summaryrefslogtreecommitdiff
path: root/source3/smbd/open.c
diff options
context:
space:
mode:
Diffstat (limited to 'source3/smbd/open.c')
-rw-r--r--source3/smbd/open.c71
1 files changed, 35 insertions, 36 deletions
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index db4831d3d2..d9491b5f04 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1479,9 +1479,10 @@ static void schedule_defer_open(struct share_mode_lock *lck,
static NTSTATUS smbd_calculate_maximum_allowed_access(
connection_struct *conn,
const struct smb_filename *smb_fname,
- bool file_existed,
uint32_t *p_access_mask)
{
+ struct security_descriptor *sd;
+ uint32_t access_granted;
NTSTATUS status;
if (get_current_uid(conn) == (uid_t)0) {
@@ -1489,47 +1490,45 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
return NT_STATUS_OK;
}
- if (file_existed) {
- struct security_descriptor *sd;
- uint32_t access_granted = 0;
-
- status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
- (SECINFO_OWNER |
- SECINFO_GROUP |
- SECINFO_DACL),&sd);
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10,("smbd_calculate_access_mask: "
- "Could not get acl on file %s: %s\n",
- smb_fname_str_dbg(smb_fname),
- nt_errstr(status)));
- return NT_STATUS_ACCESS_DENIED;
- }
+ status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
+ (SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL),&sd);
+ if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
/*
- * Never test FILE_READ_ATTRIBUTES. se_access_check()
- * also takes care of owner WRITE_DAC and READ_CONTROL.
+ * File did not exist
*/
- status = se_access_check(sd,
- get_current_nttok(conn),
- (*p_access_mask & ~FILE_READ_ATTRIBUTES),
- &access_granted);
+ *p_access_mask = FILE_GENERIC_ALL;
+ return NT_STATUS_OK;
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("smbd_calculate_access_mask: "
+ "Could not get acl on file %s: %s\n",
+ smb_fname_str_dbg(smb_fname),
+ nt_errstr(status)));
+ return NT_STATUS_ACCESS_DENIED;
+ }
- TALLOC_FREE(sd);
+ /*
+ * Never test FILE_READ_ATTRIBUTES. se_access_check()
+ * also takes care of owner WRITE_DAC and READ_CONTROL.
+ */
+ status = se_access_check(sd,
+ get_current_nttok(conn),
+ (*p_access_mask & ~FILE_READ_ATTRIBUTES),
+ &access_granted);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("smbd_calculate_access_mask: "
- "Access denied on file %s: "
- "when calculating maximum access\n",
- smb_fname_str_dbg(smb_fname)));
- return NT_STATUS_ACCESS_DENIED;
- }
+ TALLOC_FREE(sd);
- *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES);
- return NT_STATUS_OK;
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("smbd_calculate_access_mask: "
+ "Access denied on file %s: "
+ "when calculating maximum access\n",
+ smb_fname_str_dbg(smb_fname)));
+ return NT_STATUS_ACCESS_DENIED;
}
-
- *p_access_mask = FILE_GENERIC_ALL;
+ *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES);
return NT_STATUS_OK;
}
@@ -1553,7 +1552,7 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
status = smbd_calculate_maximum_allowed_access(
- conn, smb_fname, file_existed, &access_mask);
+ conn, smb_fname, &access_mask);
if (!NT_STATUS_IS_OK(status)) {
return status;