diff options
| author | Jeremy Allison <jra@samba.org> | 2010-11-23 15:59:33 -0800 |
|---|---|---|
| committer | Jeremy Allison <jra@samba.org> | 2010-11-24 01:47:13 +0100 |
| commit | b1dacb8195a52b6cfce6ad60a839f7effd35b261 (patch) | |
| tree | ae0abe8f35b6a5b253ca479f6f916eb47af730ba /source3/smbd | |
| parent | 1f478afe22c5dc68d7a69e4127c3a8cd6dca1def (diff) | |
| download | samba-b1dacb8195a52b6cfce6ad60a839f7effd35b261.tar.gz samba-b1dacb8195a52b6cfce6ad60a839f7effd35b261.tar.bz2 samba-b1dacb8195a52b6cfce6ad60a839f7effd35b261.zip | |
Add in fsp->access_mask checks. Not required (underlying system does this)
but makes logic cleaner. Pointed out by Metze.
Jeremy.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 24 01:47:13 CET 2010 on sn-devel-104
Diffstat (limited to 'source3/smbd')
| -rw-r--r-- | source3/smbd/nttrans.c | 6 | ||||
| -rw-r--r-- | source3/smbd/trans2.c | 38 |
2 files changed, 42 insertions, 2 deletions
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index 855a49b2d5..ad585337b8 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -1389,7 +1389,8 @@ static NTSTATUS copy_internals(TALLOC_CTX *ctx, req, /* req */ 0, /* root_dir_fid */ smb_fname_src, /* fname */ - FILE_READ_DATA, /* access_mask */ + FILE_READ_DATA|FILE_READ_ATTRIBUTES| + FILE_READ_EA, /* access_mask */ (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ FILE_SHARE_DELETE), FILE_OPEN, /* create_disposition*/ @@ -1412,7 +1413,8 @@ static NTSTATUS copy_internals(TALLOC_CTX *ctx, req, /* req */ 0, /* root_dir_fid */ smb_fname_dst, /* fname */ - FILE_WRITE_DATA, /* access_mask */ + FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES| + FILE_WRITE_EA, /* access_mask */ (FILE_SHARE_READ | FILE_SHARE_WRITE | /* share_access */ FILE_SHARE_DELETE), FILE_CREATE, /* create_disposition*/ diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c index 30794e009e..ddae99d7cc 100644 --- a/source3/smbd/trans2.c +++ b/source3/smbd/trans2.c @@ -504,6 +504,10 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp, return NT_STATUS_EAS_NOT_SUPPORTED; } + if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) { + return NT_STATUS_ACCESS_DENIED; + } + /* For now setting EAs on streams isn't supported. */ fname = smb_fname->base_name; @@ -5446,6 +5450,10 @@ NTSTATUS smb_set_file_time(connection_struct *conn, return NT_STATUS_OBJECT_NAME_NOT_FOUND; } + if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) { + return NT_STATUS_ACCESS_DENIED; + } + /* get some defaults (no modifications) if any info is zero or -1. */ if (null_timespec(ft->create_time)) { action &= ~FILE_NOTIFY_CHANGE_CREATION; @@ -5599,6 +5607,10 @@ static NTSTATUS smb_set_file_size(connection_struct *conn, return NT_STATUS_OBJECT_NAME_NOT_FOUND; } + if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) { + return NT_STATUS_ACCESS_DENIED; + } + DEBUG(6,("smb_set_file_size: size: %.0f ", (double)size)); if (size == get_file_size_stat(psbuf)) { @@ -5705,6 +5717,11 @@ static NTSTATUS smb_info_set_ea(connection_struct *conn, if (!ea_list) { return NT_STATUS_INVALID_PARAMETER; } + + if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) { + return NT_STATUS_ACCESS_DENIED; + } + status = set_ea(conn, fsp, smb_fname, ea_list); return status; @@ -5747,6 +5764,11 @@ static NTSTATUS smb_set_file_full_ea_info(connection_struct *conn, if (!ea_list) { return NT_STATUS_INVALID_PARAMETER; } + + if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) { + return NT_STATUS_ACCESS_DENIED; + } + status = set_ea(conn, fsp, fsp->fsp_name, ea_list); DEBUG(10, ("smb_set_file_full_ea_info on file %s returned %s\n", @@ -6485,6 +6507,10 @@ static NTSTATUS smb_set_file_basic_info(connection_struct *conn, return NT_STATUS_INVALID_PARAMETER; } + if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) { + return NT_STATUS_ACCESS_DENIED; + } + /* Set the attributes */ dosmode = IVAL(pdata,32); status = smb_set_file_dosmode(conn, smb_fname, dosmode); @@ -6529,6 +6555,10 @@ static NTSTATUS smb_set_info_standard(connection_struct *conn, return NT_STATUS_INVALID_PARAMETER; } + if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) { + return NT_STATUS_ACCESS_DENIED; + } + /* create time */ ft.create_time = convert_time_t_to_timespec(srv_make_unix_date2(pdata)); /* access time */ @@ -6587,6 +6617,10 @@ static NTSTATUS smb_set_file_allocation_info(connection_struct *conn, allocation_size = smb_roundup(conn, allocation_size); } + if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) { + return NT_STATUS_ACCESS_DENIED; + } + DEBUG(10,("smb_set_file_allocation_info: file %s : setting new " "allocation size to %.0f\n", smb_fname_str_dbg(smb_fname), (double)allocation_size)); @@ -6684,6 +6718,10 @@ static NTSTATUS smb_set_file_end_of_file_info(connection_struct *conn, "file %s to %.0f\n", smb_fname_str_dbg(smb_fname), (double)size)); + if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) { + return NT_STATUS_ACCESS_DENIED; + } + return smb_set_file_size(conn, req, fsp, smb_fname, |