smbd: rename check_access_fsp() to check_any_access_fsp()

The semantics of the access check in check_access_fsp() itself is to
allow access if *at least* one or more rights of the rights in
access_mask are allowed. The name check_any_access_fsp() better
reflects this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 96b577c380fa914eb1ffa95849c82bdb88aa1ec6)

diff --git a/source3/smbd/proto.h b/source3/smbd/proto.h
index 26cafeba091ff154c9d143fbf5f096ac0d434bf6..f3f998a9c0f28c07d981bf05d58a43df30a6c57c 100644 (file)
--- a/source3/smbd/proto.h
+++ b/source3/smbd/proto.h
@@ -1114,8 +1114,8 @@ NTSTATUS smb_set_file_disposition_info(connection_struct *conn,
                                       files_struct *fsp,
                                       struct smb_filename *smb_fname);
 NTSTATUS refuse_symlink_fsp(const struct files_struct *fsp);
-NTSTATUS check_access_fsp(struct files_struct *fsp,
-                         uint32_t access_mask);
+NTSTATUS check_any_access_fsp(struct files_struct *fsp,
+                             uint32_t access_mask);
 uint64_t smb_roundup(connection_struct *conn, uint64_t val);
 bool samba_private_attr_name(const char *unix_ea_name);
 NTSTATUS get_ea_value_fsp(TALLOC_CTX *mem_ctx,

diff --git a/source3/smbd/smb2_ioctl_filesys.c b/source3/smbd/smb2_ioctl_filesys.c
index 36429b8fd352206d9263400185cc82965af07a9c..6cc53d4828ed05c06963c5e98507ec1ed276fed1 100644 (file)
--- a/source3/smbd/smb2_ioctl_filesys.c
+++ b/source3/smbd/smb2_ioctl_filesys.c
@@ -378,7 +378,7 @@ static NTSTATUS fsctl_set_cmprn(TALLOC_CTX *mem_ctx,
        }
 
        /* WRITE_DATA permission is required, WRITE_ATTRIBUTES is not */
-       status = check_access_fsp(fsp, FILE_WRITE_DATA);
+       status = check_any_access_fsp(fsp, FILE_WRITE_DATA);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -426,7 +426,7 @@ static NTSTATUS fsctl_zero_data(TALLOC_CTX *mem_ctx,
        }
 
        /* WRITE_DATA permission is required */
-       status = check_access_fsp(fsp, FILE_WRITE_DATA);
+       status = check_any_access_fsp(fsp, FILE_WRITE_DATA);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -616,7 +616,7 @@ static NTSTATUS fsctl_qar(TALLOC_CTX *mem_ctx,
        }
 
        /* READ_DATA permission is required */
-       status = check_access_fsp(fsp, FILE_READ_DATA);
+       status = check_any_access_fsp(fsp, FILE_READ_DATA);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }

diff --git a/source3/smbd/smb2_trans2.c b/source3/smbd/smb2_trans2.c
index fa9e8b4509b3a162f8dd321f8c22aa69c54e3c8f..80a932566b2889746ddddbde57ecb71e09560a1a 100644 (file)
--- a/source3/smbd/smb2_trans2.c
+++ b/source3/smbd/smb2_trans2.c
@@ -72,8 +72,13 @@ NTSTATUS refuse_symlink_fsp(const files_struct *fsp)
        return NT_STATUS_OK;
 }
 
-NTSTATUS check_access_fsp(struct files_struct *fsp,
-                         uint32_t access_mask)
+/**
+ * Check that one or more of the rights in access_mask are
+ * allowed. Iow, access_mask can contain more then one right and
+ * it is sufficient having only one of those granted to pass.
+ **/
+NTSTATUS check_any_access_fsp(struct files_struct *fsp,
+                             uint32_t access_mask)
 {
        if (!fsp->fsp_flags.is_fsa) {
                return smbd_check_access_rights_fsp(fsp->conn->cwd_fsp,
@@ -677,7 +682,7 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
                return status;
        }
 
-       status = check_access_fsp(fsp, FILE_WRITE_EA);
+       status = check_any_access_fsp(fsp, FILE_WRITE_EA);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -4822,7 +4827,7 @@ static NTSTATUS smb_set_file_basic_info(connection_struct *conn,
                return NT_STATUS_INVALID_HANDLE;
        }
 
-       status = check_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
+       status = check_any_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }
@@ -4893,7 +4898,7 @@ static NTSTATUS smb_set_info_standard(connection_struct *conn,
        DEBUG(10,("smb_set_info_standard: file %s\n",
                smb_fname_str_dbg(smb_fname)));
 
-       status = check_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
+       status = check_any_access_fsp(fsp, FILE_WRITE_ATTRIBUTES);
        if (!NT_STATUS_IS_OK(status)) {
                return status;
        }