diff options
author | Jeremy Allison <jra@samba.org> | 2012-08-27 16:07:32 -0700 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2012-08-31 20:29:13 -0700 |
commit | 46455642a78f7a1c60f56dec8ad907d0cfd326ea (patch) | |
tree | 505579c835fe4f70f49bb9f64735641cad500e99 /source3 | |
parent | 2b89e1a20a6c726e5c3219a944143f0beb7c5920 (diff) | |
download | samba-46455642a78f7a1c60f56dec8ad907d0cfd326ea.tar.gz samba-46455642a78f7a1c60f56dec8ad907d0cfd326ea.tar.bz2 samba-46455642a78f7a1c60f56dec8ad907d0cfd326ea.zip |
Change the S3 fileserver over to se_file_access_check().
Don't set the priv_open_requested yet until the open-for-backup
request is correctly passed in.
Diffstat (limited to 'source3')
-rw-r--r-- | source3/lib/sharesec.c | 2 | ||||
-rw-r--r-- | source3/smbd/open.c | 15 |
2 files changed, 10 insertions, 7 deletions
diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c index 978edf2ece..c7a8e51c05 100644 --- a/source3/lib/sharesec.c +++ b/source3/lib/sharesec.c @@ -451,7 +451,7 @@ bool share_access_check(const struct security_token *token, return false; } - status = se_access_check(psd, token, desired_access, &granted); + status = se_file_access_check(psd, token, true, desired_access, &granted); TALLOC_FREE(psd); diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 415f6adf2e..b69db8b5e1 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -129,11 +129,12 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn, } /* - * Never test FILE_READ_ATTRIBUTES. se_access_check() also takes care of + * Never test FILE_READ_ATTRIBUTES. se_file_access_check() also takes care of * owner WRITE_DAC and READ_CONTROL. */ - status = se_access_check(sd, + status = se_file_access_check(sd, get_current_nttok(conn), + false, (access_mask & ~FILE_READ_ATTRIBUTES), &rejected_mask); @@ -245,11 +246,12 @@ static NTSTATUS check_parent_access(struct connection_struct *conn, } /* - * Never test FILE_READ_ATTRIBUTES. se_access_check() also takes care of + * Never test FILE_READ_ATTRIBUTES. se_file_access_check() also takes care of * owner WRITE_DAC and READ_CONTROL. */ - status = se_access_check(parent_sd, + status = se_file_access_check(parent_sd, get_current_nttok(conn), + false, (access_mask & ~FILE_READ_ATTRIBUTES), &access_granted); if(!NT_STATUS_IS_OK(status)) { @@ -1681,11 +1683,12 @@ static NTSTATUS smbd_calculate_maximum_allowed_access( } /* - * Never test FILE_READ_ATTRIBUTES. se_access_check() + * Never test FILE_READ_ATTRIBUTES. se_file_access_check() * also takes care of owner WRITE_DAC and READ_CONTROL. */ - status = se_access_check(sd, + status = se_file_access_check(sd, get_current_nttok(conn), + false, (*p_access_mask & ~FILE_READ_ATTRIBUTES), &access_granted); |