summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorVolker Lendecke <vl@samba.org>2011-12-16 18:51:19 +0100
committerVolker Lendecke <vl@samba.org>2012-01-03 13:38:02 +0100
commitc01f02a4b97de453a0db7feb3c2d323f05fac7f6 (patch)
tree1894ac3b207713d2d60b58bf3c64c5450fe29167 /source3/smbd
parent49a520217ceb04cbd4278a3bce7cb1f8dd04b018 (diff)
downloadsamba-c01f02a4b97de453a0db7feb3c2d323f05fac7f6.tar.gz
samba-c01f02a4b97de453a0db7feb3c2d323f05fac7f6.tar.bz2
samba-c01f02a4b97de453a0db7feb3c2d323f05fac7f6.zip
s3: Avoid "file_existed" in smbd_calculate_maximum_allowed_access
We access the file by name anyway, so we can just try to access it. The file system will for sure tell us if the file does not exist.
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/open.c71
1 files changed, 35 insertions, 36 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index db4831d3d2..d9491b5f04 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1479,9 +1479,10 @@ static void schedule_defer_open(struct share_mode_lock *lck,
static NTSTATUS smbd_calculate_maximum_allowed_access(
connection_struct *conn,
const struct smb_filename *smb_fname,
- bool file_existed,
uint32_t *p_access_mask)
{
+ struct security_descriptor *sd;
+ uint32_t access_granted;
NTSTATUS status;
if (get_current_uid(conn) == (uid_t)0) {
@@ -1489,47 +1490,45 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
return NT_STATUS_OK;
}
- if (file_existed) {
- struct security_descriptor *sd;
- uint32_t access_granted = 0;
-
- status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
- (SECINFO_OWNER |
- SECINFO_GROUP |
- SECINFO_DACL),&sd);
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10,("smbd_calculate_access_mask: "
- "Could not get acl on file %s: %s\n",
- smb_fname_str_dbg(smb_fname),
- nt_errstr(status)));
- return NT_STATUS_ACCESS_DENIED;
- }
+ status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
+ (SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL),&sd);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
/*
- * Never test FILE_READ_ATTRIBUTES. se_access_check()
- * also takes care of owner WRITE_DAC and READ_CONTROL.
+ * File did not exist
*/
- status = se_access_check(sd,
- get_current_nttok(conn),
- (*p_access_mask & ~FILE_READ_ATTRIBUTES),
- &access_granted);
+ *p_access_mask = FILE_GENERIC_ALL;
+ return NT_STATUS_OK;
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("smbd_calculate_access_mask: "
+ "Could not get acl on file %s: %s\n",
+ smb_fname_str_dbg(smb_fname),
+ nt_errstr(status)));
+ return NT_STATUS_ACCESS_DENIED;
+ }
- TALLOC_FREE(sd);
+ /*
+ * Never test FILE_READ_ATTRIBUTES. se_access_check()
+ * also takes care of owner WRITE_DAC and READ_CONTROL.
+ */
+ status = se_access_check(sd,
+ get_current_nttok(conn),
+ (*p_access_mask & ~FILE_READ_ATTRIBUTES),
+ &access_granted);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("smbd_calculate_access_mask: "
- "Access denied on file %s: "
- "when calculating maximum access\n",
- smb_fname_str_dbg(smb_fname)));
- return NT_STATUS_ACCESS_DENIED;
- }
+ TALLOC_FREE(sd);
- *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES);
- return NT_STATUS_OK;
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("smbd_calculate_access_mask: "
+ "Access denied on file %s: "
+ "when calculating maximum access\n",
+ smb_fname_str_dbg(smb_fname)));
+ return NT_STATUS_ACCESS_DENIED;
}
-
- *p_access_mask = FILE_GENERIC_ALL;
+ *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES);
return NT_STATUS_OK;
}
@@ -1553,7 +1552,7 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
status = smbd_calculate_maximum_allowed_access(
- conn, smb_fname, file_existed, &access_mask);
+ conn, smb_fname, &access_mask);
if (!NT_STATUS_IS_OK(status)) {
return status;