summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2013-01-16 12:51:32 -0800
committerDavid Disseldorp <ddiss@samba.org>2013-01-18 00:06:52 +0100
commitd6e10f00666b9baa17927067e58361ab39901fa1 (patch)
tree7defbe88647dc6d10ea0d379da7c21ed2e32483c
parent7a21f605c14a43807e4887fd92df61a341132a43 (diff)
downloadsamba-d6e10f00666b9baa17927067e58361ab39901fa1.tar.gz
samba-d6e10f00666b9baa17927067e58361ab39901fa1.tar.bz2
samba-d6e10f00666b9baa17927067e58361ab39901fa1.zip
Move handle checking code to copychunk_check_handles().
Planning to add extra checks to ensure we don't attempt copychunk on printer or IPC$ handles. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
-rw-r--r--source3/smbd/smb2_ioctl_network_fs.c58
1 files changed, 37 insertions, 21 deletions
diff --git a/source3/smbd/smb2_ioctl_network_fs.c b/source3/smbd/smb2_ioctl_network_fs.c
index 76625ab510..a59a83b570 100644
--- a/source3/smbd/smb2_ioctl_network_fs.c
+++ b/source3/smbd/smb2_ioctl_network_fs.c
@@ -171,6 +171,38 @@ struct fsctl_srv_copychunk_state {
};
static void fsctl_srv_copychunk_vfs_done(struct tevent_req *subreq);
+static NTSTATUS copychunk_check_handles(struct files_struct *src_fsp,
+ struct files_struct *dst_fsp,
+ struct smb_request *smb1req)
+{
+ /*
+ * [MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request
+ * If Open.GrantedAccess of the destination file does not
+ * include FILE_WRITE_DATA, then the request MUST be failed with
+ * STATUS_ACCESS_DENIED. If Open.GrantedAccess of the
+ * destination file does not include FILE_READ_DATA access and
+ * the CtlCode is FSCTL_SRV_COPYCHUNK, then the request MUST be
+ * failed with STATUS_ACCESS_DENIED.
+ */
+ if (!CHECK_WRITE(dst_fsp)) {
+ DEBUG(5, ("copy chunk no write on dest handle (%s).\n",
+ smb_fname_str_dbg(dst_fsp->fsp_name) ));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ if (!CHECK_READ(dst_fsp, smb1req)) {
+ DEBUG(5, ("copy chunk no read on dest handle (%s).\n",
+ smb_fname_str_dbg(dst_fsp->fsp_name) ));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ if (!CHECK_READ(src_fsp, smb1req)) {
+ DEBUG(5, ("copy chunk no read on src handle (%s).\n",
+ smb_fname_str_dbg(src_fsp->fsp_name) ));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ return NT_STATUS_OK;
+}
+
static struct tevent_req *fsctl_srv_copychunk_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct files_struct *dst_fsp,
@@ -224,27 +256,11 @@ static struct tevent_req *fsctl_srv_copychunk_send(TALLOC_CTX *mem_ctx,
}
state->dst_fsp = dst_fsp;
- /*
- * [MS-SMB2] 3.3.5.15.6 Handling a Server-Side Data Copy Request
- * If Open.GrantedAccess of the destination file does not
- * include FILE_WRITE_DATA, then the request MUST be failed with
- * STATUS_ACCESS_DENIED. If Open.GrantedAccess of the
- * destination file does not include FILE_READ_DATA access and
- * the CtlCode is FSCTL_SRV_COPYCHUNK, then the request MUST be
- * failed with STATUS_ACCESS_DENIED.
- */
- if (!CHECK_WRITE(state->dst_fsp)) {
- state->status = NT_STATUS_ACCESS_DENIED;
- tevent_req_nterror(req, state->status);
- return tevent_req_post(req, ev);
- }
- if (!CHECK_READ(state->dst_fsp, smb2req->smb1req)) {
- state->status = NT_STATUS_ACCESS_DENIED;
- tevent_req_nterror(req, state->status);
- return tevent_req_post(req, ev);
- }
- if (!CHECK_READ(state->src_fsp, smb2req->smb1req)) {
- state->status = NT_STATUS_ACCESS_DENIED;
+
+ state->status = copychunk_check_handles(state->src_fsp,
+ state->dst_fsp,
+ smb2req->smb1req);
+ if (!NT_STATUS_IS_OK(state->status)) {
tevent_req_nterror(req, state->status);
return tevent_req_post(req, ev);
}