rw-r--r-- | source4/ntvfs/posix/pvfs_open.c | 8 | ||||
-rw-r--r-- | source4/ntvfs/posix/pvfs_rename.c | 2 | ||||
-rw-r--r-- | source4/ntvfs/posix/pvfs_setfileinfo.c | 2 | ||||
-rw-r--r-- | source4/ntvfs/posix/pvfs_unlink.c | 15 |
5 files changed, 31 insertions, 9 deletions
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 95a4e5765c..5302cc9524 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -390,3 +390,16 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, return status; } + + +/* + a simplified interface to access check, designed for calls that + do not take or return an access check mask +*/ +NTSTATUS pvfs_access_check_simple(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name, + uint32_t access_needed) +{ + return pvfs_access_check(pvfs, req, name, &access_needed); +} diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c index 7cb8a5d90c..34052fc44a 100644 --- a/source4/ntvfs/posix/pvfs_open.c +++ b/source4/ntvfs/posix/pvfs_open.c @@ -1211,7 +1211,9 @@ NTSTATUS pvfs_change_create_options(struct pvfs_state *pvfs, determine if a file can be deleted, or if it is prevented by an already open file */ -NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, struct pvfs_filename *name) +NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name) { NTSTATUS status; DATA_BLOB key; @@ -1228,6 +1230,10 @@ NTSTATUS pvfs_can_delete(struct pvfs_state *pvfs, struct pvfs_filename *name) NTCREATEX_OPTIONS_DELETE_ON_CLOSE, SEC_STD_DELETE); + if (NT_STATUS_IS_OK(status)) { + status = pvfs_access_check_simple(pvfs, req, name, SEC_STD_DELETE); + } + return status; } diff --git a/source4/ntvfs/posix/pvfs_rename.c b/source4/ntvfs/posix/pvfs_rename.c index cba9cace59..0ca05bbc17 100644 --- a/source4/ntvfs/posix/pvfs_rename.c +++ b/source4/ntvfs/posix/pvfs_rename.c @@ -162,7 +162,7 @@ static NTSTATUS pvfs_rename_one(struct pvfs_state *pvfs, status = pvfs_resolve_partial(pvfs, mem_ctx, dir_path, fname2, &name2); if (NT_STATUS_IS_OK(status)) { - status = pvfs_can_delete(pvfs, name2); + status = pvfs_can_delete(pvfs, req, name2); if (!NT_STATUS_IS_OK(status)) { talloc_free(mem_ctx); return status; diff --git a/source4/ntvfs/posix/pvfs_setfileinfo.c b/source4/ntvfs/posix/pvfs_setfileinfo.c index 2a06def2b4..295d2e919e 100644 --- a/source4/ntvfs/posix/pvfs_setfileinfo.c +++ b/source4/ntvfs/posix/pvfs_setfileinfo.c @@ -91,7 +91,7 @@ static NTSTATUS pvfs_setfileinfo_rename(struct pvfs_state *pvfs, return NT_STATUS_OBJECT_NAME_COLLISION; } - status = pvfs_can_delete(pvfs, name2); + status = pvfs_can_delete(pvfs, req, name2); if (NT_STATUS_EQUAL(status, NT_STATUS_SHARING_VIOLATION)) { return NT_STATUS_ACCESS_DENIED; } diff --git a/source4/ntvfs/posix/pvfs_unlink.c b/source4/ntvfs/posix/pvfs_unlink.c index f29a70600f..09732d7735 100644 --- a/source4/ntvfs/posix/pvfs_unlink.c +++ b/source4/ntvfs/posix/pvfs_unlink.c @@ -27,7 +27,9 @@ /* unlink a stream */ -static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, struct pvfs_filename *name, +static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, + struct smbsrv_request *req, + struct pvfs_filename *name, uint16_t attrib) { NTSTATUS status; @@ -42,7 +44,7 @@ static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, struct pvfs_filename return status; } - status = pvfs_can_delete(pvfs, name); + status = pvfs_can_delete(pvfs, req, name); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -54,7 +56,8 @@ static NTSTATUS pvfs_unlink_stream(struct pvfs_state *pvfs, struct pvfs_filename /* unlink one file */ -static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx, +static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, + struct smbsrv_request *req, const char *unix_path, const char *fname, uint32_t attrib) { @@ -62,7 +65,7 @@ static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx, NTSTATUS status; /* get a pvfs_filename object */ - status = pvfs_resolve_partial(pvfs, mem_ctx, + status = pvfs_resolve_partial(pvfs, req, unix_path, fname, &name); if (!NT_STATUS_IS_OK(status)) { return status; @@ -75,7 +78,7 @@ static NTSTATUS pvfs_unlink_one(struct pvfs_state *pvfs, TALLOC_CTX *mem_ctx, return status; } - status = pvfs_can_delete(pvfs, name); + status = pvfs_can_delete(pvfs, req, name); if (!NT_STATUS_IS_OK(status)) { talloc_free(name); return status; @@ -133,7 +136,7 @@ NTSTATUS pvfs_unlink(struct ntvfs_module_context *ntvfs, } if (name->stream_name) { - return pvfs_unlink_stream(pvfs, name, unl->in.attrib); + return pvfs_unlink_stream(pvfs, req, name, unl->in.attrib); } /* get list of matching files */ |