diff options
author | Jeremy Allison <jra@samba.org> | 2013-01-16 12:51:32 -0800 |
---|---|---|
committer | David Disseldorp <ddiss@samba.org> | 2013-01-18 00:06:52 +0100 |
commit | d6e10f00666b9baa17927067e58361ab39901fa1 (patch) | |
tree | 7defbe88647dc6d10ea0d379da7c21ed2e32483c | |
parent | 7a21f605c14a43807e4887fd92df61a341132a43 (diff) | |
download | samba-d6e10f00666b9baa17927067e58361ab39901fa1.tar.gz samba-d6e10f00666b9baa17927067e58361ab39901fa1.tar.bz2 samba-d6e10f00666b9baa17927067e58361ab39901fa1.zip |
Move handle checking code to copychunk_check_handles().
Planning to add extra checks to ensure we don't attempt
copychunk on printer or IPC$ handles.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
-rw-r--r-- | source3/smbd/smb2_ioctl_network_fs.c | 58 |
1 files changed, 37 insertions, 21 deletions
diff --git a/source3/smbd/smb2_ioctl_network_fs.c b/source3/smbd/smb2_ioctl_network_fs.c index 76625ab510..a59a83b570 100644 --- a/source3/smbd/smb2_ioctl_network_fs.c +++ b/source3/smbd/smb2_ioctl_network_fs.c @@ -171,6 +171,38 @@ struct fsctl_srv_copychunk_state { }; static void fsctl_srv_copychunk_vfs_done(struct tevent_req *subreq); +static NTSTATUS copychunk_check_handles(struct files_struct *src_fsp, + struct files_struct *dst_fsp, + struct smb_request *smb1req) +{ + /* + * [MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request + * If Open.GrantedAccess of the destination file does not + * include FILE_WRITE_DATA, then the request MUST be failed with + * STATUS_ACCESS_DENIED. If Open.GrantedAccess of the + * destination file does not include FILE_READ_DATA access and + * the CtlCode is FSCTL_SRV_COPYCHUNK, then the request MUST be + * failed with STATUS_ACCESS_DENIED. + */ + if (!CHECK_WRITE(dst_fsp)) { + DEBUG(5, ("copy chunk no write on dest handle (%s).\n", + smb_fname_str_dbg(dst_fsp->fsp_name) )); + return NT_STATUS_ACCESS_DENIED; + } + if (!CHECK_READ(dst_fsp, smb1req)) { + DEBUG(5, ("copy chunk no read on dest handle (%s).\n", + smb_fname_str_dbg(dst_fsp->fsp_name) )); + return NT_STATUS_ACCESS_DENIED; + } + if (!CHECK_READ(src_fsp, smb1req)) { + DEBUG(5, ("copy chunk no read on src handle (%s).\n", + smb_fname_str_dbg(src_fsp->fsp_name) )); + return NT_STATUS_ACCESS_DENIED; + } + + return NT_STATUS_OK; +} + static struct tevent_req *fsctl_srv_copychunk_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct files_struct *dst_fsp, @@ -224,27 +256,11 @@ static struct tevent_req *fsctl_srv_copychunk_send(TALLOC_CTX *mem_ctx, } state->dst_fsp = dst_fsp; - /* - * [MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request - * If Open.GrantedAccess of the destination file does not - * include FILE_WRITE_DATA, then the request MUST be failed with - * STATUS_ACCESS_DENIED. If Open.GrantedAccess of the - * destination file does not include FILE_READ_DATA access and - * the CtlCode is FSCTL_SRV_COPYCHUNK, then the request MUST be - * failed with STATUS_ACCESS_DENIED. - */ - if (!CHECK_WRITE(state->dst_fsp)) { - state->status = NT_STATUS_ACCESS_DENIED; - tevent_req_nterror(req, state->status); - return tevent_req_post(req, ev); - } - if (!CHECK_READ(state->dst_fsp, smb2req->smb1req)) { - state->status = NT_STATUS_ACCESS_DENIED; - tevent_req_nterror(req, state->status); - return tevent_req_post(req, ev); - } - if (!CHECK_READ(state->src_fsp, smb2req->smb1req)) { - state->status = NT_STATUS_ACCESS_DENIED; + + state->status = copychunk_check_handles(state->src_fsp, + state->dst_fsp, + smb2req->smb1req); + if (!NT_STATUS_IS_OK(state->status)) { tevent_req_nterror(req, state->status); return tevent_req_post(req, ev); } |