[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-2902-g7d5fb87
Michael Adam
obnox at samba.org
Tue Jun 17 22:21:20 GMT 2008
The branch, v3-3-test has been updated
via 7d5fb873bde0a84de522650945effeaf602c759e (commit)
via 3c349f773a52e3de693d3bb79f5060c9f1e01e41 (commit)
via 5931540fa1681f026fed42df387d17e43c493c47 (commit)
from b9f6904044889328ded229b7ff04d31218f4fef8 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit 7d5fb873bde0a84de522650945effeaf602c759e
Author: Michael Adam <obnox at samba.org>
Date: Wed Jun 18 00:06:46 2008 +0200
file_access: add a function header comment for can_access_file_acl().
Michael
commit 3c349f773a52e3de693d3bb79f5060c9f1e01e41
Author: Michael Adam <obnox at samba.org>
Date: Wed Jun 18 00:02:28 2008 +0200
smbd/dir.c: remove unneeded stat buf parameter from user_can_read_file()
This is not needed anymore since user_can_access_file_acl() ist used.
Michael
commit 5931540fa1681f026fed42df387d17e43c493c47
Author: Michael Adam <obnox at samba.org>
Date: Tue Jun 17 23:58:49 2008 +0200
file_access: remove unneeded stat buf parameter from can_access_file_acl().
This is a security descriptor level function only.
Michael
-----------------------------------------------------------------------
Summary of changes:
source/include/proto.h | 2 +-
source/smbd/dir.c | 8 +++-----
source/smbd/file_access.c | 9 ++++++---
3 files changed, 10 insertions(+), 9 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/include/proto.h b/source/include/proto.h
index de40ff6..70eaf32 100644
--- a/source/include/proto.h
+++ b/source/include/proto.h
@@ -9641,7 +9641,7 @@ NTSTATUS close_fake_file(files_struct *fsp);
/* The following definitions come from smbd/file_access.c */
bool can_access_file_acl(struct connection_struct *conn,
- const char * fname, SMB_STRUCT_STAT *psbuf,
+ const char * fname,
uint32_t access_mask);
bool can_delete_file_in_directory(connection_struct *conn, const char *fname);
bool can_access_file_data(connection_struct *conn, const char *fname, SMB_STRUCT_STAT *psbuf, uint32 access_mask);
diff --git a/source/smbd/dir.c b/source/smbd/dir.c
index caa1c41..74cd63d 100644
--- a/source/smbd/dir.c
+++ b/source/smbd/dir.c
@@ -921,7 +921,7 @@ bool get_dir_entry(TALLOC_CTX *ctx,
use it for anything security sensitive.
********************************************************************/
-static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_STAT *pst)
+static bool user_can_read_file(connection_struct *conn, char *name)
{
/*
* If user is a member of the Admin group
@@ -932,9 +932,7 @@ static bool user_can_read_file(connection_struct *conn, char *name, SMB_STRUCT_S
return True;
}
- SMB_ASSERT(VALID_STAT(*pst));
-
- return can_access_file_acl(conn, name, pst, FILE_READ_DATA);
+ return can_access_file_acl(conn, name, FILE_READ_DATA);
}
/*******************************************************************
@@ -1037,7 +1035,7 @@ bool is_visible_file(connection_struct *conn, const char *dir_path, const char *
}
/* Honour _hide unreadable_ option */
- if (hide_unreadable && !user_can_read_file(conn, entry, pst)) {
+ if (hide_unreadable && !user_can_read_file(conn, entry)) {
DEBUG(10,("is_visible_file: file %s is unreadable.\n", entry ));
SAFE_FREE(entry);
return False;
diff --git a/source/smbd/file_access.c b/source/smbd/file_access.c
index f72d6d1..0552a16 100644
--- a/source/smbd/file_access.c
+++ b/source/smbd/file_access.c
@@ -23,8 +23,11 @@
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_ACLS
+/**
+ * Security descriptor / NT Token level access check function.
+ */
bool can_access_file_acl(struct connection_struct *conn,
- const char * fname, SMB_STRUCT_STAT *psbuf,
+ const char * fname,
uint32_t access_mask)
{
bool result;
@@ -114,7 +117,7 @@ bool can_delete_file_in_directory(connection_struct *conn, const char *fname)
/* now for ACL checks */
- return can_access_file_acl(conn, dname, &sbuf, FILE_WRITE_DATA);
+ return can_access_file_acl(conn, dname, FILE_WRITE_DATA);
}
/****************************************************************************
@@ -168,7 +171,7 @@ bool can_access_file_data(connection_struct *conn, const char *fname, SMB_STRUCT
/* now for ACL checks */
- return can_access_file_acl(conn, fname, psbuf, access_mask);
+ return can_access_file_acl(conn, fname, access_mask);
}
/****************************************************************************
--
Samba Shared Repository
More information about the samba-cvs
mailing list