svn commit: samba r18580 - in
branches/SAMBA_4_0/source/ntvfs/posix: .
tridge at samba.org
tridge at samba.org
Sat Sep 16 15:31:53 GMT 2006
Author: tridge
Date: 2006-09-16 15:31:53 +0000 (Sat, 16 Sep 2006)
New Revision: 18580
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18580
Log:
map the PVFS_FLAG_READONLY bit in the posix backend onto
NT_STATUS_ACCESS_DENIED in the access mask checks
Modified:
branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c
Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c 2006-09-16 14:58:51 UTC (rev 18579)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c 2006-09-16 15:31:53 UTC (rev 18580)
@@ -349,6 +349,13 @@
uid_t uid = geteuid();
uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL;
+ if ((pvfs->flags & PVFS_FLAG_READONLY) &&
+ ((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
+ SEC_DIR_DELETE_CHILD))) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
/* owner and root get extra permissions */
if (uid == 0) {
max_bits |= SEC_STD_ALL | SEC_FLAG_SYSTEM_SECURITY;
@@ -390,6 +397,13 @@
NTSTATUS status;
struct security_descriptor *sd;
+ if ((pvfs->flags & PVFS_FLAG_READONLY) &&
+ ((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
+ SEC_DIR_DELETE_CHILD))) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
acl = talloc(req, struct xattr_NTACL);
if (acl == NULL) {
return NT_STATUS_NO_MEMORY;
More information about the samba-cvs
mailing list