From b430b382202858a6c52c1cacbb91910b2dd7e16c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Fri, 2 May 2008 17:22:10 -0700 Subject: Remove the "stat_open()" function, flag, and all associated code. It was only being (correctly) used in the can_read/can_write checks for hide unreadable/unwritable and this is more properly done using the functions in smbd/file_access.c. Preparing to do NT access checks on all file access. Jeremy. (This used to be commit 6bfb06ad95963ae2acb67c4694a98282d3b29faa) --- source3/include/smb.h | 1 - source3/locking/locking.c | 4 --- source3/rpc_server/srv_srvsvc_nt.c | 11 ++++-- source3/smbd/close.c | 16 --------- source3/smbd/dir.c | 68 ++------------------------------------ source3/smbd/file_access.c | 8 ++--- source3/smbd/files.c | 1 - source3/smbd/open.c | 56 +------------------------------ 8 files changed, 16 insertions(+), 149 deletions(-) diff --git a/source3/include/smb.h b/source3/include/smb.h index 598708bfe3..ce91d81c2d 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -508,7 +508,6 @@ typedef struct files_struct { bool print_file; bool modified; bool is_directory; - bool is_stat; bool aio_write_behind; bool lockdb_clean; bool initial_delete_on_close; /* Only set at NTCreateX if file was created. */ diff --git a/source3/locking/locking.c b/source3/locking/locking.c index 5faebef1fe..17131d9194 100644 --- a/source3/locking/locking.c +++ b/source3/locking/locking.c @@ -1363,10 +1363,6 @@ bool set_delete_on_close(files_struct *fsp, bool delete_on_close, UNIX_USER_TOKE delete_on_close ? "Adding" : "Removing", fsp->fnum, fsp->fsp_name )); - if (fsp->is_stat) { - return True; - } - lck = get_share_mode_lock(talloc_tos(), fsp->file_id, NULL, NULL, NULL); if (lck == NULL) { diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c index 7188360f69..1b578cc9f8 100644 --- a/source3/rpc_server/srv_srvsvc_nt.c +++ b/source3/rpc_server/srv_srvsvc_nt.c @@ -2206,13 +2206,20 @@ WERROR _srvsvc_NetSetFileSecurity(pipes_struct *p, goto error_exit; } - nt_status = open_file_stat(conn, NULL, filename, &st, &fsp); + nt_status = open_file_ntcreate(conn, NULL, filename, &st, + FILE_WRITE_ATTRIBUTES, + FILE_SHARE_READ|FILE_SHARE_WRITE, + FILE_OPEN, + 0, + FILE_ATTRIBUTE_NORMAL, + INTERNAL_OPEN_ONLY, + NULL, &fsp); if ( !NT_STATUS_IS_OK(nt_status) ) { /* Perhaps it is a directory */ if (NT_STATUS_EQUAL(nt_status, NT_STATUS_FILE_IS_A_DIRECTORY)) nt_status = open_directory(conn, NULL, filename, &st, - FILE_READ_ATTRIBUTES, + FILE_WRITE_ATTRIBUTES, FILE_SHARE_READ|FILE_SHARE_WRITE, FILE_OPEN, 0, diff --git a/source3/smbd/close.c b/source3/smbd/close.c index 3afc037f69..e27d5c44fa 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -702,20 +702,6 @@ static NTSTATUS close_directory(files_struct *fsp, enum file_close_type close_ty return status; } -/**************************************************************************** - Close a 'stat file' opened internally. -****************************************************************************/ - -static NTSTATUS close_stat(files_struct *fsp) -{ - /* - * Do the code common to files and directories. - */ - close_filestruct(fsp); - file_free(fsp); - return NT_STATUS_OK; -} - /**************************************************************************** Close a files_struct. ****************************************************************************/ @@ -727,8 +713,6 @@ NTSTATUS close_file(files_struct *fsp, enum file_close_type close_type) if(fsp->is_directory) { status = close_directory(fsp, close_type); - } else if (fsp->is_stat) { - status = close_stat(fsp); } else if (fsp->fake_file_handle != NULL) { status = close_fake_file(fsp); } else { diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 6e02401e25..7d584977df 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -925,11 +925,6 @@ bool get_dir_entry(TALLOC_CTX *ctx, static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst) { - SEC_DESC *psd = NULL; - files_struct *fsp; - NTSTATUS status; - uint32 access_granted; - /* * If user is a member of the Admin group * we never hide files from them. @@ -941,36 +936,7 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S SMB_ASSERT(VALID_STAT(*pst)); - /* Pseudo-open the file (note - no fd's created). */ - - if(S_ISDIR(pst->st_mode)) { - status = open_directory(conn, NULL, name, pst, - READ_CONTROL_ACCESS, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, - 0, /* no create options. */ - FILE_ATTRIBUTE_DIRECTORY, - NULL, &fsp); - } else { - status = open_file_stat(conn, NULL, name, pst, &fsp); - } - - if (!NT_STATUS_IS_OK(status)) { - return False; - } - - /* Get NT ACL -allocated in main loop talloc context. No free needed here. */ - status = SMB_VFS_FGET_NT_ACL(fsp, - (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd); - close_file(fsp, NORMAL_CLOSE); - - /* No access if SD get failed. */ - if (!NT_STATUS_IS_OK(status)) { - return False; - } - - return se_access_check(psd, current_user.nt_user_token, FILE_READ_DATA, - &access_granted, &status); + return can_access_file_acl(conn, name, pst, FILE_READ_DATA); } /******************************************************************* @@ -982,12 +948,6 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst) { - SEC_DESC *psd = NULL; - files_struct *fsp; - int info; - NTSTATUS status; - uint32 access_granted; - /* * If user is a member of the Admin group * we never hide files from them. @@ -1003,33 +963,9 @@ static bool user_can_write_file(connection_struct *conn, char *name, SMB_STRUCT_ if(S_ISDIR(pst->st_mode)) { return True; - } else { - status = open_file_ntcreate(conn, NULL, name, pst, - FILE_WRITE_ATTRIBUTES, - FILE_SHARE_READ|FILE_SHARE_WRITE, - FILE_OPEN, - 0, - FILE_ATTRIBUTE_NORMAL, - INTERNAL_OPEN_ONLY, - &info, &fsp); - } - - if (!NT_STATUS_IS_OK(status)) { - return False; - } - - /* Get NT ACL -allocated in main loop talloc context. No free needed here. */ - status = SMB_VFS_FGET_NT_ACL(fsp, - (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|DACL_SECURITY_INFORMATION), &psd); - close_file(fsp, NORMAL_CLOSE); - - /* No access if SD get failed. */ - if (!NT_STATUS_IS_OK(status)) { - return False; } - return se_access_check(psd, current_user.nt_user_token, FILE_WRITE_DATA, - &access_granted, &status); + return can_write_to_file(conn, name, pst); } /******************************************************************* diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 4c07bc5a61..71f3291b9b 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -25,7 +25,7 @@ extern struct current_user current_user; #undef DBGC_CLASS #define DBGC_CLASS DBGC_ACLS -static bool can_access_file_acl(struct connection_struct *conn, +bool can_access_file_acl(struct connection_struct *conn, const char * fname, SMB_STRUCT_STAT *psbuf, uint32_t access_mask) { @@ -125,7 +125,7 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname) Note this doesn't take into account share write permissions. ****************************************************************************/ -bool can_access_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf, uint32 access_mask) +bool can_access_file_data(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf, uint32 access_mask) { if (!(access_mask & (FILE_READ_DATA|FILE_WRITE_DATA))) { return False; @@ -134,7 +134,7 @@ bool can_access_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT /* some fast paths first */ - DEBUG(10,("can_access_file: requesting 0x%x on file %s\n", + DEBUG(10,("can_access_file_data: requesting 0x%x on file %s\n", (unsigned int)access_mask, fname )); if (current_user.ut.uid == 0 || conn->admin_user) { @@ -180,7 +180,7 @@ bool can_access_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT bool can_write_to_file(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf) { - return can_access_file(conn, fname, psbuf, FILE_WRITE_DATA); + return can_access_file_data(conn, fname, psbuf, FILE_WRITE_DATA); } /**************************************************************************** diff --git a/source3/smbd/files.c b/source3/smbd/files.c index d6e91c67be..17c473f028 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -539,7 +539,6 @@ NTSTATUS dup_file_fsp(files_struct *fsp, dup_fsp->print_file = fsp->print_file; dup_fsp->modified = fsp->modified; dup_fsp->is_directory = fsp->is_directory; - dup_fsp->is_stat = fsp->is_stat; dup_fsp->aio_write_behind = fsp->aio_write_behind; string_set(&dup_fsp->fsp_name,fsp->fsp_name); diff --git a/source3/smbd/open.c b/source3/smbd/open.c index dd518b90de..5c860f891d 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -391,7 +391,6 @@ static NTSTATUS open_file(files_struct *fsp, fsp->modified = False; fsp->sent_oplock_break = NO_BREAK_SENT; fsp->is_directory = False; - fsp->is_stat = False; if (conn->aio_write_behind_list && is_in_path(path, conn->aio_write_behind_list, conn->case_sensitive)) { fsp->aio_write_behind = True; @@ -1571,7 +1570,7 @@ NTSTATUS open_file_ntcreate(connection_struct *conn, } if (((can_access_mask & FILE_WRITE_DATA) && !CAN_WRITE(conn)) || - !can_access_file(conn,fname,psbuf,can_access_mask)) { + !can_access_file_data(conn,fname,psbuf,can_access_mask)) { can_access = False; } @@ -2223,7 +2222,6 @@ NTSTATUS open_directory(connection_struct *conn, fsp->oplock_type = NO_OPLOCK; fsp->sent_oplock_break = NO_BREAK_SENT; fsp->is_directory = True; - fsp->is_stat = False; fsp->posix_open = (file_attributes & FILE_FLAG_POSIX_SEMANTICS) ? True : False; string_set(&fsp->fsp_name,fname); @@ -2305,58 +2303,6 @@ NTSTATUS create_directory(connection_struct *conn, struct smb_request *req, cons return status; } -/**************************************************************************** - Open a pseudo-file (no locking checks - a 'stat' open). -****************************************************************************/ - -NTSTATUS open_file_stat(connection_struct *conn, struct smb_request *req, - const char *fname, SMB_STRUCT_STAT *psbuf, - files_struct **result) -{ - files_struct *fsp = NULL; - NTSTATUS status; - - if (!VALID_STAT(*psbuf)) { - return NT_STATUS_INVALID_PARAMETER; - } - - /* Can't 'stat' open directories. */ - if(S_ISDIR(psbuf->st_mode)) { - return NT_STATUS_FILE_IS_A_DIRECTORY; - } - - status = file_new(conn, &fsp); - if(!NT_STATUS_IS_OK(status)) { - return status; - } - - DEBUG(5,("open_file_stat: 'opening' file %s\n", fname)); - - /* - * Setup the files_struct for it. - */ - - fsp->mode = psbuf->st_mode; - fsp->file_id = vfs_file_id_from_sbuf(conn, psbuf); - fsp->vuid = req ? req->vuid : UID_FIELD_INVALID; - fsp->file_pid = req ? req->smbpid : 0; - fsp->can_lock = False; - fsp->can_read = False; - fsp->can_write = False; - fsp->print_file = False; - fsp->modified = False; - fsp->oplock_type = NO_OPLOCK; - fsp->sent_oplock_break = NO_BREAK_SENT; - fsp->is_directory = False; - fsp->is_stat = True; - string_set(&fsp->fsp_name,fname); - - conn->num_files_open++; - - *result = fsp; - return NT_STATUS_OK; -} - /**************************************************************************** Receive notification that one of our open files has been renamed by another smbd process. -- cgit