From: Ralph Boehme Date: Thu, 21 Dec 2023 09:58:09 +0000 (+0100) Subject: smbd: rename check_access_fsp() to check_any_access_fsp() X-Git-Tag: samba-4.18.10~18 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b775434b7eb1a08fff283e153817f3e0376c9af8;p=thirdparty%2Fsamba.git smbd: rename check_access_fsp() to check_any_access_fsp() The semantics of the access check in check_access_fsp() itself is to allow access if *at least* one or more rights of the rights in access_mask are allowed. The name check_any_access_fsp() better reflects this. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit 96b577c380fa914eb1ffa95849c82bdb88aa1ec6) --- diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 26cafeba091..f3f998a9c0f 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -1114,8 +1114,8 @@ NTSTATUS smb_set_file_disposition_info(connection_struct *conn, files_struct *fsp, struct smb_filename *smb_fname); NTSTATUS refuse_symlink_fsp(const struct files_struct *fsp); -NTSTATUS check_access_fsp(struct files_struct *fsp, - uint32_t access_mask); +NTSTATUS check_any_access_fsp(struct files_struct *fsp, + uint32_t access_mask); uint64_t smb_roundup(connection_struct *conn, uint64_t val); bool samba_private_attr_name(const char *unix_ea_name); NTSTATUS get_ea_value_fsp(TALLOC_CTX *mem_ctx, diff --git a/source3/smbd/smb2_ioctl_filesys.c b/source3/smbd/smb2_ioctl_filesys.c index 36429b8fd35..6cc53d4828e 100644 --- a/source3/smbd/smb2_ioctl_filesys.c +++ b/source3/smbd/smb2_ioctl_filesys.c @@ -378,7 +378,7 @@ static NTSTATUS fsctl_set_cmprn(TALLOC_CTX *mem_ctx, } /* WRITE_DATA permission is required, WRITE_ATTRIBUTES is not */ - status = check_access_fsp(fsp, FILE_WRITE_DATA); + status = check_any_access_fsp(fsp, FILE_WRITE_DATA); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -426,7 +426,7 @@ static NTSTATUS fsctl_zero_data(TALLOC_CTX *mem_ctx, } /* WRITE_DATA permission is required */ - status = check_access_fsp(fsp, FILE_WRITE_DATA); + status = check_any_access_fsp(fsp, FILE_WRITE_DATA); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -616,7 +616,7 @@ static NTSTATUS fsctl_qar(TALLOC_CTX *mem_ctx, } /* READ_DATA permission is required */ - status = check_access_fsp(fsp, FILE_READ_DATA); + status = check_any_access_fsp(fsp, FILE_READ_DATA); if (!NT_STATUS_IS_OK(status)) { return status; } diff --git a/source3/smbd/smb2_trans2.c b/source3/smbd/smb2_trans2.c index fa9e8b4509b..80a932566b2 100644 --- a/source3/smbd/smb2_trans2.c +++ b/source3/smbd/smb2_trans2.c @@ -72,8 +72,13 @@ NTSTATUS refuse_symlink_fsp(const files_struct *fsp) return NT_STATUS_OK; } -NTSTATUS check_access_fsp(struct files_struct *fsp, - uint32_t access_mask) +/** + * Check that one or more of the rights in access_mask are + * allowed. Iow, access_mask can contain more then one right and + * it is sufficient having only one of those granted to pass. + **/ +NTSTATUS check_any_access_fsp(struct files_struct *fsp, + uint32_t access_mask) { if (!fsp->fsp_flags.is_fsa) { return smbd_check_access_rights_fsp(fsp->conn->cwd_fsp, @@ -677,7 +682,7 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp, return status; } - status = check_access_fsp(fsp, FILE_WRITE_EA); + status = check_any_access_fsp(fsp, FILE_WRITE_EA); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -4822,7 +4827,7 @@ static NTSTATUS smb_set_file_basic_info(connection_struct *conn, return NT_STATUS_INVALID_HANDLE; } - status = check_access_fsp(fsp, FILE_WRITE_ATTRIBUTES); + status = check_any_access_fsp(fsp, FILE_WRITE_ATTRIBUTES); if (!NT_STATUS_IS_OK(status)) { return status; } @@ -4893,7 +4898,7 @@ static NTSTATUS smb_set_info_standard(connection_struct *conn, DEBUG(10,("smb_set_info_standard: file %s\n", smb_fname_str_dbg(smb_fname))); - status = check_access_fsp(fsp, FILE_WRITE_ATTRIBUTES); + status = check_any_access_fsp(fsp, FILE_WRITE_ATTRIBUTES); if (!NT_STATUS_IS_OK(status)) { return status; }