svn commit: samba r4584 - in branches/SAMBA_4_0/source/ntvfs/posix:
.
tridge at samba.org
tridge at samba.org
Fri Jan 7 02:14:35 GMT 2005
Author: tridge
Date: 2005-01-07 02:14:34 +0000 (Fri, 07 Jan 2005)
New Revision: 4584
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4584
Log:
fix pvfs backend to pass the new enhanced RAW-ACLS test. Easy once I really the
strange behaviour I saw was a w2k3 bug :-)
Modified:
branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c
branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c
branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c
branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c
branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c
Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c 2005-01-07 02:13:07 UTC (rev 4583)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c 2005-01-07 02:14:34 UTC (rev 4584)
@@ -392,6 +392,8 @@
/* expand the generic access bits to file specific bits */
*access_mask = pvfs_translate_mask(*access_mask);
+ *access_mask &= ~SEC_FILE_READ_ATTRIBUTE;
+
/* check the acl against the required access mask */
status = sec_access_check(sd, token, *access_mask, access_mask);
@@ -424,7 +426,8 @@
*/
NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs,
struct smbsrv_request *req,
- struct pvfs_filename *name)
+ struct pvfs_filename *name,
+ uint32_t *access_mask)
{
struct pvfs_filename *parent;
NTSTATUS status;
@@ -434,10 +437,37 @@
return status;
}
- return pvfs_access_check_simple(pvfs, req, parent, SEC_DIR_ADD_FILE);
+ status = pvfs_access_check(pvfs, req, parent, access_mask);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ if (! ((*access_mask) & SEC_DIR_ADD_FILE)) {
+ return pvfs_access_check_simple(pvfs, req, name, SEC_DIR_ADD_FILE);
+ }
+
+ return status;
}
+/*
+ access check for creating a new file/directory - no access mask supplied
+*/
+NTSTATUS pvfs_access_check_create_nomask(struct pvfs_state *pvfs,
+ struct smbsrv_request *req,
+ struct pvfs_filename *name)
+{
+ struct pvfs_filename *parent;
+ NTSTATUS status;
+ status = pvfs_resolve_parent(pvfs, req, name, &parent);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
+ }
+
+ return pvfs_access_check_simple(pvfs, req, name, SEC_DIR_ADD_FILE);
+}
+
+
/*
determine if an ACE is inheritable
*/
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c 2005-01-07 02:13:07 UTC (rev 4583)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c 2005-01-07 02:14:34 UTC (rev 4584)
@@ -44,7 +44,7 @@
return NT_STATUS_OBJECT_NAME_COLLISION;
}
- status = pvfs_access_check_create(pvfs, req, name);
+ status = pvfs_access_check_create_nomask(pvfs, req, name);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -114,7 +114,7 @@
return NT_STATUS_OBJECT_NAME_COLLISION;
}
- status = pvfs_access_check_create(pvfs, req, name);
+ status = pvfs_access_check_create_nomask(pvfs, req, name);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2005-01-07 02:13:07 UTC (rev 4583)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_open.c 2005-01-07 02:14:34 UTC (rev 4584)
@@ -199,7 +199,7 @@
/* check the security descriptor */
status = pvfs_access_check(pvfs, req, name, &access_mask);
} else {
- status = pvfs_access_check_create(pvfs, req, name);
+ status = pvfs_access_check_create(pvfs, req, name, &access_mask);
}
if (!NT_STATUS_IS_OK(status)) {
idr_remove(pvfs->idtree_fnum, fnum);
@@ -452,23 +452,16 @@
mode_t mode;
uint32_t attrib;
- status = pvfs_access_check_create(pvfs, req, name);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
-
if ((io->ntcreatex.in.file_attr & FILE_ATTRIBUTE_READONLY) &&
(create_options & NTCREATEX_OPTIONS_DELETE_ON_CLOSE)) {
return NT_STATUS_CANNOT_DELETE;
}
- if (access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
- access_mask = SEC_RIGHTS_FILE_READ | SEC_RIGHTS_FILE_WRITE |
- SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL;
+ status = pvfs_access_check_create(pvfs, req, name, &access_mask);
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
- access_mask |= SEC_FILE_READ_ATTRIBUTE;
-
if (access_mask & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA)) {
flags = O_RDWR;
} else {
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c 2005-01-07 02:13:07 UTC (rev 4583)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c 2005-01-07 02:14:34 UTC (rev 4584)
@@ -281,7 +281,7 @@
return status;
}
- status = pvfs_access_check_create(pvfs, req, name2);
+ status = pvfs_access_check_create_nomask(pvfs, req, name2);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -360,7 +360,7 @@
switch (ren->ntrename.in.flags) {
case RENAME_FLAG_RENAME:
- status = pvfs_access_check_create(pvfs, req, name2);
+ status = pvfs_access_check_create_nomask(pvfs, req, name2);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -370,7 +370,7 @@
break;
case RENAME_FLAG_HARD_LINK:
- status = pvfs_access_check_create(pvfs, req, name2);
+ status = pvfs_access_check_create_nomask(pvfs, req, name2);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
@@ -380,7 +380,7 @@
break;
case RENAME_FLAG_COPY:
- status = pvfs_access_check_create(pvfs, req, name2);
+ status = pvfs_access_check_create_nomask(pvfs, req, name2);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c 2005-01-07 02:13:07 UTC (rev 4583)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c 2005-01-07 02:14:34 UTC (rev 4584)
@@ -139,7 +139,7 @@
}
}
- status = pvfs_access_check_create(pvfs, req, name2);
+ status = pvfs_access_check_create_nomask(pvfs, req, name2);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
More information about the samba-cvs
mailing list