diff options
| author | Jeremy Allison <jra@samba.org> | 2009-02-26 11:42:23 -0800 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2009-02-26 11:42:23 -0800 |
| commit | 3121249243f52dcbf8083f5ff137bd580515efa7 (patch) | |
| tree | be0a48eb0ff6293a96312e275e263e95fb7f3be7 | |
| parent | bcadb77c18f9ed9be22762871617f1a12294e88c (diff) | |
| download | samba-3121249243f52dcbf8083f5ff137bd580515efa7.tar.gz samba-3121249243f52dcbf8083f5ff137bd580515efa7.tar.bz2 samba-3121249243f52dcbf8083f5ff137bd580515efa7.zip | |
Make us pass the RAW-RENAME torture test I just added.
Inside a directory, keep a file open and then renaming
the directory should fail with ACCESS_DENIED.
Jeremy.
| -rw-r--r-- | source3/include/proto.h | 1 | ||||
| -rw-r--r-- | source3/smbd/files.c | 43 | ||||
| -rw-r--r-- | source3/smbd/reply.c | 10 |
3 files changed, 54 insertions, 0 deletions
diff --git a/source3/include/proto.h b/source3/include/proto.h index 27b4ce9604..ce31640272 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -6520,6 +6520,7 @@ files_struct *file_find_fsp(files_struct *orig_fsp); files_struct *file_find_di_first(struct file_id id); files_struct *file_find_di_next(files_struct *start_fsp); files_struct *file_find_print(void); +bool file_find_subpath(files_struct *dir_fsp); void file_sync_all(connection_struct *conn); void file_free(struct smb_request *req, files_struct *fsp); files_struct *file_fnum(uint16 fnum); diff --git a/source3/smbd/files.c b/source3/smbd/files.c index efaadffc06..36e80a086a 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -356,6 +356,49 @@ files_struct *file_find_print(void) } /**************************************************************************** + Find any fsp open with a pathname below that of an already open path. +****************************************************************************/ + +bool file_find_subpath(files_struct *dir_fsp) +{ + files_struct *fsp; + size_t dlen; + char *d_fullname = talloc_asprintf(talloc_tos(), + "%s/%s", + dir_fsp->conn->connectpath, + dir_fsp->fsp_name); + + if (!d_fullname) { + return false; + } + + dlen = strlen(d_fullname); + + for (fsp=Files;fsp;fsp=fsp->next) { + char *d1_fullname; + + if (fsp == dir_fsp) { + continue; + } + + d1_fullname = talloc_asprintf(talloc_tos(), + "%s/%s", + fsp->conn->connectpath, + fsp->fsp_name); + + if (strnequal(d_fullname, d1_fullname, dlen)) { + TALLOC_FREE(d_fullname); + TALLOC_FREE(d1_fullname); + return true; + } + TALLOC_FREE(d1_fullname); + } + + TALLOC_FREE(d_fullname); + return false; +} + +/**************************************************************************** Sync open files on a connection. ****************************************************************************/ diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 80ed019e0f..22e4c1aad7 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -2214,6 +2214,16 @@ static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp, } if (S_ISDIR(pst->st_mode)) { + if (fsp->posix_open) { + return NT_STATUS_OK; + } + + /* If no pathnames are open below this + directory, allow the rename. */ + + if (file_find_subpath(fsp)) { + return NT_STATUS_ACCESS_DENIED; + } return NT_STATUS_OK; } |