[SCM] Samba Shared Repository - branch v3-3-test updated -
release-3-2-0pre2-4330-ge63f1b2
Jeremy Allison
jra at samba.org
Tue Nov 4 07:19:44 GMT 2008
The branch, v3-3-test has been updated
via e63f1b2905340af79768a0333c03f56633c6a682 (commit)
from adbab86c4c3adb6c0750f081efe4cba242761213 (commit)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-3-test
- Log -----------------------------------------------------------------
commit e63f1b2905340af79768a0333c03f56633c6a682
Author: Jeremy Allison <jra at samba.org>
Date: Mon Nov 3 23:19:29 2008 -0800
Pass the directory versions of the RAW-ACL (still not inheritance). Refactor some common code between open_file_ntcreate() and open_directory().
Jeremy.
-----------------------------------------------------------------------
Summary of changes:
source/smbd/open.c | 126 ++++++++++++++++++++++++++++++++++------------------
1 files changed, 83 insertions(+), 43 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source/smbd/open.c b/source/smbd/open.c
index eda88fa..967e0c5 100644
--- a/source/smbd/open.c
+++ b/source/smbd/open.c
@@ -1125,6 +1125,65 @@ static void schedule_defer_open(struct share_mode_lock *lck,
}
/****************************************************************************
+ Work out what access_mask to use from what the client sent us.
+****************************************************************************/
+
+static NTSTATUS calculate_access_mask(connection_struct *conn,
+ const char *fname,
+ bool file_existed,
+ uint32_t access_mask,
+ uint32_t *access_mask_out)
+{
+ NTSTATUS status;
+
+ /*
+ * Convert GENERIC bits to specific bits.
+ */
+
+ se_map_generic(&access_mask, &file_generic_mapping);
+
+ /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
+ if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
+ if (file_existed) {
+ struct security_descriptor *sd;
+ uint32_t access_granted = 0;
+
+ status = SMB_VFS_GET_NT_ACL(conn, fname,
+ (OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION |
+ DACL_SECURITY_INFORMATION),&sd);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("calculate_access_mask: Could not get acl "
+ "on file %s: %s\n",
+ fname,
+ nt_errstr(status)));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ status = se_access_check(sd, conn->server_info->ptok,
+ access_mask, &access_granted);
+
+ TALLOC_FREE(sd);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("calculate_access_mask: Access denied on "
+ "file %s: when calculating maximum access\n",
+ fname));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ access_mask = access_granted;
+ } else {
+ access_mask = FILE_GENERIC_ALL;
+ }
+ }
+
+ *access_mask_out = access_mask;
+ return NT_STATUS_OK;
+}
+
+/****************************************************************************
Open a file with a share mode.
****************************************************************************/
@@ -1360,47 +1419,15 @@ NTSTATUS open_file_ntcreate(connection_struct *conn,
}
}
- /*
- * Convert GENERIC bits to specific bits.
- */
-
- se_map_generic(&access_mask, &file_generic_mapping);
-
- /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
- if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
- if (file_existed) {
- struct security_descriptor *sd;
- uint32_t access_granted = 0;
-
- status = SMB_VFS_GET_NT_ACL(conn, fname,
- (OWNER_SECURITY_INFORMATION |
- GROUP_SECURITY_INFORMATION |
- DACL_SECURITY_INFORMATION),&sd);
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("open_file_ntcreate: Could not get acl "
- "on file %s: %s\n",
- fname,
- nt_errstr(status)));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- status = se_access_check(sd, conn->server_info->ptok,
- access_mask, &access_granted);
-
- TALLOC_FREE(sd);
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("open_file_ntcreate: Access denied on "
- "file %s: when calculating maximum access\n",
- fname));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- access_mask = access_granted;
- } else {
- access_mask = FILE_GENERIC_ALL;
- }
+ status = calculate_access_mask(conn, fname, file_existed,
+ access_mask,
+ &access_mask);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("open_file_ntcreate: calculate_access_mask "
+ "on file %s returned %s\n",
+ fname,
+ nt_errstr(status)));
+ return status;
}
open_access_mask = access_mask;
@@ -2160,6 +2187,17 @@ NTSTATUS open_directory(connection_struct *conn,
return NT_STATUS_NOT_A_DIRECTORY;
}
+ status = calculate_access_mask(conn, fname, dir_existed,
+ access_mask,
+ &access_mask);
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("open_directory: calculate_access_mask "
+ "on file %s returned %s\n",
+ fname,
+ nt_errstr(status)));
+ return status;
+ }
+
switch( create_disposition ) {
case FILE_OPEN:
@@ -2253,8 +2291,10 @@ NTSTATUS open_directory(connection_struct *conn,
fsp->share_access = share_access;
fsp->fh->private_options = create_options;
- fsp->access_mask = access_mask;
-
+ /*
+ * According to Samba4, SEC_FILE_READ_ATTRIBUTE is always granted,
+ */
+ fsp->access_mask = access_mask | FILE_READ_ATTRIBUTES;
fsp->print_file = False;
fsp->modified = False;
fsp->oplock_type = NO_OPLOCK;
--
Samba Shared Repository
More information about the samba-cvs
mailing list