diff options
Diffstat (limited to 'source4/ntvfs/posix/pvfs_open.c')
-rw-r--r-- | source4/ntvfs/posix/pvfs_open.c | 18 |
1 files changed, 14 insertions, 4 deletions
diff --git a/source4/ntvfs/posix/pvfs_open.c b/source4/ntvfs/posix/pvfs_open.c index 1695d8e1d9..3941414cd8 100644 --- a/source4/ntvfs/posix/pvfs_open.c +++ b/source4/ntvfs/posix/pvfs_open.c @@ -198,10 +198,12 @@ static NTSTATUS pvfs_open_directory(struct pvfs_state *pvfs, if (name->exists) { /* check the security descriptor */ status = pvfs_access_check(pvfs, req, name, &access_mask); - if (!NT_STATUS_IS_OK(status)) { - idr_remove(pvfs->idtree_fnum, fnum); - return status; - } + } else { + status = pvfs_access_check_create(pvfs, req, name); + } + if (!NT_STATUS_IS_OK(status)) { + idr_remove(pvfs->idtree_fnum, fnum); + return status; } f->fnum = fnum; @@ -450,6 +452,11 @@ static NTSTATUS pvfs_create_file(struct pvfs_state *pvfs, mode_t mode; uint32_t attrib; + status = pvfs_access_check_create(pvfs, req, name); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + if ((io->ntcreatex.in.file_attr & FILE_ATTRIBUTE_READONLY) && (create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE)) { return NT_STATUS_CANNOT_DELETE; @@ -1065,6 +1072,9 @@ NTSTATUS pvfs_open(struct ntvfs_module_context *ntvfs, /* if this was a stream create then create the stream as well */ if (!name->stream_exists) { + if (!(access_mask & SEC_FILE_WRITE_ATTRIBUTE)) { + return NT_STATUS_ACCESS_DENIED; + } status = pvfs_stream_create(pvfs, f->handle->name, fd); if (!NT_STATUS_IS_OK(status)) { talloc_free(lck); |