summaryrefslogtreecommitdiff
path: root/source3
diff options
context:
space:
mode:
authorJeremy Allison <jra@samba.org>2001-12-17 19:16:22 +0000
committerJeremy Allison <jra@samba.org>2001-12-17 19:16:22 +0000
commit02c3dcd8ee6f4007ea6db9fbcd75b16129a657eb (patch)
treeb1f1c8ca874121e8d2fdc7e9454917d15272cd12 /source3
parentdb9d6374a312ba5acb89d80bb41dbd5fdc8d0b17 (diff)
downloadsamba-02c3dcd8ee6f4007ea6db9fbcd75b16129a657eb.tar.gz
samba-02c3dcd8ee6f4007ea6db9fbcd75b16129a657eb.tar.bz2
samba-02c3dcd8ee6f4007ea6db9fbcd75b16129a657eb.zip
Made "hide unreadable" work much more reliably (just for Volker :-).
Jeremy. (This used to be commit f6d6825bc86662d54ff3920d7d5390d151f34b0f)
Diffstat (limited to 'source3')
-rw-r--r--source3/smbd/dir.c38
1 files changed, 37 insertions, 1 deletions
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 1e2858ae26..faf5bca52d 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -666,12 +666,47 @@ check to see if a user can read a file. This is only approximate,
it is used as part of the "hide unreadable" option. Don't
use it for anything security sensitive
********************************************************************/
+
static BOOL user_can_read_file(connection_struct *conn, char *name)
{
+ extern struct current_user current_user;
SMB_STRUCT_STAT ste;
+ SEC_DESC *psd = NULL;
+ size_t sd_size;
+ files_struct *fsp;
+ int smb_action;
+ NTSTATUS status;
+ uint32 access_granted;
+
+ ZERO_STRUCT(ste);
/* if we can't stat it does not show it */
- if (vfs_stat(conn, name, &ste) != 0) return False;
+ if (vfs_stat(conn, name, &ste) != 0)
+ return False;
+
+ /* Pseudo-open the file (note - no fd's created). */
+
+ if(S_ISDIR(ste.st_mode))
+ fsp = open_directory(conn, name, &ste, SET_DENY_MODE(DENY_NONE), FILE_OPEN,
+ unix_mode(conn,aRONLY|aDIR, name), &smb_action);
+ else
+ fsp = open_file_stat(conn,name,&ste,DOS_OPEN_RDONLY,&smb_action);
+ if (!fsp)
+ return False;
+
+ /* Get NT ACL -allocated in main loop talloc context. No free needed here. */
+ sd_size = conn->vfs_ops.fget_nt_acl(fsp, fsp->fd, &psd);
+ close_file(fsp, True);
+
+ /* No access if SD get failed. */
+ if (!sd_size)
+ return False;
+
+ return se_access_check(psd, current_user.nt_user_token, FILE_READ_DATA,
+ &access_granted, &status);
+
+#if 0
+ /* Old - crappy check :-). JRA */
if (ste.st_uid == conn->uid) {
return (ste.st_mode & S_IRUSR) == S_IRUSR;
@@ -688,6 +723,7 @@ static BOOL user_can_read_file(connection_struct *conn, char *name)
}
return (ste.st_mode & S_IROTH) == S_IROTH;
+#endif
}
/*******************************************************************