From: Ralph Boehme Date: Tue, 27 Oct 2020 10:24:03 +0000 (+0100) Subject: smbd: add smbd_check_access_rights_fsp() X-Git-Tag: samba-4.14.0rc1~316 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2aac91003ee2212eb25feab6f14d44c7f2759586;p=thirdparty%2Fsamba.git smbd: add smbd_check_access_rights_fsp() Handle based version of smbd_check_access_rights(). Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison --- diff --git a/source3/smbd/open.c b/source3/smbd/open.c index d902e461ec6..6f43d4f55b6 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -280,6 +280,36 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn, access_mask); } +NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp, + bool use_privs, + uint32_t access_mask) +{ + struct security_descriptor *sd = NULL; + NTSTATUS status; + + status = SMB_VFS_FGET_NT_ACL(fsp, + (SECINFO_OWNER | + SECINFO_GROUP | + SECINFO_DACL), + talloc_tos(), + &sd); + if (NT_STATUS_EQUAL(status, NT_STATUS_ACCESS_DENIED)) { + status = NT_STATUS_OK; + } + if (!NT_STATUS_IS_OK(status)) { + DBG_DEBUG("Could not get acl on %s: %s\n", + fsp_str_dbg(fsp), + nt_errstr(status)); + return status; + } + + return smbd_check_access_rights_sd(fsp->conn, + fsp->fsp_name, + sd, + use_privs, + access_mask); +} + NTSTATUS check_parent_access(struct connection_struct *conn, struct files_struct *dirfsp, struct smb_filename *smb_fname, diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index ea81f7a7dd8..b99f701fd3b 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -719,6 +719,9 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn, const struct smb_filename *smb_fname, bool use_privs, uint32_t access_mask); +NTSTATUS smbd_check_access_rights_fsp(struct files_struct *fsp, + bool use_privs, + uint32_t access_mask); NTSTATUS check_parent_access(struct connection_struct *conn, struct files_struct *dirfsp, struct smb_filename *smb_fname,