From c064758fce44b78b5c092207de2af2977ed7ce5c Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Wed, 2 Jun 2021 17:36:16 -0700 Subject: [PATCH] s3: smbd: Add user_can_write_fsp(). Change is_visible_fsp() to use it. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- source3/smbd/dir.c | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c index cdb743e460e..d66f423f772 100644 --- a/source3/smbd/dir.c +++ b/source3/smbd/dir.c @@ -1386,6 +1386,33 @@ static bool user_can_write_file(connection_struct *conn, return can_write_to_file(conn, dirfsp, smb_fname); } +/******************************************************************* + Check to see if a user can write to an fsp. + Always return true for directories. + This is only approximate, + it is used as part of the "hide unwriteable" option. Don't + use it for anything security sensitive. +********************************************************************/ + +static bool user_can_write_fsp(struct files_struct *fsp) +{ + /* + * Never hide files from the root user. + * We use (uid_t)0 here not sec_initial_uid() + * as make test uses a single user context. + */ + + if (get_current_uid(fsp->conn) == (uid_t)0) { + return true; + } + + if (fsp->fsp_flags.is_directory) { + return true; + } + + return can_write_to_fsp(fsp); +} + /******************************************************************* Is a file a "special" type ? ********************************************************************/ @@ -1594,9 +1621,7 @@ bool is_visible_fsp(struct files_struct *fsp, bool use_veto) } /* Honour _hide unwriteable_ option */ if (hide_unwriteable && - !user_can_write_file(fsp->conn, - fsp->conn->cwd_fsp, - fsp->fsp_name)) + !user_can_write_fsp(fsp)) { DBG_DEBUG("file %s is unwritable.\n", fsp_str_dbg(fsp)); -- 2.47.3