r4408: added the remaining access check hooks into pvfs. All calls should now have acl checking,

and obey the various inheritance rules.
(This used to be commit 5fe51807d6b97e68b65f152c0f405e5c5a025d21)

1 files changed, 16 insertions, 0 deletions

diff --git a/source4/ntvfs/posix/pvfs_mkdir.c b/source4/ntvfs/posix/pvfs_mkdir.c
index 14fffb6a2e..d2d431ae79 100644
--- a/source4/ntvfs/posix/pvfs_mkdir.c
+++ b/source4/ntvfs/posix/pvfs_mkdir.c
@@ -22,6 +22,7 @@
 
 #include "includes.h"
 #include "vfs_posix.h"
+#include "librpc/gen_ndr/ndr_security.h"
 
 /*
   create a directory with EAs
@@ -43,6 +44,11 @@ static NTSTATUS pvfs_t2mkdir(struct pvfs_state *pvfs,
 		return NT_STATUS_OBJECT_NAME_COLLISION;
 	}
 
+	status = pvfs_access_check_create(pvfs, req, name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
 	mode = pvfs_fileperms(pvfs, FILE_ATTRIBUTE_DIRECTORY);
 
 	if (mkdir(name->full_name, mode) == -1) {
@@ -108,6 +114,11 @@ NTSTATUS pvfs_mkdir(struct ntvfs_module_context *ntvfs,
 		return NT_STATUS_OBJECT_NAME_COLLISION;
 	}
 
+	status = pvfs_access_check_create(pvfs, req, name);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
 	mode = pvfs_fileperms(pvfs, FILE_ATTRIBUTE_DIRECTORY);
 
 	if (mkdir(name->full_name, mode) == -1) {
@@ -146,6 +157,11 @@ NTSTATUS pvfs_rmdir(struct ntvfs_module_context *ntvfs,
 		return NT_STATUS_OBJECT_NAME_NOT_FOUND;
 	}
 
+	status = pvfs_access_check_simple(pvfs, req, name, SEC_STD_DELETE);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
 	status = pvfs_xattr_unlink_hook(pvfs, name->full_name);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;