svn commit: samba r18581 - in
branches/SAMBA_4_0/source/ntvfs/posix: .
tridge at samba.org
tridge at samba.org
Sat Sep 16 15:37:45 GMT 2006
Author: tridge
Date: 2006-09-16 15:37:45 +0000 (Sat, 16 Sep 2006)
New Revision: 18581
WebSVN: http://websvn.samba.org/cgi-bin/viewcvs.cgi?view=rev&root=samba&rev=18581
Log:
also check for SEC_STD_DELETE, and split out the check into a separate
static function
Modified:
branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c
Changeset:
Modified: branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c
===================================================================
--- branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c 2006-09-16 15:31:53 UTC (rev 18580)
+++ branches/SAMBA_4_0/source/ntvfs/posix/pvfs_acl.c 2006-09-16 15:37:45 UTC (rev 18581)
@@ -336,6 +336,25 @@
/*
+ check the read only bit against any of the write access bits
+*/
+static BOOL pvfs_read_only(struct pvfs_state *pvfs, uint32_t access_mask)
+{
+ if ((pvfs->flags & PVFS_FLAG_READONLY) &&
+ (access_mask & (SEC_FILE_WRITE_DATA |
+ SEC_FILE_APPEND_DATA |
+ SEC_FILE_WRITE_EA |
+ SEC_FILE_WRITE_ATTRIBUTE |
+ SEC_STD_DELETE |
+ SEC_STD_WRITE_DAC |
+ SEC_STD_WRITE_OWNER |
+ SEC_DIR_DELETE_CHILD))) {
+ return True;
+ }
+ return False;
+}
+
+/*
default access check function based on unix permissions
doing this saves on building a full security descriptor
for the common case of access check on files with no
@@ -349,10 +368,7 @@
uid_t uid = geteuid();
uint32_t max_bits = SEC_RIGHTS_FILE_READ | SEC_FILE_ALL;
- if ((pvfs->flags & PVFS_FLAG_READONLY) &&
- ((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
- SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
- SEC_DIR_DELETE_CHILD))) {
+ if (pvfs_read_only(pvfs, *access_mask)) {
return NT_STATUS_ACCESS_DENIED;
}
@@ -397,10 +413,7 @@
NTSTATUS status;
struct security_descriptor *sd;
- if ((pvfs->flags & PVFS_FLAG_READONLY) &&
- ((*access_mask) & (SEC_FILE_WRITE_DATA | SEC_FILE_APPEND_DATA |
- SEC_FILE_WRITE_EA | SEC_FILE_WRITE_ATTRIBUTE |
- SEC_DIR_DELETE_CHILD))) {
+ if (pvfs_read_only(pvfs, *access_mask)) {
return NT_STATUS_ACCESS_DENIED;
}
More information about the samba-cvs
mailing list