[SCM] Samba Shared Repository - branch master updated
Volker Lendecke
vlendec at samba.org
Tue Jan 3 07:17:02 MST 2012
The branch, master has been updated
via bed281d s3: Remove the unused "file_existed" parameter from smbd_calculate_access_mask
via c01f02a s3: Avoid "file_existed" in smbd_calculate_maximum_allowed_access
via 49a5202 s3: Remove some else{} branches in smbd_calculate_maximum_allowed_access
via 8cadd19 s3: Directly use *p_access_mask in smbd_calculate_maximum_allowed_access
via a5a4b58 s3: Factor out smbd_calculate_maximum_allowed_access
from f66ef5c upgradeprovision: do not hold references to messageElements
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit bed281dad774cfe3c828552740de70072b4901b5
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 16 18:56:40 2011 +0100
s3: Remove the unused "file_existed" parameter from smbd_calculate_access_mask
Autobuild-User: Volker Lendecke <vlendec at samba.org>
Autobuild-Date: Tue Jan 3 15:16:50 CET 2012 on sn-devel-104
commit c01f02a4b97de453a0db7feb3c2d323f05fac7f6
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 16 18:51:19 2011 +0100
s3: Avoid "file_existed" in smbd_calculate_maximum_allowed_access
We access the file by name anyway, so we can just try to access it. The file
system will for sure tell us if the file does not exist.
commit 49a520217ceb04cbd4278a3bce7cb1f8dd04b018
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 16 18:47:03 2011 +0100
s3: Remove some else{} branches in smbd_calculate_maximum_allowed_access
commit 8cadd19a91cc4cded493b9ba5dec821f93dcfb54
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 16 18:45:14 2011 +0100
s3: Directly use *p_access_mask in smbd_calculate_maximum_allowed_access
commit a5a4b581b7b428621da5477994f0413443fa6bcb
Author: Volker Lendecke <vl at samba.org>
Date: Fri Dec 16 18:42:30 2011 +0100
s3: Factor out smbd_calculate_maximum_allowed_access
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/fake_file.c | 1 -
source3/smbd/globals.h | 1 -
source3/smbd/open.c | 105 ++++++++++++++++++++++++++------------------
source3/smbd/smb2_create.c | 5 --
4 files changed, 62 insertions(+), 50 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c
index 2b31ba5..95f6f93 100644
--- a/source3/smbd/fake_file.c
+++ b/source3/smbd/fake_file.c
@@ -130,7 +130,6 @@ NTSTATUS open_fake_file(struct smb_request *req, connection_struct *conn,
NTSTATUS status;
status = smbd_calculate_access_mask(conn, smb_fname,
- false, /* fake files do not exist */
access_mask, &access_mask);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("open_fake_file: smbd_calculate_access_mask "
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 02527e7..631298b 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -214,7 +214,6 @@ bool smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx,
NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
const struct smb_filename *smb_fname,
- bool file_existed,
uint32_t access_mask,
uint32_t *access_mask_out);
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 587093a..dbc4dba 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -1476,9 +1476,64 @@ static void schedule_defer_open(struct share_mode_lock *lck,
Work out what access_mask to use from what the client sent us.
****************************************************************************/
+static NTSTATUS smbd_calculate_maximum_allowed_access(
+ connection_struct *conn,
+ const struct smb_filename *smb_fname,
+ uint32_t *p_access_mask)
+{
+ struct security_descriptor *sd;
+ uint32_t access_granted;
+ NTSTATUS status;
+
+ if (get_current_uid(conn) == (uid_t)0) {
+ *p_access_mask |= FILE_GENERIC_ALL;
+ return NT_STATUS_OK;
+ }
+
+ status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
+ (SECINFO_OWNER |
+ SECINFO_GROUP |
+ SECINFO_DACL),&sd);
+
+ if (NT_STATUS_EQUAL(status, NT_STATUS_OBJECT_NAME_NOT_FOUND)) {
+ /*
+ * File did not exist
+ */
+ *p_access_mask = FILE_GENERIC_ALL;
+ return NT_STATUS_OK;
+ }
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10,("smbd_calculate_access_mask: "
+ "Could not get acl on file %s: %s\n",
+ smb_fname_str_dbg(smb_fname),
+ nt_errstr(status)));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+
+ /*
+ * Never test FILE_READ_ATTRIBUTES. se_access_check()
+ * also takes care of owner WRITE_DAC and READ_CONTROL.
+ */
+ status = se_access_check(sd,
+ get_current_nttok(conn),
+ (*p_access_mask & ~FILE_READ_ATTRIBUTES),
+ &access_granted);
+
+ TALLOC_FREE(sd);
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(10, ("smbd_calculate_access_mask: "
+ "Access denied on file %s: "
+ "when calculating maximum access\n",
+ smb_fname_str_dbg(smb_fname)));
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES);
+ return NT_STATUS_OK;
+}
+
NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
const struct smb_filename *smb_fname,
- bool file_existed,
uint32_t access_mask,
uint32_t *access_mask_out)
{
@@ -1494,48 +1549,12 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
/* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
- if (get_current_uid(conn) == (uid_t)0) {
- access_mask |= FILE_GENERIC_ALL;
- } else if (file_existed) {
-
- struct security_descriptor *sd;
- uint32_t access_granted = 0;
-
- status = SMB_VFS_GET_NT_ACL(conn, smb_fname->base_name,
- (SECINFO_OWNER |
- SECINFO_GROUP |
- SECINFO_DACL),&sd);
-
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10,("smbd_calculate_access_mask: "
- "Could not get acl on file %s: %s\n",
- smb_fname_str_dbg(smb_fname),
- nt_errstr(status)));
- return NT_STATUS_ACCESS_DENIED;
- }
- /*
- * Never test FILE_READ_ATTRIBUTES. se_access_check()
- * also takes care of owner WRITE_DAC and READ_CONTROL.
- */
- status = se_access_check(sd,
- get_current_nttok(conn),
- (access_mask & ~FILE_READ_ATTRIBUTES),
- &access_granted);
-
- TALLOC_FREE(sd);
+ status = smbd_calculate_maximum_allowed_access(
+ conn, smb_fname, &access_mask);
- if (!NT_STATUS_IS_OK(status)) {
- DEBUG(10, ("smbd_calculate_access_mask: "
- "Access denied on file %s: "
- "when calculating maximum access\n",
- smb_fname_str_dbg(smb_fname)));
- return NT_STATUS_ACCESS_DENIED;
- }
-
- access_mask = (access_granted | FILE_READ_ATTRIBUTES);
- } else {
- access_mask = FILE_GENERIC_ALL;
+ if (!NT_STATUS_IS_OK(status)) {
+ return status;
}
access_mask &= conn->share_access;
@@ -1867,7 +1886,7 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
}
}
- status = smbd_calculate_access_mask(conn, smb_fname, file_existed,
+ status = smbd_calculate_access_mask(conn, smb_fname,
access_mask,
&access_mask);
if (!NT_STATUS_IS_OK(status)) {
@@ -2724,7 +2743,7 @@ static NTSTATUS open_directory(connection_struct *conn,
return NT_STATUS_NOT_A_DIRECTORY;
}
- status = smbd_calculate_access_mask(conn, smb_dname, dir_existed,
+ status = smbd_calculate_access_mask(conn, smb_dname,
access_mask, &access_mask);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("open_directory: smbd_calculate_access_mask "
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 6218592..5f834cd 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -745,11 +745,6 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx,
status = smbd_calculate_access_mask(smb1req->conn,
result->fsp_name,
- /*
- * at this stage
- * it exists
- */
- true,
SEC_FLAG_MAXIMUM_ALLOWED,
&max_access_granted);
--
Samba Shared Repository
More information about the samba-cvs
mailing list