The branch, master has been updated via 29cbfd0ba39 s3: smbd: Add a dirfsp parameter to smbd_calculate_maximum_allowed_access(). via 976a60304a7 s3: smbd: Reformat users of smbd_calculate_maximum_allowed_access(). via a20d06675f0 s3: smbd: Add a dirfsp parameter to smbd_calculate_access_mask(). via c7144b7acd2 s3: smbd: Reformat users of smbd_calculate_access_mask(). via 66a4e6b5c65 s3: smbd: Add a dirfsp parameter to check_parent_access(). via 3e6e9e4281a s3: smbd: Reformat users of check_parent_access(). via c9c8c83ca24 s3: smbd: Add a dirfsp parameter to user_can_read_file(). via f24e1abeee0 s3: smbd: Reformat users of user_can_read_file(). via 49ec754fca7 s3: smbd: Add a dirfsp parameter to smbd_check_access_rights(). via b4acf74049e s3: smbd: Reformat users of smbd_check_access_rights(). via 7c1f1e5243b s3: smbd: Add dirfsp parameter to can_write_to_file(). via 21d16fe2122 s3: smbd: Reformat users of can_write_to_file(). via 18f67e354f3 s3: smbd: Add dirfsp parameter to user_can_write_file(). via 6d83b785cf1 s3: smbd: Reformat caller of user_can_write_file(). via 839a2fb7a5e s3: smbd: Add dirfsp parameter to can_delete_file_in_directory(). via 1a53b81a7bb s3: smbd: Reformat definition and callers of can_delete_file_in_directory(). from 906aa7ddb8f CVE-2020-10700: dsdb: Do not permit the ASQ control for the GUID search in paged_results
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 29cbfd0ba39505ae51442b086fe58bda38c54a69 Author: Jeremy Allison <j...@samba.org> Date: Fri May 1 10:18:08 2020 -0700 s3: smbd: Add a dirfsp parameter to smbd_calculate_maximum_allowed_access(). Not yet used. Currently always conn->cwd_fsp. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> Autobuild-User(master): Ralph Böhme <s...@samba.org> Autobuild-Date(master): Mon May 4 15:33:09 UTC 2020 on sn-devel-184 commit 976a60304a7b06d442f47b895bf1d7b5dee6d452 Author: Jeremy Allison <j...@samba.org> Date: Fri May 1 10:15:14 2020 -0700 s3: smbd: Reformat users of smbd_calculate_maximum_allowed_access(). Make new parameter addition clearer. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit a20d06675f07be676c3920072e15ffe7775ab91c Author: Jeremy Allison <j...@samba.org> Date: Fri May 1 10:13:58 2020 -0700 s3: smbd: Add a dirfsp parameter to smbd_calculate_access_mask(). Not yet used. Currently always conn->cwd_fsp. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit c7144b7acd298b2fd06cbe02f163bb905eca450a Author: Jeremy Allison <j...@samba.org> Date: Fri May 1 10:09:53 2020 -0700 s3: smbd: Reformat users of smbd_calculate_access_mask(). Make new parameter addition clearer. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 66a4e6b5c6598ff2aa383db8d4de48fa4a805dd2 Author: Jeremy Allison <j...@samba.org> Date: Thu Apr 30 18:20:29 2020 -0700 s3: smbd: Add a dirfsp parameter to check_parent_access(). Not yet used. Currently always conn->cwd_fsp. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 3e6e9e4281af827eff1ea1407caaa22c76ae2a28 Author: Jeremy Allison <j...@samba.org> Date: Thu Apr 30 18:16:51 2020 -0700 s3: smbd: Reformat users of check_parent_access(). Make new parameter addition clearer. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit c9c8c83ca24e18a56cefaa257d46615c6b10aec9 Author: Jeremy Allison <j...@samba.org> Date: Thu Apr 30 16:05:34 2020 -0700 s3: smbd: Add a dirfsp parameter to user_can_read_file(). Not yet used. Currently always conn->cwd_fsp. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit f24e1abeee0e486070816d1cff3e8cfbb25f73e1 Author: Jeremy Allison <j...@samba.org> Date: Thu Apr 30 16:04:31 2020 -0700 s3: smbd: Reformat users of user_can_read_file(). Make new parameter addition clearer. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 49ec754fca7beaacb852facc6cfecdfedbc89e45 Author: Jeremy Allison <j...@samba.org> Date: Thu Apr 30 16:02:43 2020 -0700 s3: smbd: Add a dirfsp parameter to smbd_check_access_rights(). Not yet used. Currently always conn->cwd_fsp. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit b4acf74049e49ee876669cd890cfe55f7bb16cb8 Author: Jeremy Allison <j...@samba.org> Date: Thu Apr 30 15:48:12 2020 -0700 s3: smbd: Reformat users of smbd_check_access_rights(). Make new parameter addition clearer. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 7c1f1e5243bf995746296de9523d75662ce330a0 Author: Jeremy Allison <j...@samba.org> Date: Thu Apr 30 15:44:37 2020 -0700 s3: smbd: Add dirfsp parameter to can_write_to_file(). Not yet used. Currently always conn->cwd_fsp. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 21d16fe2122cab9b2ed111d76d78b7dd5c8b66df Author: Jeremy Allison <j...@samba.org> Date: Thu Apr 30 15:35:36 2020 -0700 s3: smbd: Reformat users of can_write_to_file(). Make new parameter addition clearer. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 18f67e354f36e5b0ddb2f04e41d9463f35d7957c Author: Jeremy Allison <j...@samba.org> Date: Thu Apr 30 15:31:43 2020 -0700 s3: smbd: Add dirfsp parameter to user_can_write_file(). Not yet used. Currently always conn->cwd_fsp. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 6d83b785cf1ed38d1077c53f7364a19d97046995 Author: Jeremy Allison <j...@samba.org> Date: Thu Apr 30 15:30:40 2020 -0700 s3: smbd: Reformat caller of user_can_write_file(). Make new parameter addition clearer. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 839a2fb7a5e7d47ffe1d472e769c30df90c2a7e1 Author: Jeremy Allison <j...@samba.org> Date: Thu Apr 30 15:28:32 2020 -0700 s3: smbd: Add dirfsp parameter to can_delete_file_in_directory(). Not yet used. Currently always conn->cwd_fsp. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> commit 1a53b81a7bb12cdfaa269ff3b0c44df69cffb49e Author: Jeremy Allison <j...@samba.org> Date: Thu Apr 30 15:20:34 2020 -0700 s3: smbd: Reformat definition and callers of can_delete_file_in_directory(). Makes future addition of parameter easier to see. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Ralph Boehme <s...@samba.org> ----------------------------------------------------------------------- Summary of changes: source3/modules/vfs_ceph_snapshots.c | 2 ++ source3/modules/vfs_fruit.c | 1 + source3/modules/vfs_shadow_copy2.c | 1 + source3/smbd/dir.c | 22 +++++++++--- source3/smbd/dosmode.c | 26 ++++++++++---- source3/smbd/fake_file.c | 8 +++-- source3/smbd/file_access.c | 15 ++++++-- source3/smbd/globals.h | 9 ++--- source3/smbd/nttrans.c | 10 ++++-- source3/smbd/open.c | 70 ++++++++++++++++++++++++++++-------- source3/smbd/posix_acls.c | 5 ++- source3/smbd/proto.h | 8 +++-- source3/smbd/reply.c | 8 +++-- source3/smbd/smb2_create.c | 9 ++--- source3/smbd/trans2.c | 1 + 15 files changed, 150 insertions(+), 45 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_ceph_snapshots.c b/source3/modules/vfs_ceph_snapshots.c index d2010d8fc52..163772e59c4 100644 --- a/source3/modules/vfs_ceph_snapshots.c +++ b/source3/modules/vfs_ceph_snapshots.c @@ -186,6 +186,7 @@ static int ceph_snap_enum_snapdir(struct vfs_handle_struct *handle, uint32_t slots; status = smbd_check_access_rights(handle->conn, + handle->conn->cwd_fsp, snaps_dname, false, SEC_DIR_LIST); @@ -572,6 +573,7 @@ static int ceph_snap_gmt_convert_dir(struct vfs_handle_struct *handle, } status = smbd_check_access_rights(handle->conn, + handle->conn->cwd_fsp, snaps_dname, false, SEC_DIR_LIST); diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c index 86870f8f9cf..bdfb4f0ff45 100644 --- a/source3/modules/vfs_fruit.c +++ b/source3/modules/vfs_fruit.c @@ -4081,6 +4081,7 @@ static NTSTATUS fruit_readdir_attr(struct vfs_handle_struct *handle, } else { status = smbd_calculate_access_mask( handle->conn, + handle->conn->cwd_fsp, fname, false, SEC_FLAG_MAXIMUM_ALLOWED, diff --git a/source3/modules/vfs_shadow_copy2.c b/source3/modules/vfs_shadow_copy2.c index b57720a73c7..2d7fd0064de 100644 --- a/source3/modules/vfs_shadow_copy2.c +++ b/source3/modules/vfs_shadow_copy2.c @@ -1778,6 +1778,7 @@ static bool check_access_snapdir(struct vfs_handle_struct *handle, } status = smbd_check_access_rights(handle->conn, + handle->conn->cwd_fsp, &smb_fname, false, SEC_DIR_LIST); diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 144f193ffbb..17eeec05577 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -1069,7 +1069,8 @@ bool get_dir_entry(TALLOC_CTX *ctx, ********************************************************************/ static bool user_can_read_file(connection_struct *conn, - struct smb_filename *smb_fname) + struct files_struct *dirfsp, + struct smb_filename *smb_fname) { NTSTATUS status; uint32_t rejected_share_access = 0; @@ -1080,6 +1081,8 @@ static bool user_can_read_file(connection_struct *conn, FILE_READ_ATTRIBUTES| SEC_STD_READ_CONTROL; + SMB_ASSERT(dirfsp == conn->cwd_fsp); + /* * Never hide files from the root user. * We use (uid_t)0 here not sec_initial_uid() @@ -1153,8 +1156,11 @@ static bool user_can_read_file(connection_struct *conn, ********************************************************************/ static bool user_can_write_file(connection_struct *conn, + struct files_struct *dirfsp, const struct smb_filename *smb_fname) { + SMB_ASSERT(dirfsp == conn->cwd_fsp); + /* * Never hide files from the root user. * We use (uid_t)0 here not sec_initial_uid() @@ -1173,7 +1179,7 @@ static bool user_can_write_file(connection_struct *conn, return True; } - return can_write_to_file(conn, smb_fname); + return can_write_to_file(conn, dirfsp, smb_fname); } /******************************************************************* @@ -1272,15 +1278,21 @@ bool is_visible_file(connection_struct *conn, /* Honour _hide unreadable_ option */ if (hide_unreadable && - !user_can_read_file(conn, smb_fname_base)) { + !user_can_read_file(conn, + conn->cwd_fsp, + smb_fname_base)) + { DEBUG(10,("is_visible_file: file %s is unreadable.\n", entry )); ret = false; goto out; } /* Honour _hide unwriteable_ option */ - if (hide_unwriteable && !user_can_write_file(conn, - smb_fname_base)) { + if (hide_unwriteable && + !user_can_write_file(conn, + conn->cwd_fsp, + smb_fname_base)) + { DEBUG(10,("is_visible_file: file %s is unwritable.\n", entry )); ret = false; diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index 7ddc5fd3fc6..a08bb9a55ca 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -219,7 +219,10 @@ static uint32_t dos_mode_from_sbuf(connection_struct *conn, } } else if (ro_opts == MAP_READONLY_PERMISSIONS) { /* Check actual permissions for read-only. */ - if (!can_write_to_file(conn, smb_fname)) { + if (!can_write_to_file(conn, + conn->cwd_fsp, + smb_fname)) + { result |= FILE_ATTRIBUTE_READONLY; } } /* Else never set the readonly bit. */ @@ -532,14 +535,19 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn, return NT_STATUS_ACCESS_DENIED; } - status = smbd_check_access_rights(conn, smb_fname, false, - FILE_WRITE_ATTRIBUTES); + status = smbd_check_access_rights(conn, + conn->cwd_fsp, + smb_fname, + false, + FILE_WRITE_ATTRIBUTES); if (NT_STATUS_IS_OK(status)) { set_dosmode_ok = true; } if (!set_dosmode_ok && lp_dos_filemode(SNUM(conn))) { - set_dosmode_ok = can_write_to_file(conn, smb_fname); + set_dosmode_ok = can_write_to_file(conn, + conn->cwd_fsp, + smb_fname); } if (!set_dosmode_ok) { @@ -1069,7 +1077,10 @@ int file_set_dosmode(connection_struct *conn, bits on a file. Just like file_ntimes below. */ - if (!can_write_to_file(conn, smb_fname)) { + if (!can_write_to_file(conn, + conn->cwd_fsp, + smb_fname)) + { errno = EACCES; return -1; } @@ -1242,7 +1253,10 @@ int file_ntimes(connection_struct *conn, const struct smb_filename *smb_fname, */ /* Check if we have write access. */ - if (can_write_to_file(conn, smb_fname)) { + if (can_write_to_file(conn, + conn->cwd_fsp, + smb_fname)) + { /* We are allowed to become root and change the filetime. */ become_root(); ret = SMB_VFS_NTIMES(conn, smb_fname, ft); diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c index 625c21ff8bd..90921a65e36 100644 --- a/source3/smbd/fake_file.c +++ b/source3/smbd/fake_file.c @@ -131,8 +131,12 @@ NTSTATUS open_fake_file(struct smb_request *req, connection_struct *conn, files_struct *fsp = NULL; NTSTATUS status; - status = smbd_calculate_access_mask(conn, smb_fname, false, - access_mask, &access_mask); + status = smbd_calculate_access_mask(conn, + conn->cwd_fsp, + smb_fname, + false, + access_mask, + &access_mask); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("open_fake_file: smbd_calculate_access_mask " "on service[%s] file[%s] returned %s\n", diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 42936478f92..35ee81b47dd 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -33,12 +33,15 @@ ****************************************************************************/ bool can_delete_file_in_directory(connection_struct *conn, - const struct smb_filename *smb_fname) + struct files_struct *dirfsp, + const struct smb_filename *smb_fname) { TALLOC_CTX *ctx = talloc_tos(); struct smb_filename *smb_fname_parent = NULL; bool ret; + SMB_ASSERT(dirfsp == conn->cwd_fsp); + if (!CAN_WRITE(conn)) { return False; } @@ -114,7 +117,12 @@ bool can_delete_file_in_directory(connection_struct *conn, * check the file DELETE permission separately. */ + /* + * NB. When dirfsp != conn->cwd_fsp, we must + * change smb_fname_parent to be "." for the name here. + */ ret = NT_STATUS_IS_OK(smbd_check_access_rights(conn, + dirfsp, smb_fname_parent, false, FILE_DELETE_CHILD)); @@ -128,9 +136,12 @@ bool can_delete_file_in_directory(connection_struct *conn, ****************************************************************************/ bool can_write_to_file(connection_struct *conn, - const struct smb_filename *smb_fname) + struct files_struct *dirfsp, + const struct smb_filename *smb_fname) { + SMB_ASSERT(dirfsp == conn->cwd_fsp); return NT_STATUS_IS_OK(smbd_check_access_rights(conn, + dirfsp, smb_fname, false, FILE_WRITE_DATA)); diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index cbd66e99ac8..79086b3c81c 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -212,10 +212,11 @@ NTSTATUS smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx, struct file_id *file_id); NTSTATUS smbd_calculate_access_mask(connection_struct *conn, - const struct smb_filename *smb_fname, - bool use_privs, - uint32_t access_mask, - uint32_t *access_mask_out); + struct files_struct *dirfsp, + const struct smb_filename *smb_fname, + bool use_privs, + uint32_t access_mask, + uint32_t *access_mask_out); void smbd_notify_cancel_by_smbreq(const struct smb_request *smbreq); diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index a99aa78bde8..e83ccc25ac4 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -726,7 +726,10 @@ void reply_ntcreate_and_X(struct smb_request *req) p += 25; if (fsp->fsp_flags.is_directory || fsp->fsp_flags.can_write || - can_write_to_file(conn, smb_fname)) { + can_write_to_file(conn, + conn->cwd_fsp, + smb_fname)) + { perms = FILE_GENERIC_ALL; } else { perms = FILE_GENERIC_READ|FILE_EXECUTE; @@ -1388,7 +1391,10 @@ static void call_nt_transact_create(connection_struct *conn, p += 25; if (fsp->fsp_flags.is_directory || fsp->fsp_flags.can_write || - can_write_to_file(conn, smb_fname)) { + can_write_to_file(conn, + conn->cwd_fsp, + smb_fname)) + { perms = FILE_GENERIC_ALL; } else { perms = FILE_GENERIC_READ|FILE_EXECUTE; diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 8383fe1df5c..5f612533267 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -81,7 +81,10 @@ static bool parent_override_delete(connection_struct *conn, { if ((access_mask & DELETE_ACCESS) && (rejected_mask & DELETE_ACCESS) && - can_delete_file_in_directory(conn, smb_fname)) { + can_delete_file_in_directory(conn, + conn->cwd_fsp, + smb_fname)) + { return true; } return false; @@ -92,6 +95,7 @@ static bool parent_override_delete(connection_struct *conn, ****************************************************************************/ NTSTATUS smbd_check_access_rights(struct connection_struct *conn, + struct files_struct *dirfsp, const struct smb_filename *smb_fname, bool use_privs, uint32_t access_mask) @@ -103,6 +107,8 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn, uint32_t rejected_mask = access_mask; uint32_t do_not_check_mask = 0; + SMB_ASSERT(dirfsp == conn->cwd_fsp); + rejected_share_access = access_mask & ~(conn->share_access); if (rejected_share_access) { @@ -258,6 +264,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn, } NTSTATUS check_parent_access(struct connection_struct *conn, + struct files_struct *dirfsp, struct smb_filename *smb_fname, uint32_t access_mask) { @@ -273,6 +280,13 @@ NTSTATUS check_parent_access(struct connection_struct *conn, TALLOC_CTX *frame = talloc_stackframe(); bool ok; + /* + * NB. When dirfsp != conn->cwd_fsp, we must + * change parent_dir to be "." for the name here. + */ + + SMB_ASSERT(dirfsp == conn->cwd_fsp); + ok = parent_smb_fname(frame, smb_fname, &parent_dir, NULL); if (!ok) { status = NT_STATUS_NO_MEMORY; @@ -383,7 +397,9 @@ static NTSTATUS check_base_file_access(struct connection_struct *conn, { NTSTATUS status; - status = smbd_calculate_access_mask(conn, smb_fname, + status = smbd_calculate_access_mask(conn, + conn->cwd_fsp, + smb_fname, false, access_mask, &access_mask); @@ -407,6 +423,7 @@ static NTSTATUS check_base_file_access(struct connection_struct *conn, } return smbd_check_access_rights(conn, + conn->cwd_fsp, smb_fname, false, access_mask); @@ -1209,6 +1226,7 @@ static NTSTATUS open_file(files_struct *fsp, /* Only do this check on non-stream open. */ if (file_existed) { status = smbd_check_access_rights(conn, + conn->cwd_fsp, smb_fname, false, access_mask); @@ -1247,8 +1265,9 @@ static NTSTATUS open_file(files_struct *fsp, } status = check_parent_access(conn, - smb_fname, - SEC_DIR_ADD_FILE); + conn->cwd_fsp, + smb_fname, + SEC_DIR_ADD_FILE); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("open_file: " "check_parent_access on " @@ -1352,6 +1371,7 @@ static NTSTATUS open_file(files_struct *fsp, } status = smbd_check_access_rights(conn, + conn->cwd_fsp, smb_fname, false, access_mask); @@ -3011,6 +3031,7 @@ static void schedule_async_open(struct smb_request *req) static NTSTATUS smbd_calculate_maximum_allowed_access( connection_struct *conn, + struct files_struct *dirfsp, const struct smb_filename *smb_fname, bool use_privs, uint32_t *p_access_mask) @@ -3019,6 +3040,8 @@ static NTSTATUS smbd_calculate_maximum_allowed_access( uint32_t access_granted; NTSTATUS status; + SMB_ASSERT(dirfsp == conn->cwd_fsp); + if (!use_privs && (get_current_uid(conn) == (uid_t)0)) { *p_access_mask |= FILE_GENERIC_ALL; return NT_STATUS_OK; @@ -3071,7 +3094,10 @@ static NTSTATUS smbd_calculate_maximum_allowed_access( *p_access_mask = (access_granted | FILE_READ_ATTRIBUTES); if (!(access_granted & DELETE_ACCESS)) { - if (can_delete_file_in_directory(conn, smb_fname)) { + if (can_delete_file_in_directory(conn, + conn->cwd_fsp, + smb_fname)) + { *p_access_mask |= DELETE_ACCESS; } } @@ -3080,15 +3106,18 @@ static NTSTATUS smbd_calculate_maximum_allowed_access( } NTSTATUS smbd_calculate_access_mask(connection_struct *conn, - const struct smb_filename *smb_fname, - bool use_privs, - uint32_t access_mask, - uint32_t *access_mask_out) + struct files_struct *dirfsp, + const struct smb_filename *smb_fname, + bool use_privs, + uint32_t access_mask, + uint32_t *access_mask_out) { NTSTATUS status; uint32_t orig_access_mask = access_mask; uint32_t rejected_share_access; + SMB_ASSERT(dirfsp == conn->cwd_fsp); + if (access_mask & SEC_MASK_INVALID) { DBG_DEBUG("access_mask [%8x] contains invalid bits\n", access_mask); @@ -3104,8 +3133,11 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn, /* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */ if (access_mask & MAXIMUM_ALLOWED_ACCESS) { - status = smbd_calculate_maximum_allowed_access( - conn, smb_fname, use_privs, &access_mask); + status = smbd_calculate_maximum_allowed_access(conn, + dirfsp, + smb_fname, + use_privs, + &access_mask); if (!NT_STATUS_IS_OK(status)) { return status; @@ -3484,10 +3516,12 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, } } - status = smbd_calculate_access_mask(conn, smb_fname, + status = smbd_calculate_access_mask(conn, + conn->cwd_fsp, + smb_fname, false, access_mask, - &access_mask); + &access_mask); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask " "on file %s returned %s\n", @@ -4100,6 +4134,7 @@ static NTSTATUS mkdir_internal(connection_struct *conn, } status = check_parent_access(conn, + conn->cwd_fsp, smb_dname, access_mask); if(!NT_STATUS_IS_OK(status)) { @@ -4241,8 +4276,12 @@ static NTSTATUS open_directory(connection_struct *conn, create_disposition, file_attributes); - status = smbd_calculate_access_mask(conn, smb_dname, false, - access_mask, &access_mask); + status = smbd_calculate_access_mask(conn, + conn->cwd_fsp, + smb_dname, + false, + access_mask, + &access_mask); if (!NT_STATUS_IS_OK(status)) { DEBUG(10, ("open_directory: smbd_calculate_access_mask " "on file %s returned %s\n", @@ -4367,6 +4406,7 @@ static NTSTATUS open_directory(connection_struct *conn, if (info == FILE_WAS_OPENED) { -- Samba Shared Repository