Previously, access() and eaccess() does not determine the permissions
for files on samba/SMB share correctly. Even if the user logs-in as
the owner of the file, access() and eaccess() referes to others'
permissions. With this patch, to determine the permissions correctly,
NtOpenFile() with desired access mask is used.
Fixes: cf762b08cf ("* security.cc (check_file_access): Create.")
Reviewed-by: Corinna Vinschen <corinna@vinschen.de>
Signed-off-by: Takashi Yano <takashi.yano@nifty.ne.jp>
init_reopen_attr() doesn't guard against a NULL handle. However,
there are scenarios calling functions deliberately with a NULL handle,
for instance, av::setup() calling check_file_access() only if opening
the file did NOT succeed.
So check for a NULL handle in init_reopen_attr() and if so, use the
name based approach filling the OBJECT_ATTRIBUTES struct, just as in
the has_buggy_reopen() case.
Fixes: 4c9d01fdad ("* mount.h (class fs_info): Add has_buggy_reopen flag and accessor methods.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Add FILE_OPEN_NO_RECALL to NtOpenFile calls trying to fetch
or write file security descriptors so as not to recall them
from offline storage inadvertently.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Avoid the mistake fixed in the preceeding commit by passing
the mode_t argument by reference. This also affects a couple
other functions calling get_posix_access in turn.
Fixes: bc444e5aa4 ("Reapply POSIX ACL changes.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Older coreutils created directories with mode bits filtered through
umask. Newer coreutils creates directories with full permissions,
0777 by default.
This new coreutils behaviour uncovered the fact that default ACEs for
newly created directories were not filtered by umask starting with
commit bc444e5aa4.
Fix it by applying umask on the default ACEs.
Fixes: bc444e5aa4 ("Reapply POSIX ACL change.")
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
