The branch, master has been updated
via 29cbfd0ba39 s3: smbd: Add a dirfsp parameter to
smbd_calculate_maximum_allowed_access().
via 976a60304a7 s3: smbd: Reformat users of
smbd_calculate_maximum_allowed_access().
via a20d06675f0 s3: smbd: Add a dirfsp parameter to
smbd_calculate_access_mask().
via c7144b7acd2 s3: smbd: Reformat users of
smbd_calculate_access_mask().
via 66a4e6b5c65 s3: smbd: Add a dirfsp parameter to
check_parent_access().
via 3e6e9e4281a s3: smbd: Reformat users of check_parent_access().
via c9c8c83ca24 s3: smbd: Add a dirfsp parameter to
user_can_read_file().
via f24e1abeee0 s3: smbd: Reformat users of user_can_read_file().
via 49ec754fca7 s3: smbd: Add a dirfsp parameter to
smbd_check_access_rights().
via b4acf74049e s3: smbd: Reformat users of smbd_check_access_rights().
via 7c1f1e5243b s3: smbd: Add dirfsp parameter to can_write_to_file().
via 21d16fe2122 s3: smbd: Reformat users of can_write_to_file().
via 18f67e354f3 s3: smbd: Add dirfsp parameter to user_can_write_file().
via 6d83b785cf1 s3: smbd: Reformat caller of user_can_write_file().
via 839a2fb7a5e s3: smbd: Add dirfsp parameter to
can_delete_file_in_directory().
via 1a53b81a7bb s3: smbd: Reformat definition and callers of
can_delete_file_in_directory().
from 906aa7ddb8f CVE-2020-10700: dsdb: Do not permit the ASQ control for
the GUID search in paged_results
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 29cbfd0ba39505ae51442b086fe58bda38c54a69
Author: Jeremy Allison <j...@samba.org>
Date: Fri May 1 10:18:08 2020 -0700
s3: smbd: Add a dirfsp parameter to smbd_calculate_maximum_allowed_access().
Not yet used. Currently always conn->cwd_fsp.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
Autobuild-User(master): Ralph Böhme <s...@samba.org>
Autobuild-Date(master): Mon May 4 15:33:09 UTC 2020 on sn-devel-184
commit 976a60304a7b06d442f47b895bf1d7b5dee6d452
Author: Jeremy Allison <j...@samba.org>
Date: Fri May 1 10:15:14 2020 -0700
s3: smbd: Reformat users of smbd_calculate_maximum_allowed_access().
Make new parameter addition clearer.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit a20d06675f07be676c3920072e15ffe7775ab91c
Author: Jeremy Allison <j...@samba.org>
Date: Fri May 1 10:13:58 2020 -0700
s3: smbd: Add a dirfsp parameter to smbd_calculate_access_mask().
Not yet used. Currently always conn->cwd_fsp.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit c7144b7acd298b2fd06cbe02f163bb905eca450a
Author: Jeremy Allison <j...@samba.org>
Date: Fri May 1 10:09:53 2020 -0700
s3: smbd: Reformat users of smbd_calculate_access_mask().
Make new parameter addition clearer.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit 66a4e6b5c6598ff2aa383db8d4de48fa4a805dd2
Author: Jeremy Allison <j...@samba.org>
Date: Thu Apr 30 18:20:29 2020 -0700
s3: smbd: Add a dirfsp parameter to check_parent_access().
Not yet used. Currently always conn->cwd_fsp.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit 3e6e9e4281af827eff1ea1407caaa22c76ae2a28
Author: Jeremy Allison <j...@samba.org>
Date: Thu Apr 30 18:16:51 2020 -0700
s3: smbd: Reformat users of check_parent_access().
Make new parameter addition clearer.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit c9c8c83ca24e18a56cefaa257d46615c6b10aec9
Author: Jeremy Allison <j...@samba.org>
Date: Thu Apr 30 16:05:34 2020 -0700
s3: smbd: Add a dirfsp parameter to user_can_read_file().
Not yet used. Currently always conn->cwd_fsp.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit f24e1abeee0e486070816d1cff3e8cfbb25f73e1
Author: Jeremy Allison <j...@samba.org>
Date: Thu Apr 30 16:04:31 2020 -0700
s3: smbd: Reformat users of user_can_read_file().
Make new parameter addition clearer.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit 49ec754fca7beaacb852facc6cfecdfedbc89e45
Author: Jeremy Allison <j...@samba.org>
Date: Thu Apr 30 16:02:43 2020 -0700
s3: smbd: Add a dirfsp parameter to smbd_check_access_rights().
Not yet used. Currently always conn->cwd_fsp.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit b4acf74049e49ee876669cd890cfe55f7bb16cb8
Author: Jeremy Allison <j...@samba.org>
Date: Thu Apr 30 15:48:12 2020 -0700
s3: smbd: Reformat users of smbd_check_access_rights().
Make new parameter addition clearer.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit 7c1f1e5243bf995746296de9523d75662ce330a0
Author: Jeremy Allison <j...@samba.org>
Date: Thu Apr 30 15:44:37 2020 -0700
s3: smbd: Add dirfsp parameter to can_write_to_file().
Not yet used. Currently always conn->cwd_fsp.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit 21d16fe2122cab9b2ed111d76d78b7dd5c8b66df
Author: Jeremy Allison <j...@samba.org>
Date: Thu Apr 30 15:35:36 2020 -0700
s3: smbd: Reformat users of can_write_to_file().
Make new parameter addition clearer.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit 18f67e354f36e5b0ddb2f04e41d9463f35d7957c
Author: Jeremy Allison <j...@samba.org>
Date: Thu Apr 30 15:31:43 2020 -0700
s3: smbd: Add dirfsp parameter to user_can_write_file().
Not yet used. Currently always conn->cwd_fsp.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit 6d83b785cf1ed38d1077c53f7364a19d97046995
Author: Jeremy Allison <j...@samba.org>
Date: Thu Apr 30 15:30:40 2020 -0700
s3: smbd: Reformat caller of user_can_write_file().
Make new parameter addition clearer.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit 839a2fb7a5e7d47ffe1d472e769c30df90c2a7e1
Author: Jeremy Allison <j...@samba.org>
Date: Thu Apr 30 15:28:32 2020 -0700
s3: smbd: Add dirfsp parameter to can_delete_file_in_directory().
Not yet used. Currently always conn->cwd_fsp.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
commit 1a53b81a7bb12cdfaa269ff3b0c44df69cffb49e
Author: Jeremy Allison <j...@samba.org>
Date: Thu Apr 30 15:20:34 2020 -0700
s3: smbd: Reformat definition and callers of can_delete_file_in_directory().
Makes future addition of parameter easier to see.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Ralph Boehme <s...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_ceph_snapshots.c | 2 ++
source3/modules/vfs_fruit.c | 1 +
source3/modules/vfs_shadow_copy2.c | 1 +
source3/smbd/dir.c | 22 +++++++++---
source3/smbd/dosmode.c | 26 ++++++++++----
source3/smbd/fake_file.c | 8 +++--
source3/smbd/file_access.c | 15 ++++++--
source3/smbd/globals.h | 9 ++---
source3/smbd/nttrans.c | 10 ++++--
source3/smbd/open.c | 70 ++++++++++++++++++++++++++++--------
source3/smbd/posix_acls.c | 5 ++-
source3/smbd/proto.h | 8 +++--
source3/smbd/reply.c | 8 +++--
source3/smbd/smb2_create.c | 9 ++---
source3/smbd/trans2.c | 1 +
15 files changed, 150 insertions(+), 45 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_ceph_snapshots.c
b/source3/modules/vfs_ceph_snapshots.c
index d2010d8fc52..163772e59c4 100644
--- a/source3/modules/vfs_ceph_snapshots.c
+++ b/source3/modules/vfs_ceph_snapshots.c
@@ -186,6 +186,7 @@ static int ceph_snap_enum_snapdir(struct vfs_handle_struct
*handle,
uint32_t slots;
status = smbd_check_access_rights(handle->conn,
+ handle->conn->cwd_fsp,
snaps_dname,
false,
SEC_DIR_LIST);
@@ -572,6 +573,7 @@ static int ceph_snap_gmt_convert_dir(struct
vfs_handle_struct *handle,
}
status = smbd_check_access_rights(handle->conn,
+ handle->conn->cwd_fsp,
snaps_dname,
false,
SEC_DIR_LIST);
diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 86870f8f9cf..bdfb4f0ff45 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -4081,6 +4081,7 @@ static NTSTATUS fruit_readdir_attr(struct
vfs_handle_struct *handle,
} else {
status = smbd_calculate_access_mask(
handle->conn,
+ handle->conn->cwd_fsp,
fname,
false,
SEC_FLAG_MAXIMUM_ALLOWED,
diff --git a/source3/modules/vfs_shadow_copy2.c
b/source3/modules/vfs_shadow_copy2.c
index b57720a73c7..2d7fd0064de 100644
--- a/source3/modules/vfs_shadow_copy2.c
+++ b/source3/modules/vfs_shadow_copy2.c
@@ -1778,6 +1778,7 @@ static bool check_access_snapdir(struct vfs_handle_struct
*handle,
}
status = smbd_check_access_rights(handle->conn,
+ handle->conn->cwd_fsp,
&smb_fname,
false,
SEC_DIR_LIST);
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 144f193ffbb..17eeec05577 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1069,7 +1069,8 @@ bool get_dir_entry(TALLOC_CTX *ctx,
********************************************************************/
static bool user_can_read_file(connection_struct *conn,
- struct smb_filename *smb_fname)
+ struct files_struct *dirfsp,
+ struct smb_filename *smb_fname)
{
NTSTATUS status;
uint32_t rejected_share_access = 0;
@@ -1080,6 +1081,8 @@ static bool user_can_read_file(connection_struct *conn,
FILE_READ_ATTRIBUTES|
SEC_STD_READ_CONTROL;
+ SMB_ASSERT(dirfsp == conn->cwd_fsp);
+
/*
* Never hide files from the root user.
* We use (uid_t)0 here not sec_initial_uid()
@@ -1153,8 +1156,11 @@ static bool user_can_read_file(connection_struct *conn,
********************************************************************/
static bool user_can_write_file(connection_struct *conn,
+ struct files_struct *dirfsp,
const struct smb_filename *smb_fname)
{
+ SMB_ASSERT(dirfsp == conn->cwd_fsp);
+
/*
* Never hide files from the root user.
* We use (uid_t)0 here not sec_initial_uid()
@@ -1173,7 +1179,7 @@ static bool user_can_write_file(connection_struct *conn,
return True;
}
- return can_write_to_file(conn, smb_fname);
+ return can_write_to_file(conn, dirfsp, smb_fname);
}
/*******************************************************************
@@ -1272,15 +1278,21 @@ bool is_visible_file(connection_struct *conn,
/* Honour _hide unreadable_ option */
if (hide_unreadable &&
- !user_can_read_file(conn, smb_fname_base)) {
+ !user_can_read_file(conn,
+ conn->cwd_fsp,
+ smb_fname_base))
+ {
DEBUG(10,("is_visible_file: file %s is unreadable.\n",
entry ));
ret = false;
goto out;
}
/* Honour _hide unwriteable_ option */
- if (hide_unwriteable && !user_can_write_file(conn,
- smb_fname_base)) {
+ if (hide_unwriteable &&
+ !user_can_write_file(conn,
+ conn->cwd_fsp,
+ smb_fname_base))
+ {
DEBUG(10,("is_visible_file: file %s is unwritable.\n",
entry ));
ret = false;
diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c
index 7ddc5fd3fc6..a08bb9a55ca 100644
--- a/source3/smbd/dosmode.c
+++ b/source3/smbd/dosmode.c
@@ -219,7 +219,10 @@ static uint32_t dos_mode_from_sbuf(connection_struct *conn,
}
} else if (ro_opts == MAP_READONLY_PERMISSIONS) {
/* Check actual permissions for read-only. */
- if (!can_write_to_file(conn, smb_fname)) {
+ if (!can_write_to_file(conn,
+ conn->cwd_fsp,
+ smb_fname))
+ {
result |= FILE_ATTRIBUTE_READONLY;
}
} /* Else never set the readonly bit. */
@@ -532,14 +535,19 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn,
return NT_STATUS_ACCESS_DENIED;
}
- status = smbd_check_access_rights(conn, smb_fname, false,
- FILE_WRITE_ATTRIBUTES);
+ status = smbd_check_access_rights(conn,
+ conn->cwd_fsp,
+ smb_fname,
+ false,
+ FILE_WRITE_ATTRIBUTES);
if (NT_STATUS_IS_OK(status)) {
set_dosmode_ok = true;
}
if (!set_dosmode_ok && lp_dos_filemode(SNUM(conn))) {
- set_dosmode_ok = can_write_to_file(conn, smb_fname);
+ set_dosmode_ok = can_write_to_file(conn,
+ conn->cwd_fsp,
+ smb_fname);
}
if (!set_dosmode_ok) {
@@ -1069,7 +1077,10 @@ int file_set_dosmode(connection_struct *conn,
bits on a file. Just like file_ntimes below.
*/
- if (!can_write_to_file(conn, smb_fname)) {
+ if (!can_write_to_file(conn,
+ conn->cwd_fsp,
+ smb_fname))
+ {
errno = EACCES;
return -1;
}
@@ -1242,7 +1253,10 @@ int file_ntimes(connection_struct *conn, const struct
smb_filename *smb_fname,
*/
/* Check if we have write access. */
- if (can_write_to_file(conn, smb_fname)) {
+ if (can_write_to_file(conn,
+ conn->cwd_fsp,
+ smb_fname))
+ {
/* We are allowed to become root and change the filetime. */
become_root();
ret = SMB_VFS_NTIMES(conn, smb_fname, ft);
diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c
index 625c21ff8bd..90921a65e36 100644
--- a/source3/smbd/fake_file.c
+++ b/source3/smbd/fake_file.c
@@ -131,8 +131,12 @@ NTSTATUS open_fake_file(struct smb_request *req,
connection_struct *conn,
files_struct *fsp = NULL;
NTSTATUS status;
- status = smbd_calculate_access_mask(conn, smb_fname, false,
- access_mask, &access_mask);
+ status = smbd_calculate_access_mask(conn,
+ conn->cwd_fsp,
+ smb_fname,
+ false,
+ access_mask,
+ &access_mask);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("open_fake_file: smbd_calculate_access_mask "
"on service[%s] file[%s] returned %s\n",
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 42936478f92..35ee81b47dd 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -33,12 +33,15 @@
****************************************************************************/
bool can_delete_file_in_directory(connection_struct *conn,
- const struct smb_filename *smb_fname)
+ struct files_struct *dirfsp,
+ const struct smb_filename *smb_fname)
{
TALLOC_CTX *ctx = talloc_tos();
struct smb_filename *smb_fname_parent = NULL;
bool ret;
+ SMB_ASSERT(dirfsp == conn->cwd_fsp);
+
if (!CAN_WRITE(conn)) {
return False;
}
@@ -114,7 +117,12 @@ bool can_delete_file_in_directory(connection_struct *conn,
* check the file DELETE permission separately.
*/
+ /*
+ * NB. When dirfsp != conn->cwd_fsp, we must
+ * change smb_fname_parent to be "." for the name here.
+ */
ret = NT_STATUS_IS_OK(smbd_check_access_rights(conn,
+ dirfsp,
smb_fname_parent,
false,
FILE_DELETE_CHILD));
@@ -128,9 +136,12 @@ bool can_delete_file_in_directory(connection_struct *conn,
****************************************************************************/
bool can_write_to_file(connection_struct *conn,
- const struct smb_filename *smb_fname)
+ struct files_struct *dirfsp,
+ const struct smb_filename *smb_fname)
{
+ SMB_ASSERT(dirfsp == conn->cwd_fsp);
return NT_STATUS_IS_OK(smbd_check_access_rights(conn,
+ dirfsp,
smb_fname,
false,
FILE_WRITE_DATA));
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index cbd66e99ac8..79086b3c81c 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -212,10 +212,11 @@ NTSTATUS smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx,
struct file_id *file_id);
NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
- const struct smb_filename *smb_fname,
- bool use_privs,
- uint32_t access_mask,
- uint32_t *access_mask_out);
+ struct files_struct *dirfsp,
+ const struct smb_filename *smb_fname,
+ bool use_privs,
+ uint32_t access_mask,
+ uint32_t *access_mask_out);
void smbd_notify_cancel_by_smbreq(const struct smb_request *smbreq);
diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index a99aa78bde8..e83ccc25ac4 100644
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -726,7 +726,10 @@ void reply_ntcreate_and_X(struct smb_request *req)
p += 25;
if (fsp->fsp_flags.is_directory ||
fsp->fsp_flags.can_write ||
- can_write_to_file(conn, smb_fname)) {
+ can_write_to_file(conn,
+ conn->cwd_fsp,
+ smb_fname))
+ {
perms = FILE_GENERIC_ALL;
} else {
perms = FILE_GENERIC_READ|FILE_EXECUTE;
@@ -1388,7 +1391,10 @@ static void call_nt_transact_create(connection_struct
*conn,
p += 25;
if (fsp->fsp_flags.is_directory ||
fsp->fsp_flags.can_write ||
- can_write_to_file(conn, smb_fname)) {
+ can_write_to_file(conn,
+ conn->cwd_fsp,
+ smb_fname))
+ {
perms = FILE_GENERIC_ALL;
} else {
perms = FILE_GENERIC_READ|FILE_EXECUTE;
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 8383fe1df5c..5f612533267 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -81,7 +81,10 @@ static bool parent_override_delete(connection_struct *conn,
{
if ((access_mask & DELETE_ACCESS) &&
(rejected_mask & DELETE_ACCESS) &&
- can_delete_file_in_directory(conn, smb_fname)) {
+ can_delete_file_in_directory(conn,
+ conn->cwd_fsp,
+ smb_fname))
+ {
return true;
}
return false;
@@ -92,6 +95,7 @@ static bool parent_override_delete(connection_struct *conn,
****************************************************************************/
NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
+ struct files_struct *dirfsp,
const struct smb_filename *smb_fname,
bool use_privs,
uint32_t access_mask)
@@ -103,6 +107,8 @@ NTSTATUS smbd_check_access_rights(struct connection_struct
*conn,
uint32_t rejected_mask = access_mask;
uint32_t do_not_check_mask = 0;
+ SMB_ASSERT(dirfsp == conn->cwd_fsp);
+
rejected_share_access = access_mask & ~(conn->share_access);
if (rejected_share_access) {
@@ -258,6 +264,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct
*conn,
}
NTSTATUS check_parent_access(struct connection_struct *conn,
+ struct files_struct *dirfsp,
struct smb_filename *smb_fname,
uint32_t access_mask)
{
@@ -273,6 +280,13 @@ NTSTATUS check_parent_access(struct connection_struct
*conn,
TALLOC_CTX *frame = talloc_stackframe();
bool ok;
+ /*
+ * NB. When dirfsp != conn->cwd_fsp, we must
+ * change parent_dir to be "." for the name here.
+ */
+
+ SMB_ASSERT(dirfsp == conn->cwd_fsp);
+
ok = parent_smb_fname(frame, smb_fname, &parent_dir, NULL);
if (!ok) {
status = NT_STATUS_NO_MEMORY;
@@ -383,7 +397,9 @@ static NTSTATUS check_base_file_access(struct
connection_struct *conn,
{
NTSTATUS status;
- status = smbd_calculate_access_mask(conn, smb_fname,
+ status = smbd_calculate_access_mask(conn,
+ conn->cwd_fsp,
+ smb_fname,
false,
access_mask,
&access_mask);
@@ -407,6 +423,7 @@ static NTSTATUS check_base_file_access(struct
connection_struct *conn,
}
return smbd_check_access_rights(conn,
+ conn->cwd_fsp,
smb_fname,
false,
access_mask);
@@ -1209,6 +1226,7 @@ static NTSTATUS open_file(files_struct *fsp,
/* Only do this check on non-stream open. */
if (file_existed) {
status = smbd_check_access_rights(conn,
+ conn->cwd_fsp,
smb_fname,
false,
access_mask);
@@ -1247,8 +1265,9 @@ static NTSTATUS open_file(files_struct *fsp,
}
status = check_parent_access(conn,
- smb_fname,
- SEC_DIR_ADD_FILE);
+ conn->cwd_fsp,
+ smb_fname,
+ SEC_DIR_ADD_FILE);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("open_file: "
"check_parent_access on "
@@ -1352,6 +1371,7 @@ static NTSTATUS open_file(files_struct *fsp,
}
status = smbd_check_access_rights(conn,
+ conn->cwd_fsp,
smb_fname,
false,
access_mask);
@@ -3011,6 +3031,7 @@ static void schedule_async_open(struct smb_request *req)
static NTSTATUS smbd_calculate_maximum_allowed_access(
connection_struct *conn,
+ struct files_struct *dirfsp,
const struct smb_filename *smb_fname,
bool use_privs,
uint32_t *p_access_mask)
@@ -3019,6 +3040,8 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
uint32_t access_granted;
NTSTATUS status;
+ SMB_ASSERT(dirfsp == conn->cwd_fsp);
+
if (!use_privs && (get_current_uid(conn) == (uid_t)0)) {
*p_access_mask |= FILE_GENERIC_ALL;
return NT_STATUS_OK;
@@ -3071,7 +3094,10 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
*p_access_mask = (access_granted | FILE_READ_ATTRIBUTES);
if (!(access_granted & DELETE_ACCESS)) {
- if (can_delete_file_in_directory(conn, smb_fname)) {
+ if (can_delete_file_in_directory(conn,
+ conn->cwd_fsp,
+ smb_fname))
+ {
*p_access_mask |= DELETE_ACCESS;
}
}
@@ -3080,15 +3106,18 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
}
NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
- const struct smb_filename *smb_fname,
- bool use_privs,
- uint32_t access_mask,
- uint32_t *access_mask_out)
+ struct files_struct *dirfsp,
+ const struct smb_filename *smb_fname,
+ bool use_privs,
+ uint32_t access_mask,
+ uint32_t *access_mask_out)
{
NTSTATUS status;
uint32_t orig_access_mask = access_mask;
uint32_t rejected_share_access;
+ SMB_ASSERT(dirfsp == conn->cwd_fsp);
+
if (access_mask & SEC_MASK_INVALID) {
DBG_DEBUG("access_mask [%8x] contains invalid bits\n",
access_mask);
@@ -3104,8 +3133,11 @@ NTSTATUS smbd_calculate_access_mask(connection_struct
*conn,
/* Calculate MAXIMUM_ALLOWED_ACCESS if requested. */
if (access_mask & MAXIMUM_ALLOWED_ACCESS) {
- status = smbd_calculate_maximum_allowed_access(
- conn, smb_fname, use_privs, &access_mask);
+ status = smbd_calculate_maximum_allowed_access(conn,
+ dirfsp,
+ smb_fname,
+ use_privs,
+ &access_mask);
if (!NT_STATUS_IS_OK(status)) {
return status;
@@ -3484,10 +3516,12 @@ static NTSTATUS open_file_ntcreate(connection_struct
*conn,
}
}
- status = smbd_calculate_access_mask(conn, smb_fname,
+ status = smbd_calculate_access_mask(conn,
+ conn->cwd_fsp,
+ smb_fname,
false,
access_mask,
- &access_mask);
+ &access_mask);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask "
"on file %s returned %s\n",
@@ -4100,6 +4134,7 @@ static NTSTATUS mkdir_internal(connection_struct *conn,
}
status = check_parent_access(conn,
+ conn->cwd_fsp,
smb_dname,
access_mask);
if(!NT_STATUS_IS_OK(status)) {
@@ -4241,8 +4276,12 @@ static NTSTATUS open_directory(connection_struct *conn,
create_disposition,
file_attributes);
- status = smbd_calculate_access_mask(conn, smb_dname, false,
- access_mask, &access_mask);
+ status = smbd_calculate_access_mask(conn,
+ conn->cwd_fsp,
+ smb_dname,
+ false,
+ access_mask,
+ &access_mask);
if (!NT_STATUS_IS_OK(status)) {
DEBUG(10, ("open_directory: smbd_calculate_access_mask "
"on file %s returned %s\n",
@@ -4367,6 +4406,7 @@ static NTSTATUS open_directory(connection_struct *conn,
if (info == FILE_WAS_OPENED) {
--
Samba Shared Repository
