From ff8a41a1c59e9d2f5edfd36e3a7fcb0806608fa6 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Mon, 7 Jun 2021 10:26:00 -0700 Subject: [PATCH] s3: VFS: ceph_snapshots: In ceph_snap_gmt_convert_dir(), re-use the directory handle for checking SEC_DIR_LIST permission. Similar change to the one that went into shadow_copy2. Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme --- source3/modules/vfs_ceph_snapshots.c | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/source3/modules/vfs_ceph_snapshots.c b/source3/modules/vfs_ceph_snapshots.c index 5249aac8db9..35681e24e0b 100644 --- a/source3/modules/vfs_ceph_snapshots.c +++ b/source3/modules/vfs_ceph_snapshots.c @@ -472,6 +472,7 @@ static int ceph_snap_gmt_convert_dir(struct vfs_handle_struct *handle, int ret; NTSTATUS status; struct smb_Dir *dir_hnd = NULL; + struct files_struct *dirfsp = NULL; const char *dname = NULL; char *talloced = NULL; long offset = 0; @@ -517,19 +518,6 @@ static int ceph_snap_gmt_convert_dir(struct vfs_handle_struct *handle, goto err_out; } - status = smbd_check_access_rights(handle->conn, - handle->conn->cwd_fsp, - snaps_dname, - false, - SEC_DIR_LIST); - if (!NT_STATUS_IS_OK(status)) { - DEBUG(0,("user does not have list permission " - "on snapdir %s\n", - snaps_dname->base_name)); - ret = -map_errno_from_nt_status(status); - goto err_out; - } - DBG_DEBUG("enumerating shadow copy dir at %s\n", snaps_dname->base_name); @@ -539,6 +527,19 @@ static int ceph_snap_gmt_convert_dir(struct vfs_handle_struct *handle, goto err_out; } + /* Check we have SEC_DIR_LIST access on this fsp. */ + dirfsp = dir_hnd_fetch_fsp(dir_hnd); + status = smbd_check_access_rights_fsp(dirfsp, + false, + SEC_DIR_LIST); + if (!NT_STATUS_IS_OK(status)) { + DBG_ERR("user does not have list permission " + "on snapdir %s\n", + fsp_str_dbg(dirfsp)); + ret = -map_errno_from_nt_status(status); + goto err_out; + } + while ((dname = ReadDirName(dir_hnd, &offset, NULL, &talloced)) != NULL) { -- 2.47.3