From: Jeremy Allison <jra@samba.org>
Date: Fri, 1 May 2020 01:20:29 +0000 (-0700)
Subject: s3: smbd: Add a dirfsp parameter to check_parent_access().
X-Git-Tag: ldb-2.2.0~764
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=66a4e6b5c6598ff2aa383db8d4de48fa4a805dd2;p=thirdparty%2Fsamba.git

s3: smbd: Add a dirfsp parameter to check_parent_access().

Not yet used. Currently always conn->cwd_fsp.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index c2a14da4474..2fd79b426de 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -264,6 +264,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
 }
 
 NTSTATUS check_parent_access(struct connection_struct *conn,
+				struct files_struct *dirfsp,
 				struct smb_filename *smb_fname,
 				uint32_t access_mask)
 {
@@ -279,6 +280,13 @@ NTSTATUS check_parent_access(struct connection_struct *conn,
 	TALLOC_CTX *frame = talloc_stackframe();
 	bool ok;
 
+	/*
+	 * NB. When dirfsp != conn->cwd_fsp, we must
+	 * change parent_dir to be "." for the name here.
+	 */
+
+	SMB_ASSERT(dirfsp == conn->cwd_fsp);
+
 	ok = parent_smb_fname(frame, smb_fname, &parent_dir, NULL);
 	if (!ok) {
 		status = NT_STATUS_NO_MEMORY;
@@ -1255,6 +1263,7 @@ static NTSTATUS open_file(files_struct *fsp,
 				}
 
 				status = check_parent_access(conn,
+							conn->cwd_fsp,
 							smb_fname,
 							SEC_DIR_ADD_FILE);
 				if (!NT_STATUS_IS_OK(status)) {
@@ -4112,6 +4121,7 @@ static NTSTATUS mkdir_internal(connection_struct *conn,
 	}
 
 	status = check_parent_access(conn,
+					conn->cwd_fsp,
 					smb_dname,
 					access_mask);
 	if(!NT_STATUS_IS_OK(status)) {
diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index c2f0e2e184e..e66b759d576 100644
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -708,6 +708,7 @@ NTSTATUS smbd_check_access_rights(struct connection_struct *conn,
 				bool use_privs,
 				uint32_t access_mask);
 NTSTATUS check_parent_access(struct connection_struct *conn,
+				struct files_struct *dirfsp,
 				struct smb_filename *smb_fname,
 				uint32_t access_mask);
 NTSTATUS fd_open(struct connection_struct *conn, files_struct *fsp,
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index f8c0124cbb8..fd4434c9008 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -7807,6 +7807,7 @@ NTSTATUS rename_internals_fsp(connection_struct *conn,
 		access_mask = SEC_DIR_ADD_SUBDIR;
 	}
 	status = check_parent_access(conn,
+				conn->cwd_fsp,
 				smb_fname_dst,
 				access_mask);
 	if (!NT_STATUS_IS_OK(status)) {