]> git.ipfire.org Git - thirdparty/samba.git/commitdiff
projects / thirdparty / samba.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c66305f)
s3: smbd: Re-use refuse_symlink_fsp() in set/get security descriptors.
authorJeremy Allison <jra@samba.org>
Thu, 20 May 2021 19:26:47 +0000 (12:26 -0700)
committerRalph Boehme <slow@samba.org>
Wed, 9 Jun 2021 13:14:30 +0000 (13:14 +0000)
Now we have one common function for refusing access on symlinks.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
source3/smbd/nttrans.c patch | blob | blame | history

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 75162b5f61cfc064745b4591ca6c7fab6a50ee9f..a241dcb624328887b2803bd9b80acdc70ec8fd41 100644 (file)
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -999,10 +999,11 @@ NTSTATUS set_sd(files_struct *fsp, struct security_descriptor *psd,
                return NT_STATUS_OK;
        }
 
-       if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
-               DEBUG(10, ("ACL set on symlink %s denied.\n",
-                       fsp_str_dbg(fsp)));
-               return NT_STATUS_ACCESS_DENIED;
+       status = refuse_symlink_fsp(fsp);
+       if (!NT_STATUS_IS_OK(status)) {
+               DBG_DEBUG("ACL set on symlink %s denied.\n",
+                       fsp_str_dbg(fsp));
+               return status;
        }
 
        if (psd->owner_sid == NULL) {
@@ -2159,11 +2160,12 @@ NTSTATUS smbd_do_query_security_desc(connection_struct *conn,
                return NT_STATUS_ACCESS_DENIED;
        }
 
-       if (S_ISLNK(fsp->fsp_name->st.st_ex_mode)) {
-               DEBUG(10, ("ACL get on symlink %s denied.\n",
-                       fsp_str_dbg(fsp)));
+       status = refuse_symlink_fsp(fsp);
+       if (!NT_STATUS_IS_OK(status)) {
+               DBG_DEBUG("ACL get on symlink %s denied.\n",
+                       fsp_str_dbg(fsp));
                TALLOC_FREE(frame);
-               return NT_STATUS_ACCESS_DENIED;
+               return status;
        }
 
        if (security_info_wanted & (SECINFO_DACL|SECINFO_OWNER|
Mirror of https://github.com/samba-team/samba.git