svn commit: samba r4615 - in branches/SAMBA_4_0/source/ntvfs/posix: .

Sun Jan 9 08:27:36 GMT 2005

Author: tridge
Date: 2005-01-09 08:27:35 +0000 (Sun, 09 Jan 2005)
New Revision: 4615

WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=4615

Log:
added acl checking on directory search in pvfs


Modified:
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_search.c
   branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c


Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c
===================================================================

--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c	2005-01-09 07:39:31 UTC (rev 4614)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c	2005-01-09 08:27:35 UTC (rev 4615)
@@ -452,9 +452,10 @@
 /*
   access check for creating a new file/directory - no access mask supplied
 */
-NTSTATUS pvfs_access_check_create_nomask(struct pvfs_state *pvfs, 
-					 struct smbsrv_request *req,
-					 struct pvfs_filename *name)
+NTSTATUS pvfs_access_check_parent(struct pvfs_state *pvfs, 
+				  struct smbsrv_request *req,
+				  struct pvfs_filename *name,
+				  uint32_t access_mask)
 {
 	struct pvfs_filename *parent;
 	NTSTATUS status;
@@ -464,7 +465,7 @@
 		return status;
 	}
 
-	return pvfs_access_check_simple(pvfs, req, parent, SEC_DIR_ADD_FILE);
+	return pvfs_access_check_simple(pvfs, req, parent, access_mask);
 }
 
 

Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c	2005-01-09 07:39:31 UTC (rev 4614)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_mkdir.c	2005-01-09 08:27:35 UTC (rev 4615)
@@ -44,7 +44,7 @@
 		return NT_STATUS_OBJECT_NAME_COLLISION;
 	}
 
-	status = pvfs_access_check_create_nomask(pvfs, req, name);
+	status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_ADD_FILE);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -114,7 +114,7 @@
 		return NT_STATUS_OBJECT_NAME_COLLISION;
 	}
 
-	status = pvfs_access_check_create_nomask(pvfs, req, name);
+	status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_ADD_FILE);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}

Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c	2005-01-09 07:39:31 UTC (rev 4614)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_rename.c	2005-01-09 08:27:35 UTC (rev 4615)
@@ -22,8 +22,8 @@
 
 #include "includes.h"
 #include "vfs_posix.h"
+#include "librpc/gen_ndr/ndr_security.h"
 
-
 /*
   resolve a wildcard rename pattern. This works on one component of the name
 */
@@ -281,7 +281,7 @@
 		return status;
 	}
 
-	status = pvfs_access_check_create_nomask(pvfs, req, name2);
+	status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}
@@ -360,7 +360,7 @@
 
 	switch (ren->ntrename.in.flags) {
 	case RENAME_FLAG_RENAME:
-		status = pvfs_access_check_create_nomask(pvfs, req, name2);
+		status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
@@ -370,7 +370,7 @@
 		break;
 
 	case RENAME_FLAG_HARD_LINK:
-		status = pvfs_access_check_create_nomask(pvfs, req, name2);
+		status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}
@@ -380,7 +380,7 @@
 		break;
 
 	case RENAME_FLAG_COPY:
-		status = pvfs_access_check_create_nomask(pvfs, req, name2);
+		status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE);
 		if (!NT_STATUS_IS_OK(status)) {
 			return status;
 		}

Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_search.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_search.c	2005-01-09 07:39:31 UTC (rev 4614)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_search.c	2005-01-09 08:27:35 UTC (rev 4615)
@@ -24,6 +24,7 @@
 #include "vfs_posix.h"
 #include "system/time.h"
 #include "system/filesys.h"
+#include "librpc/gen_ndr/ndr_security.h"
 
 
 /* the state of a search started with pvfs_search_first() */
@@ -325,6 +326,11 @@
 		return STATUS_NO_MORE_FILES;
 	}
 
+	status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_TRAVERSE | SEC_DIR_LIST);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
 	/* we initially make search a child of the request, then if we
 	   need to keep it long term we steal it for the private
 	   structure */
@@ -461,6 +467,11 @@
 		return NT_STATUS_NO_SUCH_FILE;
 	}
 
+	status = pvfs_access_check_parent(pvfs, req, name, SEC_DIR_TRAVERSE | SEC_DIR_LIST);
+	if (!NT_STATUS_IS_OK(status)) {
+		return status;
+	}
+
 	/* we initially make search a child of the request, then if we
 	   need to keep it long term we steal it for the private
 	   structure */

Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c	2005-01-09 07:39:31 UTC (rev 4614)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_setfileinfo.c	2005-01-09 08:27:35 UTC (rev 4615)
@@ -139,7 +139,7 @@
 		}
 	}
 
-	status = pvfs_access_check_create_nomask(pvfs, req, name2);
+	status = pvfs_access_check_parent(pvfs, req, name2, SEC_DIR_ADD_FILE);
 	if (!NT_STATUS_IS_OK(status)) {
 		return status;
 	}

