From: Jeremy Allison Date: Mon, 7 Jun 2021 17:26:00 +0000 (-0700) Subject: s3: VFS: ceph_snapshots: In ceph_snap_gmt_convert_dir(), re-use the directory handle... X-Git-Tag: tevent-0.11.0~553 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=ff8a41a1c59e9d2f5edfd36e3a7fcb0806608fa6;p=thirdparty%2Fsamba.git s3: VFS: ceph_snapshots: In ceph_snap_gmt_convert_dir(), re-use the directory handle for checking SEC_DIR_LIST permission. Similar change to the one that went into shadow_copy2. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- diff --git a/source3/modules/vfs_ceph_snapshots.c b/source3/modules/vfs_ceph_snapshots.c index 5249aac8db9..35681e24e0b 100644 --- a/source3/modules/vfs_ceph_snapshots.c +++ b/source3/modules/vfs_ceph_snapshots.c @@ -472,6 +472,7 @@ static int ceph_snap_gmt_convert_dir(struct vfs_handle_struct *handle, int ret; NTSTATUS status; struct smb_Dir *dir_hnd = NULL; + struct files_struct *dirfsp = NULL; const char *dname = NULL; char *talloced = NULL; long offset = 0; @@ -517,19 +518,6 @@ static int ceph_snap_gmt_convert_dir(struct vfs_handle_struct *handle, goto err_out; } - status = smbd_check_access_rights(handle->conn, - handle->conn->cwd_fsp, - snaps_dname, - false, - SEC_DIR_LIST); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("user does not have list permission " - "on snapdir %s\n", - snaps_dname->base_name)); - ret = -map_errno_from_nt_status(status); - goto err_out; - } - DBG_DEBUG("enumerating shadow copy dir at %s\n", snaps_dname->base_name); @@ -539,6 +527,19 @@ static int ceph_snap_gmt_convert_dir(struct vfs_handle_struct *handle, goto err_out; } + /* Check we have SEC_DIR_LIST access on this fsp. */ + dirfsp = dir_hnd_fetch_fsp(dir_hnd); + status = smbd_check_access_rights_fsp(dirfsp, + false, + SEC_DIR_LIST); + if (!NT_STATUS_IS_OK(status)) { + DBG_ERR("user does not have list permission " + "on snapdir %s\n", + fsp_str_dbg(dirfsp)); + ret = -map_errno_from_nt_status(status); + goto err_out; + } + while ((dname = ReadDirName(dir_hnd, &offset, NULL, &talloced)) != NULL) {