diff options
author | Andrew Tridgell <tridge@samba.org> | 2006-09-16 15:31:53 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:18:51 -0500 |
commit | 9c53e146020c16e2a26e24fb327d69ed8da14c8e (patch) | |
tree | e7840f95d5de4fd87e361025c476a3dae2a1954f /source4 | |
parent | 7c017f9015136e8641555576c1aecabaf66cb83e (diff) | |
download | samba-9c53e146020c16e2a26e24fb327d69ed8da14c8e.tar.gz samba-9c53e146020c16e2a26e24fb327d69ed8da14c8e.tar.bz2 samba-9c53e146020c16e2a26e24fb327d69ed8da14c8e.zip |
r18580: map the PVFS_FLAG_READONLY bit in the posix backend onto
NT_STATUS_ACCESS_DENIED in the access mask checks
(This used to be commit ceffc34f3e9f47a8a44dad52054688f9855eeb37)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/ntvfs/posix/pvfs_acl.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 3d276431dc..1dd40c0e06 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -349,6 +349,13 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, uid_t uid = geteuid(); uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL; + if ((pvfs->flags & PVFS_FLAG_READONLY) && + ((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | + SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | + SEC_DIR_DELETE_CHILD))) { + return NT_STATUS_ACCESS_DENIED; + } + /* owner and root get extra permissions */ if (uid == 0) { max_bits |= SEC_STD_ALL | SEC_FLAG_SYSTEM_SECURITY; @@ -390,6 +397,13 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, NTSTATUS status; struct security_descriptor *sd; + if ((pvfs->flags & PVFS_FLAG_READONLY) && + ((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | + SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | + SEC_DIR_DELETE_CHILD))) { + return NT_STATUS_ACCESS_DENIED; + } + acl = talloc(req, struct xattr_NTACL); if (acl == NULL) { return NT_STATUS_NO_MEMORY; |