The additional check if fd underlying fd is valid and not -1 should not be done
at this place. I actually would prefer an write to fail with EBADF if this
happens, as it's likely easier to debug why this happened. These days we should
always have a valid fd.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit
995a31c8d4c1789c16bae6b8196f2565d4b1dfdb)
(fsp_get_io_fd(fsp) != -1) && \
(((fsp)->fsp_flags.can_read)))
(fsp_get_io_fd(fsp) != -1) && \
(((fsp)->fsp_flags.can_read)))
-#define CHECK_WRITE(fsp) \
- ((fsp)->fsp_flags.can_write && \
- (!(fsp)->fsp_flags.is_pathref) && \
- (fsp_get_io_fd(fsp) != -1))
-
#define ERROR_WAS_LOCK_DENIED(status) (NT_STATUS_EQUAL((status), NT_STATUS_LOCK_NOT_GRANTED) || \
NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT) )
#define ERROR_WAS_LOCK_DENIED(status) (NT_STATUS_EQUAL((status), NT_STATUS_LOCK_NOT_GRANTED) || \
NT_STATUS_EQUAL((status), NT_STATUS_FILE_LOCK_CONFLICT) )
files_struct *src_fsp,
files_struct *dst_fsp)
{
files_struct *src_fsp,
files_struct *dst_fsp)
{
if (src_fsp->vuid != dst_fsp->vuid) {
DBG_INFO("copy chunk handles not in the same session.\n");
return NT_STATUS_ACCESS_DENIED;
if (src_fsp->vuid != dst_fsp->vuid) {
DBG_INFO("copy chunk handles not in the same session.\n");
return NT_STATUS_ACCESS_DENIED;
*
* A non writable dst handle also doesn't make sense for other fsctls.
*/
*
* A non writable dst handle also doesn't make sense for other fsctls.
*/
- if (!CHECK_WRITE(dst_fsp)) {
+ status = check_any_access_fsp(dst_fsp, FILE_WRITE_DATA|FILE_APPEND_DATA);
+ if (!NT_STATUS_IS_OK(status)) {
DBG_INFO("dest handle not writable (%s).\n",
smb_fname_str_dbg(dst_fsp->fsp_name));
DBG_INFO("dest handle not writable (%s).\n",
smb_fname_str_dbg(dst_fsp->fsp_name));
- return NT_STATUS_ACCESS_DENIED;
}
/*
* - The Open.GrantedAccess of the destination file does not include
}
/*
* - The Open.GrantedAccess of the destination file does not include
- if (!CHECK_WRITE(fsp)) {
- reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ status = check_any_access_fsp(fsp, FILE_WRITE_DATA|FILE_APPEND_DATA);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
error_to_writebrawerr(req);
END_PROFILE(SMBwritebraw);
return;
error_to_writebrawerr(req);
END_PROFILE(SMBwritebraw);
return;
- if (!CHECK_WRITE(fsp)) {
- reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ status = check_any_access_fsp(fsp, FILE_WRITE_DATA|FILE_APPEND_DATA);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
END_PROFILE(SMBwriteunlock);
return;
}
END_PROFILE(SMBwriteunlock);
return;
}
- if (!CHECK_WRITE(fsp)) {
- reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ status = check_any_access_fsp(fsp, FILE_WRITE_DATA|FILE_APPEND_DATA);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
END_PROFILE(SMBwrite);
return;
}
END_PROFILE(SMBwrite);
return;
}
- if (!CHECK_WRITE(fsp)) {
- reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ status = check_any_access_fsp(fsp, FILE_WRITE_DATA|FILE_APPEND_DATA);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
struct timespec mtime;
files_struct *fsp;
struct lock_struct lock;
struct timespec mtime;
files_struct *fsp;
struct lock_struct lock;
START_PROFILE(SMBwriteclose);
START_PROFILE(SMBwriteclose);
END_PROFILE(SMBwriteclose);
return;
}
END_PROFILE(SMBwriteclose);
return;
}
- if (!CHECK_WRITE(fsp)) {
- reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ status = check_any_access_fsp(fsp, FILE_WRITE_DATA|FILE_APPEND_DATA);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
END_PROFILE(SMBwriteclose);
return;
}
END_PROFILE(SMBwriteclose);
return;
}
int numtowrite;
const char *data;
files_struct *fsp;
int numtowrite;
const char *data;
files_struct *fsp;
- if (!CHECK_WRITE(fsp)) {
- reply_nterror(req, NT_STATUS_ACCESS_DENIED);
+ status = check_any_access_fsp(fsp, FILE_WRITE_DATA|FILE_APPEND_DATA);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
END_PROFILE(SMBsplwr);
return;
}
END_PROFILE(SMBsplwr);
return;
}
return tevent_req_post(req, ev);
}
return tevent_req_post(req, ev);
}
- if (!CHECK_WRITE(fsp)) {
+ status = check_any_access_fsp(fsp, FILE_WRITE_DATA|FILE_APPEND_DATA);
+ if (!NT_STATUS_IS_OK(status)) {
bool allow_dir_flush = false;
uint32_t flush_access = FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY;
bool allow_dir_flush = false;
uint32_t flush_access = FILE_ADD_FILE | FILE_ADD_SUBDIRECTORY;
#include "../libcli/smb/smb_common.h"
#include "../lib/util/tevent_ntstatus.h"
#include "rpc_server/srv_pipe_hnd.h"
#include "../libcli/smb/smb_common.h"
#include "../lib/util/tevent_ntstatus.h"
#include "rpc_server/srv_pipe_hnd.h"
+#include "libcli/security/security.h"
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_SMB2
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_SMB2
- if (!CHECK_WRITE(fsp)) {
- tevent_req_nterror(req, NT_STATUS_ACCESS_DENIED);
+ status = check_any_access_fsp(fsp, FILE_WRITE_DATA|FILE_APPEND_DATA);
+ if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
return tevent_req_post(req, ev);
}
return tevent_req_post(req, ev);
}