[SCM] Samba Shared Repository - branch master updated
Ralph Böhme
slow at samba.org
Tue Jul 13 08:12:01 UTC 2021
The branch, master has been updated
via 0657db26447 s3: smbd: Explicitly code the semantics of "dos filemode" into the chown code.
from 147dd9d58a4 libcli/smb: let smb2_negotiate_context_parse() only parse the expected number of contexts
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 0657db26447ad9b0d2130fe07163e953eba2bcc2
Author: Jeremy Allison <jra at samba.org>
Date: Mon Jun 28 13:54:52 2021 -0700
s3: smbd: Explicitly code the semantics of "dos filemode" into the chown code.
We actually don't need this to get the right semantics, as the open or the
set_sd() code catches the correct cases and returns ACCESS_DENIED, but it
makes me much happier to see the prerequisites needed expressed in code here
right at the point of use.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Jul 13 08:11:36 UTC 2021 on sn-devel-184
-----------------------------------------------------------------------
Summary of changes:
source3/smbd/posix_acls.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 8bfaea27e39..899e7dc3c1e 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -3440,9 +3440,24 @@ NTSTATUS try_chown(files_struct *fsp, uid_t uid, gid_t gid)
}
/* Case (4). */
+ /* If "dos filemode" isn't set, we're done. */
if (!lp_dos_filemode(SNUM(fsp->conn))) {
return NT_STATUS_ACCESS_DENIED;
}
+ /*
+ * If we have a writable handle, obviously we
+ * can write to the file.
+ */
+ if (!fsp->fsp_flags.can_write) {
+ /*
+ * If we don't have a writable handle, we
+ * need to read the ACL on the file to
+ * see if we can write to it.
+ */
+ if (!can_write_to_fsp(fsp)) {
+ return NT_STATUS_ACCESS_DENIED;
+ }
+ }
/* only allow chown to the current user. This is more secure,
and also copes with the case where the SID in a take ownership ACL is
--
Samba Shared Repository
More information about the samba-cvs
mailing list