From 3121249243f52dcbf8083f5ff137bd580515efa7 Mon Sep 17 00:00:00 2001
From: Jeremy Allison <jra@samba.org>
Date: Thu, 26 Feb 2009 11:42:23 -0800
Subject: Make us pass the RAW-RENAME torture test I just added.

Inside a directory, keep a file open and then renaming
the directory should fail with ACCESS_DENIED.

Jeremy.
---
 source3/smbd/files.c | 43 +++++++++++++++++++++++++++++++++++++++++++
 source3/smbd/reply.c | 10 ++++++++++
 2 files changed, 53 insertions(+)

(limited to 'source3/smbd')

diff --git a/source3/smbd/files.c b/source3/smbd/files.c
index efaadffc06..36e80a086a 100644
--- a/source3/smbd/files.c
+++ b/source3/smbd/files.c
@@ -355,6 +355,49 @@ files_struct *file_find_print(void)
 	return NULL;
 }
 
+/****************************************************************************
+ Find any fsp open with a pathname below that of an already open path.
+****************************************************************************/
+
+bool file_find_subpath(files_struct *dir_fsp)
+{
+	files_struct *fsp;
+	size_t dlen;
+	char *d_fullname = talloc_asprintf(talloc_tos(),
+					"%s/%s",
+					dir_fsp->conn->connectpath,
+					dir_fsp->fsp_name);
+
+	if (!d_fullname) {
+		return false;
+	}
+
+	dlen = strlen(d_fullname);
+
+	for (fsp=Files;fsp;fsp=fsp->next) {
+		char *d1_fullname;
+
+		if (fsp == dir_fsp) {
+			continue;
+		}
+
+		d1_fullname = talloc_asprintf(talloc_tos(),
+					"%s/%s",
+					fsp->conn->connectpath,
+					fsp->fsp_name);
+
+		if (strnequal(d_fullname, d1_fullname, dlen)) {
+			TALLOC_FREE(d_fullname);
+			TALLOC_FREE(d1_fullname);
+			return true;
+		}
+		TALLOC_FREE(d1_fullname);
+	} 
+
+	TALLOC_FREE(d_fullname);
+	return false;
+}
+
 /****************************************************************************
  Sync open files on a connection.
 ****************************************************************************/
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index 80ed019e0f..22e4c1aad7 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -2214,6 +2214,16 @@ static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp,
 	}
 
 	if (S_ISDIR(pst->st_mode)) {
+		if (fsp->posix_open) {
+			return NT_STATUS_OK;
+		}
+
+		/* If no pathnames are open below this
+		   directory, allow the rename. */
+
+		if (file_find_subpath(fsp)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
 		return NT_STATUS_OK;
 	}
 
-- 
cgit