Add in fsp->access_mask checks. Not required (underlying system does this)

but makes logic cleaner. Pointed out by Metze.

Jeremy.

Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Nov 24 01:47:13 CET 2010 on sn-devel-104

diff --git a/source3/smbd/nttrans.c b/source3/smbd/nttrans.c
index 855a49b2d5feeef8f524d42d009846ddbbb221a4..ad585337b8559248b2e7baa3aab402062256d836 100644 (file)
--- a/source3/smbd/nttrans.c
+++ b/source3/smbd/nttrans.c
@@ -1389,7 +1389,8 @@ static NTSTATUS copy_internals(TALLOC_CTX *ctx,
                req,                                    /* req */
                0,                                      /* root_dir_fid */
                smb_fname_src,                          /* fname */
-               FILE_READ_DATA,                         /* access_mask */
+               FILE_READ_DATA|FILE_READ_ATTRIBUTES|
+                       FILE_READ_EA,                   /* access_mask */
                (FILE_SHARE_READ | FILE_SHARE_WRITE |   /* share_access */
                    FILE_SHARE_DELETE),
                FILE_OPEN,                              /* create_disposition*/
@@ -1412,7 +1413,8 @@ static NTSTATUS copy_internals(TALLOC_CTX *ctx,
                req,                                    /* req */
                0,                                      /* root_dir_fid */
                smb_fname_dst,                          /* fname */
-               FILE_WRITE_DATA,                        /* access_mask */
+               FILE_WRITE_DATA|FILE_WRITE_ATTRIBUTES|
+                       FILE_WRITE_EA,                  /* access_mask */
                (FILE_SHARE_READ | FILE_SHARE_WRITE |   /* share_access */
                    FILE_SHARE_DELETE),
                FILE_CREATE,                            /* create_disposition*/

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index 30794e009e9d07a2e53eabb53038c0a661bc8e1b..ddae99d7cced30b6123f755eac79fd500ed74d04 100644 (file)
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -504,6 +504,10 @@ NTSTATUS set_ea(connection_struct *conn, files_struct *fsp,
                return NT_STATUS_EAS_NOT_SUPPORTED;
        }
 
+       if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        /* For now setting EAs on streams isn't supported. */
        fname = smb_fname->base_name;
 
@@ -5446,6 +5450,10 @@ NTSTATUS smb_set_file_time(connection_struct *conn,
                return NT_STATUS_OBJECT_NAME_NOT_FOUND;
        }
 
+       if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        /* get some defaults (no modifications) if any info is zero or -1. */
        if (null_timespec(ft->create_time)) {
                action &= ~FILE_NOTIFY_CHANGE_CREATION;
@@ -5599,6 +5607,10 @@ static NTSTATUS smb_set_file_size(connection_struct *conn,
                return NT_STATUS_OBJECT_NAME_NOT_FOUND;
        }
 
+       if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        DEBUG(6,("smb_set_file_size: size: %.0f ", (double)size));
 
        if (size == get_file_size_stat(psbuf)) {
@@ -5705,6 +5717,11 @@ static NTSTATUS smb_info_set_ea(connection_struct *conn,
        if (!ea_list) {
                return NT_STATUS_INVALID_PARAMETER;
        }
+
+       if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        status = set_ea(conn, fsp, smb_fname, ea_list);
 
        return status;
@@ -5747,6 +5764,11 @@ static NTSTATUS smb_set_file_full_ea_info(connection_struct *conn,
        if (!ea_list) {
                return NT_STATUS_INVALID_PARAMETER;
        }
+
+       if (fsp && !(fsp->access_mask & FILE_WRITE_EA)) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        status = set_ea(conn, fsp, fsp->fsp_name, ea_list);
 
        DEBUG(10, ("smb_set_file_full_ea_info on file %s returned %s\n",
@@ -6485,6 +6507,10 @@ static NTSTATUS smb_set_file_basic_info(connection_struct *conn,
                return NT_STATUS_INVALID_PARAMETER;
        }
 
+       if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        /* Set the attributes */
        dosmode = IVAL(pdata,32);
        status = smb_set_file_dosmode(conn, smb_fname, dosmode);
@@ -6529,6 +6555,10 @@ static NTSTATUS smb_set_info_standard(connection_struct *conn,
                return NT_STATUS_INVALID_PARAMETER;
        }
 
+       if (fsp && !(fsp->access_mask & FILE_WRITE_ATTRIBUTES)) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        /* create time */
        ft.create_time = convert_time_t_to_timespec(srv_make_unix_date2(pdata));
        /* access time */
@@ -6587,6 +6617,10 @@ static NTSTATUS smb_set_file_allocation_info(connection_struct *conn,
                allocation_size = smb_roundup(conn, allocation_size);
        }
 
+       if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        DEBUG(10,("smb_set_file_allocation_info: file %s : setting new "
                  "allocation size to %.0f\n", smb_fname_str_dbg(smb_fname),
                  (double)allocation_size));
@@ -6684,6 +6718,10 @@ static NTSTATUS smb_set_file_end_of_file_info(connection_struct *conn,
                  "file %s to %.0f\n", smb_fname_str_dbg(smb_fname),
                  (double)size));
 
+       if (fsp && !(fsp->access_mask & FILE_WRITE_DATA)) {
+               return NT_STATUS_ACCESS_DENIED;
+       }
+
        return smb_set_file_size(conn, req,
                                fsp,
                                smb_fname,