The branch, master has been updated
via 0d4cb5a641e smbd: split out smbd_check_access_rights_fname and call
it before SMB_VFS_FGET_NT_ACL
from cf6cc948e04 s3:profile: make use of tevent_cached_getpid() in
performance critical code
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0d4cb5a641e1fea2d369bdc66470a580321366c2
Author: Stefan Metzmacher <me...@samba.org>
Date: Wed Jul 13 11:15:39 2022 +0000
smbd: split out smbd_check_access_rights_fname and call it before
SMB_VFS_FGET_NT_ACL
commit 8e3798dd22276bc1ac8e96004d0e5e974240a7b9 actually came with a
change in behavior..., as SMB_VFS_GET_NT_ACL_AT() (at the time) and
now SMB_VFS_FGET_NT_ACL() is always called even if it's not needed.
E.g. access by root.
Signed-off-by: Stefan Metzmacher <me...@samba.org>
Reviewed-by: Jeremy Allison <j...@samba.org>
Autobuild-User(master): Jeremy Allison <j...@samba.org>
Autobuild-Date(master): Tue Jul 26 00:31:29 UTC 2022 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/open.c | 30 ++++++++++++++++++++++++------
1 file changed, 24 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 3a8c0bf9c48..ee61137ab9d 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -95,18 +95,13 @@ static bool parent_override_delete(connection_struct *conn,
Check if we have open rights.
****************************************************************************/
-static NTSTATUS smbd_check_access_rights_sd(
+static NTSTATUS smbd_check_access_rights_fname(
struct connection_struct *conn,
- struct files_struct *dirfsp,
const struct smb_filename *smb_fname,
- struct security_descriptor *sd,
bool use_privs,
uint32_t access_mask)
{
uint32_t rejected_share_access;
- uint32_t rejected_mask = access_mask;
- uint32_t do_not_check_mask = 0;
- NTSTATUS status;
rejected_share_access = access_mask & ~(conn->share_access);
@@ -147,6 +142,21 @@ static NTSTATUS smbd_check_access_rights_sd(
return NT_STATUS_OK;
}
+ return NT_STATUS_MORE_PROCESSING_REQUIRED;
+}
+
+static NTSTATUS smbd_check_access_rights_sd(
+ struct connection_struct *conn,
+ struct files_struct *dirfsp,
+ const struct smb_filename *smb_fname,
+ struct security_descriptor *sd,
+ bool use_privs,
+ uint32_t access_mask)
+{
+ uint32_t rejected_mask = access_mask;
+ uint32_t do_not_check_mask = 0;
+ NTSTATUS status;
+
if (sd == NULL) {
goto access_denied;
}
@@ -278,6 +288,14 @@ NTSTATUS smbd_check_access_rights_fsp(struct files_struct
*dirfsp,
return NT_STATUS_OK;
}
+ status = smbd_check_access_rights_fname(fsp->conn,
+ fsp->fsp_name,
+ use_privs,
+ access_mask);
+ if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
+ return status;
+ }
+
status = SMB_VFS_FGET_NT_ACL(fsp,
(SECINFO_OWNER |
SECINFO_GROUP |
--
Samba Shared Repository
