Changeset 862 for trunk/server/source3/smbd/open.c
- Timestamp:
- May 13, 2014, 11:39:04 AM (11 years ago)
- Location:
- trunk/server
- Files:
-
- 2 edited
-
. (modified) (1 prop)
-
source3/smbd/open.c (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/server
- Property svn:mergeinfo changed
/vendor/current merged: 860
- Property svn:mergeinfo changed
-
trunk/server/source3/smbd/open.c
r751 r862 59 59 } 60 60 61 /* 62 * If we can access the path to this file, by 63 * default we have FILE_READ_ATTRIBUTES from the 64 * containing directory. See the section: 65 * "Algorithm to Check Access to an Existing File" 66 * in MS-FSA.pdf. 67 */ 61 68 return se_access_check(sd, 62 69 token, … … 143 150 144 151 return status; 152 } 153 154 /**************************************************************************** 155 Ensure when opening a base file for a stream open that we have permissions 156 to do so given the access mask on the base file. 157 ****************************************************************************/ 158 159 static NTSTATUS check_base_file_access(struct connection_struct *conn, 160 struct smb_filename *smb_fname, 161 uint32_t access_mask) 162 { 163 uint32_t access_granted = 0; 164 NTSTATUS status; 165 166 status = smbd_calculate_access_mask(conn, smb_fname, 167 false, 168 access_mask, 169 &access_mask); 170 if (!NT_STATUS_IS_OK(status)) { 171 DEBUG(10, ("smbd_calculate_access_mask " 172 "on file %s returned %s\n", 173 smb_fname_str_dbg(smb_fname), 174 nt_errstr(status))); 175 return status; 176 } 177 178 if (access_mask & (FILE_WRITE_DATA|FILE_APPEND_DATA)) { 179 uint32_t dosattrs; 180 if (!CAN_WRITE(conn)) { 181 return NT_STATUS_ACCESS_DENIED; 182 } 183 dosattrs = dos_mode(conn, smb_fname); 184 if (IS_DOS_READONLY(dosattrs)) { 185 return NT_STATUS_ACCESS_DENIED; 186 } 187 } 188 189 190 return smbd_check_open_rights(conn, 191 smb_fname, 192 access_mask, 193 &access_granted); 145 194 } 146 195 … … 1417 1466 } 1418 1467 1419 access_mask = access_granted; 1468 /* 1469 * If we can access the path to this file, by 1470 * default we have FILE_READ_ATTRIBUTES from the 1471 * containing directory. See the section. 1472 * "Algorithm to Check Access to an Existing File" 1473 * in MS-FSA.pdf. 1474 */ 1475 access_mask = access_granted | FILE_READ_ATTRIBUTES; 1420 1476 } else { 1421 1477 access_mask = FILE_GENERIC_ALL; … … 1989 2045 /* 1990 2046 * If we're returning a share violation, ensure we 1991 * cope with the braindead 1 second delay .2047 * cope with the braindead 1 second delay (SMB1 only). 1992 2048 */ 1993 2049 1994 2050 if (!(oplock_request & INTERNAL_OPEN_ONLY) && 2051 !conn->sconn->using_smb2 && 1995 2052 lp_defer_sharing_violations()) { 1996 2053 struct timeval timeout; … … 2753 2810 mtimespec = smb_dname->st.st_ex_mtime; 2754 2811 2755 /* Temporary access mask used to open the directory fd. */2756 fsp->access_mask = FILE_READ_DATA | FILE_READ_ATTRIBUTES; 2812 fsp->access_mask = access_mask; 2813 2757 2814 #ifdef O_DIRECTORY 2758 2815 status = fd_open(conn, fsp, O_RDONLY|O_DIRECTORY, 0); … … 3213 3270 DEBUG(10, ("Unable to stat stream: %s\n", 3214 3271 smb_fname_str_dbg(smb_fname_base))); 3272 } else { 3273 /* 3274 * https://bugzilla.samba.org/show_bug.cgi?id=10229 3275 * We need to check if the requested access mask 3276 * could be used to open the underlying file (if 3277 * it existed), as we're passing in zero for the 3278 * access mask to the base filename. 3279 */ 3280 status = check_base_file_access(conn, 3281 smb_fname_base, 3282 access_mask); 3283 3284 if (!NT_STATUS_IS_OK(status)) { 3285 DEBUG(10, ("Permission check " 3286 "for base %s failed: " 3287 "%s\n", smb_fname->base_name, 3288 nt_errstr(status))); 3289 goto fail; 3290 } 3215 3291 } 3216 3292
Note:
See TracChangeset
for help on using the changeset viewer.
