[SCM] Samba Shared Repository - branch master updated
Andrew Tridgell
tridge at samba.org
Sat Oct 17 18:12:46 MDT 2009
The branch, master has been updated
via a2aa13d... s4-pvfs: more fixes for ACLs on file creation
via bae8c93... s4-smb2: fixed SMB2 find commands
from 0463d69... s4-pvfs: change the handling of access checking on create
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a2aa13da3272b62b8d47d624a0d7fc65825adf6e
Author: Andrew Tridgell <tridge at samba.org>
Date: Sun Oct 18 10:32:06 2009 +1100
s4-pvfs: more fixes for ACLs on file creation
The passed in SD is not used to limit the access mask allowed on file
create.
commit bae8c93d9b5b2ae9a028573559b2fd0d306c0530
Author: Andrew Tridgell <tridge at samba.org>
Date: Sun Oct 18 10:30:10 2009 +1100
s4-smb2: fixed SMB2 find commands
The change to check for invalid \ prefix on SMB2 paths broke the
internal SMB2 code.
-----------------------------------------------------------------------
Summary of changes:
source4/ntvfs/posix/pvfs_acl.c | 23 ++++++++++++-----------
source4/ntvfs/posix/pvfs_search.c | 4 ++--
2 files changed, 14 insertions(+), 13 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/ntvfs/posix/pvfs_acl.c b/source4/ntvfs/posix/pvfs_acl.c
index 842aced..5931a38 100644
--- a/source4/ntvfs/posix/pvfs_acl.c
+++ b/source4/ntvfs/posix/pvfs_acl.c
@@ -659,14 +659,10 @@ NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs,
}
status = pvfs_resolve_parent(pvfs, req, name, &parent);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+ NT_STATUS_NOT_OK_RETURN(status);
status = pvfs_access_check_simple(pvfs, req, parent, SEC_DIR_ADD_FILE);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+ NT_STATUS_NOT_OK_RETURN(status);
if (*sd == NULL) {
status = pvfs_acl_inherited_sd(pvfs, req, req, parent, container, sd);
@@ -679,14 +675,19 @@ NTSTATUS pvfs_access_check_create(struct pvfs_state *pvfs,
/* expand the generic access bits to file specific bits */
*access_mask = pvfs_translate_mask(*access_mask);
- if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) {
- *access_mask &= ~SEC_FILE_READ_ATTRIBUTE;
+
+ if (*access_mask & SEC_FLAG_MAXIMUM_ALLOWED) {
+ *access_mask |= SEC_RIGHTS_FILE_ALL;
+ *access_mask &= ~SEC_FLAG_MAXIMUM_ALLOWED;
}
- if (*sd == NULL) {
- return pvfs_access_check_unix(pvfs, req, NULL, access_mask);
+ if (pvfs->ntvfs->ctx->protocol != PROTOCOL_SMB2) {
+ /* on SMB, this bit is always granted, even if not
+ asked for */
+ *access_mask |= SEC_FILE_READ_ATTRIBUTE;
}
- return sec_access_check(*sd, token, *access_mask, access_mask);
+
+ return NT_STATUS_OK;
}
/*
diff --git a/source4/ntvfs/posix/pvfs_search.c b/source4/ntvfs/posix/pvfs_search.c
index dc4f86b..d0d2620 100644
--- a/source4/ntvfs/posix/pvfs_search.c
+++ b/source4/ntvfs/posix/pvfs_search.c
@@ -666,10 +666,10 @@ static NTSTATUS pvfs_search_first_smb2(struct ntvfs_module_context *ntvfs,
}
if (strequal("", f->handle->name->original_name)) {
- pattern = talloc_asprintf(req, "\\%s", io->in.pattern);
+ pattern = talloc_asprintf(req, "%s", io->in.pattern);
NT_STATUS_HAVE_NO_MEMORY(pattern);
} else {
- pattern = talloc_asprintf(req, "\\%s\\%s",
+ pattern = talloc_asprintf(req, "%s\\%s",
f->handle->name->original_name,
io->in.pattern);
NT_STATUS_HAVE_NO_MEMORY(pattern);
--
Samba Shared Repository
More information about the samba-cvs
mailing list