summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2012-08-27 16:07:32 -0700
committerJeremy Allison <jra@samba.org>2012-08-31 20:29:13 -0700
commit46455642a78f7a1c60f56dec8ad907d0cfd326ea (patch)
tree505579c835fe4f70f49bb9f64735641cad500e99 /source3
parent2b89e1a20a6c726e5c3219a944143f0beb7c5920 (diff)
downloadsamba-46455642a78f7a1c60f56dec8ad907d0cfd326ea.tar.gz
samba-46455642a78f7a1c60f56dec8ad907d0cfd326ea.tar.bz2
samba-46455642a78f7a1c60f56dec8ad907d0cfd326ea.zip
Change the S3 fileserver over to se_file_access_check().
Don't set the priv_open_requested yet until the open-for-backup request is correctly passed in.
Diffstat (limited to 'source3')
-rw-r--r--source3/lib/sharesec.c2
-rw-r--r--source3/smbd/open.c15
2 files changed, 10 insertions, 7 deletions
diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c
index 978edf2ece..c7a8e51c05 100644
--- a/source3/lib/sharesec.c
+++ b/source3/lib/sharesec.c
@@ -451,7 +451,7 @@ bool share_access_check(const struct security_token *token,
return false;
}
- status = se_access_check(psd, token, desired_access, &granted);
+ status = se_file_access_check(psd, token, true, desired_access, &granted);
TALLOC_FREE(psd);
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 415f6adf2e..b69db8b5e1 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -129,11 +129,12 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
}
/*
- * Never test FILE_READ_ATTRIBUTES. se_access_check() also takes care of
+ * Never test FILE_READ_ATTRIBUTES. se_file_access_check() also takes care of
* owner WRITE_DAC and READ_CONTROL.
*/
- status = se_access_check(sd,
+ status = se_file_access_check(sd,
get_current_nttok(conn),
+ false,
(access_mask & ~FILE_READ_ATTRIBUTES),
&rejected_mask);
@@ -245,11 +246,12 @@ static NTSTATUS check_parent_access(struct connection_struct *conn,
}
/*
- * Never test FILE_READ_ATTRIBUTES. se_access_check() also takes care of
+ * Never test FILE_READ_ATTRIBUTES. se_file_access_check() also takes care of
* owner WRITE_DAC and READ_CONTROL.
*/
- status = se_access_check(parent_sd,
+ status = se_file_access_check(parent_sd,
get_current_nttok(conn),
+ false,
(access_mask & ~FILE_READ_ATTRIBUTES),
&access_granted);
if(!NT_STATUS_IS_OK(status)) {
@@ -1681,11 +1683,12 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
}
/*
- * Never test FILE_READ_ATTRIBUTES. se_access_check()
+ * Never test FILE_READ_ATTRIBUTES. se_file_access_check()
* also takes care of owner WRITE_DAC and READ_CONTROL.
*/
- status = se_access_check(sd,
+ status = se_file_access_check(sd,
get_current_nttok(conn),
+ false,
(*p_access_mask & ~FILE_READ_ATTRIBUTES),
&access_granted);