The Samba-Bugzilla – Attachment 6682 Details for
Bug 8102
domuser can change ACL from his files over the network
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for v3-6-test
tmp.diff (text/plain), 19.98 KB, created by
Stefan Metzmacher
on 2011-07-12 16:18:51 UTC
(
hide
)
Description:
Patch for v3-6-test
Filename:
MIME Type:
Creator:
Stefan Metzmacher
Created:
2011-07-12 16:18:51 UTC
Size:
19.98 KB
patch
obsolete
>From c0cd257ef1918983390365a889b95696f2fa3291 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Mon, 4 Jul 2011 17:02:34 +0200 >Subject: [PATCH 01/10] s3: Return "granted" from share_access_check > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 1c022d2e414607633323e65abbc63bb3aeaaa6a4) >--- > source3/include/proto.h | 6 ++++-- > source3/lib/sharesec.c | 10 ++++++++-- > source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 4 ++-- > source3/smbd/service.c | 13 +++++++------ > source3/smbd/uid.c | 11 +++++++---- > 5 files changed, 28 insertions(+), 16 deletions(-) > >diff --git a/source3/include/proto.h b/source3/include/proto.h >index d072502..6291f11 100644 >--- a/source3/include/proto.h >+++ b/source3/include/proto.h >@@ -329,8 +329,10 @@ struct security_descriptor *get_share_security( TALLOC_CTX *ctx, const char *ser > size_t *psize); > bool set_share_security(const char *share_name, struct security_descriptor *psd); > bool delete_share_security(const char *servicename); >-bool share_access_check(const struct security_token *token, const char *sharename, >- uint32 desired_access); >+bool share_access_check(const struct security_token *token, >+ const char *sharename, >+ uint32 desired_access, >+ uint32_t *pgranted); > bool parse_usershare_acl(TALLOC_CTX *ctx, const char *acl_str, struct security_descriptor **ppsd); > > /* The following definitions come from lib/smbrun.c */ >diff --git a/source3/lib/sharesec.c b/source3/lib/sharesec.c >index c2494e2..410fc13 100644 >--- a/source3/lib/sharesec.c >+++ b/source3/lib/sharesec.c >@@ -410,8 +410,10 @@ bool delete_share_security(const char *servicename) > Can this user access with share with the required permissions ? > ********************************************************************/ > >-bool share_access_check(const struct security_token *token, const char *sharename, >- uint32 desired_access) >+bool share_access_check(const struct security_token *token, >+ const char *sharename, >+ uint32 desired_access, >+ uint32_t *pgranted) > { > uint32 granted; > NTSTATUS status; >@@ -428,6 +430,10 @@ bool share_access_check(const struct security_token *token, const char *sharenam > > TALLOC_FREE(psd); > >+ if (pgranted != NULL) { >+ *pgranted = granted; >+ } >+ > return NT_STATUS_IS_OK(status); > } > >diff --git a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c >index 472a318..a078395 100644 >--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c >+++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c >@@ -539,8 +539,8 @@ static bool is_enumeration_allowed(struct pipes_struct *p, > if (!lp_access_based_share_enum(snum)) > return true; > >- return share_access_check(p->session_info->security_token, lp_servicename(snum), >- FILE_READ_DATA); >+ return share_access_check(p->session_info->security_token, >+ lp_servicename(snum), FILE_READ_DATA, NULL); > } > > /******************************************************************* >diff --git a/source3/smbd/service.c b/source3/smbd/service.c >index a8cd756..6c147b2 100644 >--- a/source3/smbd/service.c >+++ b/source3/smbd/service.c >@@ -856,14 +856,15 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, > { > bool can_write = False; > >- can_write = share_access_check(conn->session_info->security_token, >- lp_servicename(snum), >- FILE_WRITE_DATA); >+ can_write = share_access_check( >+ conn->session_info->security_token, >+ lp_servicename(snum), FILE_WRITE_DATA, NULL); > > if (!can_write) { >- if (!share_access_check(conn->session_info->security_token, >- lp_servicename(snum), >- FILE_READ_DATA)) { >+ if (!share_access_check( >+ conn->session_info->security_token, >+ lp_servicename(snum), FILE_READ_DATA, >+ NULL)) { > /* No access, read or write. */ > DEBUG(0,("make_connection: connection to %s " > "denied due to security " >diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c >index 7b04713..7a48cb2 100644 >--- a/source3/smbd/uid.c >+++ b/source3/smbd/uid.c >@@ -121,8 +121,9 @@ static bool check_user_ok(connection_struct *conn, > conn); > > if (!readonly_share && >- !share_access_check(session_info->security_token, lp_servicename(snum), >- FILE_WRITE_DATA)) { >+ !share_access_check(session_info->security_token, >+ lp_servicename(snum), FILE_WRITE_DATA, >+ NULL)) { > /* smb.conf allows r/w, but the security descriptor denies > * write. Fall back to looking at readonly. */ > readonly_share = True; >@@ -130,9 +131,11 @@ static bool check_user_ok(connection_struct *conn, > "security descriptor\n")); > } > >- if (!share_access_check(session_info->security_token, lp_servicename(snum), >+ if (!share_access_check(session_info->security_token, >+ lp_servicename(snum), > readonly_share ? >- FILE_READ_DATA : FILE_WRITE_DATA)) { >+ FILE_READ_DATA : FILE_WRITE_DATA, >+ NULL)) { > return False; > } > >-- >1.7.4.1 > > >From e0b2281166d537a6c21d2b2debf4d9df2108ece6 Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Mon, 4 Jul 2011 18:35:21 +0200 >Subject: [PATCH 02/10] s3: Calculate&store the maximum share access mask > >Signed-off-by: Stefan Metzmacher <metze@samba.org> >(cherry picked from commit 720fa46f9443ccbe471b265f1c2b9cb9782a3c26) >--- > source3/include/smb.h | 1 + > source3/smbd/service.c | 37 +++++++++++++++---------------------- > 2 files changed, 16 insertions(+), 22 deletions(-) > >diff --git a/source3/include/smb.h b/source3/include/smb.h >index 3e68a99..3a64af7 100644 >--- a/source3/include/smb.h >+++ b/source3/include/smb.h >@@ -408,6 +408,7 @@ typedef struct connection_struct { > bool printer; > bool ipc; > bool read_only; /* Attributes for the current user of the share. */ >+ uint32_t share_access; > /* Does this filesystem honor > sub second timestamps on files > and directories when setting time ? */ >diff --git a/source3/smbd/service.c b/source3/smbd/service.c >index 6c147b2..d88c02c 100644 >--- a/source3/smbd/service.c >+++ b/source3/smbd/service.c >@@ -853,28 +853,21 @@ connection_struct *make_connection_snum(struct smbd_server_connection *sconn, > * > */ > >- { >- bool can_write = False; >- >- can_write = share_access_check( >- conn->session_info->security_token, >- lp_servicename(snum), FILE_WRITE_DATA, NULL); >- >- if (!can_write) { >- if (!share_access_check( >- conn->session_info->security_token, >- lp_servicename(snum), FILE_READ_DATA, >- NULL)) { >- /* No access, read or write. */ >- DEBUG(0,("make_connection: connection to %s " >- "denied due to security " >- "descriptor.\n", >- lp_servicename(snum))); >- *pstatus = NT_STATUS_ACCESS_DENIED; >- goto err_root_exit; >- } else { >- conn->read_only = True; >- } >+ share_access_check(conn->session_info->security_token, >+ lp_servicename(snum), MAXIMUM_ALLOWED_ACCESS, >+ &conn->share_access); >+ >+ if ((conn->share_access & FILE_WRITE_DATA) == 0) { >+ if ((conn->share_access & FILE_READ_DATA) == 0) { >+ /* No access, read or write. */ >+ DEBUG(0,("make_connection: connection to %s " >+ "denied due to security " >+ "descriptor.\n", >+ lp_servicename(snum))); >+ *pstatus = NT_STATUS_ACCESS_DENIED; >+ goto err_root_exit; >+ } else { >+ conn->read_only = True; > } > } > /* Initialise VFS function pointers */ >-- >1.7.4.1 > > >From ec13fa3e36b95526dc305ed1eb9b2c2de9e8672b Mon Sep 17 00:00:00 2001 >From: Volker Lendecke <vl@samba.org> >Date: Tue, 5 Jul 2011 11:13:07 +0200 >Subject: [PATCH 03/10] s3: Fix bug 8102 > >We can't allow open with access that has been denied via the share >security descriptor > >Signed-off-by: Stefan Metzmacher <metze@samba.org> > >Autobuild-User: Stefan Metzmacher <metze@samba.org> >Autobuild-Date: Tue Jul 5 16:21:54 CEST 2011 on sn-devel-104 >(cherry picked from commit 4deca5d72804a40e68158a1183f5633dabf24761) >--- > source3/smbd/open.c | 8 ++++++++ > 1 files changed, 8 insertions(+), 0 deletions(-) > >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index 44b1835..d58744f 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -76,6 +76,14 @@ NTSTATUS smbd_check_open_rights(struct connection_struct *conn, > /* Check if we have rights to open. */ > NTSTATUS status; > struct security_descriptor *sd = NULL; >+ uint32_t rejected_share_access; >+ >+ rejected_share_access = access_mask & ~(conn->share_access); >+ >+ if (rejected_share_access) { >+ *access_granted = rejected_share_access; >+ return NT_STATUS_ACCESS_DENIED; >+ } > > if ((access_mask & DELETE_ACCESS) && !lp_acl_check_permissions(SNUM(conn))) { > *access_granted = access_mask; >-- >1.7.4.1 > > >From 44a0eaf0a542a71f14788c817baad5c134c0a82d Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Tue, 12 Jul 2011 17:31:13 +0200 >Subject: [PATCH 04/10] s3:smbd/msdfs: let create_conn_struct() check the share security descriptor > >metze >(cherry picked from commit 18f967a24881aa899b39f7676fc70a7f7aaca07b) >--- > source3/smbd/msdfs.c | 30 ++++++++++++++++++++++++++++++ > 1 files changed, 30 insertions(+), 0 deletions(-) > >diff --git a/source3/smbd/msdfs.c b/source3/smbd/msdfs.c >index ab67ac8..3bdedb8 100644 >--- a/source3/smbd/msdfs.c >+++ b/source3/smbd/msdfs.c >@@ -27,6 +27,7 @@ > #include "smbd/globals.h" > #include "msdfs.h" > #include "auth.h" >+#include "libcli/security/security.h" > > /********************************************************************** > Parse a DFS pathname of the form \hostname\service\reqpath >@@ -278,6 +279,35 @@ NTSTATUS create_conn_struct(TALLOC_CTX *ctx, > > set_conn_connectpath(conn, connpath); > >+ /* >+ * New code to check if there's a share security descripter >+ * added from NT server manager. This is done after the >+ * smb.conf checks are done as we need a uid and token. JRA. >+ * >+ */ >+ if (conn->session_info) { >+ share_access_check(conn->session_info->security_token, >+ lp_servicename(snum), MAXIMUM_ALLOWED_ACCESS, >+ &conn->share_access); >+ >+ if ((conn->share_access & FILE_WRITE_DATA) == 0) { >+ if ((conn->share_access & FILE_READ_DATA) == 0) { >+ /* No access, read or write. */ >+ DEBUG(0,("create_conn_struct: connection to %s " >+ "denied due to security " >+ "descriptor.\n", >+ lp_servicename(snum))); >+ conn_free(conn); >+ return NT_STATUS_ACCESS_DENIED; >+ } else { >+ conn->read_only = true; >+ } >+ } >+ } else { >+ conn->share_access = 0; >+ conn->read_only = true; >+ } >+ > if (!smbd_vfs_init(conn)) { > NTSTATUS status = map_nt_error_from_unix(errno); > DEBUG(0,("create_conn_struct: smbd_vfs_init failed.\n")); >-- >1.7.4.1 > > >From db1e1d2517bb8105967902b89bf8c2a29146d52d Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sun, 10 Jul 2011 13:00:25 +0200 >Subject: [PATCH 05/10] s3:smbd: make smbd_calculate_access_mask() non-static > >metze >(cherry picked from commit ce66d4e4a885add09edfa8e6d5eab0f3b5d63081) >--- > source3/smbd/globals.h | 5 +++++ > source3/smbd/open.c | 29 +++++++++++++++-------------- > 2 files changed, 20 insertions(+), 14 deletions(-) > >diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h >index 97d75fd..510c08c 100644 >--- a/source3/smbd/globals.h >+++ b/source3/smbd/globals.h >@@ -224,6 +224,11 @@ bool smbd_dirptr_lanman2_entry(TALLOC_CTX *ctx, > int *_last_entry_off, > struct ea_list *name_list); > >+NTSTATUS smbd_calculate_access_mask(connection_struct *conn, >+ const struct smb_filename *smb_fname, >+ bool file_existed, >+ uint32_t access_mask, >+ uint32_t *access_mask_out); > NTSTATUS smbd_check_open_rights(struct connection_struct *conn, > const struct smb_filename *smb_fname, > uint32_t access_mask, >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index d58744f..58102e4 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -1522,11 +1522,11 @@ static void schedule_defer_open(struct share_mode_lock *lck, > Work out what access_mask to use from what the client sent us. > ****************************************************************************/ > >-static NTSTATUS calculate_access_mask(connection_struct *conn, >- const struct smb_filename *smb_fname, >- bool file_existed, >- uint32_t access_mask, >- uint32_t *access_mask_out) >+NTSTATUS smbd_calculate_access_mask(connection_struct *conn, >+ const struct smb_filename *smb_fname, >+ bool file_existed, >+ uint32_t access_mask, >+ uint32_t *access_mask_out) > { > NTSTATUS status; > >@@ -1549,8 +1549,8 @@ static NTSTATUS calculate_access_mask(connection_struct *conn, > SECINFO_DACL),&sd); > > if (!NT_STATUS_IS_OK(status)) { >- DEBUG(10, ("calculate_access_mask: Could not get acl " >- "on file %s: %s\n", >+ DEBUG(10,("smbd_calculate_access_mask: " >+ "Could not get acl on file %s: %s\n", > smb_fname_str_dbg(smb_fname), > nt_errstr(status))); > return NT_STATUS_ACCESS_DENIED; >@@ -1565,8 +1565,9 @@ static NTSTATUS calculate_access_mask(connection_struct *conn, > TALLOC_FREE(sd); > > if (!NT_STATUS_IS_OK(status)) { >- DEBUG(10, ("calculate_access_mask: Access denied on " >- "file %s: when calculating maximum access\n", >+ DEBUG(10, ("smbd_calculate_access_mask: " >+ "Access denied on file %s: " >+ "when calculating maximum access\n", > smb_fname_str_dbg(smb_fname))); > return NT_STATUS_ACCESS_DENIED; > } >@@ -1898,11 +1899,11 @@ static NTSTATUS open_file_ntcreate(connection_struct *conn, > } > } > >- status = calculate_access_mask(conn, smb_fname, file_existed, >+ status = smbd_calculate_access_mask(conn, smb_fname, file_existed, > access_mask, > &access_mask); > if (!NT_STATUS_IS_OK(status)) { >- DEBUG(10, ("open_file_ntcreate: calculate_access_mask " >+ DEBUG(10, ("open_file_ntcreate: smbd_calculate_access_mask " > "on file %s returned %s\n", > smb_fname_str_dbg(smb_fname), nt_errstr(status))); > return status; >@@ -2745,10 +2746,10 @@ static NTSTATUS open_directory(connection_struct *conn, > return NT_STATUS_NOT_A_DIRECTORY; > } > >- status = calculate_access_mask(conn, smb_dname, dir_existed, >- access_mask, &access_mask); >+ status = smbd_calculate_access_mask(conn, smb_dname, dir_existed, >+ access_mask, &access_mask); > if (!NT_STATUS_IS_OK(status)) { >- DEBUG(10, ("open_directory: calculate_access_mask " >+ DEBUG(10, ("open_directory: smbd_calculate_access_mask " > "on file %s returned %s\n", > smb_fname_str_dbg(smb_dname), > nt_errstr(status))); >-- >1.7.4.1 > > >From 90a13f101725af7018dc7ae24e7272fa4376a18b Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sun, 10 Jul 2011 13:03:51 +0200 >Subject: [PATCH 06/10] s3:smbd: check the share level access mask in smbd_calculate_access_mask() > >I think we should reject invalid access early, >before we might create new files. > >Also smbd_check_open_rights() is only called if the file existed. > >metze >(cherry picked from commit 896f105ed40dc04f83bcbfac367b309c8d957f86) >--- > source3/smbd/open.c | 17 +++++++++++++++++ > 1 files changed, 17 insertions(+), 0 deletions(-) > >diff --git a/source3/smbd/open.c b/source3/smbd/open.c >index 58102e4..81d4e693 100644 >--- a/source3/smbd/open.c >+++ b/source3/smbd/open.c >@@ -1529,6 +1529,8 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn, > uint32_t *access_mask_out) > { > NTSTATUS status; >+ uint32_t orig_access_mask = access_mask; >+ uint32_t rejected_share_access; > > /* > * Convert GENERIC bits to specific bits. >@@ -1576,6 +1578,21 @@ NTSTATUS smbd_calculate_access_mask(connection_struct *conn, > } else { > access_mask = FILE_GENERIC_ALL; > } >+ >+ access_mask &= conn->share_access; >+ } >+ >+ rejected_share_access = access_mask & ~(conn->share_access); >+ >+ if (rejected_share_access) { >+ DEBUG(10, ("smbd_calculate_access_mask: Access denied on " >+ "file %s: rejected by share access mask[0x%08X] " >+ "orig[0x%08X] mapped[0x%08X] reject[0x%08X]\n", >+ smb_fname_str_dbg(smb_fname), >+ conn->share_access, >+ orig_access_mask, access_mask, >+ rejected_share_access)); >+ return NT_STATUS_ACCESS_DENIED; > } > > *access_mask_out = access_mask; >-- >1.7.4.1 > > >From b8a2fa246c1d2638a16f49bbf1d83585b1897207 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sun, 10 Jul 2011 13:59:40 +0200 >Subject: [PATCH 07/10] s3:smbd: use smbd_calculate_access_mask() also for fake_files > >metze >(cherry picked from commit 581d8fa36b73abab030168dc35fb631ccd42a388) >--- > source3/smbd/fake_file.c | 13 +++++++++++++ > 1 files changed, 13 insertions(+), 0 deletions(-) > >diff --git a/source3/smbd/fake_file.c b/source3/smbd/fake_file.c >index 81f7686..68967fb 100644 >--- a/source3/smbd/fake_file.c >+++ b/source3/smbd/fake_file.c >@@ -19,6 +19,7 @@ > > #include "includes.h" > #include "smbd/smbd.h" >+#include "smbd/globals.h" > #include "fake_file.h" > #include "auth.h" > >@@ -128,6 +129,18 @@ NTSTATUS open_fake_file(struct smb_request *req, connection_struct *conn, > files_struct *fsp = NULL; > NTSTATUS status; > >+ status = smbd_calculate_access_mask(conn, smb_fname, >+ false, /* fake files do not exist */ >+ access_mask, &access_mask); >+ if (!NT_STATUS_IS_OK(status)) { >+ DEBUG(10, ("open_fake_file: smbd_calculate_access_mask " >+ "on service[%s] file[%s] returned %s\n", >+ lp_servicename(SNUM(conn)), >+ smb_fname_str_dbg(smb_fname), >+ nt_errstr(status))); >+ return status; >+ } >+ > /* access check */ > if (geteuid() != sec_initial_uid()) { > DEBUG(3, ("open_fake_file_shared: access_denied to " >-- >1.7.4.1 > > >From 41bbc22838b60462285551e0d3a3047978d6b48d Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Mon, 11 Jul 2011 16:12:57 +0200 >Subject: [PATCH 08/10] s3:smbd: return the real share access mask in the SMBtconX response > >metze >(cherry picked from commit 58eed1b295afeff6acfb8c1f10b0bb02280fd491) >--- > source3/smbd/reply.c | 4 +--- > 1 files changed, 1 insertions(+), 3 deletions(-) > >diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c >index 099a36e..c594a6b 100644 >--- a/source3/smbd/reply.c >+++ b/source3/smbd/reply.c >@@ -835,9 +835,7 @@ void reply_tcon_and_X(struct smb_request *req) > perm1 = FILE_ALL_ACCESS; > perm2 = FILE_ALL_ACCESS; > } else { >- perm1 = CAN_WRITE(conn) ? >- SHARE_ALL_ACCESS : >- SHARE_READ_ONLY; >+ perm1 = conn->share_access; > } > > SIVAL(req->outbuf, smb_vwv3, perm1); >-- >1.7.4.1 > > >From 5f6d8f415906beac0f5062e81e8c6d27c3aee29c Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sun, 10 Jul 2011 13:02:11 +0200 >Subject: [PATCH 09/10] s3:smb2_tcon: return the correct maximal_access on the share > >metze >(cherry picked from commit a1046389ffcc476456ac76cb701a4325d1c42ef9) >--- > source3/smbd/smb2_tcon.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > >diff --git a/source3/smbd/smb2_tcon.c b/source3/smbd/smb2_tcon.c >index 75cfe54..ea38d1e 100644 >--- a/source3/smbd/smb2_tcon.c >+++ b/source3/smbd/smb2_tcon.c >@@ -271,7 +271,7 @@ static NTSTATUS smbd_smb2_tree_connect(struct smbd_smb2_request *req, > break; > } > >- *out_maximal_access = FILE_GENERIC_ALL; >+ *out_maximal_access = tcon->compat_conn->share_access; > > *out_tree_id = tcon->tid; > return NT_STATUS_OK; >-- >1.7.4.1 > > >From 3f7c5d5d07d202b4c7b56da473aeae4f6029a9e2 Mon Sep 17 00:00:00 2001 >From: Stefan Metzmacher <metze@samba.org> >Date: Sun, 10 Jul 2011 13:09:06 +0200 >Subject: [PATCH 10/10] s3:smb2_create: use smbd_calculate_access_mask() instead of smbd_check_open_rights() > >metze > >Autobuild-User: Stefan Metzmacher <metze@samba.org> >Autobuild-Date: Mon Jul 11 22:45:01 CEST 2011 on sn-devel-104 >(cherry picked from commit f5d320ac0fb74d4ad95a03969366096e9b074379) >--- > source3/smbd/smb2_create.c | 7 ++++++- > 1 files changed, 6 insertions(+), 1 deletions(-) > >diff --git a/source3/smbd/smb2_create.c b/source3/smbd/smb2_create.c >index 3478f34..fcd8945 100644 >--- a/source3/smbd/smb2_create.c >+++ b/source3/smbd/smb2_create.c >@@ -736,8 +736,13 @@ static struct tevent_req *smbd_smb2_create_send(TALLOC_CTX *mem_ctx, > uint32_t max_access_granted; > DATA_BLOB blob = data_blob_const(p, sizeof(p)); > >- status = smbd_check_open_rights(smb1req->conn, >+ status = smbd_calculate_access_mask(smb1req->conn, > result->fsp_name, >+ /* >+ * at this stage >+ * it exists >+ */ >+ true, > SEC_FLAG_MAXIMUM_ALLOWED, > &max_access_granted); > >-- >1.7.4.1 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
vl
:
review+
Actions:
View
Attachments on
bug 8102
:
6666
| 6682