From: Jeremy Allison Date: Tue, 8 Jun 2021 18:56:25 +0000 (-0700) Subject: s3: smbd: smbd_calculate_access_mask_fsp(). Add dirfsp parameter. X-Git-Tag: tevent-0.11.0~526 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=492d105b442b880ab5ab99861ec6bdabd7e342bb;p=thirdparty%2Fsamba.git s3: smbd: smbd_calculate_access_mask_fsp(). Add dirfsp parameter. Pass this down into smbd_calculate_maximum_allowed_access_fsp(). Currently pass fsp->conn->cwd_fsp everywhere. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c index 7fdd5f3fafa..ae1541ea9f1 100644 --- a/source3/modules/vfs_fruit.c +++ b/source3/modules/vfs_fruit.c @@ -4269,7 +4269,8 @@ static NTSTATUS fruit_freaddir_attr(struct vfs_handle_struct *handle, if (!config->readdir_attr_max_access) { attr_data->attr_data.aapl.max_access = FILE_GENERIC_ALL; } else { - status = smbd_calculate_access_mask_fsp(fsp, + status = smbd_calculate_access_mask_fsp(fsp->conn->cwd_fsp, + fsp, false, SEC_FLAG_MAXIMUM_ALLOWED, &attr_data->attr_data.aapl.max_access); diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c index e2310e6f786..e786ad67b72 100644 --- a/source3/smbd/fake_file.c +++ b/source3/smbd/fake_file.c @@ -170,7 +170,8 @@ NTSTATUS open_fake_file(struct smb_request *req, connection_struct *conn, return NT_STATUS_NO_MEMORY; } - status = smbd_calculate_access_mask_fsp(fsp, + status = smbd_calculate_access_mask_fsp(conn->cwd_fsp, + fsp, false, access_mask, &access_mask); diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h index 778162d21df..2d86201e324 100644 --- a/source3/smbd/globals.h +++ b/source3/smbd/globals.h @@ -211,7 +211,8 @@ NTSTATUS smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx, struct ea_list *name_list, struct file_id *file_id); -NTSTATUS smbd_calculate_access_mask_fsp(struct files_struct *fsp, +NTSTATUS smbd_calculate_access_mask_fsp(struct files_struct *dirsfp, + struct files_struct *fsp, bool use_privs, uint32_t access_mask, uint32_t *access_mask_out); diff --git a/source3/smbd/open.c b/source3/smbd/open.c index a2c25605cc8..d001db4603b 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -408,7 +408,8 @@ static NTSTATUS check_base_file_access(struct files_struct *fsp, { NTSTATUS status; - status = smbd_calculate_access_mask_fsp(fsp, + status = smbd_calculate_access_mask_fsp(fsp->conn->cwd_fsp, + fsp, false, access_mask, &access_mask); @@ -3243,7 +3244,8 @@ static NTSTATUS smbd_calculate_maximum_allowed_access_fsp( return NT_STATUS_OK; } -NTSTATUS smbd_calculate_access_mask_fsp(struct files_struct *fsp, +NTSTATUS smbd_calculate_access_mask_fsp(struct files_struct *dirfsp, + struct files_struct *fsp, bool use_privs, uint32_t access_mask, uint32_t *access_mask_out) @@ -3268,7 +3270,7 @@ NTSTATUS smbd_calculate_access_mask_fsp(struct files_struct *fsp, if (access_mask & MAXIMUM_ALLOWED_ACCESS) { status = smbd_calculate_maximum_allowed_access_fsp( - fsp->conn->cwd_fsp, + dirfsp, fsp, use_privs, &access_mask); @@ -3638,7 +3640,8 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, } } - status = smbd_calculate_access_mask_fsp(smb_fname->fsp, + status = smbd_calculate_access_mask_fsp(conn->cwd_fsp, + smb_fname->fsp, false, access_mask, &access_mask); @@ -4402,7 +4405,8 @@ static NTSTATUS open_directory(connection_struct *conn, create_disposition, file_attributes); - status = smbd_calculate_access_mask_fsp(smb_dname->fsp, + status = smbd_calculate_access_mask_fsp(conn->cwd_fsp, + smb_dname->fsp, false, access_mask, &access_mask); diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c index 6f54227e983..a27b87ea0ee 100644 --- a/source3/smbd/smb2_create.c +++ b/source3/smbd/smb2_create.c @@ -1397,7 +1397,9 @@ static void smbd_smb2_create_after_exec(struct tevent_req *req) uint32_t max_access_granted; DATA_BLOB blob = data_blob_const(p, sizeof(p)); - status = smbd_calculate_access_mask_fsp(state->result, + status = smbd_calculate_access_mask_fsp( + state->result->conn->cwd_fsp, + state->result, false, SEC_FLAG_MAXIMUM_ALLOWED, &max_access_granted);