From: Jeremy Allison Date: Thu, 30 Apr 2020 22:44:37 +0000 (-0700) Subject: s3: smbd: Add dirfsp parameter to can_write_to_file(). X-Git-Tag: ldb-2.2.0~770 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7c1f1e5243bf995746296de9523d75662ce330a0;p=thirdparty%2Fsamba.git s3: smbd: Add dirfsp parameter to can_write_to_file(). Not yet used. Currently always conn->cwd_fsp. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index 1758bbd98c9..d430ff76957 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -1176,7 +1176,7 @@ static bool user_can_write_file(connection_struct *conn, return True; } - return can_write_to_file(conn, smb_fname); + return can_write_to_file(conn, dirfsp, smb_fname); } /******************************************************************* diff --git a/source3/smbd/dosmode.c b/source3/smbd/dosmode.c index b061e9ac794..2c4efa0fcff 100644 --- a/source3/smbd/dosmode.c +++ b/source3/smbd/dosmode.c @@ -220,6 +220,7 @@ static uint32_t dos_mode_from_sbuf(connection_struct *conn, } else if (ro_opts == MAP_READONLY_PERMISSIONS) { /* Check actual permissions for read-only. */ if (!can_write_to_file(conn, + conn->cwd_fsp, smb_fname)) { result |= FILE_ATTRIBUTE_READONLY; @@ -542,6 +543,7 @@ NTSTATUS set_ea_dos_attribute(connection_struct *conn, if (!set_dosmode_ok && lp_dos_filemode(SNUM(conn))) { set_dosmode_ok = can_write_to_file(conn, + conn->cwd_fsp, smb_fname); } @@ -1073,6 +1075,7 @@ int file_set_dosmode(connection_struct *conn, */ if (!can_write_to_file(conn, + conn->cwd_fsp, smb_fname)) { errno = EACCES; @@ -1248,6 +1251,7 @@ int file_ntimes(connection_struct *conn, const struct smb_filename *smb_fname, /* Check if we have write access. */ if (can_write_to_file(conn, + conn->cwd_fsp, smb_fname)) { /* We are allowed to become root and change the filetime. */ diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c index 1b9785d670a..eb9ff905781 100644 --- a/source3/smbd/file_access.c +++ b/source3/smbd/file_access.c @@ -131,8 +131,10 @@ bool can_delete_file_in_directory(connection_struct *conn, ****************************************************************************/ bool can_write_to_file(connection_struct *conn, + struct files_struct *dirfsp, const struct smb_filename *smb_fname) { + SMB_ASSERT(dirfsp == conn->cwd_fsp); return NT_STATUS_IS_OK(smbd_check_access_rights(conn, smb_fname, false, diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c index c44501108ab..e83ccc25ac4 100644 --- a/source3/smbd/nttrans.c +++ b/source3/smbd/nttrans.c @@ -727,6 +727,7 @@ void reply_ntcreate_and_X(struct smb_request *req) if (fsp->fsp_flags.is_directory || fsp->fsp_flags.can_write || can_write_to_file(conn, + conn->cwd_fsp, smb_fname)) { perms = FILE_GENERIC_ALL; @@ -1391,6 +1392,7 @@ static void call_nt_transact_create(connection_struct *conn, if (fsp->fsp_flags.is_directory || fsp->fsp_flags.can_write || can_write_to_file(conn, + conn->cwd_fsp, smb_fname)) { perms = FILE_GENERIC_ALL; diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 2e78b9c3bbb..bdae3bc636e 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -2847,6 +2847,7 @@ static bool acl_group_override(connection_struct *conn, /* user has writeable permission */ if (lp_dos_filemode(SNUM(conn)) && can_write_to_file(conn, + conn->cwd_fsp, smb_fname)) { return true; diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h index 5303c477cf7..931d2fd2cdd 100644 --- a/source3/smbd/proto.h +++ b/source3/smbd/proto.h @@ -334,6 +334,7 @@ bool can_delete_file_in_directory(connection_struct *conn, struct files_struct *dirfsp, const struct smb_filename *smb_fname); bool can_write_to_file(connection_struct *conn, + struct files_struct *dirfsp, const struct smb_filename *smb_fname); bool directory_has_default_acl(connection_struct *conn, struct files_struct *dirfsp,