From: Jeremy Allison <jra@samba.org>
Date: Fri, 1 May 2020 17:13:58 +0000 (-0700)
Subject: s3: smbd: Add a dirfsp parameter to smbd_calculate_access_mask().
X-Git-Tag: ldb-2.2.0~762
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a20d06675f07be676c3920072e15ffe7775ab91c;p=thirdparty%2Fsamba.git

s3: smbd: Add a dirfsp parameter to smbd_calculate_access_mask().

Not yet used. Currently always conn->cwd_fsp.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
---

diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c
index 86870f8f9cf..bdfb4f0ff45 100644
--- a/source3/modules/vfs_fruit.c
+++ b/source3/modules/vfs_fruit.c
@@ -4081,6 +4081,7 @@ static NTSTATUS fruit_readdir_attr(struct vfs_handle_struct *handle,
 	} else {
 		status = smbd_calculate_access_mask(
 			handle->conn,
+			handle->conn->cwd_fsp,
 			fname,
 			false,
 			SEC_FLAG_MAXIMUM_ALLOWED,
diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c
index 9a87bad4812..90921a65e36 100644
--- a/source3/smbd/fake_file.c
+++ b/source3/smbd/fake_file.c
@@ -132,6 +132,7 @@ NTSTATUS open_fake_file(struct smb_request *req, connection_struct *conn,
 	NTSTATUS status;
 
 	status = smbd_calculate_access_mask(conn,
+					conn->cwd_fsp,
 					smb_fname,
 					false,
 					access_mask,
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 68a39e277fc..79086b3c81c 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -212,6 +212,7 @@ NTSTATUS smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx,
 			       struct file_id *file_id);
 
 NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
+			struct files_struct *dirfsp,
 			const struct smb_filename *smb_fname,
 			bool use_privs,
 			uint32_t access_mask,
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 2e32062dbbf..c842bb3fff4 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -398,6 +398,7 @@ static NTSTATUS check_base_file_access(struct connection_struct *conn,
 	NTSTATUS status;
 
 	status = smbd_calculate_access_mask(conn,
+					conn->cwd_fsp,
 					smb_fname,
 					false,
 					access_mask,
@@ -3102,6 +3103,7 @@ static NTSTATUS smbd_calculate_maximum_allowed_access(
 }
 
 NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
+			struct files_struct *dirfsp,
 			const struct smb_filename *smb_fname,
 			bool use_privs,
 			uint32_t access_mask,
@@ -3111,6 +3113,8 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn,
 	uint32_t orig_access_mask = access_mask;
 	uint32_t rejected_share_access;
 
+	SMB_ASSERT(dirfsp == conn->cwd_fsp);
+
 	if (access_mask & SEC_MASK_INVALID) {
 		DBG_DEBUG("access_mask [%8x] contains invalid bits\n",
 			  access_mask);
@@ -3507,6 +3511,7 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn,
 	}
 
 	status = smbd_calculate_access_mask(conn,
+					conn->cwd_fsp,
 					smb_fname,
 					false,
 					access_mask,
@@ -4266,6 +4271,7 @@ static NTSTATUS open_directory(connection_struct *conn,
 		 file_attributes);
 
 	status = smbd_calculate_access_mask(conn,
+					conn->cwd_fsp,
 					smb_dname,
 					false,
 					access_mask,
diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c
index 5fad0640ef4..0418ca34f95 100644
--- a/source3/smbd/smb2_create.c
+++ b/source3/smbd/smb2_create.c
@@ -1341,6 +1341,7 @@ static void smbd_smb2_create_after_exec(struct tevent_req *req)
 			DATA_BLOB blob = data_blob_const(p, sizeof(p));
 
 			status = smbd_calculate_access_mask(smb1req->conn,
+					smb1req->conn->cwd_fsp,
 					state->result->fsp_name,
 					false,
 					SEC_FLAG_MAXIMUM_ALLOWED,