smbd: rename check_access_fsp() to check_any_access_fsp()

The semantics of the access check in check_access_fsp() itself is to
allow access if *at least* one or more rights of the rights in
access_mask are allowed. The name check_any_access_fsp() better
reflects this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 96b577c380fa914eb1ffa95849c82bdb88aa1ec6)

diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 78e1b48be09bcca41c3c87da45ff39ff5af96920..277b9660e9bd5a5ca4b1a3e57a70f6c5dbb30bfc 100644 (file)
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -1108,8 +1108,8 @@ NTSTATUS smb_set_file_disposition_info(connection_struct *conn,
                                       files_struct *fsp,
                                       struct smb_filename *smb_fname);
 NTSTATUS refuse_symlink_fsp(const struct files_struct *fsp);
-NTSTATUS check_access_fsp(struct files_struct *fsp,
-                         uint32_t access_mask);
+NTSTATUS check_any_access_fsp(struct files_struct *fsp,
+                             uint32_t access_mask);
 uint64_t smb_roundup(connection_struct *conn, uint64_t val);
 bool samba_private_attr_name(const char *unix_ea_name);
 NTSTATUS get_ea_value_fsp(TALLOC_CTX *mem_ctx,

diff --git a/source3/smbd/smb2_ioctl_filesys.c b/source3/smbd/smb2_ioctl_filesys.c
index 36429b8fd352206d9263400185cc82965af07a9c..6cc53d4828ed05c06963c5e98507ec1ed276fed1 100644 (file)
--- a/source3/smbd/smb2_ioctl_filesys.c
+++ b/source3/smbd/smb2_ioctl_filesys.c
@@ -378,7 +378,7 @@ static NTSTATUS fsctl_set_cmprn(TALLOC_CTX *mem_ctx,
        }
 
        /* WRITE_DATA permission is required, WRITE_ATTRIBUTES is not */
-       status = check_access_fsp(fsp, FILE_WRITE_DATA);
+       status = check_any_access_fsp(fsp, FILE_WRITE_DATA);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -426,7 +426,7 @@ static NTSTATUS fsctl_zero_data(TALLOC_CTX *mem_ctx,
        }
 
        /* WRITE_DATA permission is required */
-       status = check_access_fsp(fsp, FILE_WRITE_DATA);
+       status = check_any_access_fsp(fsp, FILE_WRITE_DATA);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -616,7 +616,7 @@ static NTSTATUS fsctl_qar(TALLOC_CTX *mem_ctx,
        }
 
        /* READ_DATA permission is required */
-       status = check_access_fsp(fsp, FILE_READ_DATA);
+       status = check_any_access_fsp(fsp, FILE_READ_DATA);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }

diff --git a/source3/smbd/smb2_trans2.c b/source3/smbd/smb2_trans2.c
index 3eb4a2de8790f9cc195b74c591405a6f514fb4db..3a08eab9d9128ad899b7ece4757d16bc49e1def0 100644 (file)
--- a/source3/smbd/smb2_trans2.c
+++ b/source3/smbd/smb2_trans2.c
@@ -72,8 +72,13 @@ NTSTATUS refuse_symlink_fsp(const files_struct *fsp)
        return NT_STATUS_OK;
 }
 
-NTSTATUS check_access_fsp(struct files_struct *fsp,
-                         uint32_t access_mask)
+/**
+ * Check that one or more of the rights in access_mask are
+ * allowed. Iow, access_mask can contain more then one right and
+ * it is sufficient having only one of those granted to pass.
+ **/
+NTSTATUS check_any_access_fsp(struct files_struct *fsp,
+                             uint32_t access_mask)
 {
        if (!fsp->fsp_flags.is_fsa) {
                return smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
@@ -677,7 +682,7 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
                return status;
        }
 
-       status = check_access_fsp(fsp, FILE_WRITE_EA);
+       status = check_any_access_fsp(fsp, FILE_WRITE_EA);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -4803,7 +4808,7 @@ static NTSTATUS smb_set_file_basic_info(connection_struct *conn,
                return NT_STATUS_INVALID_HANDLE;
        }
 
-       status = check_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
+       status = check_any_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -4874,7 +4879,7 @@ static NTSTATUS smb_set_info_standard(connection_struct *conn,
        DEBUG(10,("smb_set_info_standard: file %s\n",
                smb_fname_str_dbg(smb_fname)));
 
-       status = check_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
+       status = check_any_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }