summaryrefslogtreecommitdiff
path: root/source3/smbd
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2011-10-26 15:03:28 -0700
committerJeremy Allison <jra@samba.org>2011-10-28 12:16:42 -0700
commitea195b6cd2152a7f09847dba9c0c2288cc9a862d (patch)
tree30e3ed9c8cc28a594c7a3bd3a9b648b2857e77d3 /source3/smbd
parent8a3070a7c9fe3fad35103435c5c74188866057eb (diff)
downloadsamba-ea195b6cd2152a7f09847dba9c0c2288cc9a862d.tar.gz
samba-ea195b6cd2152a7f09847dba9c0c2288cc9a862d.tar.bz2
samba-ea195b6cd2152a7f09847dba9c0c2288cc9a862d.zip
Finally do all the open checks inside open_file(). Checks inside
vfs_acl_common can now be removed.
Diffstat (limited to 'source3/smbd')
-rw-r--r--source3/smbd/open.c30
1 files changed, 30 insertions, 0 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 973a5d2b47..ba14f3d51f 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -613,6 +613,36 @@ static NTSTATUS open_file(files_struct *fsp,
return NT_STATUS_OBJECT_NAME_INVALID;
}
+ /* Can we access this file ? */
+ if (!fsp->base_fsp) {
+ /* Only do this check on non-stream open. */
+ if (file_existed) {
+ status = smbd_check_open_rights(conn,
+ smb_fname,
+ access_mask);
+ } else if (local_flags & O_CREAT){
+ status = check_parent_access(conn,
+ smb_fname,
+ SEC_DIR_ADD_FILE,
+ NULL,
+ NULL);
+ } else {
+ /* File didn't exist and no O_CREAT. */
+ return NT_STATUS_OBJECT_NAME_NOT_FOUND;
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("open_file: "
+ "%s on file "
+ "%s returned %s\n",
+ file_existed ?
+ "smbd_check_open_rights" :
+ "check_parent_access",
+ smb_fname_str_dbg(smb_fname),
+ nt_errstr(status) ));
+ return status;
+ }
+ }
+
/* Actually do the open */
status = fd_open(conn, fsp, local_flags, unx_mode);
if (!NT_STATUS_IS_OK(status)) {