diff options
-rw-r--r-- | source4/include/rpc_secdes.h | 1 | ||||
-rw-r--r-- | source4/ntvfs/common/opendb.c | 26 | ||||
-rw-r--r-- | source4/ntvfs/posix/pvfs_open.c | 30 | ||||
-rw-r--r-- | source4/ntvfs/posix/pvfs_read.c | 2 |
4 files changed, 33 insertions, 26 deletions
diff --git a/source4/include/rpc_secdes.h b/source4/include/rpc_secdes.h index 3c56d6cb82..3418c432f1 100644 --- a/source4/include/rpc_secdes.h +++ b/source4/include/rpc_secdes.h @@ -156,6 +156,7 @@ typedef struct security_descriptor SEC_DESC; #define SA_RIGHT_FILE_DELETE_CHILD 0x00000040 #define SA_RIGHT_FILE_READ_ATTRIBUTES 0x00000080 #define SA_RIGHT_FILE_WRITE_ATTRIBUTES 0x00000100 +#define SA_RIGHT_FILE_READ_EXEC (SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_EXECUTE) #define SA_RIGHT_FILE_ALL_ACCESS 0x000001FF diff --git a/source4/ntvfs/common/opendb.c b/source4/ntvfs/common/opendb.c index c2c8075771..dfb1177eae 100644 --- a/source4/ntvfs/common/opendb.c +++ b/source4/ntvfs/common/opendb.c @@ -154,10 +154,14 @@ static BOOL share_conflict(struct odb_entry *e1, struct odb_entry *e2) /* if either open involves no read.write or delete access then it can't conflict */ - if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_DATA | SA_RIGHT_FILE_READ_DATA | STD_RIGHT_DELETE_ACCESS))) { + if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_DATA | + SA_RIGHT_FILE_READ_EXEC | + STD_RIGHT_DELETE_ACCESS))) { return False; } - if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_DATA | SA_RIGHT_FILE_READ_DATA | STD_RIGHT_DELETE_ACCESS))) { + if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_DATA | + SA_RIGHT_FILE_READ_EXEC | + STD_RIGHT_DELETE_ACCESS))) { return False; } @@ -165,11 +169,19 @@ static BOOL share_conflict(struct odb_entry *e1, struct odb_entry *e2) CHECK_MASK(e1->access_mask, e2->share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE); CHECK_MASK(e2->access_mask, e1->share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE); - CHECK_MASK(e1->access_mask, e2->share_access, SA_RIGHT_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ); - CHECK_MASK(e2->access_mask, e1->share_access, SA_RIGHT_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ); - - CHECK_MASK(e1->access_mask, e2->share_access, STD_RIGHT_DELETE_ACCESS, NTCREATEX_SHARE_ACCESS_DELETE); - CHECK_MASK(e2->access_mask, e1->share_access, STD_RIGHT_DELETE_ACCESS, NTCREATEX_SHARE_ACCESS_DELETE); + CHECK_MASK(e1->access_mask, e2->share_access, + SA_RIGHT_FILE_READ_EXEC, + NTCREATEX_SHARE_ACCESS_READ); + CHECK_MASK(e2->access_mask, e1->share_access, + SA_RIGHT_FILE_READ_EXEC, + NTCREATEX_SHARE_ACCESS_READ); + + CHECK_MASK(e1->access_mask, e2->share_access, + STD_RIGHT_DELETE_ACCESS, + NTCREATEX_SHARE_ACCESS_DELETE); + CHECK_MASK(e2->access_mask, e1->share_access, + STD_RIGHT_DELETE_ACCESS, + NTCREATEX_SHARE_ACCESS_DELETE); /* if a delete is pending then a second open is not allowed */ if ((e1->create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) || diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c index 1575ca82c1..73514f81b7 100644 --- a/source4/ntvfs/posix/pvfs_open.c +++ b/source4/ntvfs/posix/pvfs_open.c @@ -289,16 +289,13 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs, access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE; } - switch (access_mask & (SA_RIGHT_FILE_READ_DATA | SA_RIGHT_FILE_WRITE_DATA)) { - case SA_RIGHT_FILE_READ_DATA: - flags = O_RDONLY; - break; - case SA_RIGHT_FILE_WRITE_DATA: - flags = O_WRONLY; - break; - case SA_RIGHT_FILE_WRITE_DATA|SA_RIGHT_FILE_READ_DATA: + if ((access_mask & SA_RIGHT_FILE_READ_EXEC) && + (access_mask & SA_RIGHT_FILE_WRITE_DATA)) { flags = O_RDWR; - break; + } else if (access_mask & SA_RIGHT_FILE_WRITE_DATA) { + flags = O_WRONLY; + } else { + flags = O_RDONLY; } f = talloc_p(req, struct pvfs_file); @@ -493,16 +490,13 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, return NT_STATUS_INVALID_PARAMETER; } - switch (access_mask & (SA_RIGHT_FILE_READ_DATA | SA_RIGHT_FILE_WRITE_DATA)) { - case SA_RIGHT_FILE_READ_DATA: - flags |= O_RDONLY; - break; - case SA_RIGHT_FILE_WRITE_DATA: - flags |= O_WRONLY; - break; - case SA_RIGHT_FILE_WRITE_DATA|SA_RIGHT_FILE_READ_DATA: + if ((access_mask & SA_RIGHT_FILE_READ_EXEC) && + (access_mask & SA_RIGHT_FILE_WRITE_DATA)) { flags |= O_RDWR; - break; + } else if (access_mask & SA_RIGHT_FILE_WRITE_DATA) { + flags |= O_WRONLY; + } else { + flags |= O_RDONLY; } /* handle creating a new file separately */ diff --git a/source4/ntvfs/posix/pvfs_read.c b/source4/ntvfs/posix/pvfs_read.c index b36840cb15..734134368d 100644 --- a/source4/ntvfs/posix/pvfs_read.c +++ b/source4/ntvfs/posix/pvfs_read.c @@ -48,7 +48,7 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs, return NT_STATUS_FILE_IS_A_DIRECTORY; } - if (!(f->access_mask & SA_RIGHT_FILE_READ_DATA)) { + if (!(f->access_mask & SA_RIGHT_FILE_READ_EXEC)) { return NT_STATUS_ACCESS_VIOLATION; } |