From 3121249243f52dcbf8083f5ff137bd580515efa7 Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 26 Feb 2009 11:42:23 -0800 Subject: Make us pass the RAW-RENAME torture test I just added. Inside a directory, keep a file open and then renaming the directory should fail with ACCESS_DENIED. Jeremy. --- source3/include/proto.h | 1 + source3/smbd/files.c | 43 +++++++++++++++++++++++++++++++++++++++++++ source3/smbd/reply.c | 10 ++++++++++ 3 files changed, 54 insertions(+) diff --git a/source3/include/proto.h b/source3/include/proto.h index 27b4ce9604c..ce316402721 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -6520,6 +6520,7 @@ files_struct *file_find_fsp(files_struct *orig_fsp); files_struct *file_find_di_first(struct file_id id); files_struct *file_find_di_next(files_struct *start_fsp); files_struct *file_find_print(void); +bool file_find_subpath(files_struct *dir_fsp); void file_sync_all(connection_struct *conn); void file_free(struct smb_request *req, files_struct *fsp); files_struct *file_fnum(uint16 fnum); diff --git a/source3/smbd/files.c b/source3/smbd/files.c index efaadffc061..36e80a086ac 100644 --- a/source3/smbd/files.c +++ b/source3/smbd/files.c @@ -355,6 +355,49 @@ files_struct *file_find_print(void) return NULL; } +/**************************************************************************** + Find any fsp open with a pathname below that of an already open path. +****************************************************************************/ + +bool file_find_subpath(files_struct *dir_fsp) +{ + files_struct *fsp; + size_t dlen; + char *d_fullname = talloc_asprintf(talloc_tos(), + "%s/%s", + dir_fsp->conn->connectpath, + dir_fsp->fsp_name); + + if (!d_fullname) { + return false; + } + + dlen = strlen(d_fullname); + + for (fsp=Files;fsp;fsp=fsp->next) { + char *d1_fullname; + + if (fsp == dir_fsp) { + continue; + } + + d1_fullname = talloc_asprintf(talloc_tos(), + "%s/%s", + fsp->conn->connectpath, + fsp->fsp_name); + + if (strnequal(d_fullname, d1_fullname, dlen)) { + TALLOC_FREE(d_fullname); + TALLOC_FREE(d1_fullname); + return true; + } + TALLOC_FREE(d1_fullname); + } + + TALLOC_FREE(d_fullname); + return false; +} + /**************************************************************************** Sync open files on a connection. ****************************************************************************/ diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c index 80ed019e0f0..22e4c1aad7f 100644 --- a/source3/smbd/reply.c +++ b/source3/smbd/reply.c @@ -2214,6 +2214,16 @@ static NTSTATUS can_rename(connection_struct *conn, files_struct *fsp, } if (S_ISDIR(pst->st_mode)) { + if (fsp->posix_open) { + return NT_STATUS_OK; + } + + /* If no pathnames are open below this + directory, allow the rename. */ + + if (file_find_subpath(fsp)) { + return NT_STATUS_ACCESS_DENIED; + } return NT_STATUS_OK; } -- cgit