[SCM] Samba Shared Repository - branch master updated

Ralph Böhme slow at samba.org
Tue Jul 13 08:12:01 UTC 2021


The branch, master has been updated
       via  0657db26447 s3: smbd: Explicitly code the semantics of "dos filemode" into the chown code.
      from  147dd9d58a4 libcli/smb: let smb2_negotiate_context_parse() only parse the expected number of contexts

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 0657db26447ad9b0d2130fe07163e953eba2bcc2
Author: Jeremy Allison <jra at samba.org>
Date:   Mon Jun 28 13:54:52 2021 -0700

    s3: smbd: Explicitly code the semantics of "dos filemode" into the chown code.
    
    We actually don't need this to get the right semantics, as the open or the
    set_sd() code catches the correct cases and returns ACCESS_DENIED, but it
    makes me much happier to see the prerequisites needed expressed in code here
    right at the point of use.
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Tue Jul 13 08:11:36 UTC 2021 on sn-devel-184

-----------------------------------------------------------------------

Summary of changes:
 source3/smbd/posix_acls.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 8bfaea27e39..899e7dc3c1e 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3440,9 +3440,24 @@ NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid)
 	}
 
 	/* Case (4). */
+	/* If "dos filemode" isn't set, we're done. */
 	if (!lp_dos_filemode(SNUM(fsp->conn))) {
 		return NT_STATUS_ACCESS_DENIED;
 	}
+	/*
+	 * If we have a writable handle, obviously we
+	 * can write to the file.
+	 */
+	if (!fsp->fsp_flags.can_write) {
+		/*
+		 * If we don't have a writable handle, we
+		 * need to read the ACL on the file to
+		 * see if we can write to it.
+		 */
+		if (!can_write_to_fsp(fsp)) {
+			return NT_STATUS_ACCESS_DENIED;
+		}
+	}
 
 	/* only allow chown to the current user. This is more secure,
 	   and also copes with the case where the SID in a take ownership ACL is


-- 
Samba Shared Repository



More information about the samba-cvs mailing list