From: Jeremy Allison <jra@samba.org>
Date: Mon, 27 Aug 2012 23:07:32 +0000 (-0700)
Subject: Change the S3 fileserver over to se_file_access_check().
X-Git-Tag: samba-4.0.0rc1~287
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=46455642a78f7a1c60f56dec8ad907d0cfd326ea;p=thirdparty%2Fsamba.git

Change the S3 fileserver over to se_file_access_check().

Don't set the priv_open_requested yet until the open-for-backup
request is correctly passed in.
---

diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c
index 978edf2ece9..c7a8e51c05a 100644
--- a/source3/lib/sharesec.c
+++ b/source3/lib/sharesec.c
@@ -451,7 +451,7 @@ bool share_access_check(const struct security_token *token,
 		return false;
 	}
 
-	status = se_access_check(psd, token, desired_access, &granted);
+	status = se_file_access_check(psd, token, true, desired_access, &granted);
 
 	TALLOC_FREE(psd);
 
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 415f6adf2e2..b69db8b5e10 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -129,11 +129,12 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
 	}
 
  	/*
-	 * Never test FILE_READ_ATTRIBUTES. se_access_check() also takes care of
+	 * Never test FILE_READ_ATTRIBUTES. se_file_access_check() also takes care of
 	 * owner WRITE_DAC and READ_CONTROL.
 	 */
-	status = se_access_check(sd,
+	status = se_file_access_check(sd,
 				get_current_nttok(conn),
+				false,
 				(access_mask & ~FILE_READ_ATTRIBUTES),
 				&rejected_mask);
 
@@ -245,11 +246,12 @@ static NTSTATUS check_parent_access(struct connection_struct *conn,
 	}
 
  	/*
-	 * Never test FILE_READ_ATTRIBUTES. se_access_check() also takes care of
+	 * Never test FILE_READ_ATTRIBUTES. se_file_access_check() also takes care of
 	 * owner WRITE_DAC and READ_CONTROL.
 	 */
-	status = se_access_check(parent_sd,
+	status = se_file_access_check(parent_sd,
 				get_current_nttok(conn),
+				false,
 				(access_mask & ~FILE_READ_ATTRIBUTES),
 				&access_granted);
 	if(!NT_STATUS_IS_OK(status)) {
@@ -1681,11 +1683,12 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
 	}
 
 	/*
-	 * Never test FILE_READ_ATTRIBUTES. se_access_check()
+	 * Never test FILE_READ_ATTRIBUTES. se_file_access_check()
 	 * also takes care of owner WRITE_DAC and READ_CONTROL.
 	 */
-	status = se_access_check(sd,
+	status = se_file_access_check(sd,
 				 get_current_nttok(conn),
+				 false,
 				 (*p_access_mask & ~FILE_READ_ATTRIBUTES),
 				 &access_granted);