From e913a48ded85e7baf91a355fff46fe270afed936 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 30 Dec 2004 05:50:23 +0000 Subject: r4408: added the remaining access check hooks into pvfs. All calls should now have acl checking, and obey the various inheritance rules. (This used to be commit 5fe51807d6b97e68b65f152c0f405e5c5a025d21) --- source4/ntvfs/posix/pvfs_qfileinfo.c | 37 ++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) (limited to 'source4/ntvfs/posix/pvfs_qfileinfo.c') diff --git a/source4/ntvfs/posix/pvfs_qfileinfo.c b/source4/ntvfs/posix/pvfs_qfileinfo.c index 75a9909492..dae9ca649c 100644 --- a/source4/ntvfs/posix/pvfs_qfileinfo.c +++ b/source4/ntvfs/posix/pvfs_qfileinfo.c @@ -24,6 +24,31 @@ #include "vfs_posix.h" #include "librpc/gen_ndr/ndr_xattr.h" + +/* + determine what access bits are needed for a call +*/ +static uint32_t pvfs_fileinfo_access(enum smb_fileinfo_level level) +{ + uint32_t needed; + + switch (level) { + case RAW_FILEINFO_EA_LIST: + case RAW_FILEINFO_ALL_EAS: + needed = SEC_FILE_READ_EA; + break; + + case RAW_FILEINFO_IS_NAME_VALID: + needed = 0; + break; + + default: + needed = SEC_FILE_READ_ATTRIBUTE; + break; + } + return needed; +} + /* reply to a RAW_FILEINFO_EA_LIST call */ @@ -269,6 +294,12 @@ NTSTATUS pvfs_qpathinfo(struct ntvfs_module_context *ntvfs, return NT_STATUS_OBJECT_NAME_NOT_FOUND; } + status = pvfs_access_check_simple(pvfs, req, name, + pvfs_fileinfo_access(info->generic.level)); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + status = pvfs_map_fileinfo(pvfs, req, name, info, -1); return status; @@ -284,6 +315,7 @@ NTSTATUS pvfs_qfileinfo(struct ntvfs_module_context *ntvfs, struct pvfs_file *f; struct pvfs_file_handle *h; NTSTATUS status; + uint32_t access_needed; f = pvfs_find_fd(pvfs, req, info->generic.in.fnum); if (!f) { @@ -291,6 +323,11 @@ NTSTATUS pvfs_qfileinfo(struct ntvfs_module_context *ntvfs, } h = f->handle; + access_needed = pvfs_fileinfo_access(info->generic.level); + if (!(f->access_mask & access_needed)) { + return NT_STATUS_ACCESS_DENIED; + } + /* update the file information */ status = pvfs_resolve_name_fd(pvfs, h->fd, h->name); if (!NT_STATUS_IS_OK(status)) { -- cgit