From 3c4af39aa506a25fc6d6753dbe34e4e1c0dd0b43 Mon Sep 17 00:00:00 2001 From: Andrew Tridgell Date: Thu, 1 Dec 2011 13:40:49 +1100 Subject: s4-ntvfs: added allow_override check based on use of NT ACL This disables the posix permission override if the calculated permissions did not come from a NT ACL. Autobuild-User: Andrew Tridgell Autobuild-Date: Thu Dec 1 05:14:49 CET 2011 on sn-devel-104 --- source4/ntvfs/posix/pvfs_sys.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) (limited to 'source4/ntvfs/posix/pvfs_sys.c') diff --git a/source4/ntvfs/posix/pvfs_sys.c b/source4/ntvfs/posix/pvfs_sys.c index f110590153..9112848bfe 100644 --- a/source4/ntvfs/posix/pvfs_sys.c +++ b/source4/ntvfs/posix/pvfs_sys.c @@ -256,7 +256,7 @@ static int pvfs_sys_chown(struct pvfs_state *pvfs, struct pvfs_sys_ctx *ctx, con /* wrap open for system override */ -int pvfs_sys_open(struct pvfs_state *pvfs, const char *filename, int flags, mode_t mode) +int pvfs_sys_open(struct pvfs_state *pvfs, const char *filename, int flags, mode_t mode, bool allow_override) { int fd, ret; struct pvfs_sys_ctx *ctx; @@ -267,7 +267,7 @@ int pvfs_sys_open(struct pvfs_state *pvfs, const char *filename, int flags, mode fd = open(filename, flags, mode); if (fd != -1 || - !(pvfs->flags & PVFS_FLAG_PERM_OVERRIDE) || + !allow_override || errno != EACCES) { return fd; } @@ -366,7 +366,7 @@ int pvfs_sys_open(struct pvfs_state *pvfs, const char *filename, int flags, mode /* wrap unlink for system override */ -int pvfs_sys_unlink(struct pvfs_state *pvfs, const char *filename) +int pvfs_sys_unlink(struct pvfs_state *pvfs, const char *filename, bool allow_override) { int ret; struct pvfs_sys_ctx *ctx; @@ -376,7 +376,7 @@ int pvfs_sys_unlink(struct pvfs_state *pvfs, const char *filename) ret = unlink(filename); if (ret != -1 || - !(pvfs->flags & PVFS_FLAG_PERM_OVERRIDE) || + !allow_override || errno != EACCES) { return ret; } @@ -415,7 +415,7 @@ static bool contains_symlink(const char *path) /* wrap rename for system override */ -int pvfs_sys_rename(struct pvfs_state *pvfs, const char *name1, const char *name2) +int pvfs_sys_rename(struct pvfs_state *pvfs, const char *name1, const char *name2, bool allow_override) { int ret; struct pvfs_sys_ctx *ctx; @@ -425,7 +425,7 @@ int pvfs_sys_rename(struct pvfs_state *pvfs, const char *name1, const char *name ret = rename(name1, name2); if (ret != -1 || - !(pvfs->flags & PVFS_FLAG_PERM_OVERRIDE) || + !allow_override || errno != EACCES) { return ret; } @@ -480,7 +480,7 @@ int pvfs_sys_rename(struct pvfs_state *pvfs, const char *name1, const char *name /* wrap mkdir for system override */ -int pvfs_sys_mkdir(struct pvfs_state *pvfs, const char *dirname, mode_t mode) +int pvfs_sys_mkdir(struct pvfs_state *pvfs, const char *dirname, mode_t mode, bool allow_override) { int ret; struct pvfs_sys_ctx *ctx; @@ -490,7 +490,7 @@ int pvfs_sys_mkdir(struct pvfs_state *pvfs, const char *dirname, mode_t mode) ret = mkdir(dirname, mode); if (ret != -1 || - !(pvfs->flags & PVFS_FLAG_PERM_OVERRIDE) || + !allow_override || errno != EACCES) { return ret; } @@ -525,7 +525,7 @@ int pvfs_sys_mkdir(struct pvfs_state *pvfs, const char *dirname, mode_t mode) /* wrap rmdir for system override */ -int pvfs_sys_rmdir(struct pvfs_state *pvfs, const char *dirname) +int pvfs_sys_rmdir(struct pvfs_state *pvfs, const char *dirname, bool allow_override) { int ret; struct pvfs_sys_ctx *ctx; @@ -535,7 +535,7 @@ int pvfs_sys_rmdir(struct pvfs_state *pvfs, const char *dirname) ret = rmdir(dirname); if (ret != -1 || - !(pvfs->flags & PVFS_FLAG_PERM_OVERRIDE) || + !allow_override || errno != EACCES) { return ret; } @@ -563,7 +563,7 @@ int pvfs_sys_rmdir(struct pvfs_state *pvfs, const char *dirname) /* wrap fchmod for system override */ -int pvfs_sys_fchmod(struct pvfs_state *pvfs, int fd, mode_t mode) +int pvfs_sys_fchmod(struct pvfs_state *pvfs, int fd, mode_t mode, bool allow_override) { int ret; struct pvfs_sys_ctx *ctx; @@ -573,7 +573,7 @@ int pvfs_sys_fchmod(struct pvfs_state *pvfs, int fd, mode_t mode) ret = fchmod(fd, mode); if (ret != -1 || - !(pvfs->flags & PVFS_FLAG_PERM_OVERRIDE) || + !allow_override || errno != EACCES) { return ret; } @@ -602,7 +602,7 @@ int pvfs_sys_fchmod(struct pvfs_state *pvfs, int fd, mode_t mode) /* wrap chmod for system override */ -int pvfs_sys_chmod(struct pvfs_state *pvfs, const char *filename, mode_t mode) +int pvfs_sys_chmod(struct pvfs_state *pvfs, const char *filename, mode_t mode, bool allow_override) { int ret; struct pvfs_sys_ctx *ctx; @@ -612,7 +612,7 @@ int pvfs_sys_chmod(struct pvfs_state *pvfs, const char *filename, mode_t mode) ret = chmod(filename, mode); if (ret != -1 || - !(pvfs->flags & PVFS_FLAG_PERM_OVERRIDE) || + !allow_override || errno != EACCES) { return ret; } -- cgit