diff options
author | Andrew Tridgell <tridge@samba.org> | 2006-09-16 15:37:45 +0000 |
---|---|---|
committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 14:18:51 -0500 |
commit | c5e67b855560b85040c6caa17e0cab641b0e273e (patch) | |
tree | e37b4c518b0a443eb85c9e9b9ae8983323c26635 /source4 | |
parent | 9c53e146020c16e2a26e24fb327d69ed8da14c8e (diff) | |
download | samba-c5e67b855560b85040c6caa17e0cab641b0e273e.tar.gz samba-c5e67b855560b85040c6caa17e0cab641b0e273e.tar.bz2 samba-c5e67b855560b85040c6caa17e0cab641b0e273e.zip |
r18581: also check for SEC_STD_DELETE, and split out the check into a separate
static function
(This used to be commit 024ca6a91cdf2c0f8999c220b4459a72c45bfd32)
Diffstat (limited to 'source4')
-rw-r--r-- | source4/ntvfs/posix/pvfs_acl.c | 29 |
1 files changed, 21 insertions, 8 deletions
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c index 1dd40c0e06..62ef196977 100644 --- a/source4/ntvfs/posix/pvfs_acl.c +++ b/source4/ntvfs/posix/pvfs_acl.c @@ -336,6 +336,25 @@ NTSTATUS pvfs_acl_query(struct pvfs_state *pvfs, /* + check the read only bit against any of the write access bits +*/ +static BOOL pvfs_read_only(struct pvfs_state *pvfs, uint32_t access_mask) +{ + if ((pvfs->flags & PVFS_FLAG_READONLY) && + (access_mask & (SEC_FILE_WRITE_DATA | + SEC_FILE_APPEND_DATA | + SEC_FILE_WRITE_EA | + SEC_FILE_WRITE_ATTRIBUTE | + SEC_STD_DELETE | + SEC_STD_WRITE_DAC | + SEC_STD_WRITE_OWNER | + SEC_DIR_DELETE_CHILD))) { + return True; + } + return False; +} + +/* default access check function based on unix permissions doing this saves on building a full security descriptor for the common case of access check on files with no @@ -349,10 +368,7 @@ NTSTATUS pvfs_access_check_unix(struct pvfs_state *pvfs, uid_t uid = geteuid(); uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL; - if ((pvfs->flags & PVFS_FLAG_READONLY) && - ((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | - SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | - SEC_DIR_DELETE_CHILD))) { + if (pvfs_read_only(pvfs, *access_mask)) { return NT_STATUS_ACCESS_DENIED; } @@ -397,10 +413,7 @@ NTSTATUS pvfs_access_check(struct pvfs_state *pvfs, NTSTATUS status; struct security_descriptor *sd; - if ((pvfs->flags & PVFS_FLAG_READONLY) && - ((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA | - SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE | - SEC_DIR_DELETE_CHILD))) { + if (pvfs_read_only(pvfs, *access_mask)) { return NT_STATUS_ACCESS_DENIED; } |