From: Volker Lendecke Date: Wed, 9 Oct 2024 08:50:15 +0000 (+0200) Subject: smbd: Convert refuse_symlink_fsp() to bool X-Git-Tag: tdb-1.4.13~546 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=eecdd0fb59828f50d32496f6f8bc06c3fefb80b1;p=thirdparty%2Fsamba.git smbd: Convert refuse_symlink_fsp() to bool I want to simplify get_ea_value_fsp next Signed-off-by: Volker Lendecke Reviewed-by: Ralph Boehme --- diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index abbc47a83a3..d9a771960aa 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -1061,7 +1061,7 @@ NTSTATUS smb_set_file_disposition_info(connection_struct *conn, int total_data, files_struct *fsp, struct smb_filename *smb_fname); -NTSTATUS refuse_symlink_fsp(const struct files_struct *fsp); +bool refuse_symlink_fsp(const struct files_struct *fsp); NTSTATUS check_any_access_fsp(struct files_struct *fsp, uint32_t access_requested); uint64_t smb_roundup(connection_struct *conn, uint64_t val); diff --git a/source3/smbd/smb1_trans2.c b/source3/smbd/smb1_trans2.c index 155f7c62bb1..244a8740b0f 100644 --- a/source3/smbd/smb1_trans2.c +++ b/source3/smbd/smb1_trans2.c @@ -2389,7 +2389,7 @@ static NTSTATUS smb_q_posix_acl( uint16_t num_def_acls = 0; unsigned int size_needed = 0; NTSTATUS status; - bool ok; + bool ok, refuse; bool close_fsp = false; /* @@ -2415,8 +2415,9 @@ static NTSTATUS smb_q_posix_acl( SMB_ASSERT(fsp != NULL); - status = refuse_symlink_fsp(fsp); - if (!NT_STATUS_IS_OK(status)) { + refuse = refuse_symlink_fsp(fsp); + if (refuse) { + status = NT_STATUS_ACCESS_DENIED; goto out; } @@ -4273,6 +4274,7 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn, unsigned int size_needed; unsigned int total_data; bool close_fsp = false; + bool refuse; if (total_data_in < 0) { status = NT_STATUS_INVALID_PARAMETER; @@ -4359,8 +4361,9 @@ static NTSTATUS smb_set_posix_acl(connection_struct *conn, /* Here we know fsp != NULL */ SMB_ASSERT(fsp != NULL); - status = refuse_symlink_fsp(fsp); - if (!NT_STATUS_IS_OK(status)) { + refuse = refuse_symlink_fsp(fsp); + if (refuse) { + status = NT_STATUS_ACCESS_DENIED; goto out; } diff --git a/source3/smbd/smb2_nttrans.c b/source3/smbd/smb2_nttrans.c index 33e5d13f462..19e78ab1394 100644 --- a/source3/smbd/smb2_nttrans.c +++ b/source3/smbd/smb2_nttrans.c @@ -83,6 +83,7 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd, { files_struct *sd_fsp = NULL; NTSTATUS status; + bool refuse; if (!CAN_WRITE(fsp->conn)) { return NT_STATUS_ACCESS_DENIED; @@ -92,11 +93,11 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd, return NT_STATUS_OK; } - status = refuse_symlink_fsp(fsp); - if (!NT_STATUS_IS_OK(status)) { + refuse = refuse_symlink_fsp(fsp); + if (refuse) { DBG_DEBUG("ACL set on symlink %s denied.\n", fsp_str_dbg(fsp)); - return status; + return NT_STATUS_ACCESS_DENIED; } if (psd->owner_sid == NULL) { @@ -480,6 +481,7 @@ static NTSTATUS smbd_fetch_security_desc(connection_struct *conn, NTSTATUS status; struct security_descriptor *psd = NULL; bool need_to_read_sd = false; + bool refuse; /* * Get the permissions to return. @@ -501,11 +503,11 @@ static NTSTATUS smbd_fetch_security_desc(connection_struct *conn, } } - status = refuse_symlink_fsp(fsp); - if (!NT_STATUS_IS_OK(status)) { + refuse = refuse_symlink_fsp(fsp); + if (refuse) { DBG_DEBUG("ACL get on symlink %s denied.\n", fsp_str_dbg(fsp)); - return status; + return NT_STATUS_ACCESS_DENIED; } if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER| diff --git a/source3/smbd/smb2_trans2.c b/source3/smbd/smb2_trans2.c index 3f8dcb09c50..c9bd4c25e47 100644 --- a/source3/smbd/smb2_trans2.c +++ b/source3/smbd/smb2_trans2.c @@ -60,19 +60,19 @@ static uint32_t generate_volume_serial_number( Check if an open file handle is a symlink. ****************************************************************************/ -NTSTATUS refuse_symlink_fsp(const files_struct *fsp) +bool refuse_symlink_fsp(const files_struct *fsp) { if (!VALID_STAT(fsp->fsp_name->st)) { - return NT_STATUS_ACCESS_DENIED; + return true; } if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) { - return NT_STATUS_ACCESS_DENIED; + return true; } if (fsp_get_pathref_fd(fsp) == -1) { - return NT_STATUS_ACCESS_DENIED; + return true; } - return NT_STATUS_OK; + return false; } /** @@ -194,14 +194,14 @@ NTSTATUS get_ea_value_fsp(TALLOC_CTX *mem_ctx, char *val = NULL; ssize_t sizeret; size_t max_xattr_size = 0; - NTSTATUS status; + bool refuse; if (fsp == NULL) { return NT_STATUS_INVALID_HANDLE; } - status = refuse_symlink_fsp(fsp); - if (!NT_STATUS_IS_OK(status)) { - return status; + refuse = refuse_symlink_fsp(fsp); + if (refuse) { + return NT_STATUS_ACCESS_DENIED; } max_xattr_size = lp_smbd_max_xattr_size(SNUM(fsp->conn)); @@ -263,7 +263,7 @@ NTSTATUS get_ea_names_from_fsp(TALLOC_CTX *mem_ctx, } *pnum_names = 0; - if ((fsp == NULL) || !NT_STATUS_IS_OK(refuse_symlink_fsp(fsp))) { + if ((fsp == NULL) || refuse_symlink_fsp(fsp)) { /* * Callers may pass fsp == NULL when passing smb_fname->fsp of a * symlink. This is ok, handle it here, by just return no EA's @@ -711,6 +711,7 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp, { NTSTATUS status; bool posix_pathnames = false; + bool refuse; if (!lp_ea_support(SNUM(conn))) { return NT_STATUS_EAS_NOT_SUPPORTED; @@ -722,9 +723,9 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp, posix_pathnames = (fsp->fsp_name->flags & SMB_FILENAME_POSIX_PATH); - status = refuse_symlink_fsp(fsp); - if (!NT_STATUS_IS_OK(status)) { - return status; + refuse = refuse_symlink_fsp(fsp); + if (refuse) { + return NT_STATUS_ACCESS_DENIED; } status = check_any_access_fsp(fsp, FILE_WRITE_EA);