* Now the directory is pinned, use
* REALPATH to ensure we can access it.
*/
- status = check_name(conn, ".");
+ status = check_name(conn, smb_fname_cwd);
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
Ensure a path is not vetoed.
****************************************************************************/
-static NTSTATUS check_veto_path(connection_struct *conn, const char *name)
+static NTSTATUS check_veto_path(connection_struct *conn,
+ const struct smb_filename *smb_fname)
{
+ const char *name = smb_fname->base_name;
+
if (IS_VETO_PATH(conn, name)) {
/* Is it not dot or dot dot. */
if (!(ISDOT(name) || ISDOTDOT(name))) {
a valid one for the user to access.
****************************************************************************/
-NTSTATUS check_name(connection_struct *conn, const char *name)
+NTSTATUS check_name(connection_struct *conn,
+ const struct smb_filename *smb_fname)
{
- NTSTATUS status = check_veto_path(conn, name);
+ NTSTATUS status = check_veto_path(conn, smb_fname);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
if (!lp_widelinks(SNUM(conn)) || !lp_follow_symlinks(SNUM(conn))) {
- status = check_reduced_name(conn, NULL, name);
+ status = check_reduced_name(conn, NULL, smb_fname);
if (!NT_STATUS_IS_OK(status)) {
- DEBUG(5,("check_name: name %s failed with %s\n",name,
- nt_errstr(status)));
+ DEBUG(5,("check_name: name %s failed with %s\n",
+ smb_fname->base_name,
+ nt_errstr(status)));
return status;
}
}
static NTSTATUS check_name_with_privilege(connection_struct *conn,
struct smb_request *smbreq,
- const char *name)
+ const struct smb_filename *smb_fname)
{
- NTSTATUS status = check_veto_path(conn, name);
+ NTSTATUS status = check_veto_path(conn, smb_fname);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
return check_reduced_name_with_privilege(conn,
- name,
+ smb_fname,
smbreq);
}
if ((ucf_flags & UCF_UNIX_NAME_LOOKUP) &&
VALID_STAT((*pp_smb_fname)->st) &&
S_ISLNK((*pp_smb_fname)->st.st_ex_mode)) {
- return check_veto_path(conn, (*pp_smb_fname)->base_name);
+ return check_veto_path(conn, (*pp_smb_fname));
}
if (!smbreq) {
- status = check_name(conn, (*pp_smb_fname)->base_name);
+ status = check_name(conn, (*pp_smb_fname));
} else {
- status = check_name_with_privilege(conn, smbreq, (*pp_smb_fname)->base_name);
+ status = check_name_with_privilege(conn, smbreq,
+ (*pp_smb_fname));
}
if (!NT_STATUS_IS_OK(status)) {
DEBUG(3,("filename_convert_internal: check_name failed "
goto out;
}
- /* Ensure the relative path is below the share. */
- status = check_reduced_name(conn, parent_dir, final_component);
- if (!NT_STATUS_IS_OK(status)) {
- saved_errno = map_errno_from_nt_status(status);
- goto out;
- }
-
smb_fname_rel = synthetic_smb_fname(talloc_tos(),
final_component,
smb_fname->stream_name,
goto out;
}
+ /* Ensure the relative path is below the share. */
+ status = check_reduced_name(conn, &parent_dir_fname, smb_fname_rel);
+ if (!NT_STATUS_IS_OK(status)) {
+ saved_errno = map_errno_from_nt_status(status);
+ goto out;
+ }
+
flags |= O_NOFOLLOW;
{
const char *orig_path,
struct smb_filename **smb_fname,
uint32_t ucf_flags);
-NTSTATUS check_name(connection_struct *conn, const char *name);
+NTSTATUS check_name(connection_struct *conn,
+ const struct smb_filename *smb_fname);
int get_real_filename(connection_struct *conn, const char *path,
const char *name, TALLOC_CTX *mem_ctx,
char **found_name);
const struct smb_filename *smb_fname);
struct smb_filename *vfs_GetWd(TALLOC_CTX *ctx, connection_struct *conn);
NTSTATUS check_reduced_name(connection_struct *conn,
- const char *cwd_name,
- const char *fname);
+ const struct smb_filename *cwd_fname,
+ const struct smb_filename *smb_fname);
NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
- const char *fname,
+ const struct smb_filename *smb_fname,
struct smb_request *smbreq);
int vfs_stat_smb_basename(struct connection_struct *conn,
const struct smb_filename *smb_fname_in,
dirtype = FILE_ATTRIBUTE_NORMAL;
}
- status = check_name(conn, smb_fname->base_name);
+ status = check_name(conn, smb_fname);
if (!NT_STATUS_IS_OK(status)) {
goto out;
}
}
}
- status = check_name(conn, fname_dir);
- if (!NT_STATUS_IS_OK(status)) {
- goto out;
- }
-
smb_fname_dir = synthetic_smb_fname(talloc_tos(),
fname_dir,
NULL,
goto out;
}
+ status = check_name(conn, smb_fname_dir);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
dir_hnd = OpenDir(talloc_tos(), conn, smb_fname_dir, fname_mask,
dirtype);
if (dir_hnd == NULL) {
goto out;
}
- status = check_name(conn, smb_fname->base_name);
+ status = check_name(conn, smb_fname);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(dir_hnd);
TALLOC_FREE(frame);
uint32_t access_mask = SEC_DIR_ADD_FILE;
bool dst_exists, old_is_stream, new_is_stream;
- status = check_name(conn, smb_fname_dst_in->base_name);
+ status = check_name(conn, smb_fname_dst_in);
if (!NT_STATUS_IS_OK(status)) {
return status;
}
}
}
- status = check_name(conn, fname_src_dir);
- if (!NT_STATUS_IS_OK(status)) {
- goto out;
- }
-
smb_fname_src_dir = synthetic_smb_fname(talloc_tos(),
fname_src_dir,
NULL,
goto out;
}
+ status = check_name(conn, smb_fname_src_dir);
+ if (!NT_STATUS_IS_OK(status)) {
+ goto out;
+ }
+
dir_hnd = OpenDir(talloc_tos(), conn, smb_fname_src_dir, fname_src_mask,
attrs);
if (dir_hnd == NULL) {
smb_fname_dst->base_name = fname_dst_mod;
}
- status = check_name(conn, smb_fname_src->base_name);
+ status = check_name(conn, smb_fname_src);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
goto out;
}
- status = check_name(conn, smb_fname_dst->base_name);
+ status = check_name(conn, smb_fname_dst);
if (!NT_STATUS_IS_OK(status)) {
reply_nterror(req, status);
goto out;
}
}
- status = check_name(conn, fname_src_dir);
- if (!NT_STATUS_IS_OK(status)) {
- reply_nterror(req, status);
- goto out;
- }
-
smb_fname_src_dir = synthetic_smb_fname(talloc_tos(),
fname_src_dir,
NULL,
goto out;
}
+ status = check_name(conn, smb_fname_src_dir);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ goto out;
+ }
+
dir_hnd = OpenDir(ctx,
conn,
smb_fname_src_dir,
TALLOC_FREE(smb_fname_dst->base_name);
smb_fname_dst->base_name = destname;
- status = check_name(conn, smb_fname_src->base_name);
+ status = check_name(conn, smb_fname_src);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(dir_hnd);
TALLOC_FREE(talloced);
goto out;
}
- status = check_name(conn, smb_fname_dst->base_name);
+ status = check_name(conn, smb_fname_dst);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(dir_hnd);
TALLOC_FREE(talloced);
********************************************************************/
NTSTATUS check_reduced_name_with_privilege(connection_struct *conn,
- const char *fname,
+ const struct smb_filename *smb_fname,
struct smb_request *smbreq)
{
NTSTATUS status;
char *dir_name = NULL;
char *resolved_name = NULL;
const char *last_component = NULL;
+ const char *fname = smb_fname->base_name;
struct smb_filename *resolved_fname = NULL;
struct smb_filename *saved_dir_fname = NULL;
struct smb_filename *smb_fname_cwd = NULL;
********************************************************************/
NTSTATUS check_reduced_name(connection_struct *conn,
- const char *cwd_name,
- const char *fname)
+ const struct smb_filename *cwd_fname,
+ const struct smb_filename *smb_fname)
{
TALLOC_CTX *ctx = talloc_tos();
- struct smb_filename smb_fname = { .base_name = discard_const(fname) };
+ const char *cwd_name = cwd_fname ? cwd_fname->base_name : NULL;
+ const char *fname = smb_fname->base_name;
struct smb_filename *resolved_fname;
char *resolved_name = NULL;
char *new_fname = NULL;
DBG_DEBUG("check_reduced_name [%s] [%s]\n", fname, conn->connectpath);
- resolved_fname = SMB_VFS_REALPATH(conn, ctx, &smb_fname);
+ resolved_fname = SMB_VFS_REALPATH(conn, ctx, smb_fname);
if (resolved_fname == NULL) {
switch (errno) {