summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--source4/include/rpc_secdes.h1
-rw-r--r--source4/ntvfs/common/opendb.c26
-rw-r--r--source4/ntvfs/posix/pvfs_open.c30
-rw-r--r--source4/ntvfs/posix/pvfs_read.c2
4 files changed, 33 insertions, 26 deletions
diff --git a/source4/include/rpc_secdes.h b/source4/include/rpc_secdes.h
index 3c56d6cb82..3418c432f1 100644
--- a/source4/include/rpc_secdes.h
+++ b/source4/include/rpc_secdes.h
@@ -156,6 +156,7 @@ typedef struct security_descriptor SEC_DESC;
#define SA_RIGHT_FILE_DELETE_CHILD 0x00000040
#define SA_RIGHT_FILE_READ_ATTRIBUTES 0x00000080
#define SA_RIGHT_FILE_WRITE_ATTRIBUTES 0x00000100
+#define SA_RIGHT_FILE_READ_EXEC (SA_RIGHT_FILE_READ_DATA|SA_RIGHT_FILE_EXECUTE)
#define SA_RIGHT_FILE_ALL_ACCESS 0x000001FF
diff --git a/source4/ntvfs/common/opendb.c b/source4/ntvfs/common/opendb.c
index c2c8075771..dfb1177eae 100644
--- a/source4/ntvfs/common/opendb.c
+++ b/source4/ntvfs/common/opendb.c
@@ -154,10 +154,14 @@ static BOOL share_conflict(struct odb_entry *e1, struct odb_entry *e2)
/* if either open involves no read.write or delete access then
it can't conflict */
- if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_DATA | SA_RIGHT_FILE_READ_DATA | STD_RIGHT_DELETE_ACCESS))) {
+ if (!(e1->access_mask & (SA_RIGHT_FILE_WRITE_DATA |
+ SA_RIGHT_FILE_READ_EXEC |
+ STD_RIGHT_DELETE_ACCESS))) {
return False;
}
- if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_DATA | SA_RIGHT_FILE_READ_DATA | STD_RIGHT_DELETE_ACCESS))) {
+ if (!(e2->access_mask & (SA_RIGHT_FILE_WRITE_DATA |
+ SA_RIGHT_FILE_READ_EXEC |
+ STD_RIGHT_DELETE_ACCESS))) {
return False;
}
@@ -165,11 +169,19 @@ static BOOL share_conflict(struct odb_entry *e1, struct odb_entry *e2)
CHECK_MASK(e1->access_mask, e2->share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE);
CHECK_MASK(e2->access_mask, e1->share_access, SA_RIGHT_FILE_WRITE_DATA, NTCREATEX_SHARE_ACCESS_WRITE);
- CHECK_MASK(e1->access_mask, e2->share_access, SA_RIGHT_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ);
- CHECK_MASK(e2->access_mask, e1->share_access, SA_RIGHT_FILE_READ_DATA, NTCREATEX_SHARE_ACCESS_READ);
-
- CHECK_MASK(e1->access_mask, e2->share_access, STD_RIGHT_DELETE_ACCESS, NTCREATEX_SHARE_ACCESS_DELETE);
- CHECK_MASK(e2->access_mask, e1->share_access, STD_RIGHT_DELETE_ACCESS, NTCREATEX_SHARE_ACCESS_DELETE);
+ CHECK_MASK(e1->access_mask, e2->share_access,
+ SA_RIGHT_FILE_READ_EXEC,
+ NTCREATEX_SHARE_ACCESS_READ);
+ CHECK_MASK(e2->access_mask, e1->share_access,
+ SA_RIGHT_FILE_READ_EXEC,
+ NTCREATEX_SHARE_ACCESS_READ);
+
+ CHECK_MASK(e1->access_mask, e2->share_access,
+ STD_RIGHT_DELETE_ACCESS,
+ NTCREATEX_SHARE_ACCESS_DELETE);
+ CHECK_MASK(e2->access_mask, e1->share_access,
+ STD_RIGHT_DELETE_ACCESS,
+ NTCREATEX_SHARE_ACCESS_DELETE);
/* if a delete is pending then a second open is not allowed */
if ((e1->create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE) ||
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c
index 1575ca82c1..73514f81b7 100644
--- a/source4/ntvfs/posix/pvfs_open.c
+++ b/source4/ntvfs/posix/pvfs_open.c
@@ -289,16 +289,13 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs,
access_mask = GENERIC_RIGHTS_FILE_READ | GENERIC_RIGHTS_FILE_WRITE;
}
- switch (access_mask & (SA_RIGHT_FILE_READ_DATA | SA_RIGHT_FILE_WRITE_DATA)) {
- case SA_RIGHT_FILE_READ_DATA:
- flags = O_RDONLY;
- break;
- case SA_RIGHT_FILE_WRITE_DATA:
- flags = O_WRONLY;
- break;
- case SA_RIGHT_FILE_WRITE_DATA|SA_RIGHT_FILE_READ_DATA:
+ if ((access_mask & SA_RIGHT_FILE_READ_EXEC) &&
+ (access_mask & SA_RIGHT_FILE_WRITE_DATA)) {
flags = O_RDWR;
- break;
+ } else if (access_mask & SA_RIGHT_FILE_WRITE_DATA) {
+ flags = O_WRONLY;
+ } else {
+ flags = O_RDONLY;
}
f = talloc_p(req, struct pvfs_file);
@@ -493,16 +490,13 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs,
return NT_STATUS_INVALID_PARAMETER;
}
- switch (access_mask & (SA_RIGHT_FILE_READ_DATA | SA_RIGHT_FILE_WRITE_DATA)) {
- case SA_RIGHT_FILE_READ_DATA:
- flags |= O_RDONLY;
- break;
- case SA_RIGHT_FILE_WRITE_DATA:
- flags |= O_WRONLY;
- break;
- case SA_RIGHT_FILE_WRITE_DATA|SA_RIGHT_FILE_READ_DATA:
+ if ((access_mask & SA_RIGHT_FILE_READ_EXEC) &&
+ (access_mask & SA_RIGHT_FILE_WRITE_DATA)) {
flags |= O_RDWR;
- break;
+ } else if (access_mask & SA_RIGHT_FILE_WRITE_DATA) {
+ flags |= O_WRONLY;
+ } else {
+ flags |= O_RDONLY;
}
/* handle creating a new file separately */
diff --git a/source4/ntvfs/posix/pvfs_read.c b/source4/ntvfs/posix/pvfs_read.c
index b36840cb15..734134368d 100644
--- a/source4/ntvfs/posix/pvfs_read.c
+++ b/source4/ntvfs/posix/pvfs_read.c
@@ -48,7 +48,7 @@ NTSTATUS pvfs_read(struct ntvfs_module_context *ntvfs,
return NT_STATUS_FILE_IS_A_DIRECTORY;
}
- if (!(f->access_mask & SA_RIGHT_FILE_READ_DATA)) {
+ if (!(f->access_mask & SA_RIGHT_FILE_READ_EXEC)) {
return NT_STATUS_ACCESS_VIOLATION;
}